Network Design Reference for Avaya Virtual Services Platform 4000 Series Release 4.0.50 NN46251-200 Issue 04.
© 2014 Avaya Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
result in substantial additional charges for your telecommunications services. Avaya Toll Fraud intervention If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and Canada. For additional support telephone numbers, see the Avaya Support website: http://support.avaya.com or such successor site as designated by Avaya.
Contents Chapter 1: Introduction............................................................................................................ 7 Purpose.................................................................................................................................. 7 Related resources................................................................................................................... 7 Support.......................................................................................
Contents MultiLink Trunking................................................................................................................. 42 802.3ad-based link aggregation.............................................................................................. 43 Chapter 10: Layer 2 loop prevention..................................................................................... 45 Loop prevention and detection.....................................................................................
Contents Additional information.......................................................................................................... 124 Chapter 16: QoS design guidelines.................................................................................... 126 QoS mechanisms................................................................................................................ 126 QoS interface considerations.......................................................................................
Chapter 1: Introduction Purpose This document provides information to help you build robust, efficient networks using the Avaya Virtual Services Platform 4000 Series . You can use the examples and important design guidelines listed in this document for many features and protocols. Related resources Documentation See the Documentation Roadmap for Avaya Virtual Services Platform 4000 Series, NN46251-100, for a list of the documentation for this product. Training Ongoing product training is available.
Introduction Procedure • To find videos on the Avaya Support website, go to http://support.avaya.com and perform one of the following actions: - In Search, type Avaya Mentor Videos to see a list of the available videos. - In Search, type the product name. On the Search Results page, select Video in the Content Type column on the left. • To find the Avaya Mentor videos on YouTube, go to www.youtube.
Related resources 5. In the GENERAL NOTIFICATIONS area, select the required documentation types, and then click UPDATE. 6. Click OK. 7. In the PRODUCT NOTIFICATIONS area, click Add More Products. 8. Scroll through the list, and then select the product name. 9. Select a release version. 10. Select the check box next to the required documentation types. December 2014 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Introduction 11. Click Submit. Support Go to the Avaya Support website at http://support.avaya.com for the most up-to-date documentation, product notices, and knowledge articles. You can also search for release notes, downloads, and resolutions to issues. Use the online service request system to create a service request. Chat with live agents to get answers to questions, or request an agent to connect you to a support team if an issue requires additional expertise.
Support 3. In the Search dialog box, select the option In the index named .pdx. 4. Enter a search word or phrase. 5. Select any of the following to narrow your search: • Whole Words Only • Case-Sensitive • Include Bookmarks • Include Comments 6. Click Search. The search results show the number of documents and instances found. You can sort the search results by Relevance Ranking, Date Modified, Filename, or Location. The default is Relevance Ranking.
Chapter 2: New in Release 4.0.50 The following sections detail what is new in Network Design Reference for Avaya Virtual Services Platform 4000 Series, NN46251–200 for Release 4.0.50. Related Links Features on page 12 Other changes on page 12 Features See the following sections for information about feature-related changes. VSP 4450GSX-DC Release 4.0.
Chapter 3: New in Release 4.0.40 The following sections detail what is new in Network Design Reference for Avaya Virtual Services Platform 4000 Series, NN46251–200 for Release 4.0.40. Related Links Features on page 13 Other changes on page 14 Features See the following sections for information about feature-related changes. VSP 4450GTX-HT-PWR+ Release 4.0.40 of the Avaya Virtual Services Platform 4000 Series introduces a new hardware chassis, the VSP 4450GTX-HT-PWR+.
New in Release 4.0.40 For more information about SFP and SFP+ transceivers, see Installation - SFP and SFP+ transceivers for Avaya Virtual Services Platform 4000 Series, NN46251-301. Related Links New in Release 4.0.40 on page 13 Other changes There are no other changes to this document for Release 4.0.40. Related Links New in Release 4.0.40 on page 13 14 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 4: New in Release 4.0 The following sections detail what is new in Network Design Reference for Avaya Virtual Services Platform 4000 Series, NN46251–200 for Release 4.0. Related Links Features on page 15 Other changes on page 15 Features See the following sections for information about feature-related changes. TACACS+ support VSP 4000 Release 4.0 supports the use of the RADIUS server as a proxy for stronger authentication for Terminal Access Controller Access-Control System Plus (TACACS+).
Chapter 5: Network design fundamentals To efficiently and cost-effectively use Avaya Virtual Services Platform 4000 Series, you must properly design your network, which includes the following considerations: • Reliability and availability • Platform redundancy • Desired level of redundancy A robust network depends on the interaction between system hardware and software. System software can be divided into different functions as shown in the following figure.
Based on network problem-tracking statistics, the following list is an approximate stability estimation model of a system that uses these components: • Hardware and drivers represent a small portion of network problems. • Local software represents a more significant share. • Interacting software represents the vast majority of the reported issues. Based on this model, network design attempts to off-load the interacting software level as much as possible to the other levels, especially to the hardware level.
Chapter 6: Hardware fundamentals and guidelines This chapter provides general hardware guidelines to use the Avaya Virtual Services Platform 4000 Series in a network. Use the information in this chapter to help you during the hardware design and planning phase. Supported hardware Release 4.0.50 supports the following VSP 4000 Series models: 1. VSP 4850GTS Series: Includes the 4850GTS (AC), the 4850GTS-PWR+, the 4850GTS-DC. 2.
Platform considerations Note: The 300W and 1000 W AC power supplies use the IEC 60320 C16 AC power cord connector. Use the order codes to order a replacement for the primary PSU or to order a redundant PSU for your VSP 4000 system. Table 2: Power supply order codes VSP 4000 PSU Usage Part number (order code) 300 W AC power supply For use in the ERS 4626GTS, VSP 4850GTS and WL8180, WL8180-16L wireless controllers.
Hardware fundamentals and guidelines Power specifications for VSP 4000 switches 4850GTS series and 4450GSX series The following sections describe the regulatory AC and DC power specifications for the VSP 4000 series switches. AC power specifications The following table describes the regulatory AC power specifications for the 4850GTS series and the 4450GSX-PWR+ switches.
Platform considerations 4450GSX-PWR+ - Maximum: 164.6 W • With PoE+ - Typical power utilization depends on the number of ports using PoE+. - Maximum: 553.4 W Thermal Rating 508 BTU/hr maximum Inrush Current 70 A maximum Turn on Condition 1 second maximum after application of AC power Efficiency 70 percent minimum Important: 12–volt output rise time, from 10 to 90 percent, must be the maximum of 50 ms and monotonic under all defined input and output conditions.
Hardware fundamentals and guidelines Figure 2: 1000 W AC power supply 300 W AC power supply The Avaya VSP 4850GTS supports 300 W AC power supplies. Figure 3: 300 W AC power supply Connector The 300 W and 1000 W AC power supplies use an IEC 60320 C16 AC power cord connector. The AC power cord is in close proximity to the hot-air exhaust, and supports high operating temperatures. 22 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Platform considerations Figure 4: IEC 60320 C16 connector Power over Ethernet Plus specifications Table 6: Avaya VSP 4850GTS and 4850GTS-PWR+ models Maximum PoE+ W Average PoE+ W on 50 port model 855 W with one power supply 15.4 W (802.3af) 1855 W with two power supplies 17.8 W (802.3.at) — One power supply 32.4 W (802.3at) — Two power supplies • VSP 4850GTS-PWR+ can support 802.3af 15.4 W on each port with one power supply installed. You can add a second power supply for redundancy.
