Data Center LAN Migration Guide - Juniper Networks
Data Center LAN Migration Guide - Juniper Networks
Data Center LAN Migration Guide - Juniper Networks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Data</strong> <strong>Center</strong> <strong>LAN</strong> <strong>Migration</strong> <strong>Guide</strong><br />
Step 2: Build the MPLS layer. Once you have migrated to an MPLS capable network and tested and verified its<br />
connectivity and performance, activate the MPLS overlay and build label-switched paths (LSPs) to reach other data<br />
centers. Label distribution is automated with the use of LDP and RSVP with extensions, to support creation and<br />
maintenance of LSPs and to create bandwidth reservations on LSPs (RFC 3209). BGP can also be used to support<br />
label distribution at the customer’s choice. The choice of protocol for label distribution on the network depends on the<br />
needs of the organization and applications supported by the network. If traffic engineering or fast reroute are required<br />
on the network, you must use RSVP with extensions for MPLS label distribution. It is the decision of whether or not to<br />
traffic engineer the network or require fast reroute that frequently makes the decision between the use of LDP or RSVP<br />
for MPLS label distribution.<br />
Step 3: Configure MPLS VPNs. MPLS VPNs can segregate traffic based on departments, groups, or users, as well as<br />
by applications or any combination of user group and application. Let’s take a step back and look at why we call MPLS<br />
virtualized networks “VPNs.” First, they are networks because they provide connectivity between separately defined<br />
locations. They are private because they have the same properties and guarantees as a private network in terms of<br />
network operations and in terms of traffic forwarding. And lastly, they are virtual because they may use the same<br />
transport links and routers to provide these separated transport services. Since each network to be converged onto<br />
the newly built network has its own set of QoS, security, and policy requirements, you will want to define MPLS-based<br />
VPNs that map to the legacy networks already built. MPLS VPNs can be defined by:<br />
Department, business unit, or other function: Where there is a logical separation of traffic that goes to a more<br />
granular level than the network, perhaps down to the department or business unit, application, or specific security<br />
requirement level, you will want to define VPNs on the MPLS network, each to support the logical separation<br />
required for a unique QoS, security, and application support combination.<br />
Service requirements: In the context of this <strong>Data</strong> <strong>Center</strong> <strong>LAN</strong> <strong>Migration</strong> <strong>Guide</strong>, VPLS makes it appear as though<br />
there is a large <strong>LAN</strong> extended across the data center(s). VPLS can be used for IP services or it can be used to<br />
interconnect with a VPLS service provider to seamlessly network data center(s) across the cloud. IP QoS in the<br />
<strong>LAN</strong> can be carried over the VPLS service with proper forwarding equivalence class (FEC) mapping and VPN<br />
configuration. If connecting to a service provider’s VPLS service, you will either need to collocate with the service<br />
provider or leverage a metro Ethernet service, as VPLS requires an Ethernet hand-off from the enterprise to the<br />
service provider.<br />
QoS needs: Many existing applications within your enterprise may run on separate networks today. To be properly<br />
supported, these applications and their users make specific and unique security and quality demands on the<br />
network. This is why, as a best practice, it is suggested that you start by creating VPNs that support your existing<br />
networks. This is the minimum number of VPNs you will need.<br />
Security requirements: Security requirements may be defined by user groups such as those working on sensitive and<br />
confidential projects, by compliance requirements to protect confidential information, and by application to protect<br />
special applications. Each “special” security zone can be sectioned off with enhanced security via MPLS VPNs.<br />
Performance requirements: Typically, your applications and available bandwidth will determine traffic engineering<br />
and fast reroute requirements, however users and business needs may impact these considerations as well.<br />
Additional network virtualization: Once MPLS-based VPNs are provisioned to support your existing networks,<br />
user groups, QoS, and security requirements, consideration should be given to new VPNs that may be needed. For<br />
example, evolving compliance processes supporting requirements such as Sarbanes-Oxley or Health Insurance<br />
Portability and Accountability Act (HIPAA) may require new and secure VPNs. Furthermore, a future acquisition of a<br />
business unit may require network integration and this can easily be performed on the network with the addition of<br />
a VPN to accommodate the acquisition.<br />
Step 4: Transfer networks onto the MPLS VPNs. All of the required VPNs do not have to be defined before initiating the<br />
process of migrating the existing network(s) to MPLS. In fact, you may wish to build the first VPN and then migrate the<br />
related network, then build the second VPN and migrate the next network and so on. As the existing networks converge to<br />
the MPLS network, monitor network performance and traffic loads to verify that expected transport demands are being<br />
met. If for some reason performance or traffic loads vary from expected results, investigate further as MPLS can provide<br />
deterministic traffic characteristics, and resulting performance should not vary greatly from the expected results. Based<br />
upon findings, there may be opportunities to further optimize the network for cost and performance gains.<br />
Copyright © 2012, <strong>Juniper</strong> <strong>Networks</strong>, Inc. 51