Networking essentials
This chapter describes principal networking considerations, terminology, and concepts for the non-Fibre Channel (FC) network interface for front-end connectivity of the IBM System Storage TS7600 ProtecTIER family. The chapter discusses the File System Interface (FSI) with the options of Network File System (NFS) and Common Internet File System (CIFS) In a non-Virtual Tape Library (VTL) environment. The ProtecTIER server connects to the network with multiple Ethernet adapters, and supports a total throughput of hundreds of megabytes per second (MBps) over the network, per node. The chapter also describes network configuration preferred practices to support Internet Protocol (IP) configurations. It provides the scope and objectives, and main acronyms that are used in the subsequent sections.
|
Note: ProtecTIER GA Version 3.4 was released with only the Virtual Tape Library (VTL) interface support. File System Interface (FSI) support was added to ProtecTIER PGA 3.4 Version. For details, see the announcement letter:
|
This chapter describes the networking technologies that are used to set up the ProtecTIER front-end interfaces to the network. In addition, this section describes teaming or bonding in the network servers, 802.3ad link aggregation, and similar technologies on the local area network (LAN) switches, in addition to network topologies for standalone and redundant architectures. Some of these networking concepts also apply for ProtecTIER network replication environments.
This chapter describes the following topics:
|
Notes:
•Important: Using the ProtecTIER FSI as a network-attached storage (NAS), in terms of storing primary data directly to it, is not supported. ProtecTIER FSI must be used with an application that is supported by ProtecTIER.
•Terminology: This chapter uses the term bonding when describing aggregating multiple network links to a single logical interface. You might have heard terms such as network aggregation, link aggregation, port trunking, trunking, link bundling, Ethernet bonding, network bonding, network interface controller (NIC) bonding, 802.3ad, or NIC teaming, which also describe the same concept.
•Cabling: Multiple members of a single bond must be connected to the same network switch. If you use multiple physically independent networks, similar to a dual-fabric approach in FC terms, you are required to have at least two bonds. Each bond must be cabled to only one network switch.
|
3.1 Network terminology
The following terms are relevant to network configurations in general:
Bonding A method for grouping several physical adapters into a single virtual adapter for load sharing, throughput enhancement, and redundancy enhancement. Bonding is the term that is typically used in Linux and UNIX operating systems.
Teaming An alternative term for bonding, typically used in Microsoft
operating systems.
operating systems.
Trunking An alternative term for bonding or teaming.
Bundling An alternative term for bonding or teaming.
Link aggregation A method for grouping several interfaces into a single virtual interface for load sharing between the interfaces. Also known as
network aggregation.
network aggregation.
IEEE 802.3ad Institute of Electrical and Electronics Engineers (IEEE) standard for link aggregation for LAN connectivity.
Gigabit Ethernet Gigabit Ethernet (GbE) is Ethernet that runs in a gigabit per second (Gbps) bandwidth.
VLAN Virtual LAN (VLAN) is a software defined LAN that groups network elements in the same broadcast domain.
Host An entity that is connected to the network. For example, the NetBackup media servers are referred to as hosts.
Bonding/Teaming Teaming or bonding in servers, and link aggregation (802.3ad) or Cisco Ether Channel in LAN switches. The purpose of these mechanisms is to achieve higher bandwidth on the connection, as close as possible to the multiplication of the port bandwidth, along with redundancy between the ports.
3.2 General configuration considerations
The following list describes several general preferred practices for FSI:
•Because ProtecTIER backups with FSI are done on a file share level, you should create a dedicated file share for each backup server that you use with ProtecTIER FSI. This file share makes more sophisticated load balancing scenarios possible.
•Make sure that the backup application runs in the context of the user who mounted the file system with write permission. If you experience access rights issues, this configuration most probably is the reason for them.
•There must be at least two different network subnets to separate the ProtecTIER management IP interface from the ProtecTIER file system IP interfaces. Otherwise, you cannot ensure that your backup traffic is using the FSI interface rather than the management interface.
•For FSI workloads, dedicated infrastructures might not exist for incoming and outgoing traffic of backup servers. To be sure that the environment does not suffer from infrastructure congestion, involve the engineers in charge of managing the network.
