Data Center Classification : Different Tier

Similar Messages

• Collapsed Data Center Tier - Best Practice

  Hey guys,
  I'm working with a company who's doing a Data Center build-out. This is not a huge build out and I don't believe I really need a 2 tier design (access, core/aggregation). I'm looking for a 1 tier design. I say this because they only really have one rack of hosts - and we are not connected to a WAN or campus network - we are a dev shop (albeit a pretty damn big dev shop) who hosts internet sites and web applications to the public. 
  My network design relies heavily on VRF's. I treat every web application published to the internet as it's town "tenant" with one leaked route which is my managment network so I have any management servers ( continues deployment, monitoring, etc...) sitting in this subnet that is leaked. Each VRF has their own route to a virtual firewall context of their own and out to the internet. 
  Right now we are in a managed datacenter. I'm going to be building out their own switching environment utilizing the above design and moving away from the managed data center. That being said I need to pick the correct switches for this 1 tier design. I need a good amount of 10gbe port density (124 ports minimum). I was thinking about going with 4 5672UP or 4 C3064TQ-10GT - these will work as both my access and core (about 61 servers, one fiber uplink to my corporate network, and one fiber uplink to a firewall running multiple device contexts via multiple vlans) 
  That being said - With the use of VRFs, VLAN, and MP-BGP (used to leak my routes) what is the best redundancy topology for this design. If I was using catalyst 6500's I would do VSS and be done with it - but I don't believe vPC on the nexus switches traffic and is really more for a two tier model (vPC on two cores, aggregation/access switch connects up to both cores but it looks like one.) What I need to accomplish sounds to me that I'm going to be doing this the old fashion way , running a port channel between each switch, and hopefully using a non STP method to avoid loops. 
  Am I left with any other options? 

  ISP comes into the collapsed core after a router. A specific firewall interface (firewall is in multi context mode) sits on the "outside" vlan specific to each VRF. 

• Deploying Cisco Overlay Transport Virtualization (OTV) in Data Center Networks

  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to plan, design, and implement Cisco Overlay Transport Virtualization (OTV) in your Data Center Network with Cisco experts Anees Mohamed Abdulla and Pranav Doshi.
  Anees Mohamed Abdulla is a network consulting engineer for Cisco Advanced Services, where he has been delivering plan, design, and implementation services for enterprise-class data center networks with leading technologies such as vPC, FabricPath, and OTV. He has 10 years of experience in the enterprise data center networking area and has carried various roles within Cisco such as LAN switching content engineer and LAN switching TAC engineer. He holds a bachelor's degree in electronics and communications and has a CCIE certification 18764 in routing and switching. 
  Pranav Doshi is a network consulting engineer for Cisco Advanced Services, where he has been delivering plan, design, and implementation services for enterprise-class data center networks with leading technologies such as vPC, FabricPath, and OTV. Pranav has experience in the enterprise data center networking area and has carried various roles within Cisco such as LAN switching TAC engineer and now network consulting engineer. He holds a bachelor's degree in electronics and communications and a master's degree in electrical engineering from the University of Southern California.
  Remember to use the rating system to let Anees and Pranav know if you have received an adequate response.  
  Because of the volume expected during this event, Anees and Pranav might not be able to answer each question. Remember that you can continue the conversation on the Data Center, sub-community forum shortly after the event. This event lasts through August 23, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Dennis,
      All those Layer 2 extension technologies require STP to be extended between Data Centers if you need to have multiple paths between Data Centers. OTV does not extend STP rather it has its own mechanism (AED election) to avoid loop when multiple paths are enabled. It means any STP control plane issue, we don't carry to the other Data Center.
      OTV natively suppresses Unknown Unicast Flooding across the OTV overlay. Unknown unicast flooding is a painful problem in layer 2 network and difficult to troubleshoot to identify the root cause if you don't have proper network monitoring tool.
     It has ARP optimization which eliminates flooding ARP packets across Data Center by responding locally with cached ARP messages. One of the common issues I have seen in Data Center is some server or device in the network sends continuous ARP packets which hits Control plane in the Aggregation layer which in turn causes network connectivity issue.
  The above three points proves the Layer 2 domain isolation between data centers. If you have redundant Data Centers with Layer 2 extended without OTV, the above explained layer 2 issue which happens in one Data Center carries the same failure to the second data center which creates the question of what is the point of having two different Data Centers if we can not isolate the failure domain.
    OTV natively supports HSRP localization with few command lines. This is a very important requirement in building Active/Active Data Center.
  Even though your question is related to L2TP, OTV deserves the comparison with VPLS and those comparison will also be applicable for L2TP. The below link explains in detail...
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-574984.html
  Thanks,
  Anees.

