Most data centers today are in a state of transition as the traditional software deployments running on dedicated physical infrastructure is being replaced by virtual machines running on virtualized infrastructure such as public and private clouds. This transition will take place over years, and most organizations will need to maintain infrastructure that supports both physical and virtual environments; in fact, some software deployments may never move off physical infrastructure. Although many organizations believe they must maintain parallel physical and virtual infrastructure during this transition, Cisco believes that this is an overly complex and inefficient approach. Instead, Cisco proposes a single, simplified data center network fabric that can natively support both virtual and physical software deployments. Cisco Dynamic Fabric Automation (Cisco DFA) is the industry's first to be optimized for both Layer 2 and Layer 3 at all points, simplifying application deployment (physical and virtual) and providing consistency (quality of service [QoS], availability of network services, user experience, etc.) at all points of the network for all kinds of deployments.
As organizations increasingly move to cloud deployments, data center and service provider networks are being asked to adapt to the new application environment and the operation demands it makes on the underlying infrastructure. To this end, Cisco has some specific design recommendations:
• Build around a highly efficient and flexible infrastructure based on open standards.
• Provide the capability to map tenants (users, lines of business [LoBs], and business applications) and requirements to secure, shared, high-performance infrastructure resource pools.
• Deploy centralized automation and management software with visibility to physical and virtual environments.
• Establish a common programmable automation and management framework to simplify operations and increase agility.
Cisco Dynamic Fabric Automation Architecture
Cisco developed the DFA architecture to create the premier foundation for building cloud infrastructure (Figure 1), resulting in some distinctive benefits:
• Greater efficiency: Optimized spine-and-leaf topologies with integrated gateways provide greater efficiency and transparent mobility for physical and virtual machines and services along with end-to-end visibility. The solution portfolio also delivers greater resiliency with smaller fault domains and multitenant scalability.
• Operation simplicity: Cisco Data Center Network Manager (DCNM) 7.0 provides centralized fabric management across physical and virtual software deployments, including auto deployment, integrated fabric access, topology views, monitoring, and health checks. Open APIs allow better integration with orchestration and automation tools in addition to cloud platforms.
• Greater agility: Network automation and provisioning accelerate application delivery with greater VM mobility and smaller failure domains.
Cisco DFA is generally topology independent. Cisco believes that most virtualized data centers will adopt a spine-and-leaf architecture consisting of leaf nodes at the edge of the fabric and spine nodes at the core of the fabric. This design helps ensure that any application nodes are at most only two hops from each other or from IP-based storage, providing predictable latency for all east-west traffic. Data does not travel between spine switches and can predictably move from leaf to spine to leaf.
The leaf nodes represent the physical network edge, connecting to the application servers and service nodes. This edge presents Layer 2, Layer 3, and network services to any physical or virtual applications connected to it. Cisco DFA advancements include enhanced forwarding, in which IP addresses are used regardless of whether the communication is within or between traditional Layer 2 subnets. This feature introduces several optimizations and simplifications, including the elimination of a first-hop redundancy protocol, the use of small MAC address tables, and optimal forwarding for all unicast frames.
Cisco DFA is designed to support multiple encapsulation or tunneling protocols for multitenancy and path isolation, and to support classic bridging behavior for non-IP software deployments that rely on flooding for proper functioning. The initial encapsulation protocol will be based on Cisco FabricPath.
Connectivity from the Cisco DFA to external networks (which traditionally would occur in the Layer 3 core switch) is now through border leaf nodes. In the spine-and-leaf topology, the core switch layer is folded into border leaf nodes that act as gateways to external networks and provide the Layer 3 routing support that the efficient spine nodes push down to the leaf nodes.
Cisco DFA provides an optimal fabric for both physical and virtual software deployments simultaneously. The connectivity of virtual and physical endpoints is built into the Layer 3 boundary distributed across the network (at each leaf). This design eliminates the need for specific virtual network and physical network gateways, which can be bottlenecks and reduce scalability. Compared to a virtual overlay network, Cisco DFA offers more efficient traffic forwarding alternatives, with greater visibility and control of the physical infrastructure. The resulting fabric design is free from any dependencies on the hypervisor infrastructure or cloud orchestration software.
Benefits of Network Simplification
The result of the unified approach is a simpler fabric that provides consistent, reliable performance and access to services for software deployments at every location in the network. Here are some of the benefits of a simplified and more homogenous network:
• Elimination of the Layer 2 and Layer 3 complexity of traditional topologies, with consistent use of IP addresses for traffic forwarding, simplifies deployment and network design and removes location dependencies for application placement.
• A maximum two-hop communication path between any two applications in a very large cloud network provides reliability and predictable latency.
• A homogeneous Cisco DFA allows Layer 4 through 7 network services and security to be delivered reliably and consistently to applications independent of their location in the network. Virtual service nodes, for example, are at most only two hops from any application node. The deployment of firewalls, load balancers, and monitoring tools becomes easier and neither defines nor depends on the network topology.
• With a simpler, homogenous fabric architecture, network flexibility is greatly increased, and more sophisticated orchestration is possible with greater degrees of automation, including zero-touch provisioning and automated network configuration
• The capability to eliminate physical and virtual gateways increases the scalability and reliability of the data center fabric.
• Use of a single environment simplifies troubleshooting and accelerates problem resolution.
Implementing the Cisco Dynamic Fabric Automation Architecture
For organizations evolving or migrating to the enhanced Cisco DFA design, the transition is cost effective and smooth and generally based on existing Cisco Nexus® Family hardware already in place. With software upgrades, Cisco Nexus 6000 and 7000 Series Switches can participate in the spine and the leaf nodes, including the border leaf nodes (the Cisco Nexus 7000 Series needs to be upgraded to the Cisco Nexus F3-Series line card to act as a leaf node). Cisco Nexus 5000 Series Switches can be used in the network spine.
To begin the migration and deployment of the architecture, organizations should implement Cisco FabricPath as well as Cisco Nexus 1000V Series virtual switches at the virtual machine access layer. Organizations should also consider building fabrics based on the Cisco Nexus platforms. For more information about the Cisco Nexus platforms that support the enhanced forwarding mechanism, please refer to the Cisco Nexus DFA webpage at http://cisco.com/go/dfa.
The Cisco DFA architecture is a logical evolution of traditional data center fabric designs to address rapidly emerging cloud network requirements. The architecture eliminates the need for overlay networks, which can hinder traffic visibility and optimization and reduce scalability when physical server and virtual machine environments are integrated. This simpler, more homogeneous architecture enables zero-touch provisioning and greater orchestration, while delivering more predictable performance and latency for large cloud networks.