FREE ELECTRONIC LIBRARY - Thesis, dissertations, books

Pages:   || 2 |

«Airport Uses Network Virtualization to Consolidate and Scale Operations Flexible connectivity options and the ability to keep closed user groups ...»

-- [ Page 1 ] --

Customer Case Study

Airport Uses Network Virtualization to Consolidate

and Scale Operations

Flexible connectivity options and the ability to keep closed user groups isolated

EXECUTIVE SUMMARY led Unique to design MPLS VPNs for Zurich Airport with Cisco Catalyst 6500

Series Switches.


Unique, operator of Zurich Airport


Transportation Zurich Airport is located in the center of Switzerland and plays a distinct role in the European BUSINESS CHALLENGE airport space. Unique is the operator of Zurich Airport and offers a broad service portfolio to

• Offer reliable network service to all about 180 other companies, which also reside on the airport. Zurich Airport offers work for tenants on airport ground about 20,000 individuals and transports around 18 million passengers per year.

• Meet increasing demand for client connectivity be it wired or wireless Like many other enterprises, Unique faces the diverging business needs of providing the highest

• Support airport operation applications availability of operations while offering maximum flexibility to accommodate the ever changing with a highly reliable network needs of their business environment.

• Provide video transmission over a converged network Airport applications like air-control and tower communication demand highest uptime and need

• Keep pace with data center growth to be separated from operations like baggage distribution, business administration, video and demanding cluster applications surveillance, and public WLAN traffic. Besides airlines and other third parties, the airport also


hosts conferences, exhibitions, and other events that require a very flexible architecture where

• MPLS VPN to replace network wide network connection can easily be established and removed without affecting other groups.

layer 2 VLANs

• Multicast VPN (mVPN) for efficient multicast traffic distribution NETWORK SOLUTION

• Catalyst 6500 Switches with The need for network virtualization—having multiple groups on the same physical network Supervisor Engine 720-3BXL infrastructure, while keeping them logically separate to a degree that they have no “knowledge”

• WLAN integration

–  –  –

With the increasing number of clients in a VLAN, the level of broadcasts also increased. The impact of this could be seen in the higher CPU load of client and network devices as well as slower application performance. The purpose of Spanning Tree to provide a loop-free topology inherently prevented multiple active paths between any two destinations in the network and therefore limited the available network bandwidth. Although this did not represent a limiting factor at the network edge, for the core of the network this could become a problem.

Troubleshooting of large Layer 2 topologies required a significant amount of troubleshooting experience and often turned out to be time consuming.

In the event of a Layer 2 loop, loss of client connectivity occurred, and remote network administration could be affected.

In addition, an STP-related issue was likely to affect all closed user groups (if not the entire network) and therefore represented a significant risk for all businesses making use of the network.

Unique’s network was based on Alcatel Packet Engine switches and, where the majority of it operated, in Layer 2 mode. Figure 1 shows the network layout. Customer networks were implemented using campuswide VLANs. Unique’s office network was Layer 2 in the access and Layer 3 switching on the core/distribution layer.

Figure 1. Old Layer 2-based Network

–  –  –

However, the implicit “desire” of a Layer 3 switch to switch between all networks in the routing table, represented a challenge for the requirements for segmentation and closed user groups. Although access control lists (ACLs), policy-based routing (PBR), or overlay generic routing encapsulation (GRE) tunnels are possible approaches to segment traffic, the number of expected closed user groups and distribution zones are important factors to keep in mind. With an increasing number of closed user groups, the administrative/operational work would increase. A mistake of an ACL configuration in a single location could result in a “leak.” The consequence would be that one group could access data from others. In case of a worm or virus, propagation across multiple groups could happen.

The network-addressing structure should be carefully considered when using ACLs or PBR. Although a smart choice of address ranges used per group can simplify the configuration significantly, it presents a drawback because the addressing of the end system often needs to be changed.

Making this change not only involves the network group within an organization but also the client/server administrators of individual closed user groups.

Layer 3 VPNs There are basically two type of VPNs related to Layer 3: IP Security (IPSec) VPNs and Multiprotocol Label Switching (MPLS) VPNs. While IPSec VPNs are mainly focused on encryption of point-to-point connections (or point-to-multipoint in the case of Dynamic Multipoint VPN), MPLS VPNs serve the need to form logically separated networks on a common physical infrastructure. This document exclusively relates to MPLS VPNs unless mentioned otherwise.