• Ask the Expert: Scaling Data Center Networks with Cisco FabricPath

  With Hatim Badr and Iqbal Syed
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Cisco FabricPath with Cisco technical support experts Hatim Badr and Iqbal Syed. Cisco FabricPath is a Cisco NX-OS Software innovation combining the plug-and-play simplicity of Ethernet with the reliability and scalability of Layer 3 routing. Cisco FabricPath uses many of the best characteristics of traditional Layer 2 and Layer 3 technologies, combining them into a new control-plane and data-plane implementation that combines the immediately operational "plug-and-play" deployment model of a bridged spanning-tree environment with the stability, re-convergence characteristics, and ability to use multiple parallel paths typical of a Layer 3 routed environment. The result is a scalable, flexible, and highly available Ethernet fabric suitable for even the most demanding data center environments. Using FabricPath, you can build highly scalable Layer 2 multipath networks without the Spanning Tree Protocol. Such networks are particularly suitable for large virtualization deployments, private clouds, and high-performance computing (HPC) environments.
  This event will focus on technical support questions related to the benefits of Cisco FabricPath over STP or VPC based architectures, design options with FabricPath, migration to FabricPath from STP/VPC based networks and FabricPath design and implementation best practices.
  Hatim Badr is a Solutions Architect for Cisco Advanced Services in Toronto, where he supports Cisco customers across Canada as a specialist in Data Center architecture, design, and optimization projects. He has more than 12 years of experience in the networking industry. He holds CCIE (#14847) in Routing & Switching, CCDP and Cisco Data Center certifications.
  Iqbal Syed is a Technical Marketing Engineer for the Cisco Nexus 7000 Series of switches. He is responsible for product road-mapping and marketing the Nexus 7000 line of products with a focus on L2 technologies such as VPC & Cisco FabricPath and also helps customers with DC design and training. He also focuses on SP customers worldwide and helps promote N7K business within different SP segments. Syed has been with Cisco for more than 10 years, which includes experience in Cisco Advanced Services and the Cisco Technical Assistance Center. His experience ranges from reactive technical support to proactive engineering, design, and optimization. He holds CCIE (#24192) in Routing & Switching, CCDP, Cisco Data Center, and TOGAF (v9) certifications.
  Remember to use the rating system to let Hatim and Iqbal know if you have received an adequate response.  
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community Unified Computing discussion forum shortly after the event. This event lasts through Dec 7, 2012.. Visit this support forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Sarah,
  Thank you for your question.
  Spanning Tree Protocol is used to build a loop-free topology. Although Spanning Tree Protocol serves a critical function in these Layer 2 networks, it is also frequently the cause of a variety of problems, both operational and architectural.
  One important aspect of Spanning Tree Protocol behavior is its inability to use parallel forwarding paths. Spanning Tree Protocol forms a forwarding tree, rooted at a single device, along which all data-plane traffic must flow. The addition of parallel paths serves as a redundancy mechanism, but adding more than one such path has little benefit because Spanning Tree Protocol blocks any additional paths
  In addition, rooting the forwarding path at a single device results in suboptimal forwarding paths, as shown below, Although a direct connection may exist, it cannot be used because only one active forwarding path is allowed.
  Virtual PortChannel (vPC) technology partially mitigates the limitations of Spanning Tree Protocol. vPC allows a single Ethernet device to connect simultaneously to two discrete Cisco Nexus switches while treating these parallel connections as a single logical PortChannel interface. The result is active-active forwarding paths and the removal of Spanning Tree Protocol blocked links, delivering an effective way to use two parallel paths in the typical Layer 2 topologies used with Spanning Tree Protocol.
  vPC provides several benefits over a standard Spanning Tree Protocol such as elimination of blocker ports and both vPC switches can behave as active default gateway for first-hop redundancy protocols such as Hot Standby Router Protocol (HSRP): that is, traffic can be routed by either vPC peer switch.
  At the same time, however, many of the overall design constraints of a Spanning Tree Protocol network remain even when you deploy vPC such as
  1.     Although vPC provides active-active forwarding, only two active parallel paths are possible.
  2.     vPC offers no means by which VLANs can be extended, a critical limitation of traditional Spanning Tree Protocol designs.
  With Cisco FabricPath, you can create a flexible Ethernet fabric that eliminates many of the constraints of Spanning Tree Protocol. At the control plane, Cisco FabricPath uses a Shortest-Path First (SPF) routing protocol to determine reachability and selects the best path or paths to any given destination in the Cisco FabricPath domain. In addition, the Cisco FabricPath data plane introduces capabilities that help ensure that the network remains stable, and it provides scalable, hardware-based learning and forwarding capabilities not bound by software or CPU capacity.
  Benefits of deploying an Ethernet fabric based on Cisco FabricPath include:
  • Simplicity, reducing operating expenses
  – Cisco FabricPath is extremely simple to configure. In fact, the only necessary configuration consists of distinguishing the core ports, which link the switches, from the edge ports, where end devices are attached. There is no need to tune any parameter to get an optimal configuration, and switch addresses are assigned automatically.
  – A single control protocol is used for unicast forwarding, multicast forwarding, and VLAN pruning. The Cisco FabricPath solution requires less combined configuration than an equivalent Spanning Tree Protocol-based network, further reducing the overall management cost.
  – A device that does not support Cisco FabricPath can be attached redundantly to two separate Cisco FabricPath bridges with enhanced virtual PortChannel (vPC+) technology, providing an easy migration path. Just like vPC, vPC+ relies on PortChannel technology to provide multipathing and redundancy without resorting to Spanning Tree Protocol.
  Scalability based on proven technology
  – Cisco FabricPath uses a control protocol built on top of the powerful Intermediate System-to-Intermediate System (IS-IS) routing protocol, an industry standard that provides fast convergence and that has been proven to scale up to the largest service provider environments. Nevertheless, no specific knowledge of IS-IS is required in order to operate a Cisco FabricPath network.
  – Loop prevention and mitigation is available in the data plane, helping ensure safe forwarding that cannot be matched by any transparent bridging technology. The Cisco FabricPath frames include a time-to-live (TTL) field similar to the one used in IP, and a Reverse Path Forwarding (RPF) check is also applied.
  • Efficiency and high performance
  – Because equal-cost multipath (ECMP) can be used the data plane, the network can use all the links available between any two devices. The first-generation hardware supporting Cisco FabricPath can perform 16-way ECMP, which, when combined with 16-port 10-Gbps port channels, represents a potential bandwidth of 2.56 terabits per second (Tbps) between switches.
  – Frames are forwarded along the shortest path to their destination, reducing the latency of the exchanges between end stations compared to a spanning tree-based solution.
      – MAC addresses are learned selectively at the edge, allowing to scale the network beyond the limits of the MAC addr