•If possible, implement bonding on all involved network devices, whether the devices are the ProtecTIER server, the backup server, or even the network switches. Enabling bonding only on the ProtecTIER server might not be enough to achieve the best results.
3.3 Bonding and teaming
To achieve high availability, load balancing, and increased throughput, you can use a network technology that is known by many names. You might have heard of terms such as network aggregation, link aggregation, port trunking, link bundling, Ethernet bonding, network bonding, NIC bonding, 802.3ad, or NIC teaming. All of these terms describe solutions that you can use to achieve high availability, load balancing, or increased throughput by combining multiple network interfaces and using them as one logical link.
Connectivity in a ProtecTIER environment is based on bonding (term used in Linux or UNIX platforms) or teaming (term used in Microsoft platforms) in servers, and link aggregation (802.3ad) or Cisco EtherChannel in LAN switches. These mechanisms achieve higher bandwidth on the connection, and provide redundancy between the ports.
Table 3-1 on page 42 lists the available ProtecTIER link aggregation modes, bonding options, and features for each link aggregation mode.
3.3.1 The three bonding modes of ProtecTIER
The ProtecTIER product supports three principal modes of bonding:
•High availability
•Round robin
•Link aggregation (L2, L2L3, L3L4); uses IEEE 802.3ad
For summaries of the bonding methodologies that are supported by ProtecTIER, see Table 3-1 on page 42.
|
Note: For the following modes, the first two modes are topologies that are switchless because the switch does not have to support any specific standard. In the last modes, the switches in the topology must support the 802.3ad standard, or in some cases, the Cisco EtherChannel implementation.
|
Mode one: High availability
The High Availability load balancing method uses an active-backup policy. Only one interface in this bond is active. If one of the interfaces fails, the other interface becomes active, and takes over communication. This bond’s Media Access Control (MAC) address is only visible on one port so that the switch is not confused. With this method, you can achieve fault tolerance. It is also called redundant mode or active-backup mode.
|
Important: This mode does not attempt to perform load balancing.
|
Mode two: Round robin
The Round Robin load balancing method uses a balance-rr (round-robin) policy. Outgoing network traffic is distributed across all members of the bond in sequential order. Incoming network traffic is still limited to one single network port (the primary). If one of the network interfaces fails, the other bond members take over. Outgoing traffic is distributed across the remaining bond members.
If the primary adapter for incoming traffic fails, the bond automatically selects a new primary adapter, and incoming traffic is handled from that one single network adapter. With this mode, you can achieve fault tolerance and load balancing. A potential unidirectional bandwidth increase for outgoing traffic is possible if you have multiple backup servers in
your environment.
your environment.
|
Bandwidth: With the round robin mode, you do not see any bandwidth increase if you have only two communication partners, for example, the ProtecTIER server and one backup server. Even enabling this mode on both of these machines does not enable you to use more than the bandwidth of one single interface, because the incoming traffic of both machines is dealt with only one single network interface.
If you have enough communication partners, for example, multiple backup servers and one ProtecTIER server, the increased bandwidth is used only during parallel restore of multiple backup servers.
|
Mode three: Link Aggregation (L2, L2L3, L3L4)
The third load balancing method is the most advanced method. If you set it up correctly, you can use the combined throughput of all of the involved network interfaces for incoming and outgoing traffic, balance the load across all available interfaces, and have a fault tolerant system at the same time. This load balancing method uses an IEEE 802.3ad Link Aggregation policy. ProtecTIER offers this mode with a variant in the transmit hash policy, the options are labeled as L2, L2L3, and L3L4.
To use this method, you must have a network infrastructure that fully supports it end-to-end. Since this bonding method relies on the IEEE 802.3ad dynamic link aggregation standard, it is also known as the 802.3ad mode. The servers and the switches they are connected to must support the 802.3ad standard, and load distribution is performed according to this standard.
