The case studies in the Solutions Corner describe network design or deployment problems typically discussed during ExpertExpress sessions. They're based on real-life queries and consulting engagements but never represent an actual customer network.
- Large multi-homed content provider has experienced numerous brownouts in the Internet edge of its data center network caused by high CPU load on the Internet edge routers following a link or EBGP session loss.
- A large enterprise (the Customer) has an existing international WAN backbone using BGP as the routing protocol. They plan to replace a regional access network with DMVPN-based solution and want to extend the existing BGP routing protocol into the access network to be able to scale the access network to several thousand sites.
- Central IT department of the government of Genovia is building a new private cloud which will consolidate workloads currently being run at satellite data centers throughout various ministries.
The new private cloud should offer centralized security, quick application deployment capabilities, and easy integration of existing application stacks that are using a variety of firewalls and load balancers from numerous vendors.
- The data center networking team in a large enterprise (the Customer) has been tasked with building the network infrastructure for a new private cloud deployment.
They approached numerous vendors trying to figure out how the new network should look like, and got thoroughly confused by all the data center fabric offerings, from FabricPath (Cisco) and VCS Fabric (Brocade) to Virtual Chassis Fabric (Juniper), QFabric (Juniper) and more traditional leaf-and-spine architectures (Arista). Should they build a layer-2 fabric, a layer-3 fabric or a leaf-and-spine fabric?
- In a network with two data centers connected with a layer-2 DCI link, implement optimal route advertisement toward enterprise WAN and Internet that survives failures of individual links, node, or subsystems, and avoids split-brain scenario or traffic blackholing.
- A large enterprise (the Customer) has a WAN backbone based on MPLS/VPN service offered by a regional Service Provider (SP). The traffic in the Customer’s WAN network has been increasing steadily prompting the customer to increase the MPLS/VPN bandwidth or to deploy an alternate VPN solution. The Customer decided to trial IPsec VPN over the public Internet, initially as a backup, and potentially as the primary WAN connectivity solution.
- In a network with two data centers (connected with a layer-3 DCI link), ensure the Internet users reach applications running in a data center even if all its Internet links fail.
- A large enterprise (the Customer) is building a private cloud infrastructure using leaf-and-spine fabric for internal network connectivity. The virtualization team hasn’t decided yet whether to use a commercial product (example: VMware vSphere) or an open-source alternative (KVM with OpenStack). It’s also unclear whether VLANs or overlay layer-2 segments will be used to implement virtual networks.
- ACME Inc. has a data center hosting several large-scale web applications. The networking engineers designing next-generation data center for ACME would like to replace the central firewalls with iptables deployed on application servers, but are reluctant to do so due to potential security implications.
- ACME Inc. is building a large fully redundant private infrastructure-as-a-service (IaaS) cloud using standardized single-rack building blocks. They plan to use several geographically dispersed data centers with each data center having one or more standard infrastructure racks.
Products and Services
- Yearly subscription
- ExpertExpress and Consulting
- Webinars and recordings
- Customized webinars and on-site workshops
About Ivan Pepelnjak
- Ending the Tyranny of Expensive Security Tools
29 September 2015