Hardware fundamentals and guidelines Hardware compatibility The following tables describe the Avaya Virtual Services Platform 4000 Series hardware. Table 9: Hardware Release VSP 4000 model Description Part number 3.0 VSP 4850GTS • 48 10/100/1000 BaseTX RJ-45 ports EC4800A78-E6 • two shared SFP ports • two 1/10GE SFP+ ports • Base Software License • one (of two) field replaceable 300W PSUs supplied with the chassis 3.0 VSP 4850GTS-PWR+ • Same content as EC4800A78-E6 with a EU power cord.
Hardware compatibility Release VSP 4000 model Description • two 1/10GE SFP+ ports Part number • one (of two) field replaceable 300W DC PSUs supplied with the chassis 4.0 VSP 4450GSX-PWR+ • 12 10/100/1000 BASE TX RJ-45 ports with 802.3at PoE+ EC4400A05-E6 • 36 100/1000–Mbps SFP ports • Two 1/10G SFP+ ports with MACsec capable PHY • One (of two) field-replaceable 1000W PSUs supplied with the chassis 4.0.40 VSP 4450GTX-HT-PWR+ • Same content as EC4400A05-E6 with a EU power cord.
Hardware fundamentals and guidelines Release VSP 4000 model Description • One (of two) field-replaceable 1000W PSUs supplied with the chassis Part number • Same content as EC4400A05-E6 with a EU power cord. EC4400B05-E6GS • Same content as EC4400A05-E6 with a UK power cord. EC4400C05-E6GS • Same content as EC4400A05-E6 with a JP power cord. EC4400D05-E6GS • Same content as EC4400A05-E6 with a NA power cord. EC4400E05-E6GS • Same content a EC4400A05-E6 with a AU power cord.
Supported optical devices Table 10: Supported SFP transceivers Model ROHS product number Description 1000BASE-T AA1419043-E6 CAT5 UTP, up to 100 meters (m). Because the 1000BASE-T device is all electrical, it does not need DDI support. 1000BASE-SX DDI AA1419048-E6 850 nanometers (nm) up to 275 m using 62.
Hardware fundamentals and guidelines Model 100BASE-FX ROHS product number Description AA1419060-E6 1610 nm, up to 40 km AA1419061-E6 1470 nm, up to 70 km AA1419062-E6 1490 nm, up to 70 km AA1419063-E6 1510 nm, up to 70 km AA1419064-E6 1530 nm, up to 70 km AA1419065-E6 1550 nm, up to 70 km AA1419066-E6 1570 nm, up to 70 km AA1419067-E6 1590 nm, up to 70 km AA1419068-E6 1610 nm, up to 70 km AA1419074-E6 1310 nm, up to 2 km Small form-factor pluggable plus (SFP+) transceivers SFP+ tran
Supported optical devices Model number Part number Description AA1403160-E6 1611 nm SMF. The range is up to 40 km. 10GBASE-LR/LW AA1403011-E6 1310 nm SMF. The range is up to 10 km. 10GBASE-LR (-5 °C to +85 °C) AA1403011-E6HT 1310 nm SMF. The range is up to 10 km. 10GBASE-LRM AA1403017-E6 1310 nm. Up to 220 m reach over Fiber Distributed Data Interface (FDDI)-grade 62.5 μm multimode fiber. Suited for campus LANs. 10GBASE-SR/SW AA1403015-E6 850 nm.
Hardware fundamentals and guidelines Model number Part number Description 10GBASE-ZR/ZW AA1403016-E6 1550 nm SMF. The range is up to 70 km. 10GBASE-ZR CWDM DDI AA1403161-E6 1471 nm SMF. The range is up to 70 km. AA1403162-E6 1491 nm SMF. The range is up to 70 km. AA1403163-E6 1511 nm SMF. The range is up to 70 km. AA1403164-E6 1531 nm SMF. The range is up to 70 km. AA1403165-E6 1551 nm SMF. The range is up to 70 km. AA1403166-E6 1571 nm SMF. The range is up to 70 km.
10/100BASE-X and 1000BASE-TX reach you use, particularly if the available system margin is unsatisfactory. Engineered links require precise knowledge of the cable plant. For long, high bit rate systems, pulse distortion, caused by the transmitter laser spectrum interaction with fiber chromatic dispersion, reduces receiver sensitivity. Transceivers for long reach single mode fiber systems have an associated maximum dispersion power penalty (DPPmax) specification, which applies to G.
Hardware fundamentals and guidelines 10/100/1000BASE-TX Auto-Negotiation recommendations Auto-Negotiation lets devices share a link and automatically configures both devices so that they take maximum advantage of their abilities. Auto-Negotiation uses a modified 10BASE-T link integrity test pulse sequence to determine device ability.
CANA Modules can only establish links using these advertised settings, rather than at the highest common supported operating mode and data rate. Use CANA to provide smooth migration from 10/100 Mbps to 1000 Mbps on host and server connections. Using Auto-Negotiation only, the switch always uses the fastest possible data rates. In limited-uplink-bandwidth scenarios, CANA provides control over negotiated access speeds, and improves control over traffic load patterns.
Chapter 7: Optical routing design The Avaya optical routing system uses coarse wavelength division multiplexing (CWDM) in a grid of eight optical wavelengths. Use the Avaya optical routing system to maximize bandwidth on a single optical fiber. This chapter provides optical routing system information that you can use to help design your network.
Optical routing system components • Optical add/drop multiplexers (OADM) • Optical multiplexer/demultiplexers (OMUX) • Optical shelf to house the multiplexers OADMs drop or add a single wavelength from or to an optical fiber. For the list of supported optical devices on the Avaya Virtual Services Platform 4000 Series platform for the current release, see Supported optical devices on page 26. December 2014 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 8: Platform redundancy This chapter includes recommendations to provide a fault-tolerant platform. Power redundancy The Avaya VSP 4000 series PWR+ models support dual 54V 1000W Power over Ethernet Plus (PoE+) AC power supplies. This model supports two external field-replaceable power supplies. You can install a secondary power supply to provide redundancy and load sharing, and add Power over Ethernet Plus (PoE+) power budget on PWR+ models.
Input/output port redundancy Maximum PoE+ W 1835 W with two power supplies Average PoE+ W on 12 ports • VSP 4450GSX-PWR+ can support 802.3af 17.8 W or 32.4 W on each port with one power supply installed. You can add a second power supply for redundancy. Input/output port redundancy You can protect I/O ports using a link aggregation mechanism. MultiLink Trunking (MLT), which is compatible with 802.
Chapter 9: Link redundancy You can build link redundancy into your network to: • Help eliminate a single point of failure in your network (provide physical and link layer redundancy) • Prevent a service interruption caused by a faulty link (provide link layer redundancy) This chapter explains the following design options that you can use to achieve link redundancy (provide alternate data paths) : • Physical layer redundancy • MultiLink Trunking • 802.
Physical layer redundancy Figure 6: 1000BASE-X RFI End-to-end fault detection and VLACP Because remote fault indication (RFI) terminates at the next Ethernet hop, the device that uses only RFI cannot determine failures on an end-to-end basis over multiple hops. However, you can use Virtual Link Aggregation Control Protocol (VLACP) to provide an end-to-end failure detection mechanism. You can configure VLACP on a port and enable it over single links or multilink trunks (MLT).
