Keep doing the same thing and you’ll get the same result – this is not progress.
Virtualisation of servers is well known and has many benefits – reduced physical hardware, better utilization of resources per physical server, lower power, less rack space etc. So why not carry the same principles into the physical infrastructure of Data Centre network switches, routers and security?
Traditional 3-tier architectures have (relatively) high latency, require multiple hops and introduce the potential for bridge loops when devices have multiple connections for redundancy. STP can mitigate this but at the loss of up to 50% of bandwidth. Link failures lead to network wide re-convergence which can take significant amounts of time. Lots of ports connect switches, not servers and since most inter-server traffic is East-West, 3-tier architectures force unnecessary North-South hops. Generally speaking, security services are distributed and provided by single function appliances such as firewalls, IPS units and SSL/VPN termination solutions.
Overall management is, at best, challenging. Often, there is a multitude of operating systems, all with different management platforms from multiple vendors. Each has their own idiosyncrasies and demands on the Operations Team – especially when it comes to compatibility and functional upgrades. Furthermore, scaling a data centre to cope with increased demand or new applications/services to be delivered can be a nightmare.
There is a better way – by collapsing layers, centralising security and having a common Operating System across the entire data centre.
If we can collapse the switch architecture by removing the aggregation layer and create a single logical unit for access / core layers – a VC, we remove loops and thereby, the need for STP. So, all bandwidth becomes available, we reduce space, power and cooling requirements and free up all the switch ports used for interconnects.
This approach is the first step. It allows early benefit gain with a migration path to full fabric if you wish. Up to 10 switches can be members of a VC with potentially 100s of ports per VC and multiple VCs can be connected to the core. VC eliminates STP from the network (as mentioned above) and provides sub-second recovery from link failure. Separate control and data planes mean non-stop packet forwarding even during ISSU on relevant models.
The diagram below shows the simplified data centre architecture possible with a virtual chassis. By collapsing tiers and centralising the security aspects we can reduce a data centre to just 4 elements and a few uplinks.