You can use it to aggregate a group of interfaces of the same speed and duplex setting. Table 3-1 on page 42 summarizes the bonding methods and descriptions of the associated network layers. The 802.3ad standard does not mandate any particular distribution algorithms. However, no distribution algorithm ensures that the following actions do not occur:
•Misordering frames that are part of any conversation
•Duplicating frames
The standard suggests, but does not mandate, that the algorithm can assign one or more conversations to the same port; however, it must not allocate some of the frames of a conversation to one port and the remainder to different ports. The information that is used to assign conversations to ports could include the following items:
•Source MAC address
•Destination MAC address
•Source IP address
•Destination IP address
•The reception port
•The type of destination address (individual or group MAC address)
•Ethernet Length/Type value (protocol identification)
•Higher layer protocol information (for example, addressing and protocol identification information from the LLC sub layer or above)
•Combinations of these items
The transmit hash policy decides, according to parameters or a combination of parameters, the frames that are distributed. For example, when you have a server that exchanges information with several hosts on the same subnet, configuring a source/destination MAC hash usually produces a reasonable load distribution. If you want to use load balancing over a router, then a Layer 3 hash does not help because the server sees only one IP address (of the router), and therefore all traffic is sent over the same interface. In this case, a Layer 4 hash must be used.
|
Notes: T
•The 802.3ad dynamic link aggregation method is suitable to increase your throughput when you use 1 Gb network interfaces in combination with a single backup server.
•Combining all 1 Gb network interfaces into one single link aggregation group is not a preferred practice. Use multiple groups of two interfaces or four interfaces instead.
|
Summary of modes
Table 3-1 shows bonding modes, and options and features for each link aggregation mode implemented on ProtecTIER. The table uses HA (high availability) and RR (round robin) abbreviations.
Table 3-1 Bonding methods and available ProtecTIER link aggregations modes
|
ProtecTIER
GUI and CLI |
CLI
|
Bonding modes and options
|
Features
|
|
HA
|
HA
|
miimon=1001
mode=1
|
Fault tolerance
|
|
RR
|
RR
|
miimon=100
mode=0
|
•Load balancing
•Fault tolerance
•Unidirectional bandwidth increase
|
|
L2
|
L2
|
miimon=100
mode=4
xmit_hash_policy=layer2
•Based on MAC address
•802.3ad switch support needed
|
•Load balancing
•Fault tolerance
•Bidirectional bandwidth increase2
|
|
L2L3
|
L2L3
|
miimon=100
mode=4
xmit_hash_policy=layer2+3
•Based on MAC address and IP addresses
•802.3ad switch support needed
|
•Load balancing
•Fault tolerance
•Bidirectional bandwidth increase3
|
|
L3L4
|
L3L4
|
miimon=100
mode=4
xmit_hash_policy=layer3+4
•Based on IP addresses and ports
•802.3ad switch support needed
|
•Load balancing
•Fault tolerance
•Bidirectional bandwidth increase possible4
|
1 Miimon is a parameter to the bonding module. It specifies the MII link monitoring frequency in milliseconds. This determines how often the link state is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point.
2 Outgoing traffic is spread by using a default transmit hash policy of Layer 2. The formula should be read as (source MAC XOR destination MAC) MODULO N (number of subordinates).
3 Outgoing traffic is spread by using a transmit hash policy of MAC addresses and IP addresses of the source and the destination.
4 Outgoing traffic is spread by using a transmit hash policy of IP addresses and ports of the source and the destination.
3.4 Preferred ProtecTIER bonding configuration
This section describes the suggested ProtecTIER bonding configuration to use with FSI.When your performance requirement for ProtecTIER FSI is below 500 MBps, you can use the default ProtecTIER bonding configuration of having all interfaces in one single aggregate. If you need more than 500 MBps, configure at least two shares that are exported across two individual IPs.
This configuration enables you to distribute the load across all of the available resources in the ProtecTIER. This configuration is only viable if your environment enables that setup to be efficiently integrated. If you, for example, have two or more backup servers, each of them should use its own FSI file system and file share. With this setup, you have no problems using multiple file shares or IPs on ProtecTIER at the same time.