• IPT Clusters Data Center Move 8.6(2a)SU3‏

  Hi Voice Experts,
  Any help will be appreciated, I have read Cisco BCP and understand the best practice but Cisco doesn’t talk clearly about the questions mentioned [only adding subscriber needs a cluster reboot is confirmed but wanted to know from the experience of experts here]:-
  We have a plan to move data center for IPT Clusters, and we are working for POC for server build as of now, I would need your guidance for the following questions:-
  1-      Adding a new Subscriber:
  a.        Is rebooting for all nodes in a cluster required?
  b.      Is this mandatory to remove the subscriber from the list of servers from publisher before building the same subscriber in a live environment? [lets say need to replace MCS server for a subscriber]
  c.       Can the replica subscriber be built in an isolated environment first by building the replica Publisher and then Subscriber, and later promote this newly build subscriber in live environment by replacing this with the original non working subscriber?
  2-      Node licensing:
  a.       The node licensing reflects the no of Subscribers in a cluster [not non subscribers like MOH, TFTP servers], lets say we have one subscriber in one data center, we need to move this in another Second data center, so can we build this server with different ip address in live running environment [will shut down the original subscriber first before promoting newly built server as SUBSCRIBER considering node licensing limitations], is that doable ? OR First we need to decommission the current running server from one Data Center and then start building the subscriber in second data center?
  Regards,
  Shah

  I dont quite follow what you are trying to do, are you actually going to move your whole cluster to a DC?
  if you move DC, can you move your VMs across and Re-IP?
  if you are going to build new subs in the new DC, you will need to add these to your existing cluster yes, no full reboot of your cluster should be required when adding a sub.  once you have all subs spun up in your new DC, move your phones across to it (change option 150 in each voice subnet). lastly Re-IP your PUB to fit in the new IP range in your new DC
  always make sure you ready the release notes!!!!!  
  You will need to get temporary licences for your interim period where you have a bunch of sub in the new as well as the old DC. All you need is node licences. Speak to your reseller.
  please rate if usefull

• Server Requirements - Always On in a single server? - Needs clustering even one server on another Data Center?

