Bank network requirements
Hey folks! How you doing?
This week, we have to get rid about the network requirements of the Data Center of our bank by, with Juniper's solution. In the previous post Data Centers architecture design, we discussed about which solution was the best, in order to achieve the best implementation of our data center. We are going to tag the chosen one as QFabric System, which has been developed by Juniper Systems. We are going to explain it in detail below.
So, before we start, we should ask ourselves one BIG question: which are those requirements? And the answer is simple:
- High availability
- High security
- High connection rate
- Redundancy
- Good quality-price relation
And, as you will see now, Juniper's QFabric System series covers all those points.
For the access and distribution layers we are going to choose the QFX3000-M series switchs. This devices provide to those layers the following key features:
- Support for up to 16 Node devices and 4 Interconnect devices, which provides a maximum of 768 10-Gigabit Ethernet ports. So we solve the availability issue.
- Low port-to-port latencies that scale as the system size grows from 48 to 768 10-Gigabit Ethernet ports. So here we solve the connection rate issue.
But, before installing a QFX3000-M QFabric system, we should take into account the following factors:
- The number of devices in the QFabric system and their location.
- We must have two QFX3100 Director devices operating in a Director group.
- We can have up to four Interconnect devices, either QFX5100-24Q or QF3600-I, but not intermixed in the same QFabric Node group.
- We can interconnect up to 16 QFX Series Switches as Node devices using either QFX5100-24Q or QFX3600-I as the Interconnect Devices. Supported models are:
- QFX5100-24Q
- QFX5100-48S
- QFX5100-48T
- QFX3600
- QFX3500
- The number of Node devices we require depends on the following factors:
- The number of access ports we need for connections to either endpoint systems (such as servers and storage devices) or external networks.
- The oversubscription ratio we need on the access ports.
- The number of access ports supported on each Node device based on that oversubscription ratio.
- Software: The Juniper Networks EX Series Ethernet Switches run Junos OS, which provides Layer 2 and Layer 3 switching, routing, and security services. This OS provides all the functionalities to run well on those devices.
For the core dives, Juniper Networks EX9214 Ethernet Switches provide high performance, scalable connectivity, and carrier-class reliability for high-density environments such as campus-aggregation and data-center networks. The EX9214 switch has a throughput of up to 13.2 terabits per second (Tbps) or up to 240 Gigabits per second (Gbps) per slot full duplex. The EX9214 switch is a modular system that provides high availability and redundancy for all major hardware components, including Routing Engine module (RE module), Switch Fabric module (SF module), fan trays, and power supplies. A fully populated EX9214 switch provides a maximum port density of 480 Gigabit Ethernet ports, 320 10-Gigabit Ethernet ports (240 ports at line rate), or 72 40-Gigabit Ethernet ports. You can manage EX9214 switches by using the same interfaces that you use for managing other devices running the Juniper Networks Junos operating system (Junos OS)—the command-line interface (CLI), the Network and Security Manager (NSM), and Junos Space.
Now we are going to present the edge routers MX 240 series which provide high-density, high-performance, full-featured router in a space-efficient form factor, as well as multiple levels of redundancy to meet a variety of business and technical requirements. It is also ideally suited for enterprise, data-center interconnect, and smaller service provider edge applications.
In addition, we are going to add a little video we found from Juniper were it remarks the importance of high availability:
[embed]https://www.youtube.com/watch?v=vyIhCQecsyc[/embed]
The figure below, show the topolgy diagram of the QFabric series. You can advertise the core, distribution and access layers:
Protocols used
TRILL (Transparent Interconnection of lots of links)
In our virtualization environment we are going to use Trill in order to avoid spanning tree issues. It is a MAC-in-Mac encapsulation protocol that allow us not to use spanning-tree.
NVGRE
If a bank is planning to alocate more than one data center around the world, maybe they will need to think about vlan issues, as they could run out of vlan instances, and also have communication issues between those data centers. So for this problem we are expecting to deploy or use NVGRE.
NVGRE stands for Network Virtualization Generig Routing Encapsulation. It uses a Mac-in-IP tunnels and it allow us up to 2^24 virtual networks, so this will help us avoiding the vlan expiration, as provably 4096 vlans would not be enough to handle all the requirements needed for all the data centers. It will also solve the problem of communication among all the datacenters.
OSPF
For the intern routing protocols we will use OSPF protocol. This open-source protocol will help us with network convergence and reachability issues. As it is a good result routing protocol, it will scale good in the bank scenario.
BGP
For the extern routing protocols we will use iBGP and eBGP protocol. This protocol will help us with network communication between branches (iBGP) and communication between the corporate network and external networks or Internet (eBGP).