If your environment consists of only one backup server, the usage of multiple IP addresses can be a challenge. IBM Spectrum Protect (formerly Tivoli Storage Manager), for example, enables you to create one device class that uses multiple IPs at the same time. With this setup, you can use the preferred practices ProtecTIER IP setup.
The Layer 3 and Layer 2+3 configurations are suggested only if single bond is not applicable.
Whatever network methodology you decide to use, connect only one IP to each subnet. This requirement is an IP requirement, which is the protocol used on the open systems interconnection (OSI) model Layer 3. Bonding all interfaces and assigning one IP to them to connect them to the network is the easiest way of attaching ProtecTIER to your network.
Table 3-2 clarifies the minimum number of interfaces, subnets, bonds, and IP addresses for different environments and performance goals. Using more of these items might be viable.
Table 3-2 Minimum numbers interfaces, subnets, bonds, and IP addresses for FSI
|
FSI interface
|
ProtecTIER performance goal1
|
Minimum # of subnets
|
Minimum # of bonds and IP addresses2
|
|
4x 1 Gb
|
< 500 MBps
|
1
|
1
|
|
4x 1 Gb
|
> 500 MBps3
|
2
|
2
|
|
2x 10 Gb
|
< 500 MBps
|
1
|
1
|
|
2x 10 Gb
|
> 500 MBps
|
2
|
2
|
1 The maximum performance that you can reach with your ProtecTIER setup is determined by the ProtecTIER sizing.
2 This column stresses the importance of assigning only one IP address per node (whether it is ProtecTIER or your backup server) to a subnet.
3 Assuming the maximum speed of a single 1 Gb network link is 110 MBps, you need a working 802.3ad setup or multiple subnets to reach these numbers.
|
IP configuration: Only one IP address per subnet is allowed. This situation is true for all backup servers and ProtecTIER.
|
Layer 2
In today’s environments, this mode is the least likely mode to be used for optimization. It can be useful if the system is transmitting a large volume of non-IP traffic on the same VLAN. This mode can be used if IP traffic is being used but in a large single subnet that contains both the sending system and the target systems on the same VLAN. The traffic will be distributed across the interfaces based on the variety of MAC addresses.
Do not use this mode when the destination IP clients are on remote subnets. In this case there will be only the MAC of the sending device and the MAC of the default gateway router which will result in a single interface being used.
Layer 2 + Layer 3
This mode is best to use when IP is used and the destination clients have IP addresses on remote IP subnets. This mode is common in most network environments today. The traffic will be distributed across the interfaces based on the variety of IP addresses.
Layer 3 + Layer 4
This mode is the best to use when the transmitting device is sending traffic to single or small number of destination IP address but using a large number of TCP sessions. The traffic will be distributed across the interfaces based on the variety of TCP port numbers. This mode can also be used in the environment described in L2L3, but it will not necessarily provide additional improvements.
An important steps is to configure the ProtecTIER network so that each virtual interface (IP) is on a different subnetwork and preferably a different VLAN in a multitier network infrastructure. This configuration is important to segregate the backup traffic and other types of traffic for security and administrative reasons.
Selecting the bonding type and mode for file system interfaces (application interfaces)
The default setting for the application interfaces is one application virtual interface that is assigned several physical network ports, depending on the model. This interface is configured in a bond, mode 0 (round robin). You should change the mode to L3L4 (IEEE 802.3ad) when a supporting switch is available.
|
Switch configuration: The switch must be configured for the L3L4 (IEEE 802.3ad) mode as well. If there is no switch support for IEEE 802.3ad, or the hosts are directly connected to the ProtecTIER server, the default mode should not be changed.
|
Using several application interfaces for backup/restore versus using a single interface
The default setting for the application interface is one application virtual interface that has several physical network ports that are assigned. The advantage of this configuration is that only a single IP address is assigned to the backup/restore activity, and all hosts and all shares are mounted to the same IP. This configuration is the simplest one to set up.
