NSX双活数据中心解决方案

1、NSX 双活数据中心解决方案数据中心互连的需求更高的业务持续可用性更高的资源利用率更加敏捷的业务部署和自动化多数据中心架构演进趋势3高可用性业务敏捷性单生产中心，同城/异地进行系统及数据备份持续高可用业务连续性提升资源效率业务连续性业务动态、弹性和敏捷性业务部署自动化自服务生产/灾备双活/多活中心基于云计算分布式虚拟化数据中心数据中心互连数据中心互连 Solution ComponentsVirtualization ApplicationsLAN ExtensionsStorage ExtensionsIP Routing and IP Service ConsiderationsMPLSI

2、P CoreDCI功能目的存储扩展提供应用访问本地或远端存储LAN二层扩展为虚机或虚拟应用在数据中心间扩展同一二层域路径优化优化访问应用路径及保持对称路由以保持服务的一致性数据中心间路由在数据中心间提供3层路由连接前端局域网络设计DC 1DC 2ESX-A sourceESX-B target数据中心互连LAN 扩展STP Isolation is the key element MultipointLoop avoidance + Storm-ControlUnknown Unicast & Broadcast controlLink sturdinessScale & Convergenc

3、eGeoclusters Vmotion?机房搬迁传统设备及应用内置了固定IP地址 扩展数剧中心来解决power/heat/space限制 受限于运维和部署原因DC1DC2DC3传统LAN扩展方式Extended STP DomainSTPdomain二层连通的风险在 数据中心间泛洪Rapid Spanning Tree (RSTP) 不具备 扩展性 RSTP不能实现域隔离 一个 数据中心 的 问题 将波及其他不良的出入局路径选择将导致冗长的数据中心间流量BPDU Filtering + Storm-control policing + FHRP Isolation EthernetMPLSI

4、PVSS & vPC or TRILL Applies easily for dual site interconnection Over dark fiber or protected D-WDM EoMPLS & VPLS & A-VPLS & H-VPLS L2oL3 for link protection (Fast detection & convergence / Dampening) PE style Large scale Multi-tenants Works over GRE OTV L2oL3 for link protection (Fast detection & c

5、onvergence / Dampening) CE style Enterprise / DC focus Easy integration over Core Works over MPLS transport Innovative MAC routing数据中心互连技术的选择OTV网络测试测试 一 验证和监测 OTV 测试二 Vmotion 虚拟机迁移演示 测试三 生成树隔离 测试四 HSRP 本地化 测试五 数据中心单边HSRP灾难备份 测试六 OTV组播数据传输 测试七 OTV AED 交换机灾难备份切换 测试八 物理服务器迁移 11逻辑交换机VXLAN 12 | 38vSphere

6、 HostVM1vSphere Distributed SwitchVXLAN Physical Transport NetworkvSphere HostVM2vSphere HostVXLAN 5001 VTEP1 10.20.10.10VTEP2 10.20.10.11VTEP3 10.20.11.10vSphere HostVTEP4 10.20.11.11VM3VM4Controller ClusterVXLAN Transport Subnet A 10.20.10.0/24VXLAN Transport Subnet B 10.20.11.0/24VTEP3VTEP1VTEP4V

7、TEP2数据中心高可用设计网络和安全服务设计路径优化设计DC 1DC 2ESX-A sourceESX-B target数据中心互连路径优化Options出数据中心 Addressed by FHRP Filtering入数据中心:DNS redirection with ACE/GSSRoute Injection（LISP） Distributed Logical RouterNSX 逻辑网络架构 15vC with NSX ManagervC with NSX ManagervC with NSX ManagerLogical SwitchLocal VC InventoryLocal

8、VC InventoryLocal VC InventoryvCenter AvCenter BvCenter CNSX ControllerClusterLogical SwitchNSX ControllerClusterNSX ControllerClusterDistributed Logical RouterLogical SwitchDistributed Logical RouterDistributed Logical RouterLogicalSwitches北京 上海 广州多站点 部署场景16Universal Distributed Logical RouterPrima

9、ryControl VME1VC A with NSX Manager (Primary)Route Updates with Locale IDSite APhysical RoutersUniversal Transit VXLAN Uplink A北京NSX EdgeServices GWVC B with NSX Manager (Secondary)Route Updateswith Locale IDPeeringOSPF, BGPE8E1Site BPhysical RoutersUniversal Transit VXLAN Uplink BE8SecondaryControl