Service providers have made use of MPLS technology for several years. Most enterprises were not embracing it, mainly due to the lack of availability on LAN switches. Only carrier-class systems such as the Cisco 12000 series routers would satisfy the performance requirements in ® the enterprise space. With the introduction of MPLS VPN support on the Cisco Catalyst 6500 Series Switches in late 2003, MPLS technology became affordable for enterprises at up to multi 10 Gb Ethernet speeds.

MPLS VPNs basically offer all benefits of the previously mentioned Layer 3 campus solution, with the additional benefit of segmentation as an implicit part of the technology. Therefore closed user groups are defined using different VPNs. These VPNs are transported independently over the core of the network using labels. The networkwide benefit is that any VPN can be configured to be present at any location in the network without any compromises in performance or network design.

Flexibility of network addressing is also addressed due to the fact that the user groups are completely autonomous. Each VPN makes use of its own virtual routing and forwarding (VRF) table. This can be viewed as a separate routing table for each VPN. Therefore addressing across VPNs is completely independent and can even be overlapping. If shared or common services (for example, Domain Name System, e-mail, and Internet access) are used, Network Address Translation (NAT) would need to be used on a per VRF basis.

Table 1 outlines the benefits and limitations of each solution.

Table 1. Comparison Chart of Design and Virtualization Solutions

–  –  –


While being separated from other parties, customers of Unique would span all over the airport grounds, requiring any-to-any connectivity. Although Layer 2 VLANs would suffer from scalability and a pure Layer 3 network could not offer scalable and secure separation, MPLS VPN as a technology turned out to be a well-suited solution. Performance, network robustness, and scalability needs could be addressed using this technology that had proven to be working in demanding service provider networks. Consolidating multiple networks represented additional operational und business benefits.

Each Unique customer would be put in a separate VPN. The customer, however, would not (need to) know about the underlying architecture. Anyto-any connectivity would be achieved using VRFs. Speed requirements would range from a few Mbps up to connections using multiple GE ports.

The Cisco Catalyst 6500 Series Switch with Supervisor Engine 720 could easily accommodate connectivity requirements like the following:

• Network access across multiple distribution zones (such as operations of Unique itself, customs, baggage claim, travel agencies, etc.)

• Internet access for Internet kiosks that are scattered throughout airport terminals

• Building automation such as badge readers, parking meters, air conditioning, etc. spread all over the airport and connected to a central operations center

• Airline networks to gates, lounges, and check-in infrastructure

• Integration of SITA airport infrastructure and connectivity to the global SITA network

• Video surveillance and x-ray scanners with multicast requirements

• Public WLAN (PWLAN) infrastructure covering all of the passenger area Some of the customer networks would be local to the airport and have no need for external connectivity. Others, however, might need access from inside the network to the Internet (PWLAN, Internet kiosks, lounges). A third scenario would be represented by tenants that need to grant IPSec VPN access from the Internet to their network (for remote support of third-party applications such as SAP, etc.). Finally the Unique network would also serve as a “transit” network for larger networks, where PE nodes not only offer connectivity to access switches but rather learn routes from adjacent Layer 3 switches or routers with large customer networks behind them. An example for that is the use of inter-AS routing on redundant Gigabit Ethernet trunks that face the SITA airport hub. Over these links, individual VPNs from the SITA network could be connected to the MPLS VPNs on Unique’s side.

Although the Cisco Catalyst 6500 Series Switch with Supervisor Engine 2 could offer MPLS VPN support with the additional use of Optical Services Modules (OSMs), the Supervisor Engine 720 with integrated PFC3 introduced MPLS VPN support on LAN interfaces. All LAN ports in the system can make use of the hardware-based MPLS forwarding (PE or P router). Fabric enabled line cards can make use of optional DFC3s, which increases the performance to support switching local to the line card, satisfying the highest levels of performance in the enterprise space.

The rich options of interface types, as well as the density of GE interfaces, presented a nice fit for the core, distribution, and data center access layer.

Since servers of customers as well as Unique would be hosted in two physically separated data centers, high port density was a prerequisite. Also optional service modules like the Wireless LAN Service Module (WLSM) and Firewall Service Module (FWSM), or service carrier cards such as the SSC-400 and the IPSec SPA, positioned the Cisco Catalyst 6500 Series Switch to accommodate future security and client roaming needs in the network edge, data center, and (P)WLAN space.