Link redundancy To minimize network outages, you can also use VLACP to switch traffic around entire network devices before Layer 3 protocols detect a network failure. VLACP is an extension of the Link Aggregation Control Protocol (LACP) but LACP and VLACP are independent features. VLACP does not perform link aggregation; it detects end-to-end link failures.
Physical layer redundancy Figure 8: Problem description (2 of 2) However, if you use VLACP to detect far-end failures and allow MLT to fail over when end-to-end connectivity is not guaranteed for links in an aggregation group, VLACP prevents the failure scenario in the preceding figure. Avaya recommends that you use the following guidelines for VLACP implementation: • Do not use VLACP on configured LACP MLTs because LACP provides the same functionality as VLACP for link failure.
Link redundancy end-to-end perspective. If a particular link does not receive VLACP PDUs, the platform shuts the link down after the expiry time-out occurs (time-out scale x periodic time). As a result of this action the ports stay in a disabled state. MultiLink Trunking Use MLT to provide link-layer redundancy. You can use MLT to provide alternate paths around failed links. When you configure MLT links, consider the following information: • The device supports 24 MLT aggregation groups.
802.3ad-based link aggregation Table 16: Path cost for RSTP or MSTP mode Link speed Recommended path cost Less than or equal 100 Kbps 200 000 000 1 Mbps 20 000 000 10 Mbps 2 000 000 100 Mbps 200 000 1 Gbps 20 000 10 Gbps 2000 100 Gbps 200 1 Tbps 20 10 Tbps 2 802.3ad-based link aggregation Link aggregation provides link layer redundancy. Use IEEE 802.3ad-based link aggregation (IEEE 802.
Link redundancy LACP and spanning tree interaction Only the physical link state or the LACP peer status affects the operation of LACP. When a link changes state between UP and DOWN, the LACP module receives notification. The spanning tree forwarding state does not affect the operation of the LACP module. LACP data units (LACPDU) can be sent even if the port is in spanning tree blocking state.
Chapter 10: Layer 2 loop prevention This chapter provides information about how to use bandwidth and network resources efficiently, and to prevent Layer 2 data loops. Loop prevention and detection In certain network designs, loops can form. For example, loops can form if you have incorrect configuration or cabling. There are two solutions to detect loops: Loop Detect, and Simple Loop Prevention Protocol (SLPP).
Layer 2 loop prevention SLPP configuration considerations and recommendations SLPP uses an individual VLAN hello packet mechanism to detect network loops. Sending hello packets on an individual VLAN basis allows SLPP to detect VLAN-based network loops for untagged and tagged IEEE 802.1Q VLAN link configurations. You determine to which VLANs a switch sends SLPP test packets. All port members of the SLPP-enabled VLAN replicate the packets.
SLPP example scenarios Parameter Configuration Transmission interval 500 ms (default) Loop Detect Use the Loop Detect feature at the edge of a network to prevent loops. This feature detects whether the same MAC address appears on different ports. Loop Detect can disable a VLAN or a port. The Loop Detect feature can also disable a group of ports if it detects the same MAC address on two different ports five times in a configurable amount of time.
Layer 2 loop prevention Scenario 1: VSP 4000 as an edge router Scenario 1 demonstrates a triangular setup with ERS 8800 switches as IST peers, and VSP 4000 on the edge. From VSP 4000, there are four links that are part of the same MLT, with SLPP enabled on the VSP 4000 ports. Because the MLT ports are misconfigured, loops can occur. For example, port 1/1 on VSP 4000 can be part of the MLT, but on the ERS port, 2/1 is not part of the MLT, although they are on the same VLAN.
SLPP example scenarios Figure 10: VSP 4000 as an edge router and with an additional link with ERS 8800 The SLPP PDUs generated by VSP 4000 return to the same device through the additional link. After the threshold value set on the SLPP-enabled ports is reached, the ports are shut down. Scenario 3: VSP 4000 as a BEB connected to an edge router In scenario 3, VSP 4000 acts as a Backbone Edge Bridge (BEB) and is connected to a BayStack device.
Layer 2 loop prevention Figure 11: VSP 4000 as a BEB connected to an edge router In this scenario, either SLPP or RSTP/MSTP can shut the ports down. Scenario 4: Two VSP 4000 switches acting as BEBs In scenario 4, there are two VSP 4000 devices that act as BEBs and are connected to each other through MLT, with two BayStack devices connected to each of the BEBs. The interface that connects the VSP 4000 interfaces is an Intermediate System to Intermediate System (IS-IS) interface with STP disabled.
SLPP example scenarios Figure 12: Two VSP 4000 switches acting as BEBs The SLPP PDUs generated by the VSP 4000-1 return to itself through VSP 4000–2, Bay Stack 2, and Bay Stack 1. After reaching the threshold value, the SLPP shuts the port down, eliminating the loop. December 2014 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 11: Spanning tree Spanning tree prevents loops in switched networks. Avaya Virtual Services Platform 4000 Series supports Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP). This chapter describes issues to consider when you configure spanning tree protocols. For more information about spanning tree protocols, see Avaya Virtual Services Platform 4000 Series Configuration — VLANs and Spanning Tree, NN46251-500.
MSTP and RSTP considerations Figure 13: VLAN isolation MSTP and RSTP considerations The Spanning Tree Protocol (STP) provides loop protection and recovery, but it is slow to respond to a topology change in the network (for example, a dysfunctional link in a network). RSTP (IEEE 802.1w) and MSTP (IEEE 802.1s) reduce the recovery time after a network failure. RSTP and MSTP also maintain a backward compatibility with IEEE 802.1D. Typically, the recovery time of RSTP and MSTP is less than 1 second.
Spanning tree RSTP and MSTP provide a global spanning tree parameter, called version, for backward compatibility with legacy STP. You can configure version to either STP-compatible mode, RSTP mode, or MSTP mode: • An STP-compatible port transmits and receives only STP Bridge Protocol Data Units (BPDU). An RSTP or MSTP BPDU that the port receives in this mode is discarded. • An RSTP or MSTP port transmits and receives only RSTP or MSTP BPDUs.
Chapter 12: Layer 3 network design This chapter describes Layer 3 design considerations that you need to understand to properly design an efficient and robust network. VRF Lite The Avaya Virtual Services Platform 4000 Series supports the Virtual Routing and Forwarding (VRF) Lite feature, which supports many virtual routers, each with its own routing domain. VRF Lite virtualizes the routing tables to form independent routing domains, which eliminates the need for multiple physical routers.
Layer 3 network design VRF Lite architecture examples VRF Lite enables a router to act as many routers. This provides virtual traffic separation for each user and provides security. For example, you can use VRF Lite to: • Provide different departments within a company with site-to-site connectivity as well as Internet access • Provide centralized and shared access to data centers. The following figure shows how VRF Lite can emulate VPNs.
Virtual Router Redundancy Protocol access the Internet, data storage, VoIP-PSTN, or call signaling services. To interconnect VRF instances, you can use an external firewall that supports virtualization, or use inter-VRF forwarding for specific services. Using the inter-VRF solution, you can use routing policies and static routes to inject IP subnets from one VRF instance to another, and filters to restrict access to certain protocols. The following figure shows inter-VRF forwarding.
Layer 3 network design BackupMaster routes all traffic received on the BackupMaster IP interface according to the switch routing table. Figure 17: VRRP with BackupMaster Avaya recommends that you stagger VRRP instances on a network or subnet basis. The following figure shows the VRRP Masters and BackupMasters for two subnets.
