Network Design Reference for Avaya Virtual Services Platform 4000 Series Release 4.1 NN46251-200 Issue 0 .
© 2015 Avaya Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
result in substantial additional charges for your telecommunications services. Avaya Toll Fraud intervention If You suspect that You are being victimized by Toll Fraud and You need technical assistance or support, call Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and Canada. For additional support telephone numbers, see the Avaya Support website: http://support.avaya.com or such successor site as designated by Avaya.
Contents Chapter 1: Introduction............................................................................................................ 7 Purpose.................................................................................................................................. 7 Related resources................................................................................................................... 7 Support.......................................................................................
Contents Spanning tree and protection against isolated VLANs............................................................... 52 MSTP and RSTP considerations............................................................................................ 53 Chapter 10: Layer 3 network design..................................................................................... 55 VRF Lite...............................................................................................................................
Contents Chapter 15: Layer 1, 2, and 3 design examples................................................................. 137 Layer 1 example.................................................................................................................. 137 Layer 2 example.................................................................................................................. 138 Layer 3 example........................................................................................................
Chapter 1: Introduction Purpose This document provides information to help you build robust, efficient networks using the Avaya Virtual Services Platform 4000 Series . You can use the examples and important design guidelines listed in this document for many features and protocols. Related resources Documentation See the Documentation Roadmap for Avaya Virtual Services Platform 4000 Series, NN46251-100, for a list of the documentation for this product. Training Ongoing product training is available.
Introduction Procedure • To find videos on the Avaya Support website, go to http://support.avaya.com and perform one of the following actions: - In Search, type Avaya Mentor Videos to see a list of the available videos. - In Search, type the product name. On the Search Results page, select Video in the Content Type column on the left. • To find the Avaya Mentor videos on YouTube, go to www.youtube.
Related resources 5. In the GENERAL NOTIFICATIONS area, select the required documentation types, and then click UPDATE. 6. Click OK. 7. In the PRODUCT NOTIFICATIONS area, click Add More Products. 8. Scroll through the list, and then select the product name. 9. Select a release version. 10. Select the check box next to the required documentation types. January 2015 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Introduction 11. Click Submit. Support Go to the Avaya Support website at http://support.avaya.com for the most up-to-date documentation, product notices, and knowledge articles. You can also search for release notes, downloads, and resolutions to issues. Use the online service request system to create a service request. Chat with live agents to get answers to questions, or request an agent to connect you to a support team if an issue requires additional expertise.
Support 3. In the Search dialog box, select the option In the index named .pdx. 4. Enter a search word or phrase. 5. Select any of the following to narrow your search: • Whole Words Only • Case-Sensitive • Include Bookmarks • Include Comments 6. Click Search. The search results show the number of documents and instances found. You can sort the search results by Relevance Ranking, Date Modified, Filename, or Location. The default is Relevance Ranking.
Chapter 2: New in this release The following sections detail what is new in Network Design Reference for Avaya Virtual Services Platform 4000 Series, NN46251–200 for Release 4.1. Related Links Features on page 12 Other changes on page 13 Features See the following sections for information about feature-related changes. Access-level and access-strict If you configure the access policy mode to deny, the system checks the mode and service, and if they match the system denies the connection.
Other changes applies autonegotiation. If you install a 10 GbE transceiver, the system does not remove the autonegotiation settings from the configuration, but the system simply ignores the configuration because autonegotiation settings are irrelevant to a 10 GbE transceiver. The system preserves the saved configuration for autonegotiation when resaved no matter which speed of transceiver you install. For more information, see 10/100/1000BASE-TX Auto-Negotiation recommendations on page 30. IPv6 Release 4.
Chapter 3: Network design fundamentals To efficiently and cost-effectively use Avaya Virtual Services Platform 4000 Series, you must properly design your network, which includes the following considerations: • Reliability and availability • Platform redundancy • Desired level of redundancy A robust network depends on the interaction between system hardware and software. System software can be divided into different functions as shown in the following figure.
Based on network problem-tracking statistics, the following list is an approximate stability estimation model of a system that uses these components: • Hardware and drivers represent a small portion of network problems. • Local software represents a more significant share. • Interacting software represents the vast majority of the reported issues. Based on this model, network design attempts to off-load the interacting software level as much as possible to the other levels, especially to the hardware level.
Chapter 4: Hardware fundamentals and guidelines This chapter provides general hardware guidelines to use the Avaya Virtual Services Platform 4000 Series in a network. Use the information in this chapter to help you during the hardware design and planning phase. Supported hardware Release 4.0.50 supports the following VSP 4000 Series models: 1. VSP 4850GTS Series: Includes the 4850GTS (AC), the 4850GTS-PWR+, the 4850GTS-DC. 2.
Platform considerations Note: The 300W and 1000 W AC power supplies use the IEC 60320 C16 AC power cord connector. Use the order codes to order a replacement for the primary PSU or to order a redundant PSU for your VSP 4000 system. Table 1: Power supply order codes VSP 4000 PSU Usage Part number (order code) 300 W AC power supply For use in the ERS 4626GTS, VSP 4850GTS and WL8180, WL8180-16L wireless controllers.
Hardware fundamentals and guidelines Power specifications for VSP 4000 switches 4850GTS series and 4450GSX series The following sections describe the regulatory AC and DC power specifications for the VSP 4000 series switches. AC power specifications The following table describes the regulatory AC power specifications for the 4850GTS series and the 4450GSX-PWR+ switches.
Platform considerations 4450GSX-PWR+ Power Consumption • Without PoE+ - Typical: 116 W - Maximum: 164.6 W • With PoE+ - Typical power utilization depends on the number of ports using PoE+. - Maximum: 553.
Hardware fundamentals and guidelines Important: Ensure that you use only 1000 W power supplies (both primary and secondary) on VSP 4000 PWR+ models. Figure 2: 1000 W AC power supply 300 W AC power supply The Avaya VSP 4850GTS supports 300 W AC power supplies. Figure 3: 300 W AC power supply Connector The 300 W and 1000 W AC power supplies use an IEC 60320 C16 AC power cord connector. The AC power cord is in close proximity to the hot-air exhaust, and supports high operating temperatures.
Platform considerations The 1000 W AC power supplies use an IEC 60320 C16 AC power cord connector. The AC power cord is in close proximity to the hot-air exhaust, and supports high operating temperatures. Figure 4: IEC 60320 C16 connector Power over Ethernet Plus specifications Table 5: Avaya VSP 4850GTS and 4850GTS-PWR+ models Maximum PoE+ W Average PoE+ W on 50 port model 855 W with one power supply 15.4 W (802.3af) 1855 W with two power supplies 17.8 W (802.3.at) — One power supply 32.4 W (802.
Hardware fundamentals and guidelines PoE+ support on 0°C to 50°C 50°C to 70°C 48 ports 26 ports • VSP 4450GTX-HT-PWR+ can support 802.3af 17.8W or 32.4W on each port with one power supply installed. You can add a second power supply for redundancy. DC power supply specifications The following table describes the DC power supply specifications for the VSP 4000.
Hardware compatibility for VSP 4000 Release 3.0 VSP 4000 model VSP 4850GTS-PWR+ Description Part number • Same content as EC4800A78-E6 with a NA power cord. EC4800E78-E6 • Same content as EC4800A78-E6 with a EU power cord. EC4800F78-E6 • 48 10/100/1000 802.3at PoE+ EC4800A88-E6 • two shared SFP ports • two 1/10GE SFP+ ports • Base Software License • one (of two) field replaceable 1000W PSUs supplied with the chassis 3.0 VSP 4850GTS DC • Same content as EC4800A88-E6 with a EU power cord.
