Comware

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

Layer 2 extended between two Datacenters

This thread has been viewed 26 times

  • 1.  Layer 2 extended between two Datacenters

    EMPLOYEE
    Posted Jan 17, 2023 07:30 AM
    Hi,

    My customer has two Datacenters connected using  high bandwith redundant fiber links. Bandwith and latency are not an issue.

    He wants that the two Datacenters share the same vlans, and want them extended between datacenters using normal L2 links.

    In fact this means that what he wants is the two datacenters to be seen as a single big Datacenter.

    This would probably work, but is it a good solution to extend vlans between two datacenters this way?

    Have anybody seen this king of solution working?

    Regards


  • 2.  RE: Layer 2 extended between two Datacenters

    Posted Jan 18, 2023 04:25 AM
    Hi, you've asked quite a simple question but the answer is complex. In fact there are many books written on the subject. You are essentially asking which is the best datacentre network architecture.

    To answer directly, yes stretching VLANs natively between datacentres will work if you have dark fibre or other optical circuits. I have two DCs connected like this. They are close, small and we own the land that the divergent fibres run. The services they house are legacy and so need L2 stretch. Is it a good idea in general? It Depends.

    It is common that there is a need for the same VLANs to exist in both buildings. If a VM that attaches to a particular subnet moves to the other DC, it will likely need to be on the same VLAN. However, that doesn't mean to say you would simply put a LACP link between DCs. But you might.

    If the DCs are small and simple and the paths that the fibres run are divergent, this might be the right solution. For anything else then you'll need to point the customer towards a DC network architect to understand if modern technologies like EVPN/VXLAN would better serve the need.
    Original Message


  • 3.  RE: Layer 2 extended between two Datacenters

    EMPLOYEE
    Posted Jan 18, 2023 07:26 AM
    Hi,

    Thanks for you answer.

    One more question on this if possible.

    Customer also wants to make routing redundant using VRRP with members on each Datacenter.

    One problem I see is that some traffic would need to cross the link between datacenters and return back, just to be routed on the same datacenter, in the case the systems comunicating are on the same  datacenter, but the active VRRP member is on the other Datacenter.

    Customer says its not a problem for him because the connection is dark fiber with a big amount of bandwith.

    What can you say about this?

    Regards
    Original Message


  • 4.  RE: Layer 2 extended between two Datacenters

    Posted Jan 18, 2023 08:39 AM
    The customer is correct in that the design would work. Unless the distances are massive the latency would not be an issue. The problem comes when the fibres are cut or connecting equipment fails/upgrades. What happens to traffic in each DC?

    One advantage of the design is that it is so simple that issues arising from staff not being able to understand/maintain complex protocols will be eradicated.

    So in general I would question the design's ability to deal with inter-link failure but wouldn't discount it purely down to its simplicity.
    Original Message


  • 5.  RE: Layer 2 extended between two Datacenters

    EMPLOYEE
    Posted Jan 18, 2023 01:43 PM
    Just to add my 2 cents to the discussion - if there are firewalls on the border of each DC, beware of the issue with asymmetric routing.

    It is when a PC from DC1 contacts let's say a website on Internet and the outgoing traffic for some reason goes over the inter-DC L2 link, through DC2 and then through FW2 (FW is in DC2), but the return traffic from the server will come on FW1 in DC1 (this happens, because routers in DC1 announce local prefixes over BGP, so the whole world knows those networks are accessible over DC1, not DC2). And since firewalls are stateful devices and the connection is not known to the FW1, it will be dropped. 

    Maybe this concern is not applicable to your network, but it is something you need to keep in mind with this design.

    ------------------------------
    Ivan Bondar
    ------------------------------

    Original Message


  • 6.  RE: Layer 2 extended between two Datacenters

    EMPLOYEE
    Posted Jan 19, 2023 06:10 AM
    Hi Ivan,

    Thanks a lot for your valuable information.

    In our case it will not be a concern because the traffic routed on VRRP will not cross any firewall.

    Best Regards

    Original Message


  • 7.  RE: Layer 2 extended between two Datacenters

    MVP GURU
    Posted Jan 19, 2023 02:35 PM
    Hi, just to clarify, when you write:

    "In our case it will not be a concern because the traffic routed on VRRP will not cross any firewall."

    are you saying that the active Router (as per VRRP) is going to route only internal network segments without having a route of last resort (default route) configured and so it will not let them to reach any other possible non directly connected network through a gateway (a Firewall in your case)?

    It seems to me a pretty isolated DC concept, at least if seen from the point of view of a next hop gateway that is generally used to interconnect DC networks with RoW.
    Original Message


  • 8.  RE: Layer 2 extended between two Datacenters

    EMPLOYEE
    Posted Jan 25, 2023 06:34 AM
    What do you mean by RoW ?
    Original Message


  • 9.  RE: Layer 2 extended between two Datacenters

    MVP GURU
    Posted Jan 25, 2023 07:37 AM
    Rest of (the) World



    Original Message