Solutions Corner

The case studies in the Solutions Corner describe network design or deployment problems typically discussed during ExpertExpress sessions. They're based on real-life queries and consulting engagements but never represent an actual customer network.

Contents

BGP Convergence Optimization

Large multi-homed content provider has experienced numerous brownouts in the Internet edge of its data center network caused by high CPU load on the Internet edge routers following a link or EBGP session loss.

BGP Routing in DMVPN Access Network

A large enterprise (the Customer) has an existing international WAN backbone using BGP as the routing protocol. They plan to replace a regional access network with DMVPN-based solution and want to extend the existing BGP routing protocol into the access network to be able to scale the access network to several thousand sites.

Combine Physical and Virtual Appliances in a Private Cloud

Central IT department of the government of Genovia is building a new private cloud which will consolidate workloads currently being run at satellite data centers throughout various ministries.

The new private cloud should offer centralized security, quick application deployment capabilities, and easy integration of existing application stacks that are using a variety of firewalls and load balancers from numerous vendors.

Designing a Private Cloud Network Infrastructure

The data center networking team in a large enterprise (the Customer) has been tasked with building the network infrastructure for a new private cloud deployment.

They approached numerous vendors trying to figure out how the new network should look like, and got thoroughly confused by all the data center fabric offerings, from FabricPath (Cisco) and VCS Fabric (Brocade) to Virtual Chassis Fabric (Juniper), QFabric (Juniper) and more traditional leaf-and-spine architectures (Arista). Should they build a layer-2 fabric, a layer-3 fabric or a leaf-and-spine fabric?

External Routing with Layer-2 Data Center Interconnect (DCI)

In a network with two data centers connected with a layer-2 DCI link, implement optimal route advertisement toward enterprise WAN and Internet that survives failures of individual links, node, or subsystems, and avoids split-brain scenario or traffic blackholing.

Integrating Internet VPN with MPLS VPN WAN

A large enterprise (the Customer) has a WAN backbone based on MPLS/VPN service offered by a regional Service Provider (SP). The traffic in the Customer’s WAN network has been increasing steadily prompting the customer to increase the MPLS/VPN bandwidth or to deploy an alternate VPN solution. The Customer decided to trial IPsec VPN over the public Internet, initially as a backup, and potentially as the primary WAN connectivity solution.

Redundant Data Center Internet Connectivity

In a network with two data centers (connected with a layer-3 DCI link), ensure the Internet users reach applications running in a data center even if all its Internet links fail.

Redundant Server-to-Network Connectivity

A large enterprise (the Customer) is building a private cloud infrastructure using leaf-and-spine fabric for internal network connectivity. The virtualization team hasn’t decided yet whether to use a commercial product (example: VMware vSphere) or an open-source alternative (KVM with OpenStack). It’s also unclear whether VLANs or overlay layer-2 segments will be used to implement virtual networks.

Replacing the Central Firewall

ACME Inc. has a data center hosting several large-scale web applications. The networking engineers designing next-generation data center for ACME would like to replace the central firewalls with iptables deployed on application servers, but are reluctant to do so due to potential security implications.

Scale-Out Private Cloud Infrastructure

ACME Inc. is building a large fully redundant private infrastructure-as-a-service (IaaS) cloud using standardized single-rack building blocks. They plan to use several geographically dispersed data centers with each data center having one or more standard infrastructure racks.