Hardware fundamentals and guidelines Release 4.0.40 VSP 4000 model VSP 4450GTX-HT-PWR+ Description Part number • Same content as EC4400A05-E6 with a NA power cord. EC4400E05-E6 • Same content a EC4400A05-E6 with a AU power cord. EC4400F05-E6 • 48 10/100/1000 Base TX RJ-45 ports with 802.3at PoE+ EC4400A03-E6 • two shared SFP ports • two 1/10GE SFP+ ports • Base Software License • one (of two) field replaceable 1000W PSUs supplied with the chassis 4.0.
Supported optical devices Supported optical devices Use optical devices to achieve high-bit-rate communications and long transmission distances. The following section describes the supported optical devices on the VSP 4000 system. Important: Avaya recommends that you use Avaya branded SFP and SFP+ transceivers as they undergo extensive qualification and testing. Avaya is not responsible for any problems that arise from using non-Avaya branded SFP and SFP+ transceivers.
Hardware fundamentals and guidelines Model ROHS product number Description recommends AA1419057-E6 as a replacement. 1000BASE-ZX DDI AA1419052-E6 1550 nm, up to 70 km (non-CWDM) This transceiver has been discontinued but remains supported by the software. Avaya recommends AA1419065-E6 as a replacement. 1000BASE-BX DDI AA1419069-E6 and AA1419070-E6 mating pair One model transmits at 1310 nm and receives at 1490 nm, while the mating model transmits at 1490 nm and receives at 1310 nm.
Supported optical devices Table 11: Supported SFP+ transceivers and cables Model number Part number Description 10GBASE-CX AA1403018-E6 to AA1403021-E6 4-pair twinaxial copper cable to connect 10 gigabit ports. The maximum range is 15 meters (m). 10GBASE-ER/EW AA1403013-E6 1550 nanometers (nm) singlemode fiber (SMF). The range is up to 40 kilometers (km). 10GBASE-ER CWDM DDI AA1403153-E6 1471 nm SMF. The range is up to 40 km. AA1403154-E6 1491 nm SMF. The range is up to 40 km.
Hardware fundamentals and guidelines Model number Part number Description • 82 m using 50 μm, 500 MHz-km MMF • 300 m using 50 μm, 2000 MHzkm MMF • 400 m using 50 μm, 4700 MHzkm MMF (OM4) 10GBASE-SR (0 °C to +85 °C) AA1403015-E6HT 850 nanometers (nm). The range is up to the following: • 26 m using 62.5 micrometer (μm), 160 megaHertz times km (MHz-km) MMF • 33 m using 62.5 μm, 200 MHzkm MMF • 66 m using 62.
Dispersion considerations for long reach Optical power considerations When you connect the device to collocated equipment, ensure that enough optical attenuation exists to avoid overloading the receivers of each device. You must consider the minimum attenuation requirement based on the specifications of third-party equipment.
Hardware fundamentals and guidelines than required, which determines whether additional consideration is needed. If the power budget is exceeded or margin is insufficient, you can either use a transceiver rated for longer distance operation, or calculate budget and losses using actual values rather than specified limit values. Either method can improve the link budget by 4 to 5 dB or more.
Auto MDIX Port on A Port on B Remarks Recommendations you require full-duplex, but the configuration does not support Auto-Negotiation. Auto-Negotiation cannot detect the identities of neighbors or shut down misconnected ports. Upperlayer protocols perform these functions. Note: The 10 GigabitEthernet fiber-based I/O module ports can operate at either 1 Gigabit per second (Gbps) or 10 Gbps, dependent upon the capabilities optical transceiver that you install.
Hardware fundamentals and guidelines CANA Use Custom Auto-Negotiation Advertisement (CANA) to control the speed and duplex settings that the interface modules advertise during Auto-Negotiation sessions between Ethernet devices. Modules can only establish links using these advertised settings, rather than at the highest common supported operating mode and data rate. Use CANA to provide smooth migration from 10/100 Mbps to 1000 Mbps on host and server connections.
Chapter 5: Optical routing design The Avaya optical routing system uses coarse wavelength division multiplexing (CWDM) in a grid of eight optical wavelengths. Use the Avaya optical routing system to maximize bandwidth on a single optical fiber. This chapter provides optical routing system information that you can use to help design your network.
Optical routing design • Optical add/drop multiplexers (OADM) • Optical multiplexer/demultiplexers (OMUX) • Optical shelf to house the multiplexers OADMs drop or add a single wavelength from or to an optical fiber. For the list of supported optical devices on the Avaya Virtual Services Platform 4000 Series platform for the current release, see Supported optical devices on page 25. 34 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 6: Platform redundancy This chapter includes recommendations to provide a fault-tolerant platform. Power redundancy The Avaya VSP 4000 series PWR+ models support dual 54V 1000W Power over Ethernet Plus (PoE+) AC power supplies. This model supports two external field-replaceable power supplies. You can install a secondary power supply to provide redundancy and load sharing, and add Power over Ethernet Plus (PoE+) power budget on PWR+ models.
Platform redundancy Maximum PoE+ W 1835 W with two power supplies Average PoE+ W on 12 ports • VSP 4450GSX-PWR+ can support 802.3af 17.8 W or 32.4 W on each port with one power supply installed. You can add a second power supply for redundancy.
Link redundancy Link redundancy Provide physical and link layer redundancy to eliminate a single point of failure in the network. For more information, see Link redundancy on page 38. January 2015 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 7: Link redundancy You can build link redundancy into your network to: • Help eliminate a single point of failure in your network (provide physical and link layer redundancy) • Prevent a service interruption caused by a faulty link (provide link layer redundancy) This chapter explains the following design options that you can use to achieve link redundancy (provide alternate data paths) : • Physical layer redundancy • MultiLink Trunking • 802.
Physical layer redundancy Figure 6: 1000BASE-X RFI End-to-end fault detection and VLACP Because remote fault indication (RFI) terminates at the next Ethernet hop, the device that uses only RFI cannot determine failures on an end-to-end basis over multiple hops. However, you can use Virtual Link Aggregation Control Protocol (VLACP) to provide an end-to-end failure detection mechanism. You can configure VLACP on a port and enable it over single links or multilink trunks (MLT).
Link redundancy To minimize network outages, you can also use VLACP to switch traffic around entire network devices before Layer 3 protocols detect a network failure. VLACP is an extension of the Link Aggregation Control Protocol (LACP) but LACP and VLACP are independent features. VLACP does not perform link aggregation; it detects end-to-end link failures.
Physical layer redundancy Figure 8: Problem description (2 of 2) However, if you use VLACP to detect far-end failures and allow MLT to fail over when end-to-end connectivity is not guaranteed for links in an aggregation group, VLACP prevents the failure scenario in the preceding figure. Avaya recommends that you use the following guidelines for VLACP implementation: • Do not use VLACP on configured LACP MLTs because LACP provides the same functionality as VLACP for link failure.
Link redundancy end-to-end perspective. If a particular link does not receive VLACP PDUs, the platform shuts the link down after the expiry time-out occurs (time-out scale x periodic time). As a result of this action the ports stay in a disabled state. MultiLink Trunking Use MLT to provide link-layer redundancy. You can use MLT to provide alternate paths around failed links. When you configure MLT links, consider the following information: • The device supports 24 MLT aggregation groups.