  Hello:
  I have been asking this questions to different forums and got different responses, so I wanted to know if asking to "Microsoft" will give me some good directions. (All in SQL Server 2012, including the OS)
  Question 1.- Always On "HAS" to be configured on a WSFC node? How about in a Single SQL Server. (NO Clustering)?.
  Question 2.- What about our mirroring processes configured and running in single servers, do we have to have WSFC installed before we can upgrade them to Always On?.
  Question 3.- In a case I have WSFC, and configure Always On, can my second or third replica reside in a single SQL Server? (No WSFC). What if I can not have Clustering in a DR Data Center? or I do have only VM's on the DR Center?
  Any help will be greatly appreciated.
  Thanks
  Oscar Campanini

  Hi Oscar,
  Please find the answers below.
  Question 1.- Always On "HAS" to be configured on a WSFC node? How about in a Single SQL Server. (NO Clustering)?.
                  - Yes . Each replica must be on a different node of a WSFC cluster. Without WSFC Cluster you cannot create always on as it relies on the failover capabilities of the
  cluster.
  Question 2.- What about our mirroring processes configured and running in single servers, do we have to have WSFC installed before we can upgrade them to Always On?.
                   - You cannot really upgrade a Database mirroring configuration to Always on , both are different and works differently. Again for Always on each participating
  replica must be on a WSFC cluster
  Question 3.- In a case I have WSFC, and configure Always On, can my second or third replica reside in a single SQL Server? (No WSFC). What if I can not have Clustering in a DR Data Center? or I do have only VM's on the DR Center?
                 - NO all replicas have to be in single nodes of WSFC cluster.
  Note: SQL Server doesnt have to be clustered.
  Consider the following scenario. YOu need to create Always on with a 3 node topology ie 1 Primary, I secondary and 1 readonly secondary.
  YOu need to have all these three nodes a part of Windows Server Failover Cluster. The clustering needs to be done only in the windows level. YOu can install standalone SQL Servers on all these 3 nodes and then condigure them as replica's in ALways on.
  Read these links to clear your questions -
  http://technet.microsoft.com/en-gb/sqlserver/gg490638.aspx
  http://technet.microsoft.com/en-us/library/hh510230(v=SQL.110).aspx
  http://technet.microsoft.com/en-us/library/ff878487(v=sql.110).aspx#ServerInstance
  Note: When I said Always ON I was reffering to Availability Groups.
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com

• WAN and multi-site data center

  Dear all
  my company have two different data center, one active data center, the second data center is not active, they are willing to go with active - active data center model, i am who responible to design WAN solution,
  We almost success to make LAN for both DC act as one LAN data center,
  now how to make two different site act as one from WAN prespective,
  our WAN devices model is
  ASR 1006, 7604 ( in each site)
  what are the technologies used for such things
  i hope anyone can help

  Does anybody have aclue, link , i see 13 view with no replies, if anyone can help

• Layer 2 connect - data center web hosting

  hi, i need your help!!
  i have data center with the nexus 7000 , i have servers connecting to the cisco 7000 with web servers. my company do hosting for customers.
  the poing that we have shared resources like vmwares on blades and so on.. mean that the ports of the blade are connecting physically to the nexus 7000 with trunk and vlans for every customers.
  my nexus connecting to FW than to WAN stiches than to Routers connecting to the internet so if i asked to to hosting from the internet its easy.
  the problem is now i have cusomer that wants to connect his switch over the wan directly to his area at my datacenter....  we make for him servers that are the same like his servers with the same subnet and he makes replications...
  he dont have router, he connect his switch over wan provider at layer 2 to me..
  should i connect him direcly to my nexus??? with his vlan?? should i need other solution like eompls??? what is the safest way to connect him with layer 2.. and i repeat the problem that our servers are shared between many customers - the same nexus ports, please help!!

