ZNDP 036 – Design Case Study with Daren Fulwell – Part 1 The Overview

Demystifying The Roles, Network Community, Network Design, Podcast, ZNDP

Podcast: Play in new window | Download

For today’s Zigbits Network Design Podcast we start a Design Case Study Series with my friend Daren Fulwell.  In this first installment we set the stage for this Design Case Study Series, highlighting the constraints, requirements, and over arching architecture model used to solve the business priorities and business outcomes the customer was looking to achieve. Lets dive into it now!

Guest Expert: Daren Fulwell

Daren is a network architect with 20+ years’ experience of supporting, building and designing networks: covering everything from wireless infrastructure and traditional LANs, across all kinds of WAN and into the software-defined DC and Cloud. Daren currently holds the CCIE R&S and the CCDE certifications.  Daren is actively involved in the networking community, including through the Cisco Champions program and the CCIE Advisory Council. Please welcome Daren Fulwell to the show!

Design Case Study – Part 1 – The Overview

The customer in question is a financial company based in London. Founded in 2001, it was recently acquired by a North American parent company and as such had a number of mandated requirements for their foundational infrastructure. As well as the head office, the customer had satellite offices across Europe and the US with existing connectivity using a mixture of MPLS L3VPN and IPSec VPN into their central firewall. We were approached in 2014 to assist in assessing those requirements for:

  • New office LAN environment kit going end-of-life;
  • Mandated purpose-built DCs for Prod and DR (existing Prod servers were located in the office building, DR in a co-lo facility);
  • As a result, an upgrade to the existing co-lo network and a new co-lo facility for DR;
  • Introduction of resilient MPLS and Internet access across the two DCs.

Design Case Study – The Constraints!!

Project constraints were pretty standard – the three that had a material impact on the design were:

  1. Legacy circuits were required to be ceased and had contractual dates to do so;
  2. IP addressing for the servers had to be maintained due to custom applications in use, and the third party support arrangements for them;
  3. The internal support team was only small and multi-disciplined and so minimizing change in fundamental technologies was considered a benefit to prevent any re-training requirement.

Design Case Study – The Requirements

As we were looking at dealing with wide-ranging network changes, we took the opportunity to advise on building an architectural model for the network and set some fundamental design principles. Fundamentally, we agreed that we would define a program of works with a work stream for each element, but all within an over-arching design for the whole network.

As the customer is multi-national, they have a requirement for maintaining service 24×7. The fundamental tenet was then to maximize availability in all ways.

  • Minimize the time to detect failures (including grey failures)
  • Minimize the time to restore service at failure
  • Modularize the network to limit impact of failure (blast radius)
  • Use redundancy in the network where it can be beneficial (equipment or links)
  • Full High Availability to be used where appropriate
  • Where HA not possible/sensible, look at how loss of a device impacts others and consider where fate sharing can be used to our benefit. 

Design Case Study – The Architectural Model

The over-arching network design can be described thus:

  • Three separate UK sites with triangulated Layer 3 point-to-point links. A second link to be installed between the Data Centers for additional resilience and to allow (under normal conditions) for replication traffic;
  • BFD to be used for fast failure detection on the point-to-point links;
  • EIGRP to be used as the routing protocol of choice – each route would have at least two candidate paths and so the feasible successor feature of EIGRP allowing a fast replacement route should the preferred path fail was beneficial;
  • Minimize the use of STP using LACP;
  • OTV used to stretch Layer 2 between office and DC sites for tactical migrations and for DR;
  • MPLS L3VPN and Internet access presented at each DC site and routed into the UK network;
  • Firewalls injecting routes into EIGRP for public and private WAN, weighted based on primary links being at the Prod DC and backup being at DR;
  • Use of IP SLA to track availability of Internet service in the DC and facilitate failover based on grey failure;
  • Use of route summaries to reduce time to fail over Internet connections. 

Storyboarding

In a program of activity such as this, I always take care to storyboard the work streams to a sufficient level of detail as to help illustrate the interdependencies between them and understand the view of the network at any given stage in the program.

Design Case Study – Low-Level Design

The bulk of the low-level design was pretty standard fare:

  • The new campus LAN was built out from a Cat 6807 VSS pair using LACP to access switch stacks, wireless provision was upgraded to a pair of WLC5508 controllers. Multicast configuration was required to allow use of trading handsets;
  • The new DC LANs were built identically consisting of a pair of Nexus 9K switches running NX-OS (ACI was not considered an option due to operational complexity). 10G was a requirement with support for 40G should it be required. New ASA firewalls were installed for the new Internet provision;
  • UCS server infrastructure was installed at both Data Centers to provide the capacity for the VMs with an amount of loan swing kit made available during the movement of VMs between sites to effect transition.

Additional Areas for the Design Case Study

There were a number of key design areas that warrant further discussion though including:

  • Use of OTV across all three sites for L2 extension;
  • Internet routing and failover.
  • Security
  • Multicast
  • Routing / redistribution
  • Migration process
  • Business outcomes / business priorities

How to stay engaged with Daren:

  •  

Work with me:

Through your participation in a healthy mentoring and coaching relationship, you will benefit greatly from the education, the experiences, the influences, leadership and even the resources provided. Learn how you can accomplish more, in one year, than you could accomplish in your career…in your business…and in your life.

Accomplish More Now!!

Provide Feedback

Transparency:

This post may contain affiliate links to products or services were I may receive a level of compensation from your actions by following those links. This is seamless to you and does not add any additional cost to the products or services in question. In addition, I do not let any affiliate relationship cloud my judgement or my recommendation of a product or service. My recommendations will always be above reproach.  This is my commitment to you Ziglets!