802.3ad-based link aggregation Table 17: Path cost for RSTP or MSTP mode Link speed Recommended path cost Less than or equal 100 Kbps 200 000 000 1 Mbps 20 000 000 10 Mbps 2 000 000 100 Mbps 200 000 1 Gbps 20 000 10 Gbps 2000 100 Gbps 200 1 Tbps 20 10 Tbps 2 802.3ad-based link aggregation Link aggregation provides link layer redundancy. Use IEEE 802.3ad-based link aggregation (IEEE 802.
Link redundancy LACP and spanning tree interaction Only the physical link state or the LACP peer status affects the operation of LACP. When a link changes state between UP and DOWN, the LACP module receives notification. The spanning tree forwarding state does not affect the operation of the LACP module. LACP data units (LACPDU) can be sent even if the port is in spanning tree blocking state.
Chapter 8: Layer 2 loop prevention This chapter provides information about how to use bandwidth and network resources efficiently, and to prevent Layer 2 data loops. Loop prevention and detection In certain network designs, loops can form. For example, loops can form if you have incorrect configuration or cabling. There are two solutions to detect loops: Loop Detect, and Simple Loop Prevention Protocol (SLPP).
Layer 2 loop prevention SLPP configuration considerations and recommendations SLPP uses an individual VLAN hello packet mechanism to detect network loops. Sending hello packets on an individual VLAN basis allows SLPP to detect VLAN-based network loops for untagged and tagged IEEE 802.1Q VLAN link configurations. You determine to which VLANs a switch sends SLPP test packets. All port members of the SLPP-enabled VLAN replicate the packets.
SLPP example scenarios Parameter Configuration Packet Rx threshold 50 Transmission interval 500 ms (default) Loop Detect Use the Loop Detect feature at the edge of a network to prevent loops. This feature detects whether the same MAC address appears on different ports. Loop Detect can disable a VLAN or a port. The Loop Detect feature can also disable a group of ports if it detects the same MAC address on two different ports five times in a configurable amount of time.
Layer 2 loop prevention Scenario 1: VSP 4000 as an edge router Scenario 1 demonstrates a triangular setup with ERS 8800 switches as IST peers, and VSP 4000 on the edge. From VSP 4000, there are four links that are part of the same MLT, with SLPP enabled on the VSP 4000 ports. Because the MLT ports are misconfigured, loops can occur. For example, port 1/1 on VSP 4000 can be part of the MLT, but on the ERS port, 2/1 is not part of the MLT, although they are on the same VLAN.
SLPP example scenarios Figure 10: VSP 4000 as an edge router and with an additional link with ERS 8800 The SLPP PDUs generated by VSP 4000 return to the same device through the additional link. After the threshold value set on the SLPP-enabled ports is reached, the ports are shut down. Scenario 3: VSP 4000 as a BEB connected to an edge router In scenario 3, VSP 4000 acts as a Backbone Edge Bridge (BEB) and is connected to a BayStack device.
Layer 2 loop prevention Figure 11: VSP 4000 as a BEB connected to an edge router In this scenario, either SLPP or RSTP/MSTP can shut the ports down. Scenario 4: Two VSP 4000 switches acting as BEBs In scenario 4, there are two VSP 4000 devices that act as BEBs and are connected to each other through MLT, with two BayStack devices connected to each of the BEBs. The interface that connects the VSP 4000 interfaces is an Intermediate System to Intermediate System (IS-IS) interface with STP disabled.
SLPP example scenarios Figure 12: Two VSP 4000 switches acting as BEBs The SLPP PDUs generated by the VSP 4000-1 return to itself through VSP 4000–2, Bay Stack 2, and Bay Stack 1. After reaching the threshold value, the SLPP shuts the port down, eliminating the loop. January 2015 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 9: Spanning tree Spanning tree prevents loops in switched networks. Avaya Virtual Services Platform 4000 Series supports Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP). This chapter describes issues to consider when you configure spanning tree protocols. For more information about spanning tree protocols, see Avaya Virtual Services Platform 4000 Series Configuration — VLANs and Spanning Tree, NN46251-500.
MSTP and RSTP considerations Figure 13: VLAN isolation MSTP and RSTP considerations The Spanning Tree Protocol (STP) provides loop protection and recovery, but it is slow to respond to a topology change in the network (for example, a dysfunctional link in a network). RSTP (IEEE 802.1w) and MSTP (IEEE 802.1s) reduce the recovery time after a network failure. RSTP and MSTP also maintain a backward compatibility with IEEE 802.1D. Typically, the recovery time of RSTP and MSTP is less than 1 second.
Spanning tree RSTP and MSTP provide a global spanning tree parameter, called version, for backward compatibility with legacy STP. You can configure version to either STP-compatible mode, RSTP mode, or MSTP mode: • An STP-compatible port transmits and receives only STP Bridge Protocol Data Units (BPDU). An RSTP or MSTP BPDU that the port receives in this mode is discarded. • An RSTP or MSTP port transmits and receives only RSTP or MSTP BPDUs.
Chapter 10: Layer 3 network design This chapter describes Layer 3 design considerations that you need to understand to properly design an efficient and robust network. VRF Lite The Avaya Virtual Services Platform 4000 Series supports the Virtual Routing and Forwarding (VRF) Lite feature, which supports many virtual routers, each with its own routing domain. VRF Lite virtualizes the routing tables to form independent routing domains, which eliminates the need for multiple physical routers.
Layer 3 network design VRF Lite architecture examples VRF Lite enables a router to act as many routers. This provides virtual traffic separation for each user and provides security. For example, you can use VRF Lite to: • Provide different departments within a company with site-to-site connectivity as well as Internet access • Provide centralized and shared access to data centers. The following figure shows how VRF Lite can emulate VPNs.
Virtual Router Redundancy Protocol access the Internet, data storage, VoIP-PSTN, or call signaling services. To interconnect VRF instances, you can use an external firewall that supports virtualization, or use inter-VRF forwarding for specific services. Using the inter-VRF solution, you can use routing policies and static routes to inject IP subnets from one VRF instance to another, and filters to restrict access to certain protocols. The following figure shows inter-VRF forwarding.
Layer 3 network design BackupMaster routes all traffic received on the BackupMaster IP interface according to the switch routing table. Figure 17: VRRP with BackupMaster Avaya recommends that you stagger VRRP instances on a network or subnet basis. The following figure shows the VRRP Masters and BackupMasters for two subnets.
Virtual Router Redundancy Protocol holddown timer to a minimum of 1.5 times the IGP convergence time is sufficient. For OSPF, Avaya recommends that you use a value of 90 seconds if you use the default OSPF timers. • Implement VRRP BackupMaster for an active-active configuration (BackupMaster works across multiple switches that participate in the same VRRP domain). • Configure VRRP priority as 200 to configure VRRP Master.
Layer 3 network design In this figure, configuration A is optimal because VRRP convergence occurs within 2 to 3 seconds. In configuration A, three spanning tree instances exist and VRRP runs on the link between the two routers. Spanning tree instance 2 exists on the link between the two routers, which separates the link between the two routers from the spanning tree instances found on the other devices. All uplinks are active.
Open Shortest Path First Figure 21: Avoiding excessive ICMP redirect messages without SMLT Open Shortest Path First Use OSPF to ensure that the switch can communicate with other OSPF routers. This section describes some general design considerations and presents a number of design scenarios for OSPF. For more information about OSPF concepts and configuration, see Avaya Virtual Services Platform 4000 Series Configuration — OSPF and RIP, NN46251-506.