Virtual Router Redundancy Protocol holddown timer to a minimum of 1.5 times the IGP convergence time is sufficient. For OSPF, Avaya recommends that you use a value of 90 seconds if you use the default OSPF timers. • Implement VRRP BackupMaster for an active-active configuration (BackupMaster works across multiple switches that participate in the same VRRP domain). • Configure VRRP priority as 200 to configure VRRP Master.
Layer 3 network design In this figure, configuration A is optimal because VRRP convergence occurs within 2 to 3 seconds. In configuration A, three spanning tree instances exist and VRRP runs on the link between the two routers. Spanning tree instance 2 exists on the link between the two routers, which separates the link between the two routers from the spanning tree instances found on the other devices. All uplinks are active.
Open Shortest Path First Figure 21: Avoiding excessive ICMP redirect messages without SMLT Open Shortest Path First Use OSPF to ensure that the switch can communicate with other OSPF routers. This section describes some general design considerations and presents a number of design scenarios for OSPF. For more information about OSPF concepts and configuration, see Avaya Virtual Services Platform 4000 Series Configuration — OSPF and RIP, NN46251-506.
Layer 3 network design • 5 adjacencies with an LSA_CNT of 200 (Area 3) Calculate the number as follows: 3*500+10*1000+5*200=12.5K < 16K This configuration ensures that the switch operates within accepted scalability limits. OSPF design guidelines Follow these additional OSPF guidelines: • OSPF timers must be consistent across the entire network. • Use OSPF area summarization to reduce routing table sizes. • Use OSPF passive interfaces to reduce the number of active neighbor adjacencies.
Open Shortest Path First Figure 22: Example 1: OSPF on one subnet in one area The routers in the preceding figure use the following configuration: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port uses an IP address of 192.168.10.1. • S2 has an OSPF router ID of 1.1.1.2, and the OSPF port uses an IP address of 192.168.10.2. The general method to configure OSPF on each routing switch is: 1. Enable OSPF globally. 2. Enable IP forwarding on the switch. 3.
Layer 3 network design The routers in example 2 use the following configuration: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port uses an IP address of 192.168.10.1. • S2 has an OSPF router ID of 1.1.1.2, and two OSPF ports use IP addresses of 192.168.10.2 and 192.168.20.1. • S3 has an OSPF router ID of 1.1.1.3, and the OSPF port uses an IP address of 192.168.20.2. The general method to configure OSPF on each routing switch is: 1. Enable OSPF globally. 2.
Border Gateway Protocol 2. Configure OSPF on one network. On S1, insert the IP address, subnet mask, and VLAN ID for the OSPF port. Enable OSPF on the port. On S2, insert the IP address, subnet mask, and VLAN ID for the OSPF port in area 1, and enable OSPF on the port. Both routable ports belong to the same network. Therefore, by default, both ports are in the same area. 3. Configure three OSPF areas for the network. 4. Configure OSPF on two additional ports in a second subnet.
Layer 3 network design BGP implementation guidelines To successfully implement BGP in a VSP 4000 network, follow these guidelines: • BGP does not operate with an IP router in nonforwarding (host-only) mode. Ensure that the routers with which you want BGP to operate are in forwarding mode. • If you use BGP for a multihomed AS (one that contains more than a single exit point), Avaya recommends that you use OSPF for the IGP, and BGP for the sole exterior gateway protocol. Otherwise, use intra-AS IBGP routing.
Border Gateway Protocol BGP and Internet peering By using BGP, you can perform Internet peering directly between VSP 4000 and another edge router. In such a scenario, you can use each VSP 4000 for aggregation and link it with a Layer 3 edge router, as shown in the following figure. Figure 25: BGP and Internet peering In cases where the Internet connection is single-homed, to reduce the size of the routing table, Avaya recommends that you advertise Internet routes as the default route to the IGP.
Layer 3 network design Figure 27: BGP and edge aggregation BGP and ISP segmentation You can use the platform as a peering point between different regions or ASs that belong to the same ISP. In such cases, you can define a region as an OSPF area, an AS, or a part of an AS. You can divide the AS into multiple regions that each run different IGPs. Interconnect regions logically by using a full IBGP mesh. Each region then injects its IGP routes into IBGP and also injects a default route inside the region.
Border Gateway Protocol In the preceding figure, consider the following: • The AS is divided into three regions that each run different and independent IGPs. • Regions logically interconnect by using a full-mesh IBGP, which also provides Internet connectivity. • Internal non-BGP routers in each region default to the BGP border router, which contains all routes.
Layer 3 network design Figure 30: Multiple OSPF regions peering with the Internet IP routed interface scaling VSP 4000 supports up to 256 IP-routed interfaces. When you configure a large number of IP-routed interfaces, use passive interfaces on most of the configured interfaces. You can make very few interfaces active. 70 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 13: SPBM design guidelines Shortest Path Bridging MAC (SPBM) is a next-generation virtualization technology that revolutionizes the design, deployment, and operations of enterprise edge campus core networks and data centers. The benefits of the technology are clearly evident in its ability to provide massive scalability while at the same time reducing the complexity of the network.
SPBM design guidelines IS). IS-IS provides virtualization services, both Layer 2 and Layer 3, using a pure Ethernet technology base. SPBM also uses IS-IS to discover and advertise the network topology, which enables it to compute the shortest path to all nodes in the SPBM network. Spanning Tree is a topology protocol that prevents loops but does not scale very well.
VLANs without member ports • For a Layer 3 VSN, the I-SID is associated with a customer VRF, which is also virtualized across the backbone. Layer 3 VSNs are always full-mesh topologies. Layer 3 VSNs associate one VRF per I-SID. • For a Layer 3 VSN with multicast, the BEB associates a data I-SID with the multicast stream and a scope I-SID that defines the scope as a Layer 3 VSN. A multicast stream with a Layer 3 VSN scope can only transmit a multicast stream for the same Layer 3 VSN.
SPBM design guidelines ERS 8800 implementation If a VLAN has an IP address and is attached to an I-SID, the ERS 8800 designates that VLAN as operationally up whether it has a member port or not. When the VLAN is operationally up, the IP address of the VLAN will be in the routing table. The ERS 8800 design behaves this way because the VLAN might be acting as an NNI in cases of Layer 2 Inter-VSN routing. If the VLAN was acting as a UNI interface, it would require a member port.
Implementation options No flooding or learning of end-user MACs occurs in the backbone. This SPBM provisioning significantly improves network robustness, as customer-introduced network loops have no effect on the backbone infrastructure. Service provisioning Provision I-SIDs on a BEB to associate that BEB with a particular service instance. After you map the customer VLAN or VRF into an I-SID, any BEB that has the same I-SID configured can participate in the same Layer 2 or Layer 3 VSN.
SPBM design guidelines Figure 32: SPBM support for campus and data center architecture Within the SPBM architecture, you can implement multiple options. The following figure shows all the options that SPBM supports. 76 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Implementation options Figure 33: SPBM implementation options The following sections describe the options that are illustrated in the preceding figure. A—IP shortcut IP shortcuts forward standard IP packets over IS-IS. This option enables you to forward IP over the SPBM core, which is a simpler method than traditional IP routing or MPLS.
