NSX雙活數(shù)據(jù)中心解決方案

1、NSX 雙活數(shù)據(jù)中心解決方案數(shù)據(jù)中心互連的需求更高的業(yè)務(wù)持續(xù)可用性更高的資源利用率更加敏捷的業(yè)務(wù)部署和自動化多數(shù)據(jù)中心架構(gòu)演進(jìn)趨勢3高可用性業(yè)務(wù)敏捷性單生產(chǎn)中心，同城/異地進(jìn)行系統(tǒng)及數(shù)據(jù)備份持續(xù)高可用業(yè)務(wù)連續(xù)性提升資源效率業(yè)務(wù)連續(xù)性業(yè)務(wù)動態(tài)、彈性和敏捷性業(yè)務(wù)部署自動化自服務(wù)生產(chǎn)/災(zāi)備雙活/多活中心基于云計算分布式虛擬化數(shù)據(jù)中心數(shù)據(jù)中心互連數(shù)據(jù)中心互連 Solution ComponentsVirtualization ApplicationsLAN ExtensionsStorage ExtensionsIP Routing and IP Service ConsiderationsMPLSI

2、P CoreDCI功能目的存儲擴(kuò)展提供應(yīng)用訪問本地或遠(yuǎn)端存儲LAN二層擴(kuò)展為虛機(jī)或虛擬應(yīng)用在數(shù)據(jù)中心間擴(kuò)展同一二層域路徑優(yōu)化優(yōu)化訪問應(yīng)用路徑及保持對稱路由以保持服務(wù)的一致性數(shù)據(jù)中心間路由在數(shù)據(jù)中心間提供3層路由連接前端局域網(wǎng)絡(luò)設(shè)計DC 1DC 2ESX-A sourceESX-B target數(shù)據(jù)中心互連LAN 擴(kuò)展STP Isolation is the key element MultipointLoop avoidance + Storm-ControlUnknown Unicast & Broadcast controlLink sturdinessScale & Convergenc

3、eGeoclusters Vmotion?機(jī)房搬遷傳統(tǒng)設(shè)備及應(yīng)用內(nèi)置了固定IP地址 擴(kuò)展數(shù)劇中心來解決power/heat/space限制 受限于運(yùn)維和部署原因DC1DC2DC3傳統(tǒng)LAN擴(kuò)展方式Extended STP DomainSTPdomain二層連通的風(fēng)險在 數(shù)據(jù)中心間泛洪Rapid Spanning Tree (RSTP) 不具備 擴(kuò)展性 RSTP不能實(shí)現(xiàn)域隔離 一個 數(shù)據(jù)中心 的 問題 將波及其他不良的出入局路徑選擇將導(dǎo)致冗長的數(shù)據(jù)中心間流量BPDU Filtering + Storm-control policing + FHRP Isolation EthernetMPLSI

4、PVSS & vPC or TRILL Applies easily for dual site interconnection Over dark fiber or protected D-WDM EoMPLS & VPLS & A-VPLS & H-VPLS L2oL3 for link protection (Fast detection & convergence / Dampening) PE style Large scale Multi-tenants Works over GRE OTV L2oL3 for link protection (Fast detection & c

5、onvergence / Dampening) CE style Enterprise / DC focus Easy integration over Core Works over MPLS transport Innovative MAC routing數(shù)據(jù)中心互連技術(shù)的選擇OTV網(wǎng)絡(luò)測試測試 一 驗(yàn)證和監(jiān)測 OTV 測試二 Vmotion 虛擬機(jī)遷移演示 測試三 生成樹隔離 測試四 HSRP 本地化 測試五 數(shù)據(jù)中心單邊HSRP災(zāi)難備份 測試六 OTV組播數(shù)據(jù)傳輸 測試七 OTV AED 交換機(jī)災(zāi)難備份切換 測試八 物理服務(wù)器遷移 11邏輯交換機(jī)VXLAN 12 | 38vSphere

6、 HostVM1vSphere Distributed SwitchVXLAN Physical Transport NetworkvSphere HostVM2vSphere HostVXLAN 5001 VTEP1 10.20.10.10VTEP2 10.20.10.11VTEP3 10.20.11.10vSphere HostVTEP4 10.20.11.11VM3VM4Controller ClusterVXLAN Transport Subnet A 10.20.10.0/24VXLAN Transport Subnet B 10.20.11.0/24VTEP3VTEP1VTEP4V

7、TEP2數(shù)據(jù)中心高可用設(shè)計網(wǎng)絡(luò)和安全服務(wù)設(shè)計路徑優(yōu)化設(shè)計DC 1DC 2ESX-A sourceESX-B target數(shù)據(jù)中心互連路徑優(yōu)化Options出數(shù)據(jù)中心 Addressed by FHRP Filtering入數(shù)據(jù)中心:DNS redirection with ACE/GSSRoute Injection（LISP） Distributed Logical RouterNSX 邏輯網(wǎng)絡(luò)架構(gòu) 15vC with NSX ManagervC with NSX ManagervC with NSX ManagerLogical SwitchLocal VC InventoryLocal

8、VC InventoryLocal VC InventoryvCenter AvCenter BvCenter CNSX ControllerClusterLogical SwitchNSX ControllerClusterNSX ControllerClusterDistributed Logical RouterLogical SwitchDistributed Logical RouterDistributed Logical RouterLogicalSwitches北京 上海 廣州多站點(diǎn) 部署場景16Universal Distributed Logical RouterPrima

