Port Fan-out for N2 Network Bypass and Network Packet Broker Modules

Yigal Amram By: Yigal Amram March 07, 2019

Critical Enabler for Robust Network Visibility

Over the last few years, network equipment manufacturers have been in the process of broadly adopting fan-out technology for data center networking to increase port density. In this blog, we will examine how port fan-out technology overall enables higher scalability and flexibility for next-generation data centers and, when specifically applied to Niagara Networks N2 network bypass and network packet broker features, enable an optimally flexible, resilient, and scalable network visibility layer.

The last decade has seen tremendous growth in data center networks as well as the applications supported by them. To provide higher performance (reduced latency and bottlenecks), many data center deployments have shifted from traditional three-tier networks to spine-and-leaf network architectures that are flatter and wider. The spine-and-leaf architecture provides predictable high-speed network throughput as well as optimal reliability within the network switch fabric. However, along with its advantages, spine-and-leaf architectures present challenges in terms of scalability which is best addressed through port fan-out technology.

Spine-and-Leaf Architecture

Virtual machine-based distributed applications running across a set of physical servers lead to increased server-to-server or east-west traffic. Application performance is directly related to how efficiently and with what low and predictable latency such traffic is handled. The spine-and-leaf architecture data center network architecture was specifically developed to meet these performance requirements. It has been proven to deliver high-bandwidth, low-latency, non-blocking server-to-server connectivity.

Spine-and-Leaf ArchitectureIn two-tier spine-and-leaf architecture, the leaf layer consists of access switches, such as Top of Rack (ToR) switches, that typically connect to servers. Every leaf switch connects to every spine switch in the fabric. The spine layer interconnects all leaf switches with the path being randomly selected so that the traffic is uniformly spread among the spine switches. If one of the spine switches were to fail, it would only marginally reduce performance across the data center.

Spine-and-Leaf Architecture and Port Fan-out Technology

While leaf-and-spine architecture enables enhanced server scalability and predictable east-west performance, it does present specific scalability challenges. With each leaf switch connecting to each spine connection, the number of spine switches is limited to the number of uplink ports on the leaf.

As most common ToR leaf switches come with four 40G uplink ports, the number of spine switches is fixed at four. Commonly, each spine has a total of four line cards with each card supporting 36 40G ports. Thus, the total number of available ports to connect to leaf switches is 144; each ToR leaf switch has 40 ports to connect to servers, allowing for a maximum of 5,760 servers to connect to the 40G mesh network.

One way to enhance the scalability of a leaf-and-network is to scale is to fan-out the 40G uplink ports into four 10G ports, turning the four 40G uplink ports into 16 available uplinks. This increases the number of spine switches that can be a part of the mesh network to 16, providing four times the scalability.

When the network is scaled using 10G uplinks, scaling is increased by a factor of four. Each 40G uplink is broken into four 10G ports, allowing for 16 spine switches. With four line cards, and 36 40G ports per line card split into 10G ports, there is a maximum of 576 leaf switches (or 144 ports x 4). With each leaf having 40 ports, the network can be scaled to 23,040 servers– four times the scaling throughout the mesh network.

Network Visibility for Next-Generation Networks

In modern highly scalable data center networks, two-tier spine-and-leaf networks are deployed to support east-west traffic patterns and remove over-subscription that can add additional tiers and performance bottlenecks. The changes in traffic patterns, accompanied by the sheer volume of traffic and the increasing data rates are making it increasingly challenging to predict and analyze performance issues proactively, as well as to meet compliance and reporting requirements.

Next-generation networks also support an increasingly diverse set of applications and infrastructure services, including multi-vendor security solutions, some of which need to connect in-line with the network – as well as other data network security solutions that need to tap into the network to analyze user and network traffic. As a result, there is an ever-growing need to have end-to-end visibility and monitoring that helps with troubleshooting networks from virtual to physical infrastructure and with mission-critical applications running on top of the network infrastructure.

Niagara Networks’ N2 Advanced Packet Broker Series is a second-generation solution designed to meet the challenges of creating a robust visibility adaptation layer. Niagara N2’s visibility adaptation layer transforms the visibility layer by adapting and grooming the traffic to the requirements and needs of connecting services. The visibility adaptation layer thus provides the crucial enablement layer on top of the networking infrastructure that provides operations engineers, IT professionals, and support teams with the ability to easily add services to the network infrastructure.

Niagara N2 Scalability Using Port Fan-Out

The N2 platform supports a variety of hot-swappable modules, including fail-safe bypass, packet broker, taps and data processing modules, and interfaces (1Gb, 10Gb, 40Gb, 100Gb) that leverage high-throughput and a non-blocking switching fabric. As a result, N2 ensures that any combination of modules and interfaces are supported at full line-rate with no oversubscription between any input and any output port.

Niagara N2 can optimally utilize port fan-out for 40G ports across bypass and packet broker modules to maximize utilization of data center rack space and to enhance resilience and efficiency of network monitoring, analysis, and security tools. With port fan-out, a 40G port can be used to operate as 4 10G ports benefiting N2 network bypass and packet broker capabilities.

N2 Network Bypass Port Fan-out

N2 bypass modules are used to connect a monitored network segment to an active, inline device. Inline network devices are considered essential for the overall performance of an enterprise network, especially for inline devices are doing real-time network security. Specifically, each N2 bypass module consists of 2 network ports and 2 appliance ports.

Built-in double-protection bypass technology offers a relay on network ports and user-configurable heartbeat-generated packets on the appliance ports, so that appliance failure can be automatically detected. This means that in the event of the inline network analysis device failure (the security appliance, for example), your network availability will not be impacted.

Port fan-out support on N2 bypass modules enables each of the 40G appliance ports on a bypass module to “break out” or operate as 4 10G ports to support 4 10G network segments, each connected to an inline 10G appliance. As a result, N2 network bypass capabilities are supported for each of the 4 10G network segments enabling higher network scalability and resilience, and improved return-on-investment (ROI) of your existing infrastructure through seamless support of in-place 10G appliances.

N2 Network Packet Broker Fan-out

The N2 network packet broker module consists of input and output ports that are connected to the non-blocking switching fabric backplane. By connecting to the backplane, the input ports that serve the network side can be used by any of the other modules. The output ports are connected to analysis and security tools for monitoring or inline applications.

With port fan-out, a 40G port on a network packet module can operate as 4 10G ports, which is ideal for monitoring, analysis, and security tools that may have a lower throughput capacity. Together with the load-balancing capability of the packet broker module, this ensures that network tools are not overloaded and are all operating at the optimal capacity. As a result, port fan-out support for the N2 network packet module enables optimum flexibility and higher return-on-investment (ROI).

For more information on how port fan-out for N2 network bypass and network packet modules enable the optimum flexibility for deploying robust network visibility based on your requirements and budget, as well as future network growth plans, contact Niagara Networks to arrange a consultation today.

Maintaining Network Visibility