SPBM design guidelines In Figure 33: SPBM implementation options on page 77, node VSP-G acts as a BCB for the service, and has no IP configuration. B—Layer 2 VSN A Layer 2 Virtual Services Network (VSN) bridges customer VLANs (C-VLANs) over the SPBM core infrastructure. A Layer 2 VSN associates a C-VLAN with an I-SID, which is then virtualized across the backbone. All VLANs in the network that share the same I-SID can participate in the same VSN.
Implementation options advertising their reachable IP routes into IS-IS and installing IP routes learned from IS-IS. Suitable IP redistribution policies need to be defined to determine what IP routes a BEB will advertise to ISIS. As seen in Figure 33: SPBM implementation options on page 77, the green VRF on VSP-C is configured to advertise its local or direct IP routes into IS-IS within I-SID 13990001.
SPBM design guidelines Figure 34: Multi-tenant SPBM metro network To illustrate the versatility and robustness of SPBM even further, the following figure shows a logical view of multiple tenants in a ring topology. In this architecture, each tenant has its own domain where some users have VLAN requirements and are using Layer 2 VSNs and others have VRF requirements and are using Layer 3 VSNs. In all three domains, they can share data center resources across the SPBM network.
Reference architectures Figure 35: SPBM ring topology with shared data centers Related Links SPBM design guidelines on page 71 Reference architectures SPBM has a straightforward architecture that simply forwards encapsulated C-MACs across the backbone. Because the B-MAC header stays the same across the network, there is no need to swap a label or perform a route lookup at each node. This architecture allows the frame to follow the most efficient forwarding path from end to end.
SPBM design guidelines Figure 36: SPBM basic architecture Provisioning an SPBM core is as simple as enabling SPBM and IS-IS globally on all the nodes and on the core facing links. To migrate an existing edge configuration into an SPBM network is just as simple. The boundary between the MAC-in-MAC SPBM domain and the 802.1Q domain is handled by the BEBs. At the BEBs, VLANs or VRFs are mapped into I-SIDs based on the local service provisioning.
Reference architectures Figure 37: Access to the SPBM Core For Layer 2 virtualized bridging (Layer 2 VSN), identify all the VLANs that you want to migrate into SPBM and assign them to an I-SID on the BEB. For Layer 3 virtualized routing (Layer 3 VSN), map IPv4-enabled VLANs to VRFs, create an IP VPN instance on the VRF, assign an I-SID to the VRF, and then configure the desired IP redistribution of IP routes into IS-IS. All BEBs that have the same I-SID configured can participate in the same VSN.
SPBM design guidelines current release and identify two VLANs to use as B-VLANs. SPBM then automatically creates a virtual backbone MAC for the IST pair, and advertises it with IS-IS. By operating two SPBM switches in switch clustering (SMLT) mode, you can achieve redundant connectivity between the C-VLAN domain and the SPBM infrastructure. This configuration allows the dual homing of any traditional link aggregation capable device into an SPBM network.
Reference architectures Figure 38: SPBM campus without SMLT After you migrate all services to SPBM, the customer VLANs (C-VLANs) will exist only on the BEB SMLT clusters at the edge of the SPBM network. The C-VLANs will be assigned to an I-SID instance and then associated with either a VLAN in an Layer 2 VSN or terminated into a VRF in an Layer 3 VSN. You can also terminate the C-VLAN into the default router, which uses IP shortcuts to IP route over the SPBM core.
SPBM design guidelines The following figure uses IP shortcuts that route VLANs. There is no I-SID configuration and no Layer 3 virtualization between the edge distribution and the core. This is normal IP forwarding to the BEB. Figure 39: IP shortcut scenario to move traffic between data centers The following figure uses Layer 3 VSNs to route VRFs between the edge distribution and the core. The VRFs are attached to I-SIDs and use Layer 3 virtualization.
Reference architectures Figure 40: VRF scenario to move traffic between data centers Multicast architecture Networks today either have inefficient bridged IP multicast networks (Internet Group Management Protocol, or IGMP) or IP multicast networks that require multiple protocols that are complex to configure and operate.
SPBM design guidelines All multicast streams are constrained within the level in which they originate, which is called the scope level. In other words, if a sender transmits a multicast stream to a BEB on a C-VLAN with IP multicast over SPBM enabled, only receivers that are part of the same Layer 2 VSN can receive that stream.
Reference architectures Figure 41: IP multicast over SPBM streams The following steps describe how multicast senders and receivers connect to the SPBM cloud using BEBs, as illustrated in the preceding figure: 1. The sender sends multicast traffic with group IP address 233.252.0.1. 2. After the BEB receives the IP multicast stream from the sender, the BEB allocates data I-SID 16000001 for the S,G multicast stream.
SPBM design guidelines Large data center architecture SPBM supports data centers with IP shortcuts, Layer 2 VSNs, or Layer 3 VSNs. If you use vMotion, you must use Layer 2 between data centers (Layer 2 VSN). With Layer 2 VSNs, you can add IP addresses to the VLAN on both data centers and run Virtual Router Redundancy Protocol (VRRP) between them to allow the ESX server to route to the rest of the network. The following figure shows an SPBM topology of a large data center.
Reference architectures Figure 43: Traditional routing before moving VMs A VM is a virtual server. When you move a VM, the virtual server is moved as is. This action means that the IP addresses of that server remain the same after the server is moved from one data center to the other. This in turn dictates that the same IP subnet (and hence VLAN) exist in both data centers. In the following figure, the VM moved from the data center on the left to the data center on the right.
SPBM design guidelines Figure 44: Traditional routing after moving VMs Optimized data center routing of VMs: Two features make a data center optimized: • VLAN routers in the Layer 2 domain (green icons) • VRRP BackupMaster The VLAN routers use lookup tables to determine the best path to route incoming traffic (red dots) to the destination VM. VRRP BackupMaster solves the problem of traffic congestion on the IST. Because there can be only one VRRP Master, all other interfaces are in backup mode.
Reference architectures Figure 45: Optimized routing before moving VMs In the traditional data center, chaos resulted after many VMs were moved. In an optimized data center as shown in the following figure, the incoming traffic enters the Layer 2 domain where an edge switch uses Inter-VSN routing to attach an I-SID to a VLAN. The I-SID bridges traffic directly to the destination.
SPBM design guidelines Figure 46: Optimized routing after moving VMs Related Links SPBM design guidelines on page 71 Solution-specific reference architectures The following sections describe solution-specific reference architectures, like for example for Video Surveillance or Data Center implementation, using the VSP 4000. Multi-tenant — fabric connect This fabric connect-based solution leverages the fabric capabilities of the VSP platforms: a VSP 7000 core and a VSP 4000 edge.
Solution-specific reference architectures Figure 47: Small core — multi-tenant The following list outlines the benefits of the fabric connect-based solution: • Endpoint provisioning • Fast failover • Simple to configure • L2 and L3 virtualized Hosted data center management solution — ETREE In some hosted data center solutions, the hosting center operating company takes responsibility for managing customer servers.
SPBM design guidelines Figure 48: Data center hosting private VLAN The following list outlines the benefits of the hosted data center management solution: • Easy endpoint provisioning • Optimal resiliency • Secure tenant separation Video surveillance — bridged In a video surveillance solution, optimal traffic forwarding is a key requirement to ensure proper operation of the camera and recorder solutions. However, signaling is also important to ensure quick channel switching.