9、ryControl VME1VC A with NSX Manager (Primary)Route Updates with Locale IDSite APhysical RoutersUniversal Transit VXLAN Uplink A北京NSX EdgeServices GWVC B with NSX Manager (Secondary)Route Updateswith Locale IDPeeringOSPF, BGPE8E1Site BPhysical RoutersUniversal Transit VXLAN Uplink BE8SecondaryControl

10、 VMPeeringOSPF, BGPRoute Updateswith Locale IDRoute Updateswith Locale IDUCCUniversalLogical Switches廣州NSX EdgeServices GW北京數(shù)據(jù)中心 廣州數(shù)據(jù)中心虛擬路由器VM1VM2北京數(shù)據(jù)中心出口192.168.202.25廣州數(shù)據(jù)中心出口192.168.201.25 192.168.10.0/29192.168.20.0/29VM3VM4網(wǎng)關(guān)地址 172.16.10.1172.16.20.1生產(chǎn)虛擬交換機(jī)172.16.20.0/24開發(fā)虛擬交換機(jī)172.16.10.0/24解決方案

11、：通過網(wǎng)絡(luò)虛擬化實(shí)現(xiàn)網(wǎng)絡(luò)擴(kuò)展Locale ID: NSX-BJLocale ID: NSX-GZ建設(shè)目標(biāo) 需要什么樣的多站點(diǎn)？應(yīng)用架構(gòu) (場景 1)19主數(shù)據(jù)中心災(zāi)備數(shù)據(jù)中心App-A(High SLA)App-B(High SLA)App-C(Low SLA)vCenterSRMvCenterSRMApp-A(High SLA)App-B(High SLA)受保護(hù)應(yīng)用自動恢復(fù)受保護(hù)應(yīng)用災(zāi)備位置未受保護(hù)應(yīng)用(手工恢復(fù))沒有跨站點(diǎn)間的應(yīng)用訪問需求 主備對應(yīng)關(guān)系High LatencyDR with Site Recovery Manager (SRM)vCenter ServerSite Rec

12、overy ManagerProtected SiteRecovery SiteStoragevCenter ServerSite Recovery ManagervSpherevSphereStoragevSphere Site Recovery Manager (SRM) ComponentsStorageServersVMware vSpherevCenter ServerSite Recovery ManagerVirtual MachinesSite Recovery ManagerManages recovery plansAutomates failovers and failb

13、acksTightly integrated with vCenter and replicationStorage-Based Replication (3rd party)Provided by replication vendorIntegrated via replication adapters created, certified and supported by replication vendorvSphere ReplicationPart of vSphere platformReplicates virtual machines between vSphere clust

14、ersReplication OptionsRequired at both protected and recovery sitesComputeStorageNetworking ?災(zāi)備網(wǎng)絡(luò)192.168.0.0/24192.168.0.12.2.2.22.2.2.0/28192.168.0.0/243.3.3.0/28No Network Readdressing (Dynamic Routing)VXLANVXLANVLANVLANvCenter + SRMvCenter + SRMDistributed Logical RouterDynamic Routing(OSPF, BGP)

15、Primary VMsPlaceholder VMs192.168.10.2192.168.10.1192.168.0.13.3.3.3Distributed Logical RouterDynamic Routing(OSPF, BGP)192.168.10.2192.168.10.1Pre-created Logical Switches and EdgesStorage ReplicationVMFSVMFS“Protected” Site“Recovery” SitePrimary VMs災(zāi)備網(wǎng)絡(luò)192.168.0.0/242.2.2.0/28192.168.0.0/243.3.3.0

16、/28No Network Readdressing (Dynamic Routing)VXLANVXLANVLANVLANvCenter + SRMvCenter + SRMDynamic Routing(OSPF, BGP)Primary VMsPlaceholder VMs192.168.0.1Distributed Logical Router192.168.10.2192.168.0.13.3.3.3Distributed Logical RouterDynamic Routing(OSPF, BGP)192.168.10.2192.168.10.1SG-Prod-01SG-Dev-

17、01SG-Prod-01SG-Dev-012.2.2.2192.168.10.1Site A NSX Edge GWSite B NSX Edge GW應(yīng)用架構(gòu) (場景 2 )24App-A(High SLA)App-B(High SLA)App-C(Low SLA)vCenterSRMvCenterSRMApp-A(High SLA)App-B(High SLA)受保護(hù)應(yīng)用自動恢復(fù)受保護(hù)應(yīng)用災(zāi)備位置未受保護(hù)應(yīng)用(手工恢復(fù))App-DApp-E雙活應(yīng)用App-DApp-E雙活應(yīng)用 跨站點(diǎn)網(wǎng)絡(luò)連通應(yīng)用需要跨站點(diǎn)互訪的連通性主備對應(yīng)關(guān)系雙活對應(yīng)關(guān)系150ms RTT Latency主數(shù)據(jù)中心災(zāi)備數(shù)

18、據(jù)中心 場景125Universal DLRWebDBAppWebApplication TierApplication TierAppDB Universal Logical Switch(Logical Switch forProtected Workloads)Site Local RouterSite Local RouterNSX ESG with ECMPSRMSRMRe-Program the Locale-ID on the hosts (Local Egress)U-DFWU-DFWUniversal Control VMOSPFUniversal Control VMOSPFNSX ESG with ECMP (Advertising 10.1.1.0 reachability)10.1.1.0/24(Advertisi