  Hello,
  1.PIX is the precursor to the ASA so at this point the ASA is probably a better choice since it'll be around longer plus I'm sure they have beefed up the base hardware compared to the pix.
  2.Your external router is dependant on how much traffic your going to be dropping into your hosting site. A 7200 series router is a fairly beefy router and should be able to handle what you need if your looking.
  3.One of the nice things about the 6500 is you can put a FWSM and segment all your different hosting servers to provide a more granular network control.
  I don't have any case studys but will look around and post them if I find some.
  Patrick

• Single CAS NameSpace in Multi-Data Center Model With Exchange 2013

  Hi
  We are in process of transitioning from Exchange 2007 to Exchange 2013. Our Exchange 2007 infrastructure is as follows:
  2 Data centers (DC 1 and DC 2). Both with active user population. Both have their own direct Internet Connectivity
  Standalone Exchange 2007 mailbox servers in each data center
  Load Balanced CAS (HT co-located) servers using Hardware Load Balancers in each data center. Load balancers are configured with VIP and FQDNs (LoadBalancer1.Com and LoadBalancer2.com)
  Currently No access allowed from Internet except ActiveSync (No OWA or OA)
  Outlook anywhere is disabled in Exchange 2007 organization but once mailboxes will be moved to Exchange 2013, OA will definitely be used – we will provide OA on Intranet as well as Internet
  All the internal URLs including Autodiscover point to VIP (Load Balancer IP)
  Autodiscover is not currently published on Internet, but we have a plan to publish it now once Exchange 2013 is introduced
  We want to keep a single CAS NameSpace BYOD.ABC.Com for our ActiveSync and OA (and not going to allow OWA) access from Internet. We want to have Split-DNS for our new Exchange 2013 infrastructure due to
  the simplicity it brings. So we are going to use one name BYOD.ABC.Com from the Internet. We have GSLB that provide Fault Tolerance and Geo-Load Balance to external requests coming from Exchange clients, between two data centers. When we will
  install new Exchange 2013 servers, they’ll be part of new VIP so:
  In a 2 data center model, can we name our internal VIPs same in both data centers (i:e BYOD.ABC.Com) as we have decided to go with Split-DNS? Do you see any caveats to this strategy
  If the above strategy will not work, what are the alternate approach(es).
  If we configure same names for the VIPs in both data centers, it will mean that the Autodiscover SCPs for all the Exchange 2013 CAS objects (and Exchange 2007 CAS objects during co-existence) will point to BYOD.ABC.Com. This should not be a problem for
  AD joined systems as they’ll find and contact Autodiscover endpoints in their own sites (based on Keywords attribute that tells which AD site SCP belongs to) –
  Please correct me if this is wrong.
  If we configure same names for the VIIPs in both data centers, this also means that we have to configure BYOD.ABC.Com on External as well as Internal URLs on all the Exchange 2013 servers across both the data centers – Wouldn’t that be a problem – in terms
  of loops during CAS-CAS Proxy/Redirection?
  If we configure different names of the VIPs (say BYOD1.ABC.Com and BYOD2.ABC.Com), how will the Outlook Anywhere requests be handled in both data centers. The OA requests from DC1 will expect the Certificate Principle Name to be BYOD1.ABC.Com and requests
  from DC2 will expect the Certificate Principle Name to be BYOD2.ABC.Com. How to get this stuff working. As far as I know, OA expects CPN to match with it’s name.
  Thanks
  Taranjeet Singh
  zamn

  Any comments/suggestions from community......
  Thanks
  Taranjeet Singh
  zamn

• Is there a way other than redeployment to migrate existing Cloud Services from one data center to another?

  We have a need to correct affinity of Cloud Service, Azure DB, Storage and Mobile Services such that they are on a singl datacenter and do not get impacted by network latency when these components communicate with each other. Also to distribute various environments
  across different data centers we need to realign some environments to mitigate all environments getting impacted if there is outage.
  Existing Cloud Services and related Service Bus queues and topics need to be moved to a different datacenter. Is there a way to do this without having to redeploy cloud services (web and worker roles) or recreate the service bus entities (queues and topics)?
  Also, the existing Cloud Service URL need to be retained without with user authentication won't be possible and hence when completed, the new cloud service should have the same URL.
  Please provide best available options for achieving this or ask question if more information is needed.