Solution-specific reference architectures Figure 49: Deployment scenario — bridged video surveillance and IP camera deployment for transportation, airports, and government The following list outlines the benefits of the bridged video surveillance solution: • Easy end-point provisioning • sub second resiliency and mc forwarding • secure tenant separation • quick camera switching Video surveillance — routed In a video surveillance solution, optimal traffic forwarding is a key requirement to ensure proper o
SPBM design guidelines Figure 50: Deployment scenario — Routed video surveillance and IP camera deployment for transportation, airports, and government The following list outlines the benefits of the routed video surveillance solution: • Easy endpoint provisioning • Optimal resiliency and mc forwarding • Secure tenant separation • Rapid channel/camera switching Metro-Ethernet Provider solution VSP 9000, ERS 8000, VSP 7000 and VSP 4000 provide an end-to-end Metro-Ethernet Provider solution.
Best practices Figure 51: Metro ring access solution The following list outlines the benefits of the Metro-Ethernet Provider solution: • Easy endpoint provisioning • Optimal resiliency • Secure tenant separation Related Links SPBM design guidelines on page 71 Best practices This section provides best practices to configure an SPBM network.
SPBM design guidelines - If you do manually change the system ID, take the necessary steps to ensure no duplication exists in the network. • Create two B-VLANs to allow load distribution over both B-VLANs. This configuration is required if you use SMLT. Even if you do not use SMLT in the network, this is still good practice as adding a second B-VLAN to an existing configuration allows SPBM to load balance traffic across two equal-cost multipaths if the physical topology grants it.
SPBM restrictions and limitations nick-name : b:b0: MEP-id : md.ma. BMAC : 00:bb:00:00::00 VirtBMAC : 00:bb:00:00::ff MD : spbm (level 4) MA : 4040 & 4041 mep : mip : (level 4) isis manual area : 49.0001 Related Links SPBM design guidelines on page 71 SPBM restrictions and limitations This section describes the restrictions and limitations associated with SPBM on VSP 4000.
SPBM design guidelines • The current release uses Level 1 IS-IS. The current release does not support Level 2 IS-IS. The ACLI command show isis int-l2-contl-pkts is not supported in the current release because the IEEE 802.1aq standard currently only defines the use of one hierarchy, Level 1. • The IS-IS standard defines wide (32-bit ) metrics and narrow (8-bits) metrics. The current release supports the wide metric.
IP multicast over SPBM restrictions SSM If you delete any ssm-map in a static range group, the switch deletes the entire static range group. For example, create an ssm-map for 232.122.122.122 to 232.122.122.122.128 and after that configure this same range in a static group. If you delete any ssm-map between 232.122.122.122 and 232.122.122.128, the switch deletes the entire static range group. Data I-SID The BEB matches a single multicast stream to a particular data I-SID.
Chapter 14: IP multicast network design Use multicast routing protocols to efficiently distribute a single data source among multiple users in the network. This section provides information about how to design networks that support IP multicast routing. For more information about multicast routing, see Avaya Virtual Services Platform 4000 Series Configuration — IP Multicast Routing Protocols, NN46251-504. For design guidelines on IP Multicast over SPBM, see SPBM design guidelines on page 71.
Multicast scalability design rules Multicast flow distribution over MLT MultiLink Trunking (MLT) distributes multicast streams over a multilink trunk based on the source MAC address and the destination MAC address. As a result, the load is distributed on different ports of the multilink trunk more evenly. This functionality is enabled by default on the VSP 4000 and cannot be manually configured.
IP multicast network design Figure 52: IP multicast sources and receivers on interconnected VLANs 6. Avaya recommends the use of Static group-range-to-rendezvous point (RP) mappings in an SMLT topology as opposed to RP set learning via the Bootstrap Router (BSR) mechanism.
Multicast MAC address mapping considerations Internet Assigned Numbers Authority (IANA) reserves addresses from 224.0.0.0 through 224.0.0.255 for link-local network applications. Multicast-capable routers do not forward packets with an address in this range. For example, Open Shortest Path First (OSPF) uses 224.0.0.5 and 224.0.0.6, and Virtual Router Redundancy Protocol (VRRP) uses 224.0.0.18 to communicate across local broadcast network segments. IANA also reserves the range of 224.0.1.0 through 224.0.1.
IP multicast network design Figure 53: Multicast IP address to MAC address mapping Most Ethernet switches handle Ethernet multicast by mapping a multicast MAC address to multiple switch ports in the MAC address table. Therefore, when you design the group addresses for multicast applications, take care to efficiently distribute streams only to hosts that are receivers. VSP 4000 switches IP multicast data based on the IP multicast address, not the MAC address, and thus, does not have this issue.
Dynamic multicast configuration changes Dynamic multicast configuration changes Avaya recommends that you not perform dynamic multicast configuration changes when multicast streams flow in a network. For example, do not change the routing protocol that runs on an interface, or the IP address, or the subnet mask for an interface until multicast traffic ceases. For such changes, Avaya recommends that you temporarily stop all multicast traffic.
IP multicast network design to flow from sources to receivers. A multicast router normally provides the IGMP querier function. You can use the IGMP Layer 2 querier to provide a querier on a Layer 2 network without a multicast router. The Layer 2 querier function originates queries for multicast receivers, and processes the responses accordingly. On the connected Layer 2 VLANs, IGMP snoop continues to provide services as normal.
Guidelines for multicast access policies Although you can configure addresses starting with 01.00.5E, which are reserved for IP multicast address mapping, do not enable IP multicast with streams that match the configured addresses. This configuration can result in incorrect IP multicast forwarding and incorrect multicast MAC filtering. Guidelines for multicast access policies Use the following guidelines when you configure multicast access policies: • Use masks to specify a range of hosts.
IP multicast network design join a TV channel and IGMP leaves to exit the channel. After a viewer changes channels, an IGMPv2 leave for the old channel (multicast group) is issued, and a membership report for the new channel is sent. If viewers change channels continuously, the number of joins and leaves can become large, particularly if many viewers attach to the switch. VSP 4000 supports more than a thousand joins and leaves per second, which is well adapted to TV applications.
Multicast for multimedia propagation across the network if users change channels rapidly. Leave latency also depends on the robustness value, so a value of 2 equates to a leave latency of twice the LMQI. Determine the proper LMQI value for your particular network through testing. If a very large number of users connect to a port, assigning a value of 3 can lead to a storm of report messages after a group-specific query is sent.
Chapter 15: System and network stability and security Use the information in this chapter to design and implement a secure network. You must provide security mechanisms to prevent your network from attack. If links become congested due to attacks, you can immediately halt end-user services. During the design phase, study availability issues for each layer. To provide additional network security, you can use the Avaya Virtual Services Platform 9000 or your own high-performance stateful firewalls.
Damage prevention Prioritization of control traffic VSP 4000 uses a sophisticated prioritization scheme to schedule control packets on physical ports. This scheme involves two levels with both hardware and software queues to guarantee proper handling of control packets regardless of the switch load. In turn, this scheme guarantees the stability of the network. Prioritization also guarantees that applications that use many broadcasts are handled with lower priority.
System and network stability and security 4. Prevent unknown devices from influencing the spanning tree topology. Packet spoofing You can stop spoofed IP packets by configuring the switch to forward only IP packets that contain the correct source IP address of your network. By denying all invalid source IP addresses, you minimize the chance that your network is the source of a spoofed DoS attack.