Layer 3 network design • 5 adjacencies with an LSA_CNT of 200 (Area 3) Calculate the number as follows: 3*500+10*1000+5*200=12.5K < 16K This configuration ensures that the switch operates within accepted scalability limits. OSPF design guidelines Follow these additional OSPF guidelines: • OSPF timers must be consistent across the entire network. • Use OSPF area summarization to reduce routing table sizes. • Use OSPF passive interfaces to reduce the number of active neighbor adjacencies.
Open Shortest Path First Figure 22: Example 1: OSPF on one subnet in one area The routers in the preceding figure use the following configuration: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port uses an IP address of 192.168.10.1. • S2 has an OSPF router ID of 1.1.1.2, and the OSPF port uses an IP address of 192.168.10.2. The general method to configure OSPF on each routing switch is: 1. Enable OSPF globally. 2. Enable IP forwarding on the switch. 3.
Layer 3 network design The routers in example 2 use the following configuration: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port uses an IP address of 192.168.10.1. • S2 has an OSPF router ID of 1.1.1.2, and two OSPF ports use IP addresses of 192.168.10.2 and 192.168.20.1. • S3 has an OSPF router ID of 1.1.1.3, and the OSPF port uses an IP address of 192.168.20.2. The general method to configure OSPF on each routing switch is: 1. Enable OSPF globally. 2.
Border Gateway Protocol 2. Configure OSPF on one network. On S1, insert the IP address, subnet mask, and VLAN ID for the OSPF port. Enable OSPF on the port. On S2, insert the IP address, subnet mask, and VLAN ID for the OSPF port in area 1, and enable OSPF on the port. Both routable ports belong to the same network. Therefore, by default, both ports are in the same area. 3. Configure three OSPF areas for the network. 4. Configure OSPF on two additional ports in a second subnet.
Layer 3 network design BGP implementation guidelines To successfully implement BGP in a VSP 4000 network, follow these guidelines: • BGP does not operate with an IP router in nonforwarding (host-only) mode. Ensure that the routers with which you want BGP to operate are in forwarding mode. • If you use BGP for a multihomed AS (one that contains more than a single exit point), Avaya recommends that you use OSPF for the IGP, and BGP for the sole exterior gateway protocol. Otherwise, use intra-AS IBGP routing.
Border Gateway Protocol BGP and Internet peering By using BGP, you can perform Internet peering directly between VSP 4000 and another edge router. In such a scenario, you can use each VSP 4000 for aggregation and link it with a Layer 3 edge router, as shown in the following figure. Figure 25: BGP and Internet peering In cases where the Internet connection is single-homed, to reduce the size of the routing table, Avaya recommends that you advertise Internet routes as the default route to the IGP.
Layer 3 network design Figure 27: BGP and edge aggregation BGP and ISP segmentation You can use the platform as a peering point between different regions or ASs that belong to the same ISP. In such cases, you can define a region as an OSPF area, an AS, or a part of an AS. You can divide the AS into multiple regions that each run different IGPs. Interconnect regions logically by using a full IBGP mesh. Each region then injects its IGP routes into IBGP and also injects a default route inside the region.
Border Gateway Protocol In the preceding figure, consider the following: • The AS is divided into three regions that each run different and independent IGPs. • Regions logically interconnect by using a full-mesh IBGP, which also provides Internet connectivity. • Internal non-BGP routers in each region default to the BGP border router, which contains all routes.
Layer 3 network design Figure 30: Multiple OSPF regions peering with the Internet IP routed interface scaling VSP 4000 supports up to 256 IP-routed interfaces. When you configure a large number of IP-routed interfaces, use passive interfaces on most of the configured interfaces. You can make very few interfaces active. IPv6 IPv6 provides high-performance, scalable Internet communications. Use the information in this section to help deploy IPv6 in your network.
IPv6 Tunneling The switch supports manually configured IPv6-in-IPv4 tunnels per RFC4213. A manually-configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. Use tunnels to provide stable, secure communications between two edge routers, an end system and an edge router, or to provide a connection to remote IPv6 networks. Configure an IPv6 address on the tunnel interface. Configure an IPv4 address on the tunnel source and destination.
Layer 3 network design increasing ND traffic, especially when many hosts try to determine the reachability of one of more routers. To provide fast failover of a default router for IPv6 LAN hosts, the switch supports the Virtual Router Redundancy Protocol (VRRP) for IPv6 VRRP for IPv6 provides a faster switchover to an alternate default router than is possible using the ND protocol.
Chapter 11: SPBM design guidelines Shortest Path Bridging MAC (SPBM) is a next-generation virtualization technology that revolutionizes the design, deployment, and operations of enterprise edge campus core networks and data centers. The benefits of the technology are clearly evident in its ability to provide massive scalability while at the same time reducing the complexity of the network.
SPBM design guidelines IS-IS SPBM eliminates the need for multiple overlay protocols in the core of the network by reducing the core to a single Ethernet-based link-state protocol, Intermediate System to Intermediate System (ISIS). IS-IS provides virtualization services, both Layer 2 and Layer 3, using a pure Ethernet technology base. SPBM also uses IS-IS to discover and advertise the network topology, which enables it to compute the shortest path to all nodes in the SPBM network.
VLANs without member ports • For a Layer 2 VSN with multicast, the BEB associates a data I-SID with the multicast stream and a scope I-SID that defines the scope as a Layer 2 VSN. A multicast stream with a Layer 2 VSN scope can only transmit a multicast stream for the same Layer 2 VSN. • For a Layer 3 VSN, the I-SID is associated with a customer VRF, which is also virtualized across the backbone. Layer 3 VSNs are always full-mesh topologies. Layer 3 VSNs associate one VRF per I-SID.
SPBM design guidelines • The Virtual Services Platform 9000 and Virtual Services Platform 4000 designate the VLAN as operationally up only if there is a matching I-SID in the SPBM network. For more information, see the following sections. Ethernet Routing Switch 8800 implementation If a VLAN has an IP address and is attached to an I-SID, the ERS 8800 designates that VLAN as operationally up whether it has a member port or not.
Implementation options encapsulation of customer MAC addresses in backbone MAC addresses greatly improves network scalability. No flooding or learning of end-user MACs occurs in the backbone. This SPBM provisioning significantly improves network robustness, as customer-introduced network loops have no effect on the backbone infrastructure. Service provisioning Provision I-SIDs on a BEB to associate that BEB with a particular service instance.
SPBM design guidelines Figure 33: SPBM support for campus and data center architecture Within the SPBM architecture, you can implement multiple options. The following figure shows all the options that SPBM supports. 78 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Implementation options Figure 34: SPBM implementation options The following sections describe the options that are illustrated in the preceding figure. A—IP shortcut IP shortcuts forward standard IP packets over IS-IS. This option enables you to forward IP over the SPBM core, which is a simpler method than traditional IP routing or MPLS.
SPBM design guidelines In Figure 34: SPBM implementation options on page 79, node VSP-G acts as a BCB for the service, and has no IP configuration. B—Layer 2 VSN A Layer 2 Virtual Services Network (VSN) bridges customer VLANs (C-VLANs) over the SPBM core infrastructure. A Layer 2 VSN associates a C-VLAN with an I-SID, which is then virtualized across the backbone. All VLANs in the network that share the same I-SID can participate in the same VSN.
Implementation options advertising their reachable IP routes into IS-IS and installing IP routes learned from IS-IS. Suitable IP redistribution policies need to be defined to determine what IP routes a BEB will advertise to ISIS. As seen in Figure 34: SPBM implementation options on page 79, the green VRF on VSP-C is configured to advertise its local or direct IP routes into IS-IS within I-SID 13990001.
