Tuesday, July 28, 2015

How you understand documenting Conceptual, Logic, Physical?

I have just read following question in Google+ "VCDX Study Group 2015"
As a fellow writer (we architects are not readers, but writers! :) ) wanted to ask you how you understand documenting Conceptual, Logic, Physical.
Can you add all these in a single Architecture design document with all 3 parts as 3 sections or you are better off creating 3 separate documents for each type of design?
I'm hearing very often similar questions about approach how to write good design documentation. So my answer was following ...

As a writer you have to decide what is the best for your readers :-)

When I'm engaged to write Architecture document I use different approaches for different design engagements. It really depends on project size, scope, audience, architecture team, etc... For example, right now I'm working on project where 6 architects are working on single High Level Design covering big picture and each preparing Low Level Design. At the end there is single HLD document and five separate LLD documents covering
  • Compute, 
  • Storage, 
  • Networking,
  • vSphere and
  • Backup.
I had another projects where whole architecture was in single document where each section was targeted to different auditorium. That was a case of my VCDX design documentation.

Generally I believe High Level Design (HLD) is for broader technical audience but also for business owners. Therefore physical design is not required in this stage and only Conceptual and brief Logical design for each area should be in HLD. Low Level Design (LLD) is for technical implementers and technical operational personnel therefore less writing creativity and more deep technical language for specific area should be used there with references to HLD. I recommend to read Greg Ferro's "Eleven Rules of Design Documentation" which IMHO apply very good to LLD.

HLD Conceptual Design should include business and technical requirements, constraints, assumptions, key design decisions, overall high level concept and risk analysis).

HLD Logical Design should include basic logical constructions for different design areas together with capacity planning.

LLD should include Conceptual, Logical and Physical design for specific area(s) or designed system/subsystem. In LLD conceptual design there should be a subset of HLD technical requirements, constraints and assumptions and maybe some other specific requirements irrelevant in HLD. They can be even discovered after HLD and LLD design reviews and additional technical workshops. Logical design can be the same as in HLD or you can go into deeper level but still stay in logical layer without product physical specifications, cabling port IDs, VLAN IDs, IP addressing, etc... These physical details should be in in physical design and if needed referenced in to attachments, excel workbooks, or similar implementation/configuration management documents.

LLD Physical design is usually leveraged by implementer to prepare As-Built documentation.

That's just my $0.02 and your mileage can vary. 

At the end I have to repeat ... you, as a writer (Architect), have to decide appropriate documentation format for your target audience.

Don't hesitate to share your thoughts in comments.

Tuesday, July 07, 2015

DELL Force10 : Interface Configuration and VLANs

Physical interface configuration

Physical switch interface configuration is a basic operation with any switch device. DELL Force10 switch is no exception. However, one thing is very unique on Force10 switches. Everything, including physical interfaces, on Force10 switch, is disabled by default, therefore, interfaces are in downstate and must be configured before any use. Someones are saying it is strange behavior but in my opinion, that's pretty good behavior because it is a much more secure approach. You will not disrupt the whole network by connecting and cabling new switch into your enterprise network until you configure something. If you will do bad configuration than it is your fault and not device fault.

Ok, so when you want to use some switch interface you have to enable interface explicitly. Before that, you should be absolutely sure your new Force10 switch is ready to be connected to the network. Think for example about spanning tree protocol configuration. Let's assume you know what you do and you want to enable the particular physical interface. It is easy. I think the example below is self-explanatory

conf
  interface tengigabit 0/1
  no shutdown

So your interface is up but another important note is that all physical interfaces are Layer 3 by default. You can assign IP address to Layer 3 (routed) interface and your L3 switch is configured as a router device. IP address assignment is shown below.

conf
  interface tengigabit 0/1
  ip address 192.168.1.11/24
  no shutdown

Cool, but there is a chance you want configure Layer 2 interface to work as a switch port and not routed port. It is pretty easy, you have to tell it to your interface to not have IP address and behave as a switch port.

conf
  interface tengigabit 0/1
  no ip address
  switchport
  no shutdown

Physical Interface Numbering

So far we have used similar interface identification as follows

interface tengigabit 0/13

General interface identification convention parts have following format

interface “Interface Type” “Stack Unit Number”/”Interface Number”
where

·       Interface Type - can have values gigabit (gi), tengigabit (te), fortygigabit (fo)

·       Stack Unit Number - is stack ID number if classic stacking is configured otherwise there is 0 as it is a single unit switch

·       Interface Number - is a sequential port number on particular stack unit


Interface ranges

You can leverage interface ranges to simplify interface and VLAN configurations.

conf
interface range  te 0/1-3, te 0/5-7
interface range vlan 100-110

I think you can see the benefit. All configurations are applied to all interfaces on the range.