Data plane security High Secure mode To ensure that VSP 4000 does not route packets with an illegal source address of 255.255.255.255 (RFC1812 Section 4.2.2.11 and RFC971 Section 3.2), you can enable High Secure mode. By default, this feature is disabled. After you enable this flag, the feature applies to all ports. For more information about High Secure mode, see Security for Avaya Virtual Services Platform 4000 Series, NN46251-601.
System and network stability and security TrustedHostAddr: TrustedHostUserName: AccessLevel: AccessStrict: Usage: N/A none readOnly false 0 If you disable access-strict (false), the policy looks at the value for accesslevel, and then the system applies the policy to anyone with equivalent rights or higher. In this example, all levels include readonly so the default policy applies to l1, l2, l3, rw, ro, and rwa. If you enable access-strict, the system applies the policy only to ro.
Control plane security Control plane security The control plane physically separates management traffic using the in-band interface. The control plane facilitates High Secure mode, management access control, access policies, authentication, SSH and Secure Copy, and SNMP. Management port Avaya Virtual Services Platform 4000 Series requires one port to be configured as the management port.
System and network stability and security Figure 55: Terminal server access If you must access the switch, Avaya recommends that you use the console port. The switch is always reachable, even if an issue occurs with the in-band network management interface. Management access control The following table shows management access levels. For more information, see Security for Avaya Virtual Services Platform 4000 Series, NN46251-601.
Control plane security Access level Description Read Write Use this level to view and edit most device configuration. You cannot change the security and password configuration. Read Write All Use this level to do everything. You have all the privileges of read-write access and the ability to change the security configuration. The security configuration includes access passwords and the web-based management user names and passwords.
System and network stability and security policy to provide access. A lower precedence takes higher priority if you use multiple policies. Preference 120 has priority over preference 128. RADIUS authentication You can enforce access control by using Remote Authentication Dial-in User Service (RADIUS). RADIUS provides a high degree of security against unauthorized access and centralizes the knowledge of security access based on a client and server architecture.
Control plane security equal value. For example, if you configure the server with UDP 1812, the client must use the same UDP port value. Other customizable RADIUS parameters require careful planning and consideration, for example, switch timeout and retry. Use the switch timeout to define the number of seconds before the authentication request expires. Use the retry parameter to indicate the number of retries the server accepts before sending an authentication request failure.
System and network stability and security management virtual IP address. This configuration is true for all traps routed out on the I/O ports or on the out-of-band management Ethernet port. SNMPv3 support SNMP version 1 and version 2 are not secure because communities are not encrypted. Avaya strongly recommends that you use SNMP version 3. SNMPv3 provides stronger authentication services and the encryption of data traffic for network management.
Additional information • The Research and Education Organization for Network Administrators and Security Professionals (SANS) • The Computer Security Institute (CSI) December 2014 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 16: QoS design guidelines This chapter provides design guidelines to provide Quality of Service (QoS) to user traffic on the network. For more information about fundamental QoS mechanisms and how to configure QoS, see Configuration - QoS and ACL-Based Traffic Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502. QoS mechanisms Avaya Virtual Services Platform 4000 Series has a solid, well-defined architecture to handle QoS in an efficient and effective manner.
QoS mechanisms Traffic category Application example ASC Routing table updates Network Real-Time, Delay Intolerant IP telephony; interhuman communication Premium Real-Time, Delay Tolerant Video conferencing; interhuman communication.
QoS design guidelines Figure 59: Filter decision-making process Configure filters through the use of Access Control Lists (ACL) and Access Control Entries (ACE), which are implemented in hardware. An ACL can include both security and QoS type ACEs. The platform supports 2048 ACLs and 1000 ACEs for each ACL to a maximum of 16,000 ACEs for each plaform. The following steps summarize the filter configuration process: 1. Determine your desired match fields. 2. Create an ACL. 3. Create an ACE within the ACL.
QoS interface considerations The system can perform rate metering only on a Layer 3 basis. Traffic shapers buffer and delay violating traffic. These operations occur at the egress level. VSP 4000 supports traffic shaping at the port level. QoS interface considerations Four QoS interface types are explained in detail in the following sections. You can configure an interface as trusted or untrusted, and for bridging or routing operations. Use these parameters to properly apply QoS to network traffic.
QoS design guidelines Enable DiffServ Access DiffServ 802.1p Override Routed Packet Tagged Ingress Packet Internal QoS Derived From Egress Packet DSCP Derived from Egress Packet 802.1p Derived from 1 1, L3T=0 0, L2T=1 X 0 Port QoS iQoS iQoS 0 X, L3T=0 0, L2T=1 X 1 .
QoS examples and recommendations At a high level, three main types or stages of congestion exist: 1. No congestion 2. Bursty congestion 3. Severe congestion In a noncongested network, QoS actions ensure that delay-sensitive applications, such as real-time voice and video traffic, are sent before lower-priority traffic. The prioritization of delay-sensitive traffic is essential to minimize delay and reduce or eliminate jitter, which has a detrimental impact on these applications.
QoS design guidelines The following figure illustrates the actions performed on three different bridged traffic flows (that is VoIP, video conference, and email) at access and core ports throughout the network. Figure 60: Trusted bridged traffic For bridged, untrusted traffic, if you configure the port to access, mark and prioritize traffic on the access node using global filters. Reclassify the traffic to ensure it complies with the class of service specified in the SLA.
QoS examples and recommendations Figure 61: RPR QoS internetworking Routed traffic If you route traffic over the core network, VLANs are not kept separate. If you configure the port to core, you assume that, for all incoming traffic, the QoS configuration is properly marked. All core switch ports simply read and forward packets. The switch does not remark or classify the packets. The customer device or the edge devices perform all initial QoS markings.
QoS design guidelines Figure 62: Trusted routed traffic For routed, untrusted traffic, in an access node, packets that enter through a tagged or untagged access port exit through a tagged or untagged core port. 134 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 17: Layer 1, 2, and 3 design examples This chapter provides examples to help design your network. Layer 1 examples deal with the physical network layouts. Layer 2 examples map Virtual Local Area Networks (VLAN) on top of the physical layouts. Layer 3 examples show the routing instances that Avaya recommends to optimize IP for network redundancy. Layer 1 example This section describes a Layer 1 network design example that focuses primarily on the physical network layout.
Layer 1, 2, and 3 design examples Figure 63: Layer 1 design example Layer 2 example This section describes a Layer 2 network design example that maps VLANs over the physical network layout. Layer 2: Design example The following example shows a redundant device network that uses one VLAN for all switches. To support multiple VLANs, you need 802.1Q tagging on the links with trunks. 136 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Layer 3 example Figure 64: Layer 2 design example Layer 3 example This section describes a Layer 3 network design example that shows the routing instances that Avaya recommends you use to optimize IP for network redundancy. Layer 3: Design example The example in the following figure uses redundant links. December 2014 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Layer 1, 2, and 3 design examples Figure 65: Layer 3 design example 138 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 18: Software scaling capabilities This chapter lists software scaling capabilities of Avaya Virtual Services Platform 4000 Series.
Software scaling capabilities Maximum number supported e-BGP peers 12 e-BGP routes 16,000 Address Resolution Protocol (ARP) for each port, VRF, or VLAN (IPv4) 6,000 entries total Circuitless IP interfaces 64 Maximum B-MACs 1000 ECMP routes 1000 ECMP groups 512 groups with a maximum of 4 ECMP paths per group Note: The maximum number of ECMP routes per VSP 4000 system is 1,000.