SPBM design guidelines Figure 35: Multi-tenant SPBM metro network To illustrate the versatility and robustness of SPBM even further, the following figure shows a logical view of multiple tenants in a ring topology. In this architecture, each tenant has its own domain where some users have VLAN requirements and are using Layer 2 VSNs and others have VRF requirements and are using Layer 3 VSNs. In all three domains, they can share data center resources across the SPBM network.
Reference architectures Figure 36: SPBM ring topology with shared data centers Related Links SPBM design guidelines on page 73 Reference architectures SPBM has a straightforward architecture that simply forwards encapsulated C-MACs across the backbone. Because the B-MAC header stays the same across the network, there is no need to swap a label or perform a route lookup at each node. This architecture allows the frame to follow the most efficient forwarding path from end to end.
SPBM design guidelines Figure 37: SPBM basic architecture Provisioning an SPBM core is as simple as enabling SPBM and IS-IS globally on all the nodes and on the core facing links. To migrate an existing edge configuration into an SPBM network is just as simple. The boundary between the MAC-in-MAC SPBM domain and the 802.1Q domain is handled by the BEBs. At the BEBs, VLANs or VRFs are mapped into I-SIDs based on the local service provisioning.
Reference architectures Figure 38: Access to the SPBM Core For Layer 2 virtualized bridging (Layer 2 VSN), identify all the VLANs that you want to migrate into SPBM and assign them to an I-SID on the BEB. For Layer 3 virtualized routing (Layer 3 VSN), map IPv4-enabled VLANs to VRFs, create an IP VPN instance on the VRF, assign an I-SID to the VRF, and then configure the desired IP redistribution of IP routes into IS-IS. All BEBs that have the same I-SID configured can participate in the same VSN.
SPBM design guidelines current release and identify two VLANs to use as B-VLANs. SPBM then automatically creates a virtual backbone MAC for the IST pair, and advertises it with IS-IS. By operating two SPBM switches in switch clustering (SMLT) mode, you can achieve redundant connectivity between the C-VLAN domain and the SPBM infrastructure. This configuration allows the dual homing of any traditional link aggregation capable device into an SPBM network.
Reference architectures Figure 39: SPBM campus without SMLT After you migrate all services to SPBM, the customer VLANs (C-VLANs) will exist only on the BEB SMLT clusters at the edge of the SPBM network. The C-VLANs will be assigned to an I-SID instance and then associated with either a VLAN in an Layer 2 VSN or terminated into a VRF in an Layer 3 VSN. You can also terminate the C-VLAN into the default router, which uses IP shortcuts to IP route over the SPBM core.
SPBM design guidelines The following figure uses IP shortcuts that route VLANs. There is no I-SID configuration and no Layer 3 virtualization between the edge distribution and the core. This is normal IP forwarding to the BEB. Figure 40: IP shortcut scenario to move traffic between data centers The following figure uses Layer 3 VSNs to route VRFs between the edge distribution and the core. The VRFs are attached to I-SIDs and use Layer 3 virtualization.
Reference architectures Figure 41: VRF scenario to move traffic between data centers Multicast architecture Networks today either have inefficient bridged IP multicast networks (Internet Group Management Protocol, or IGMP) or IP multicast networks that require multiple protocols that are complex to configure and operate.
SPBM design guidelines All multicast streams are constrained within the level in which they originate, which is called the scope level. In other words, if a sender transmits a multicast stream to a BEB on a C-VLAN with IP multicast over SPBM enabled, only receivers that are part of the same Layer 2 VSN can receive that stream.
Reference architectures Figure 42: IP multicast over SPBM streams The following steps describe how multicast senders and receivers connect to the SPBM cloud using BEBs, as illustrated in the preceding figure: 1. The sender sends multicast traffic with group IP address 233.252.0.1. 2. After the BEB receives the IP multicast stream from the sender, the BEB allocates data I-SID 16000001 for the S,G multicast stream.
SPBM design guidelines Large data center architecture SPBM supports data centers with IP shortcuts, Layer 2 VSNs, or Layer 3 VSNs. If you use vMotion, you must use Layer 2 between data centers (Layer 2 VSN). With Layer 2 VSNs, you can add IP addresses to the VLAN on both data centers and run Virtual Router Redundancy Protocol (VRRP) between them to allow the ESX server to route to the rest of the network. The following figure shows an SPBM topology of a large data center.
Reference architectures Figure 44: Traditional routing before moving VMs A VM is a virtual server. When you move a VM, the virtual server is moved as is. This action means that the IP addresses of that server remain the same after the server is moved from one data center to the other. This in turn dictates that the same IP subnet (and hence VLAN) exist in both data centers. In the following figure, the VM moved from the data center on the left to the data center on the right.
SPBM design guidelines Figure 45: Traditional routing after moving VMs Optimized data center routing of VMs: Two features make a data center optimized: • VLAN routers in the Layer 2 domain (green icons) • VRRP BackupMaster The VLAN routers use lookup tables to determine the best path to route incoming traffic (red dots) to the destination VM. VRRP BackupMaster solves the problem of traffic congestion on the IST. Because there can be only one VRRP Master, all other interfaces are in backup mode.
Reference architectures Figure 46: Optimized routing before moving VMs In the traditional data center, chaos resulted after many VMs were moved. In an optimized data center as shown in the following figure, the incoming traffic enters the Layer 2 domain where an edge switch uses Inter-VSN routing to attach an I-SID to a VLAN. The I-SID bridges traffic directly to the destination.
SPBM design guidelines Figure 47: Optimized routing after moving VMs Related Links SPBM design guidelines on page 73 Solution-specific reference architectures The following sections describe solution-specific reference architectures, like for example for Video Surveillance or Data Center implementation, using the VSP 4000. Multi-tenant — fabric connect This fabric connect-based solution leverages the fabric capabilities of the VSP platforms: a VSP 7000 core and a VSP 4000 edge.
Solution-specific reference architectures Figure 48: Small core — multi-tenant The following list outlines the benefits of the fabric connect-based solution: • Endpoint provisioning • Fast failover • Simple to configure • L2 and L3 virtualized Hosted data center management solution — ETREE In some hosted data center solutions, the hosting center operating company takes responsibility for managing customer servers.
SPBM design guidelines Figure 49: Data center hosting private VLAN The following list outlines the benefits of the hosted data center management solution: • Easy endpoint provisioning • Optimal resiliency • Secure tenant separation Video surveillance — bridged In a video surveillance solution, optimal traffic forwarding is a key requirement to ensure proper operation of the camera and recorder solutions. However, signaling is also important to ensure quick channel switching.
Solution-specific reference architectures Figure 50: Deployment scenario — bridged video surveillance and IP camera deployment for transportation, airports, and government The following list outlines the benefits of the bridged video surveillance solution: • Easy end-point provisioning • sub second resiliency and mc forwarding • secure tenant separation • quick camera switching Video surveillance — routed In a video surveillance solution, optimal traffic forwarding is a key requirement to ensure proper o
SPBM design guidelines Figure 51: Deployment scenario — Routed video surveillance and IP camera deployment for transportation, airports, and government The following list outlines the benefits of the routed video surveillance solution: • Easy endpoint provisioning • Optimal resiliency and mc forwarding • Secure tenant separation • Rapid channel/camera switching Metro-Ethernet Provider solution VSP 9000, ERS 8000, VSP 7000 and VSP 4000 provide an end-to-end Metro-Ethernet Provider solution.