The main problem with this setup is related to performance if the ProtecTIER server is using the 1 GbE ports (versus using the 10 GbE configurations). Although the ports are configured to share the load on the ProtecTIER server side, the hosts (even if they are part of a bond or team) do not always know to load balance the activity to get the full throughput from the ports. Load balancing mainly depends on the network cards that are installed on the hosts, and their implementation of teaming. Therefore, you should perform the following activities:
•In a 1 x 1 setup (one host to one ProtecTIER server), if the ProtecTIER server is using
1 Gb ports and the performance target is more than 125 MBps, consider changing the default setup and define several application interfaces. Divide the physical ports between the interfaces, and define a different IP address and subnetwork for each IP. In this case, the host must choose to mount the shares on different IPs to benefit from them. For redundant ports, include at least a pair of ports for each application interface.
1 Gb ports and the performance target is more than 125 MBps, consider changing the default setup and define several application interfaces. Divide the physical ports between the interfaces, and define a different IP address and subnetwork for each IP. In this case, the host must choose to mount the shares on different IPs to benefit from them. For redundant ports, include at least a pair of ports for each application interface.
•In an M x 1 setup (many hosts to one ProtecTIER server), if the aggregate performance is important (versus the performance of a specific single host), leave the default setup as it is, except the bonding type and mode, as explained in this section.
•If the ProtecTIER server is configured with 10 Gb ports, the throughput can be satisfied by a single interface. However, if you need more than 500 MBps performance, define at least two FSI IPs on the ProtecTIER server by dividing the physical ports between the IPs. This configuration provides better throughput because the CIFS traffic flows in two different paths from the host to the ProtecTIER server.
3.4.1 VLANs
When you connect the ProtecTIER server on a single site with the hosts, you can connect it on the same VLAN as the hosts or on separate VLANs.
As shown in Figure 3-1, a single switch topology, the ProtecTIER servers, and the hosts are connected to the same VLAN, with the same IP subnet, on the same physical switch.
Figure 3-1 Single switch configuration
When you connect the hosts and the ProtecTIER servers on multiple LAN switches, the connectivity between the switches must be able to transfer the data rate that is required for the backup. For best results, use 10 GbE connectivity between the switches. Another option is to define another link aggregation between the switches so that they can transfer the required bandwidth (Figure 3-2).
Figure 3-2 Multiple LAN switches configuration
When using different VLANs with different IP subnets, the host and the ProtecTIER server are connected on separate VLANs and subnets. The switch has Layer 3 support. Routing is performed between VLANs (Figure 3-3).
Figure 3-3 Separate VLANs and subnets configuration
3.4.2 IP addresses
You must configure unique IP addresses on the hosts and on the ProtecTIER servers if bonds are configured. If you are configuring bonds, each bond (or team) must be assigned a single IP address. Otherwise, each physical interface must be assigned a unique IP address.
On each system, host or ProtecTIER, each IP address that is configured must be on a different subnet. Additional hosts and ProtecTIER servers can share the subnet. For example, on the first ProtecTIER server, you can configure the following IP addresses (and additional sequential addresses):
•192.168.151.1/24
•192.168.152.1/24
•192.168.153.1/24
In this case, the second ProtecTIER node can use the following addresses (and additional sequential addresses):
•192.168.151.2/24
•192.168.152.2/24
•192.168.153.2/24
In this example, the first network is 192.168.151.0, and you can define 255 subnet addresses. Therefore, the first ProtecTIER server is using an address in this subnet (192.168.151.1), and the second ProtecTIER server can use a different address on the same subnet (192.68.151.2).
3.4.3 Routing the IP traffic
Static routes are a simple and effective way of instructing the host IP stack how to route IP traffic that is destined for specific subnets. This configuration is necessary whenever traffic to any specific subnet must be sent through a different gateway and possibly a different network interface than the default gateway definition would otherwise dictate.
If required, configure your static routes so that each port on the host can reach one virtual port on each ProtecTIER server to which it is connected. If possible, configure all IP addresses on the media servers on the same subnets that you defined on the
ProtecTIER servers.
ProtecTIER servers.
For details of how to configure static routes on the ProtecTIER, see the topic about configuring static routes in the User's Guide for VTL Systems for IBM System Storage TS7600 with ProtecTIER V3.4, GA32-0922.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.