Maximum number supported Mirrored ports 49 Remote Mirroring Termination (RMT) ports 4 Filters and QoS Port shapers (IPv4) 50 ACEs per ACL (a combination of Security and QoS ACEs) 1,000 Unique redirect next hop values for ACE Actions (IPv4) Ingress: 1,536, Egress: 256 SPBM C-VLANs per VSP 4000 node 1,000 Maximum number of nodes per region 1,000 MAC entries 16,000 (combination of ARP entries and Layer 2 MACs) Backbone MAC 1,000 IP routes in the Global Router 16,000 Maximum IS-IS IP routes
Software scaling capabilities Maximum number supported Maximum MAC limit on a T-UNI I-SID 32,000 Note: This is also the device limit. 142 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 19: Supported standards, RFCs, and MIBs This chapter details the standards, request for comments (RFC), and Management Information Bases (MIB) that Avaya Virtual Services Platform 4000 Series supports. Supported IEEE standards The following table details the IEEE standards that Avaya Virtual Services Platform 4000 Series supports. Table 23: Supported IEEE standards IEEE standard Description 802.1aq Shortest Path Bridging (SPB) 802.1D MAC bridges (Spanning Tree) 802.
Supported standards, RFCs, and MIBs IEEE standard Description 802.3x flow control 802.3z Gigabit Ethernet Supported RFCs The following table and sections list the RFCs that Avaya Virtual Services Platform 4000 Series supports. Table 24: Supported request for comments 144 Request for comment Description draft-grant-tacacs-02.
Quality of service Request for comment Description RFC1591 DNS Client RFC1812 Router requirements RFC1866 Hypertext Markup Language version 2 (HTMLv2) protocol RFC2068 Hypertext Transfer Protocol RFC2131 Dynamic Host Control Protocol (DHCP) RFC2138 RADIUS Authentication RFC2139 RADIUS Accounting RFC2338 Virtual Redundancy Router Protocol (VRRP) RFC2616 Hypertext Transfer Protocol 1.
Supported standards, RFCs, and MIBs Request for comment Description RFC1271 Remote Network Monitoring Management Information Base RFC1305 Network Time Protocol v3 Specification, Implementation and Analysis RFC1350 TFTP (Revision 2) RFC1354 IP Forwarding Table MIB RFC1757 Remote Network Monitoring Management Information Base RFC1907 Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) RFC1908 Coexistence between v1 and v2 of the Internetstandard Network
Standard MIBs Request for comment Description RFC1389 RIPv2 MIB Extensions RFC1398 Ethernet MIB RFC1442 Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2) RFC1450 Management Information Base for v2 of the Simple Network Management Protocol (SNMPv2) RFC1573 Interface MIB RFC1650 Definitions of Managed Objects for the Ethernet-like Interface Types RFC1657 BGP-4 MIB using SMIv2 RFC1850 OSPF MIB RFC2096 IP Forwarding Table MIB RFC2578 Struc
Supported standards, RFCs, and MIBs 148 Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB4—Internet Assigned Numbers Authority (IANA) Interface Type — iana_if_type.mib STDMIB5—Structure of Management Information (SMI) RFC1155 rfc1155.mib STDMIB6—Simple Network Management Protocol (SNMP) RFC1157 rfc1157.
Standard MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB26f —Coexistence RFC2576 between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework rfc2576.mib STDMIB29—Definitions of Managed Objects for the Virtual Router Redundancy Protocol RFC2787 rfc2787.mib STDMIB31—Textual Conventions for Internet Network Addresses RFC2851 rfc2851.mib STDMIB32—The Interface Group MIB RFC2863 rfc2863.
Supported standards, RFCs, and MIBs Proprietary MIBs The following table details the proprietary MIBs that Avaya Virtual Services Platform 4000 Series supports. Table 29: Proprietary MIBs Proprietary MIB name File name PROMIB1—Rapid City MIB rapid_city.mib Note: The MACsec tables, namely, rcMACSecCATable and rcMACSecIfConfigTable are a part of the Rapid City MIB. 150 PROMIB 2—SynOptics Root MIB synro.mib PROMIB3—Other SynOptics definitions s5114roo.
Glossary Backbone Core Bridge (BCB) Backbone Core Bridges (BCBs) form the core of the SPBM network. The BCBs are SPBM nodes that do not terminate the VSN services. BCBs forward encapsulated VSN traffic based on the Backbone MAC Destination Address (B-MAC-DA). A BCB can access information to send that traffic to any Backbone Edge Bridges (BEBs) in the SPBM backbone. Backbone Edge Bridge (BEB) Backbone Edge Bridges (BEBs) are SPBM nodes where Virtual Services Networks (VSNs) terminate.
Glossary separates a network into administrative domains called Maintenance Domains (MD). Customer MAC (CMAC) For customer MAC (C-MAC) addresses, which is customer traffic, to forward across the service provider back, SPBM uses IEEE 802.1ah Provider Backbone Bridging MAC-in-MAC encapsulation. The system encapsulates C-MAC addresses within a backbone MAC (B-MAC) address pair made up of a BMAC destination address (BMAC-DA) and a BMAC source address (BMAC-SA).
latency latency The time between when a node sends a message and receipt of the message by another node; also referred to as propagation delay. Layer 1 Layer 1 is the Physical Layer of the Open System Interconnection (OSI) model. Layer 1 interacts with the MAC sublayer of Layer 2, and performs character encoding, transmission, reception, and character decoding. Layer 2 Layer 2 is the Data Link Layer of the OSI model. Examples of Layer 2 protocols are Ethernet and Frame Relay.
Glossary link-state database (LSDB) A database built by each OSPF router to store LSA information. The router uses the LSDB to calculate the shortest path to each destination in the autonomous system (AS), with itself at the root of each path. load balancing The practice of splitting communication into two (or more) routes or servers. MAC-in-MAC encapsulation MAC-in-MAC encapsulation defines a BMAC-DA and BMAC-SA to identify the backbone source and destination addresses.
Provider Backbone Bridge (PBB) Provider Backbone Bridge (PBB) To forward customer traffic across the service-provider backbone, SPBM uses IEEE 802.1ah Provider Backbone Bridging (PBB) MAC-in-MAC encapsulation, which hides the customer MAC (C-MAC) addresses in a backbone MAC (B-MAC) address pair. MAC-in-MAC encapsulation defines a BMAC-DA and BMAC-SA to identify the backbone source and destination addresses.
Glossary 3 Virtual Services Network [VSN]) across the MAC-in-MAC backbone. With Layer 2 VSNs, you associate the I-SID with a customer VLAN, which is then virtualized across the backbone. With Layer 3 VSNs, you associate the I-SID with a customer VRF, which is also virtualized across the backbone. service level agreement (SLA) A service contract that specifies the forwarding service that traffic receives.
small form-factor pluggable plus (SFP+) small form-factor pluggable plus (SFP +) SFP+ transceivers are similar to SFPs in physical appearance but SFP+ transceivers provide Ethernet at 10 gigabits per second (Gbps). spanning tree A simple, fully-connected active topology formed from the arbitrary physical topology of connected bridged Local Area Network components by relaying frames through selected bridge ports.
Glossary Virtual Router Redundancy Protocol (VRRP) A protocol used in static routing configurations, typically at the edge of the network. This protocol operates on multiple routers on an IP subnet and elects a primary gateway router. When the primary router fails, a backup router is quickly available to take its place.