Best practices Figure 52: Metro ring access solution The following list outlines the benefits of the Metro-Ethernet Provider solution: • Easy endpoint provisioning • Optimal resiliency • Secure tenant separation Related Links SPBM design guidelines on page 73 Best practices This section provides best practices to configure an SPBM network.
SPBM design guidelines - If you do manually change the system ID, take the necessary steps to ensure no duplication exists in the network. • Create two B-VLANs to allow load distribution over both B-VLANs. This configuration is required if you use SMLT. Even if you do not use SMLT in the network, this is still good practice as adding a second B-VLAN to an existing configuration allows SPBM to load balance traffic across two equal-cost multipaths if the physical topology grants it.
SPBM restrictions and limitations nick-name : b:b0: MEP-id : md.ma. BMAC : 00:bb:00:00::00 VirtBMAC : 00:bb:00:00::ff MD : spbm (level 4) MA : 4040 & 4041 mep : mip : (level 4) isis manual area : 49.0001 Related Links SPBM design guidelines on page 73 SPBM restrictions and limitations This section describes the restrictions and limitations associated with SPBM on VSP 4000.
SPBM design guidelines • The current release uses Level 1 IS-IS. The current release does not support Level 2 IS-IS. The ACLI command show isis int-l2-contl-pkts is not supported in the current release because the IEEE 802.1aq standard currently only defines the use of one hierarchy, Level 1. • The IS-IS standard defines wide (32-bit ) metrics and narrow (8-bits) metrics. The current release supports the wide metric.
IP multicast over SPBM restrictions SSM If you delete any ssm-map in a static range group, the switch deletes the entire static range group. For example, create an ssm-map for 232.122.122.122 to 232.122.122.122.128 and after that configure this same range in a static group. If you delete any ssm-map between 232.122.122.122 and 232.122.122.128, the switch deletes the entire static range group. Data I-SID The BEB matches a single multicast stream to a particular data I-SID.
Chapter 12: IP multicast network design Use multicast routing protocols to efficiently distribute a single data source among multiple users in the network. This section provides information about how to design networks that support IP multicast routing. For more information about multicast routing, see Avaya Virtual Services Platform 4000 Series Configuration — IP Multicast Routing Protocols, NN46251-504. For design guidelines on IP Multicast over SPBM, see SPBM design guidelines on page 73.
Multicast and MultiLink Trunking considerations Multicast and MultiLink Trunking considerations Multicast traffic distribution is important because the bandwidth requirements can be substantial when a large number of streams are employed. Avaya Virtual Services Platform 4000 Series can distribute IP multicast streams over links of a multilink trunk using the following method.
IP multicast network design For example, if a receiver is on VLAN 1 on switch S1 and another receiver is on VLAN 2 on switch S1, traffic can be received from two different paths to the two receivers, which results in the use of two forwarding records. If the source on switch S2 is on a different VLAN than VLAN 3, traffic takes a single path to switch S1 where the receivers are located. Figure 53: IP multicast sources and receivers on interconnected VLANs 6.
Multicast MAC address mapping considerations subnets does not exist for multicast group addresses. Consequently, the usual unicast conventions —where you reserve the all 0s subnets, all 1s subnets, all 0s host addresses, and all 1s host addresses—do not apply. Internet Assigned Numbers Authority (IANA) reserves addresses from 224.0.0.0 through 224.0.0.255 for link-local network applications. Multicast-capable routers do not forward packets with an address in this range.
IP multicast network design Figure 54: Multicast IP address to MAC address mapping Most Ethernet switches handle Ethernet multicast by mapping a multicast MAC address to multiple switch ports in the MAC address table. Therefore, when you design the group addresses for multicast applications, take care to efficiently distribute streams only to hosts that are receivers. VSP 4000 switches IP multicast data based on the IP multicast address, not the MAC address, and thus, does not have this issue.
Dynamic multicast configuration changes Dynamic multicast configuration changes Avaya recommends that you not perform dynamic multicast configuration changes when multicast streams flow in a network. For example, do not change the routing protocol that runs on an interface, or the IP address, or the subnet mask for an interface until multicast traffic ceases. For such changes, Avaya recommends that you temporarily stop all multicast traffic.
IP multicast network design to flow from sources to receivers. A multicast router normally provides the IGMP querier function. You can use the IGMP Layer 2 querier to provide a querier on a Layer 2 network without a multicast router. The Layer 2 querier function originates queries for multicast receivers, and processes the responses accordingly. On the connected Layer 2 VLANs, IGMP snoop continues to provide services as normal.
Guidelines for multicast access policies Although you can configure addresses starting with 01.00.5E, which are reserved for IP multicast address mapping, do not enable IP multicast with streams that match the configured addresses. This configuration can result in incorrect IP multicast forwarding and incorrect multicast MAC filtering. Guidelines for multicast access policies Use the following guidelines when you configure multicast access policies: • Use masks to specify a range of hosts.
IP multicast network design join a TV channel and IGMP leaves to exit the channel. After a viewer changes channels, an IGMPv2 leave for the old channel (multicast group) is issued, and a membership report for the new channel is sent. If viewers change channels continuously, the number of joins and leaves can become large, particularly if many viewers attach to the switch. VSP 4000 supports more than a thousand joins and leaves per second, which is well adapted to TV applications.
Multicast for multimedia propagation across the network if users change channels rapidly. Leave latency also depends on the robustness value, so a value of 2 equates to a leave latency of twice the LMQI. Determine the proper LMQI value for your particular network through testing. If a very large number of users connect to a port, assigning a value of 3 can lead to a storm of report messages after a group-specific query is sent.
Chapter 13: System and network stability and security Use the information in this chapter to design and implement a secure network. You must provide security mechanisms to prevent your network from attack. If links become congested due to attacks, you can immediately halt end-user services. During the design phase, study availability issues for each layer. To provide additional network security, you can use the Avaya Virtual Services Platform 9000 or your own high-performance stateful firewalls.
Damage prevention Prioritization of control traffic VSP 4000 uses a sophisticated prioritization scheme to schedule control packets on physical ports. This scheme involves two levels with both hardware and software queues to guarantee proper handling of control packets regardless of the switch load. In turn, this scheme guarantees the stability of the network. Prioritization also guarantees that applications that use many broadcasts are handled with lower priority.
System and network stability and security 4. Prevent unknown devices from influencing the spanning tree topology. Packet spoofing You can stop spoofed IP packets by configuring the switch to forward only IP packets that contain the correct source IP address of your network. By denying all invalid source IP addresses, you minimize the chance that your network is the source of a spoofed DoS attack.
Data plane security High Secure mode To ensure that VSP 4000 does not route packets with an illegal source address of 255.255.255.255 (RFC1812 Section 4.2.2.11 and RFC971 Section 3.2), you can enable High Secure mode. By default, this feature is disabled. After you enable this flag, the feature applies to all ports. For more information about High Secure mode, see Security for Avaya Virtual Services Platform 4000 Series, NN46251-601.
System and network stability and security TrustedHostAddr: TrustedHostUserName: AccessLevel: AccessStrict: Usage: N/A none readOnly false 0 If you disable access-strict (false), the policy looks at the value for accesslevel, and then the system applies the policy to anyone with equivalent rights or higher. In this example, all levels include readonly so the default policy applies to l1, l2, l3, rw, ro, and rwa. If you enable access-strict, the system applies the policy only to ro.
Control plane security Routing protocol security You can protect OSPF and BGP updates with a Message Digest 5 (MD5) key on each interface. At most, you can configure two MD5 keys for each interface. You can also use multiple MD5 key configurations for MD5 transitions without bringing down an interface. For more information, see Configuring OSPF and RIP on Avaya Virtual Services Platform 4000 Series, NN46251–506 and Configuring BGP on Avaya Virtual Services Platform 4000 Series, NN46251–507.