PFC3B/3BXL and later support MPLS VPNs

–  –  –


The proposed design was to build a small MPLS core consisting of two Cisco Catalyst 6500 Series Switches equipped with Supervisor Engine 720BXLs acting as P routers. For each distribution layer zone, either a single or redundant Cisco Catalyst 6500 Series Switch (also Sup720-3BXL) would be placed acting as PE routers. The PE routers would also act as distribution-layer switches, terminating all user/customer VLANs and mapping these into the respective VPNs. In the data center, the Cisco Catalyst 6500 Series Switches would also be used as access-layer switches for servers to accommodate the increasing demand of 10/100/1000 Ethernet interfaces.

Figure 2. Proposed Design with Two MPLS P Routers and Adjacent PE Routers

–  –  –

“Unique operations” was then migrated to the new network as a first customer still residing in the global routing table. For this migration the Unique VLAN in the old layer 2 network was connected to a Cisco Catalyst 6500 Series Switch, which acted as a (default) gateway to the new subnets created for each distribution zone. This part of the migration was done in multiple steps, since the whole access layer infrastructure also had to be replaced. Although this process took some time (Unique itself employs close to 1500 network users), this change offloaded the old Alcatel network significantly.

The next step was to add the MPLS configuration to the core and distribution switches. The addition of label-switching infrastructure did not cause any traffic disruption of the Layer 3 campus network, since forwarding in the global routing table would still continue. This way, the infrastructure to accommodate VPNs could be introduced in a smooth, nondisruptive manner.

Figure 3. Clients of Different VPNs Distributed Across Access Switches Check the Solution Reference Network Design guides under http://www.

cisco.com/go/srnd Cisco Systems, Inc.

All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 6 of 10 A first test VPN was then created, and tests for that VPN were performed. It became apparent that the migration of customers into their respective VPN would be a straightforward task. Customers running legacy applications (non-IP or not supporting Layer 3 IP networks) were chosen to be migrated last. Clear guidelines on application requirements and migration timeframes were given to the customers several months in advance.

With this, all customers residing in either entirely separate networks or in a VLAN on the Alcatel infrastructure would get migrated bit by bit.

Also the Unique operations network was then put into a dedicated VPN.

The video surveillance solution from VisioWave (acquired by GE Security) as well as the X-ray equipment represented two special types of client VPNs. These VPNs would make heavy use of multicast. While multiple video streams would need to be viewable in multiple locations, the X-ray application also asked for live distribution of X-ray data to a central operations center. Although the previous network was not designed to meet large multicast requirements, multicast VPN (mVPN), an extension to MPLS VPNs, allowed an efficient transport of multicast traffic across an MPLS core.

Figure 4. Detail on VLAN to VRF Mapping

Pages:   || 2 |

Similar works:

«Double Taxation Avoidance Agreement between Indonesia and Finland This document was downloaded from ASEAN Briefing (www.aseanbriefing.com) and was compiled by the tax experts at Dezan Shira & Associates (www.dezshira.com). Dezan Shira & Associates is a specialist foreign direct investment practice, providing corporate establishment, business advisory, tax advisory and compliance, accounting, payroll, due diligence and financial review services to multinationals investing in emerging Asia....»

«Running head: SELLING A CONSUMERIST FAIRYTALE Happily Ever After?: Selling a Consumerist Fairytale Under the Guise of Self-fulfillment Jackie Annon PCOM 660 Royal Roads University May 15, 2011 jannonc610@rogers.com Word Count: 5,573 SELLING A CONSUMERIST FAIRYTALE 1 Abstract “Priv-lit” is defined as literature for the privileged. The basic premise behind this genre is that women, like the authors of “Eat, Pray, Love” and “Under the Tuscan Sun,” are lost in some way. They can only...»

«Michael Reiss Hyper-Coopetition A complexity-based approach to production management in the New Economy  2003 Prof. Dr. Michael Reiss U NI V E R S IT Ä T S T U T T G A RT Lehrstuhl für ABWL und Organisation Keplerstraße 17 Tel. 0711 / 121-3155 70174 Stuttgart Fax 0711 / 121-2764 Lehrstuhl.Organisation@po.uni-stuttgart.de Internet: http://lfo.uni-stuttgart.de 1. A Complexity View of the New Economy Production in the New Economy is very often production of services and informational...»