VLANs

In configurations above everything is happening in default VLAN which is by default VLAN 1. This is a single broadcast domain. In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN. Source: wikipedia. Nowadays VLANs are used very often for network separation (security) and broadcast domain split (availability, performance). If you are familiar with CISCO VLAN configuration then you have to create VLAN id in VLAN database and you can assign VLAN/VLANs to the particular interface. In Force10 it is a little bit different. You have to create VLAN id, that's the same. However, you are not assigning VLAN per interface but assigning interfaces to VLAN. See example below.

conf
  interface vlan 100
  description "VLAN for mission critical servers"
  untagged TenGigabitEthernet 0/1-3
  tagged TenGigabitEthernet 0/0

In the example above we have created VLAN 100 for three mission-critical servers. Servers are connected to ports Te 0/1, Te 0/2 and Te 0/3 without VLAN tagging (aka access mode in Cisco terminology). The particular switch port in "access" mode is configured in Force10 in following way

interface TenGigabitEthernet 0/1
  description "Mission critical server 1" 
  no ip address
  switchport
  spanning-tree rstp edge-port bpduguard 
  no shutdown

Switch interface Te 0/0 is uplink to the rest of the network, therefore, more VLANs has to be configured on this particular port, therefore, the port is configured as a trunk port with more tagged VLANs. Switch uplinks are usually configured redundantly in a high availability mode, therefore, there is a big chance you would like to use port-channel (aka LAG) as a switch uplink. LAGs are explained in next section. Port-channel is nothing else as a special virtual interface, therefore, port-channel VLAN configuration is very similar to physical interfaces.

conf
interface vlan 100
  description "VLAN for mission critical servers"
  untagged TenGigabitEthernet 0/1-3
  
tagged Port-channel 1

There is another switch port mode which is typical for ESXi hosts. It is the server, but you want one VLAN to be configured as a native (usually for ESXi management) and also to configure trunk of multiple VLANs for virtual networking (VMware portgroups). Force10 call this port configuration as a hybrid. Switch port configuration will look similar as an example below

interface GigabitEthernet 0/11
  description ESX11
  no ip address
  mtu 9252
  portmode hybrid
  switchport
  spanning-tree rstp edge-port
  no shutdown

and for such hybrid switch port, we can have one VLAN configured as an untagged (aka native in Cisco terminology) and multiple VLANs as tagged. VLAN configuration should look similar to ...

interface Vlan 4
  description DC-MGMT
  ip address 192.168.4.254/24
  untagged GigabitEthernet 0/4,6,11-14,34-36,41,43
  no shutdown

VLAN 4 is a used for ESXi management but multiple other VLANs can be carried to the ESXi host as tagged VLANs. This is depicted in configuration snippet below ...

interface Vlan 22
 description VMOTION
 name VMOTION
 no ip address
 tagged GigabitEthernet 0/11-14,34-36
 shutdown
!
interface Vlan 23
 description VTEP
 name NSX-OVERLAY
 ip address 192.168.23.254/24
 tagged GigabitEthernet 0/11-14,34-36
 no shutdown
!
interface Vlan 24
 description ISCSI
 name ISCSI
 ip address 192.168.24.254/24
 tagged GigabitEthernet 0/11-14,34-36
 untagged GigabitEthernet 0/10
 no shutdown
!
interface Vlan 25
 description NFS
 name NFS
 ip address 192.168.25.254/24
 tagged GigabitEthernet 0/11-14,34-36
 no shutdown
!
interface Vlan 26
 description VSAN
 name VSAN
 no ip address
 tagged GigabitEthernet 0/11-14,34-36
 shutdown
!
interface Vlan 100
 description V2P-PEERING
 name V2P-PEERING
 ip address 172.16.0.254/24
 tagged GigabitEthernet 0/11-14,34
 no shutdown

LAGs - Link Aggregates 

Link Aggregation is a general term for channeling multiple links into single virtual aggregate also known as a port channel. There are two types of port channels static and dynamic (aka LACP). For more general information about "link aggregation" look here.

Now let's see how you can configure port channels.

Static Port Channel
Below is the example of static port channel bundled with two interfaces (te 0/1 and te 0/2)

interface port-channel 1
  description "Static Port-Channel"
  channel-member tengigabit 0/1
  channel-member tengigabit 0/2
  no ip address
  switchport
  no shutdown

Dynamic Port Channel
Below is the example of dynamic port channel bundled with two interfaces (te 0/1 and te 0/2)

VLT (Virtual Link Trunking) is actually virtual Port Channel spanned across multiple chassis (aka MultiChassis LAG). VLT can be static or dynamic port-channel. When two Force10 switches are configured in single VLT domain you can create VLT port-channel independently on each VLT node. You can read more about VLT here.

You configure VLT port-channel on each node in the absolutely same way as classic port-channels. The only difference is that you will tell FTOS that this particular port-channel is VLT and you can define peer port-channel id which can be different than on another node. However, the best practice is to use same port-channel IDs on both VLT nodes just to keep configuration simple and more readable.

Directive to tell the port-channel is VLT is vlt-peer-lag.

So if port-channel examples above would be VLTs then the configuration is the same only with one additional option. See examples below.

Static VLT Port Channel

interface port-channel 1
  description "Static Port-Channel"
  channel-member tengigabit 0/1
  channel-member tengigabit 0/2
  
vlt-peer-lag port-channel 1
  no ip address
  no shutdown

Dynamic VLT Port Channel

interface port-channel 1
  description "Dynamic Port-Channel (LACP)"
  no ip address
  vlt-peer-lag port-channel 1
  switchport
  no shutdown 

interface tengigabit 0/1
  port-channel-protocol lacp
    port-channel 1 mode active
  no shutdown 

interface tengigabit 0/2
  port-channel-protocol lacp
    port-channel 1 mode active

  no shutdown

Conclusion

Interface and VLAN configuration is a basic network operation. If you are familiar with any other switch vendor interface configuration I think Force10 interface configuration is simple for you. The only different approach is with VLAN configuration but it is just a matter of habit.

Hope you found this blog post useful and as always, any comment and feedback are highly appreciated.