System and network stability and security Figure 56: Terminal server access If you must access the switch, Avaya recommends that you use the console port. The switch is always reachable, even if an issue occurs with the in-band network management interface. Management access control The following table shows management access levels. For more information, see Security for Avaya Virtual Services Platform 4000 Series, NN46251-601.
Control plane security Access level Description Layer 3 Read Write Use this level to view and edit device configuration related to Layer 2 (bridging) and Layer 3 (routing). You cannot change the security and password configuration. Read Write Use this level to view and edit most device configuration. You cannot change the security and password configuration. Read Write All Use this level to do everything.
System and network stability and security Avaya recommends that you use access policies for in-band management to secure access to the switch. By default, all services are denied. You must enable the default policy or enable a custom policy to provide access. A lower precedence takes higher priority if you use multiple policies. Preference 120 has priority over preference 128. RADIUS authentication You can enforce access control by using Remote Authentication Dial-in User Service (RADIUS).
Control plane security • Specify the User Datagram Protocol (UDP) port that the client and server use during the authentication process. The UDP port between the client and the server must have the same or equal value. For example, if you configure the server with UDP 1812, the client must use the same UDP port value. Other customizable RADIUS parameters require careful planning and consideration, for example, switch timeout and retry.
System and network stability and security enable the udpsrc-by-vip flag, the network address in the SNMP header is always the management virtual IP address. This configuration is true for all traps routed out on the I/O ports or on the out-of-band management Ethernet port. SNMPv3 support SNMP version 1 and version 2 are not secure because communities are not encrypted. Avaya strongly recommends that you use SNMP version 3.
Additional information • The Research and Education Organization for Network Administrators and Security Professionals (SANS) • The Computer Security Institute (CSI) January 2015 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 14: QoS design guidelines This chapter provides design guidelines to provide Quality of Service (QoS) to user traffic on the network. For more information about fundamental QoS mechanisms and how to configure QoS, see Configuration - QoS and ACL-Based Traffic Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502. QoS mechanisms Avaya Virtual Services Platform 4000 Series has a solid, well-defined architecture to handle QoS in an efficient and effective manner.
QoS mechanisms Table 21: Traffic categories and ASC mappings Traffic category Application example ASC Network Control Alarms and heartbeats Critical Routing table updates Network Real-Time, Delay Intolerant IP telephony; interhuman communication Premium Real-Time, Delay Tolerant Video conferencing; interhuman communication.
QoS design guidelines Figure 60: Filter decision-making process Configure filters through the use of Access Control Lists (ACL) and Access Control Entries (ACE), which are implemented in hardware. An ACL can include both security and QoS type ACEs. The platform supports 2048 ACLs and 1000 ACEs for each ACL to a maximum of 16,000 ACEs for each plaform. The following steps summarize the filter configuration process: 1. Determine your desired match fields. 2. Create an ACL. 3. Create an ACE within the ACL.
QoS interface considerations The system can perform rate metering only on a Layer 3 basis. Traffic shapers buffer and delay violating traffic. These operations occur at the egress level. VSP 4000 supports traffic shaping at the port level. QoS interface considerations Four QoS interface types are explained in detail in the following sections. You can configure an interface as trusted or untrusted, and for bridging or routing operations. Use these parameters to properly apply QoS to network traffic.
QoS design guidelines Enable DiffServ Access DiffServ 802.1p Override Routed Packet Tagged Ingress Packet Internal QoS Derived From Egress Packet DSCP Derived from Egress Packet 802.1p Derived from 1 1, L3T=0 0, L2T=1 X 1 .1p iQoS iQoS 1 1, L3T=0 0, L2T=1 X 0 Port QoS iQoS iQoS 0 X, L3T=0 0, L2T=1 X 1 .
QoS examples and recommendations At a high level, three main types or stages of congestion exist: 1. No congestion 2. Bursty congestion 3. Severe congestion In a noncongested network, QoS actions ensure that delay-sensitive applications, such as real-time voice and video traffic, are sent before lower-priority traffic. The prioritization of delay-sensitive traffic is essential to minimize delay and reduce or eliminate jitter, which has a detrimental impact on these applications.
QoS design guidelines The following figure illustrates the actions performed on three different bridged traffic flows (that is VoIP, video conference, and email) at access and core ports throughout the network. Figure 61: Trusted bridged traffic For bridged, untrusted traffic, if you configure the port to access, mark and prioritize traffic on the access node using global filters. Reclassify the traffic to ensure it complies with the class of service specified in the SLA.
QoS examples and recommendations Figure 62: RPR QoS internetworking Routed traffic If you route traffic over the core network, VLANs are not kept separate. If you configure the port to core, you assume that, for all incoming traffic, the QoS configuration is properly marked. All core switch ports simply read and forward packets. The switch does not remark or classify the packets. The customer device or the edge devices perform all initial QoS markings.
QoS design guidelines Figure 63: Trusted routed traffic For routed, untrusted traffic, in an access node, packets that enter through a tagged or untagged access port exit through a tagged or untagged core port. 136 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 15: Layer 1, 2, and 3 design examples This chapter provides examples to help design your network. Layer 1 examples deal with the physical network layouts. Layer 2 examples map Virtual Local Area Networks (VLAN) on top of the physical layouts. Layer 3 examples show the routing instances that Avaya recommends to optimize IP for network redundancy. Layer 1 example This section describes a Layer 1 network design example that focuses primarily on the physical network layout.
Layer 1, 2, and 3 design examples Figure 64: Layer 1 design example Layer 2 example This section describes a Layer 2 network design example that maps VLANs over the physical network layout. Layer 2: Design example The following example shows a redundant device network that uses one VLAN for all switches. To support multiple VLANs, you need 802.1Q tagging on the links with trunks. 138 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Layer 3 example Figure 65: Layer 2 design example Layer 3 example This section describes a Layer 3 network design example that shows the routing instances that Avaya recommends you use to optimize IP for network redundancy. Layer 3: Design example The example in the following figure uses redundant links. January 2015 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Layer 1, 2, and 3 design examples Figure 66: Layer 3 design example 140 Network Design Reference for Avaya VSP 4000 Series Comments? infodev@avaya.
Chapter 16: Software scaling capabilities This chapter lists software scaling capabilities of Avaya Virtual Services Platform 4000 Series.
Software scaling capabilities Maximum number supported 1,000 for each switch IPv6 static neighbor records 128 IPv4 route table size 16,000 IPv6 route table size (prefix length < 64 bits) 8,000 IPv6 route table size (prefix length > 64 bits) 256 IPv6 6in4 configured tunnels 254 IPv4 Static routes 1,000 for each VRF 1,000 for each switch IPv6 static routes 1,000 ECMP groups/Paths per group 500 groups with a maximum of 4 ECMP paths per group RIP interfaces 24 OSPF v2/v3 interfaces 48 (24 pa
Maximum number supported Multicast receivers or IGMP joins (per system) 1000 Multicast senders (per system) 1000 Total multicast routes (per system) 4000 Static multicast routes 512 Multicast enabled Layer 2 VSNs 1,000 Multicast enabled Layer 3 VSNs 24 SPBM SPBM enabled switches per region (BEB + BCB) 2,000 Service endpoint switches (BEBs) per I-SID 2,000 IS-IS adjacencies 50 Layer 2 VSNs per switch (VLANs mapped to I-SID) 1,000 Layer 3 VSNs per switch (VRF mapped to I-SID) 24 Transpar
Chapter 17: Supported standards, RFCs, and MIBs This chapter details the standards, request for comments (RFC), and Management Information Bases (MIB) that Avaya Virtual Services Platform 4000 Series supports. Supported IEEE standards The following table details the IEEE standards that Avaya Virtual Services Platform 4000 Series supports. Table 24: Supported IEEE standards IEEE standard Description 802.1aq Shortest Path Bridging (SPB) 802.1D MAC bridges (Spanning Tree) 802.
