The Internet Exchange and Peering Points Packet Pushers Podcast is as good as the rest of them (listen to it first and then continue reading), but also strangely relevant to the data center engineers. When you look beyond the peering policies, route servers and BGP tidbits, an internet exchange is a high-performance large-scale layer-2 network that some data center switching vendors are dreaming about ... the only difference being that the internet exchanges have to perform extremely well using existing products and technologies, not the shortest-path-bridging futures promised by the vendors.
It was therefore extremely interesting to hear Stephen Wilcox mention VPLS as one of the technology options (more so as it relies on MPLS transport ;). The four-letter word predictably triggered Greg’s service-providers-are-idiots rant (and I agree with him to a point – it’s hard to trust your data to someone who can’t produce a readable bill at the end of the month), so unfortunately the more important message was lost: VPLS is a technology that you can use to build large-scale data center layer-2 domains.
As I explained in “The big picture with a VPLS example” post (and in the Choose the Optimal VPN Service webinar), VPLS is the technology the service providers use to build any-to-any layer-2 domain across an MPLS backbone (even more, you can have partially-meshed pseudo-LAN networks, but let’s not get there at the moment).
Now imagine that you build your data center core as an IP+MPLS backbone:
- It uses IP routing, so it’s stable, offers optimal equal-cost load balancing and responds to outages in seconds (or however well you tune your routing protocol).
- If you deploy MPLS Traffic Engineering (MPLS TE) on top of the IP core (preferably with automatic fully-meshed tunnels and auto-bandwidth), your point-to-point loads will be shifted around the core as needed. With proper design, you’ll get way better results than with equal-cost load balancing.
- MPLS TE fast reroute (FRR) gives you the ability to temporarily shift traffic around failure points in milliseconds (two orders of magnitude faster than non-optimized IP routing protocols).
When you have a stable MPLS backbone, you can deploy VPLS over it. Point-to-point pseudowires are established automatically (you should use BGP-based autodiscovery) and the MPLS core takes care of traffic engineering and failure rerouting.
Last but definitely not least, the venerable (and lovingly hated) Spanning Tree Protocol stops at the VPLS edge. You might want to use it in the access network, or you could build an STP-free network and connect your hosts directly to the VPLS cloud.
By now you should be wondering what’s stopping the VPLS adoption in data center architectures. The reasons are mostly non-technical:
- VPLS is perceived to be a service provider technology, so it must be complex and unreliable (see above).
- VPLS designer/implementer must have thorough knowledge of numerous technologies, including MPLS, IGP and BGP (preferably also MPLS-TE and FRR).
- Good VPLS design is a serious piece of engineering. It’s easier to believe someone will sprinkle a future wonder-technology (TRILL, for example) like a fairy dust across your data center core to make it work better with zero design/configuration effort (my kids are Winx Club fans, so I’m very familiar with the Believix charms ;).
- Some vendors have gaps in their data center portfolio, so they are not keen to talk about VPLS. For example, the only data center switch from Cisco supporting VPLS is the venerable Catalyst 6500 (which is no longer listed as a data center switch).
As you know, I usually suffer from a particularly bad case of vendor-blindness. Tell us which vendors you would use to build a VPLS network like I've described above in the comments ... and don't forget, we're looking for high-end switches with decent number of GE/10GE ports.