  Hi sumeetd,
  As far as I know, currently there is no directly way to move services from one data center to another unless redeployment. You could submit a feature suggestion via this page (http://feedback.azure.com/forums/34192--general-feedback
  ). And at the same time,you could contact with azure support team via the channel below:
  http://www.windowsazure.com/en-us/support/contact/
  Any questions, please feel free to let me know.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Data Center Network Design

  I'm looking at a couple options for a small network in a data center.  I seem to be getting hung up on all the different options.  One of the options I'm looking at is end or row using both 2960Ss and Blade Center chassis switches with each physical server dual homed into a 2960, each ESX server dual homed into a blade switch and each of the switches with a Layer 2 10Gb uplink (20 total with etherchannel) to one of two 4900Ms.  The 4900Ms would then have a layer 2 uplink between them to accomodate VLANs that span the access layer switches.  This would be an inverted U topology.  That's simple enough, and maybe that is where I should leave it, but there is the now available stacking feature of 2960s that has me wondering if there is another option available with dual homing a stack.  Is there such a beast?  Would it be better to stack 2960s, or even 3750s, so as to make each end of row with 2 redundant switches appear as one logical stack, and then uplink that stack to an aggregate multilayer switch such as a pair of 4900Ms?  Or might that limit me to keeping VLANs within a stack and end or row?
  thank you,
  Bill

  Hi Bill-
  First, I personally would not use the 2960S for the data center, no matter the size. That switch was purposely built for user access and has some limitations. Also, depending on what you need to accomplish will determine your design. I recently did a design similar to what you are describing. We ended up putting 3750X's at the top of rack as a stack. This allows for etherchannel to your servers with both server NICs being active. From there we uplinked to a pair of 6509's in VSS. From a layer 2 point of view this was about as simple as it gets; 1 switch connected to another switch connected to a server. No spanning tree! If you can't afford stackable switches, you may want to look at routing at the top of rack. However you will lose functionality like moving VLAN's between racks, relying on server NIC software for active/passive links and the moving of VM's could be limited.

• Wireing Question for Data Center

  I work in what I would consider to be a small/mid sized data center. We use two 6513 as the core/distribution for ~25 racks of servers.
  My question comes in the way of cabling the servers to the core. Currently they are using long patch cords between the 6513 and each server. Well it’s a mess, functional but messy.
  I'm trying to figure out the best way to clean up the mess and make it look professional.
  Most people seem to suggest 2 different ways to accomplish this:
  1) Install switches in each rack and run fiber from the core to the rack. Wire each server to the switch in the rack.
  2) Install 24/48 port patch panels between the core area and the racks.
  I'm wondering what people think of these ideas and if there are any other suggested ways of accomplishing this?
  Andy

  Hi Andy,
  Here's something that we used to do where I worked:
  We had 6509's with three/four 48 port blades servicing between 150 and 200 phones roughly. I had four total switches, one on each of four floors. So this would be roughly similar to your DC environment, only we're servicing longer horizontal runs and phones, not servers -- but the idea is the same (i.e. high density cabling issues).
  Lord knows that when you're plugging in 48 cables into one of those blades, it can get pretty crowded. And since we don't yet know how to alter the laws of physics that determine space requirements, we have to search for alternatives.
  Back to my environment: On three of the four floors, we just wired straight from the patch panel (that ran to floor locations) to the switch. Quite a mess when you're running in 48 cables to one blade! However, this is traditional and this is what we did. My cabling guy (very smart fella) suggested something else. At the time I was too chicken to do it on the other floors, but I did agree to try it on one floor. Here's what we did:
  He ran Cat5 (at the time, that was standard) connections in 48 cable bunches from an adjacent wall into the switch. They had RJ-45 connections so that they could plug in, and they were all nice and neat. On the other end, they plugged in to a series of punch down blocks (kind of like you see in a phone room for telephone structured cabling). These, in turn, were cross connected to floor locations on another punch down block that went to the floor locations. Now, whenever we wanted to make a connection live, we simply had to connect the correct CAT5 jumper wire from one punch down block to the other. You never touch the actual ports in the switch. They just stay where they are. All alterations are done on the punch down blocks. This keeps things nice and neat and there's no fiddling with cables in the switch area. Any time you need to put in a new blade, you just harness up 48 more cables (we called them pigtails) and put them in the new blade.
  NOTE: You could do the exact same thing with patch panels instead of punch down blocks, but with higher densities, it's a bit easier to use the blocks and takes up much less space.
  ADVANTAGES:
  * Very neat cable design at the switch side.
  * Never have to squeeze patch cables in and out.
  * Easy to trace cables (but just better to document them and you'll never have to trace them).
  * Makes moves, adds, and changes (particularly adds) very easy.
  DISADVANTAGES:
  * Not sure that you can do it with CAT6.
  * You have to get a punch down tool and actually punch cables (not too bad though after you do a few).
  * You need to make sure that you don't deprecate the rating on the cable by improperly terminating it (i.e. insufficient twists)
  Anyway, I haven't had a need to do this in a while and I no longer work at the same place, but my biggest concern would be if that meets with the CAT6 spec. Not sure about that, but your cabling person could probably tell you.
  I'm not a big fan of decentralizing the switches to remote locations. It can become cumbersome and difficult to manage if you end up with a lot of them. Also, it doesn't scale well and can end up with port waste (i.e. you have 24 servers in one cabinet on one switch and then along comes 25; you now have to buy another 12 or 24 port switch to service the need with either 11/23 ports going to waste -- not good).
  Good luck. Let us know how you make out. I'd be glad to go in to more detail if the above isn't explained well enough.
  Regards,
  Dave