Supported RFCs IEEE standard Description 802.3af and 802.3at PoE – Power over Ethernet 802.3i 10BaseT 802.3u 100BaseT 802.3x flow control 802.3z Gigabit Ethernet Supported RFCs The following table and sections list the RFCs that Avaya Virtual Services Platform 4000 Series supports. Table 25: Supported request for comments Request for comment Description draft-grant-tacacs-02.
Supported standards, RFCs, and MIBs 146 Request for comment Description RFC1340 Assigned Numbers RFC1519 Classless Interdomain Routing (CIDR): an Address Assignment and Aggregation Strategy RFC1541 Dynamic Host Configuration Protocol1 RFC1542 Clarifications and Extensions for the Bootstrap Protocol RFC1591 DNS Client RFC1812 Router requirements RFC1866 Hypertext Markup Language version 2 (HTMLv2) protocol RFC2068 Hypertext Transfer Protocol RFC2131 Dynamic Host Control Protocol (DHCP)
Quality of service Quality of service Table 26: Supported request for comments Request for comment Description RFC2474 and RFC2475 DiffServ Support RFC2597 Assured Forwarding PHB Group RFC2598 An Expedited Forwarding PHB Network management Table 27: Supported request for comments Request for comment Description RFC1155 SMI RFC1157 SNMP RFC1215 Convention for defining traps for use with the SNMP RFC1271 Remote Network Monitoring Management Information Base RFC1305 Network Time Protocol v3
Supported standards, RFCs, and MIBs Request for comment Description RFC2574 User-based Security Model (USM) for v3 of the Simple Network Management Protocol (SNMPv3) RFC2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) RFC2576 Coexistence between v1, v2, and v3 of the Internet standard Network Management Framework RFC2616 IPv6 HTTP server RFC2819 Remote Network Monitoring Management Information Base RFC4251 Secure Shell Protocol Architecture MIBs Ta
Standard MIBs Request for comment Description RFC2578 Structure of Management Information v2 (SMIv2) RFC2674 Bridges with Traffic MIB RFC2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol RFC2863 Interface Group MIB RFC2925 Remote Ping, Traceroute and Lookup Operations MIB RFC3416 v2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) RFC4022 Management Information Base for the Transmission Control Protocol (TCP) RFC4113 Management Infor
Supported standards, RFCs, and MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB8—A convention for defining traps for use with SNMP RFC1215 rfc1215.mib STDMIB10—Definitions of Managed Objects for Bridges RFC1493 rfc1493.mib STDMIB11—Evolution of the Interface Groups for MIB2 RFC2863 rfc2863.mib STDMIB12—Definitions of RFC1643 Managed Objects for the Ethernetlike Interface Types rfc1643.
Proprietary MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB32—The Interface Group MIB RFC2863 rfc2863.mib STDMIB33—Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations RFC2925 rfc2925.mib STDMIB38—SNMPv3 These Request For Comments (RFC) make some previously named RFCs obsolete RFC3411, RFC3412, RFC3413, RFC3414, RFC3415 rfc2571.mib, rfc2572.mib, rfc2573.mib, rfc2574.mib, rfc2575.
Supported standards, RFCs, and MIBs Table 30: Proprietary MIBs Proprietary MIB name File name PROMIB1—Rapid City MIB rapid_city.mib Note: The MACsec tables, namely, rcMACSecCATable and rcMACSecIfConfigTable are a part of the Rapid City MIB. 152 PROMIB 2—SynOptics Root MIB synro.mib PROMIB3—Other SynOptics definitions s5114roo.mib PROMIB4—Other SynOptics definitions s5tcs112.mib PROMIB5—Other SynOptics definitions s5emt103.mib PROMIB6—Avaya RSTP/MSTP proprietary MIBs nnrst000.mib, nnmst000.
Glossary Backbone Core Bridge (BCB) Backbone Core Bridges (BCBs) form the core of the SPBM network. The BCBs are SPBM nodes that do not terminate the VSN services. BCBs forward encapsulated VSN traffic based on the Backbone MAC Destination Address (B-MAC-DA). A BCB can access information to send that traffic to any Backbone Edge Bridges (BEBs) in the SPBM backbone. Backbone Edge Bridge (BEB) Backbone Edge Bridges (BEBs) are SPBM nodes where Virtual Services Networks (VSNs) terminate.
Glossary separates a network into administrative domains called Maintenance Domains (MD). Customer MAC (CMAC) For customer MAC (C-MAC) addresses, which is customer traffic, to forward across the service provider back, SPBM uses IEEE 802.1ah Provider Backbone Bridging MAC-in-MAC encapsulation. The system encapsulates C-MAC addresses within a backbone MAC (B-MAC) address pair made up of a BMAC destination address (BMAC-DA) and a BMAC source address (BMAC-SA).
latency latency The time between when a node sends a message and receipt of the message by another node; also referred to as propagation delay. Layer 1 Layer 1 is the Physical Layer of the Open System Interconnection (OSI) model. Layer 1 interacts with the MAC sublayer of Layer 2, and performs character encoding, transmission, reception, and character decoding. Layer 2 Layer 2 is the Data Link Layer of the OSI model. Examples of Layer 2 protocols are Ethernet and Frame Relay.
Glossary link-state database (LSDB) A database built by each OSPF router to store LSA information. The router uses the LSDB to calculate the shortest path to each destination in the autonomous system (AS), with itself at the root of each path. load balancing The practice of splitting communication into two (or more) routes or servers. MAC-in-MAC encapsulation MAC-in-MAC encapsulation defines a BMAC-DA and BMAC-SA to identify the backbone source and destination addresses.
Provider Backbone Bridge (PBB) Provider Backbone Bridge (PBB) To forward customer traffic across the service-provider backbone, SPBM uses IEEE 802.1ah Provider Backbone Bridging (PBB) MAC-in-MAC encapsulation, which hides the customer MAC (C-MAC) addresses in a backbone MAC (B-MAC) address pair. MAC-in-MAC encapsulation defines a BMAC-DA and BMAC-SA to identify the backbone source and destination addresses.
Glossary 3 Virtual Services Network [VSN]) across the MAC-in-MAC backbone. With Layer 2 VSNs, you associate the I-SID with a customer VLAN, which is then virtualized across the backbone. With Layer 3 VSNs, you associate the I-SID with a customer VRF, which is also virtualized across the backbone. service level agreement (SLA) A service contract that specifies the forwarding service that traffic receives.
small form-factor pluggable plus (SFP+) small form-factor pluggable plus (SFP +) SFP+ transceivers are similar to SFPs in physical appearance but SFP+ transceivers provide Ethernet at 10 gigabits per second (Gbps). spanning tree A simple, fully-connected active topology formed from the arbitrary physical topology of connected bridged Local Area Network components by relaying frames through selected bridge ports.
Glossary Virtual Router Redundancy Protocol (VRRP) A protocol used in static routing configurations, typically at the edge of the network. This protocol operates on multiple routers on an IP subnet and elects a primary gateway router. When the primary router fails, a backup router is quickly available to take its place.