«IJEMR –June 2013-Vol 3 Issue 6 Online ISSN 2249–2585 Print ISSN 2249-8672 Consumer Attitude towards Cosmetic Products *Mrs. J. Vidhya Jawahar **Dr. K. Tamizhjyothi *Assistant professor, Department of Business Administration Directorate of Distance Education, Annamalai University, Annamalainagar. **Assistant professor, Department of Business Administration, Directorate of Distance Education, Annamalai University, Annamalainagar Abstract The world wide annual expenditures for cosmetics is...»

«ICT in a Developing Country Context: An Indian Case Study C.P. Chandrasekhar Centre for Economic Studies & Planning Jawaharlal Nehru University New Delhi, India. I: The Perceived Opportunity India’s information and communication technology (ICT) sector is seen as epitomising the opportunity that globalisation offers a low-income developing country. The success of Indian techno-entrepreneurs in the US and the rapid growth of the Indian software and IT-enabled services industries, especially...»

«CONSULTATION PAPER ON THE LEGAL FRAMEWORK FOR THE FUNDAMENTAL RIGHT TO PROTECTION OF PERSONAL DATA Rackspace US, Inc – Information Technology Hosting Services Provider RACKSPACE US, INC. 5000 Walzem Road, San Antonio, Texas 78218 http://www.rackspace.com December 31, 2009 INTERNATIONAL TRANSFER OF PERSONAL DATA Rackspace respects the security and integrity of the data that it holds on behalf of its customers (data controllers and/or processors) and highly values the rights and freedom of the...»

«Wagyl This merchandise most after institutions work complicates your rent to pay especially. Formal coverage where the is will stay to do a destinationbut out in always to thoroughly that the family of you did along and as assumed the product. There have demographics that especially do situations, of a time for your dollar prospect, participating in big products. From you own downloaded how you would make a web you out the separate expenses, select what online stocks should interest been. The...»

«Reference Architecture Real-Time Event Processing with Microsoft Azure Stream Analytics Abstract: The Reference Architecture for real-time event processing with Microsoft Azure Stream Analytics provides a framework for designing and deploying event based data processing solutions on Microsoft Azure. The intended audience for this paper includes Business Decision Maker (BDM) and Information Technology Decision Maker (ITDM) resources who are interested in the benefits and business value of...»

«Report: Chinese Outward Foreign Direct Investment in the EU Chinese Outward Foreign Direct Investment in the EU − Opportunities and Challenges for European SMEs to Link into the Global Value Chain of Chinese Multinational Enterprises The outward foreign direct investment (OFDI) from Chinese multinational enterprises (MNEs) has been growing noticeably in Europe since the last decade, presenting good business opportunities for European SMEs. From 2005 to 2013 June, 98 large Chinese M&A...»

«Credit Crunches, Asset Prices and Technological Change Luis Araujo Michigan State University and São Paulo School of Economics-FGV Raoul Minetti∗ Michigan State University This Draft: November 2011 Abstract We investigate the effects of a credit crunch in an economy where firms can operate a mature technology or restructure their activity and adopt a new technology. We show that firms’ collateral and credit relationships ease firms’ access to credit and investment but can also...»

«David Bebnowski / Lisa Julika Förster © Denis Junker Fotolia.com Competitive Populism The 'Alternative for Germany' and the influence of economists ion ers dv ne rte Project of the Otto Brenner Foundation ho Frankfurt am Main 2014 s David Bornowski / Lisa Julika Förster Competitive Populism – The 'Alternative for Germany' and the influence of economists If a right-wing-populist party were to be built in Germany, it would be lead by a strong and polarising tribune. At least until recently...»

«the digital agency for finance INDUSTRY SUPERFUNDS Calculators Access this PDF online: sparkgreen.com.au/calc/cbus For further information contact: Greg Pennington greg.pennington@sparkgreen.com.au Sharon Nelson sharon.nelson@sparkgreen.com.au www.sparkgreen.com.au commercial in confidence Rate card The following calculators were developed for the new Industry SuperFunds knowledge hub website, in partnership with our digital agency Spark Green. Since the launch of the website, the calculator...»

<<  HOME   |    CONTACTS
2016 www.dis.xlibx.info - Thesis, dissertations, books

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.