• Recommended Design for WAAS in both Data center and Branch Offices

  Hi All,
  I need to purchase different appliances for WAAS, but before I decide what to purchase, I need to know exactly how I am going to put these devices so that I can know which one to purchase and how the designs will be.
  My environment is as follows:
  I have two core routers (ASR 1000 series) at Data center, two 6509 switches (expecting to insert the ACE module, and FW module) and the I have access switches which connects servers.
  At the branch offices, I am expecting to place ASR1000 series also.
  Now, I need to know the recommended designs for these WAAS appliances so that, I can know in advance what to purchase(i.e. how many WAAS CM, Core WAE, and Edge WAE).
  Any input will highly be appreciated.
  Thanks,

  If you purchase the Standard Edition, your license supports:
  One installation of Cisco Security Manager on one Windows-based server.
  The configuration or management of 5 devices (in the Standard-5 option) or 25 devices (in the Standard-25 option). This excludes Catalyst 6500 and 7600 Series devices and their associated service modules.
  If you purchase either the Standard-5 or Standard-25 license, you cannot purchase an incremental device license. Your license is fixed at either 5 or 25 devices.

• Control Plane Policing (CoPP) for Data Center

  Hi All,
  I am planning to apply CoPP on different routers and switches of Data Center. This Data Center comprises of Cisco 6513 (VSS), Catalyst 3750, Cisco 3845 and Cisco 2811.
  My question are:
  1. Do we have to apply CoPP on Catalyst 3750, as these are DMZ switches only?
  2. How to find the packet processing rate from router and switches?
  3. Any best practices CoPP template for routers running OSPF and BGP?
  Thanks and Regards,
  Ahmed.

  1. You would need to apply CoPP to all routers/switches that are 
  manageable from untrusted sites. So even if you have non-DMZ switches 
  that will be able to be telneted to from the outside for example, 
  CoPPing them would be helpful for you.Do we not need to apply
  CoPP on switches and routers that are not telneted from outside?
  Control plan traffic is traffic that goes to the control plane of the router like management traffic, snmp etc. If there is a firewall securing you from the outside I would feel my switches are more secure and it is not easy to bring them to their knees with an attacker doing too much from the outside. Control plane policing applies to all control plane traffic, but it is mostly against outsiders that someone would try to protect himself.
  2. "sh proc
  cpu" would give you some  insight for processes like ssh or telnet and
  how much the take. Not  control packet rate processing though.I
  want to know the maximum packet processing rate of a router or switch?
  I don't think you will be able to pull that number.
  3. Depends
  on how powerful the  router is, how many commands you are running, how
  much route processing  is going on.Best practice for a router
  running OSPF with 200 routes?
  Don't know of any.
  PK

• Data center out-of-band management network

  Would "Cisco Prime Data Center Network Manager" be classed as an out-of-band management tool that I could use on a 2 tier data centre?
  If not what solutions could I have for a data center that has a bunch of racks with servers and switches in that connect to an aggregation switch?

  My take on "out-of-band" depends not so much on the tool but rather on how it accesses the managed devices.
  Most Cisco data center devices have a management port that is independent of the data plane (separate communications processor, separate VRF).
  If you communicate to that port using a system and via a network not co-mingled with your user traffic, then you have an out-of-band management tool.