- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: HPE 5820 - IRF feature and SAN/data traffic is...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2016 11:30 AM - edited тАО11-09-2016 11:47 AM
тАО11-09-2016 11:30 AM - edited тАО11-09-2016 11:47 AM
HPE 5820 - IRF feature and SAN/data traffic isolation
Hello,
I'm new to HPE networking products, and have som questions regarding the HP 5820-24XG-SFP+ and IRF feature.
First of all. Is there any difference between the JC102A and the JC102B. As far as I can see both products run Comware 7. Maybe JC102B is a HP produced unit, while JC102A is from H3C fabric, as I can see no difference?
Second question. Both VMware hosts and SAN will be connected to the same switches and I want to make a multihomed redundant design using a L2 network. The guests on the VMware host will have public IP addresses and could be target for DDoS attacks which overloads switch uplinks and interconnections interrupting SAN traffic (iSCSI). Therefor I want to isolate VMware guest data traffic and SAN traffic not to use the same uplinks/interconnects, but reading about IRF I find this a challange if I understand It correctly.
I attached a topology of how I would make it without IRF technology (see attachment to the right).
The basic Idea is simple - double interconnects between switches at the same site (each dedicated for SAN and DATA), and one interconnect between the sites for each switch. Spanning tree is blocking SAN and DATA traffic asynchronous between the sites, so the only scenario where SAN and DATA traffic would share the same interconnect between sites is when a switch malfunctions or the fiber link goes down.
If I should migrate this setup to a 4 member IRF I think the traffic isolation becomes a problem. As I understand IRF creates LACP like groups between IRF peers, so looking at my topology the double interconnects between switch 1+3 and 2+4 would be load balanced across all VLANS making SAN and DATA traffic share the links.
Is it possible to configure IRF interconnects/groups to dedicate links for certain vlans? If not I think there is some solutions:
1. Configure QoS to prioritize SAN iSCSI traffic highest and use strict priority queing. I'm not a fan of that.
2. Use RRPP (Rapid Ring Protection Protocol) for SAN traffic.
Can RRPP be configured on a IRF member port? If not I would need 2 extra interconnects between the sites to make a dedicated RRPP ring for SAN traffic, and dedicated IRF ring for data traffic and IRF High-availability features?
All input is appriciated!
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2016 02:49 PM
тАО11-09-2016 02:49 PM
Re: HPE 5820 - IRF feature and SAN/data traffic isolation
Hi,
I would rather use MSTP with vlan instances for DATA/iSCSI traffic separation and keep redundancy.
This way you will have two STP Root/Backup Root switches - one for SAN, other for DATA.
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2016 03:09 PM
тАО11-09-2016 03:09 PM
Re: HPE 5820 - IRF feature and SAN/data traffic isolation
So you would not use IRF feature at all in this case, but rather stick to MSTP and VRRP for redundancy?
Another potential problem. Does the HP 5820 support LACP groups from the same server/storage connected to 2 different switches, without IRF configured?
With SAN and VMware hosts this would not be a big problem, as they both support another failover mechanism, but for other connected devices such as physical servers this could be a potential problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-10-2016 02:24 AM
тАО11-10-2016 02:24 AM
Re: HPE 5820 - IRF feature and SAN/data traffic isolation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-10-2016 04:41 PM
тАО11-10-2016 04:41 PM
Re: HPE 5820 - IRF feature and SAN/data traffic isolation
I find it confusing neither of you recommends IRF stacking for this small datacenter setup, as IRF should be intended to improve convergence times in redundant switch setup for both Layer2 and Layer3..
- IRF Brief: https://h17007.www1.hpe.com/docs/reports/irf.pdf
One point we can agree on though is that LACP should not be used for iSCSI SAN or the NICs dedicted for storage connection on the VM hosts, as MPIO will outperform it. However we do not only have VMware host and SANs connected, and some of the other servers will benefit from LACP for redundancy which is why IRF is interesting as it makes it possible to form a LACP group across 2 switches.
Do anyone have a best practices document for IRF? I also have a lot of questions using the switches as gateways with IRF (replacing VRRP), and how the topology should be designed for the switches to distribute routing information correctly to the IP core.
All I can find on IRF online is how to configure a stack, but I would like to find a document that shows a full featured configuration for redundancy in both layer2 and layer3. This would probaply answer a lot of my questions..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-11-2016 02:52 AM
тАО11-11-2016 02:52 AM