10、 VMPeeringOSPF, BGPRoute Updateswith Locale IDRoute Updateswith Locale IDUCCUniversalLogical Switches广州NSX EdgeServices GW北京数据中心 广州数据中心虚拟路由器VM1VM2北京数据中心出口192.168.202.25广州数据中心出口192.168.201.25 192.168.10.0/29192.168.20.0/29VM3VM4网关地址 172.16.10.1172.16.20.1生产虚拟交换机172.16.20.0/24开发虚拟交换机172.16.10.0/24解决方案

11、：通过网络虚拟化实现网络扩展Locale ID: NSX-BJLocale ID: NSX-GZ建设目标 需要什么样的多站点？应用架构 (场景 1)19主数据中心灾备数据中心App-A(High SLA)App-B(High SLA)App-C(Low SLA)vCenterSRMvCenterSRMApp-A(High SLA)App-B(High SLA)受保护应用自动恢复受保护应用灾备位置未受保护应用(手工恢复)没有跨站点间的应用访问需求 主备对应关系High LatencyDR with Site Recovery Manager (SRM)vCenter ServerSite Rec

12、overy ManagerProtected SiteRecovery SiteStoragevCenter ServerSite Recovery ManagervSpherevSphereStoragevSphere Site Recovery Manager (SRM) ComponentsStorageServersVMware vSpherevCenter ServerSite Recovery ManagerVirtual MachinesSite Recovery ManagerManages recovery plansAutomates failovers and failb

13、acksTightly integrated with vCenter and replicationStorage-Based Replication (3rd party)Provided by replication vendorIntegrated via replication adapters created, certified and supported by replication vendorvSphere ReplicationPart of vSphere platformReplicates virtual machines between vSphere clust

14、ersReplication OptionsRequired at both protected and recovery sitesComputeStorageNetworking ?灾备网络192.168.0.0/24192.168.0.12.2.2.22.2.2.0/28192.168.0.0/243.3.3.0/28No Network Readdressing (Dynamic Routing)VXLANVXLANVLANVLANvCenter + SRMvCenter + SRMDistributed Logical RouterDynamic Routing(OSPF, BGP)

15、Primary VMsPlaceholder VMs192.168.10.2192.168.10.1192.168.0.13.3.3.3Distributed Logical RouterDynamic Routing(OSPF, BGP)192.168.10.2192.168.10.1Pre-created Logical Switches and EdgesStorage ReplicationVMFSVMFS“Protected” Site“Recovery” SitePrimary VMs灾备网络192.168.0.0/242.2.2.0/28192.168.0.0/243.3.3.0

16、/28No Network Readdressing (Dynamic Routing)VXLANVXLANVLANVLANvCenter + SRMvCenter + SRMDynamic Routing(OSPF, BGP)Primary VMsPlaceholder VMs192.168.0.1Distributed Logical Router192.168.10.2192.168.0.13.3.3.3Distributed Logical RouterDynamic Routing(OSPF, BGP)192.168.10.2192.168.10.1SG-Prod-01SG-Dev-

17、01SG-Prod-01SG-Dev-012.2.2.2192.168.10.1Site A NSX Edge GWSite B NSX Edge GW应用架构 (场景 2 )24App-A(High SLA)App-B(High SLA)App-C(Low SLA)vCenterSRMvCenterSRMApp-A(High SLA)App-B(High SLA)受保护应用自动恢复受保护应用灾备位置未受保护应用(手工恢复)App-DApp-E双活应用App-DApp-E双活应用 跨站点网络连通应用需要跨站点互访的连通性主备对应关系双活对应关系150ms RTT Latency主数据中心灾备数

18、据中心 场景125Universal DLRWebDBAppWebApplication TierApplication TierAppDB Universal Logical Switch(Logical Switch forProtected Workloads)Site Local RouterSite Local RouterNSX ESG with ECMPSRMSRMRe-Program the Locale-ID on the hosts (Local Egress)U-DFWU-DFWUniversal Control VMOSPFUniversal Control VMOSPFNSX ESG with ECMP (Advertising 10.1.1.0 reachability)10.1.1.0/24(Advertisi