Designing HPE Aruba Data Center Solutions v.23.311

 Welcome to this week's class (DDCS)

navigate to https://rubbernecks-arubanetworks.blogspot.com

Be sure you have downloaded the course learner guide as per the instructions you received in an email from HPE last week.  Check your email history, spam folder, etc... for the keyword "OnSecure" if you cannot find the email.  You only have 10 days to print this learner guide (PDF or paper).

• Click here for this week's lab access spreadsheet 
• ask me for the link password

• in this spreadsheet you will find the links for:
• Lab Scenario Guide
• Lab Activity Guide
• Lab Activity Worksheets (for lab 2, 5A, 8)

    Class Preparation Notes

• Although there is a remote lab, you may not need to use it for this class, you can set up the required software on your own computer. You will need:

• IRIS:
• as a partner or employee you should already have this, if not:
• your company domain name should be whitelisted for IRIS
• this means you can go to www.intangi.com/register.php, register and login using your own partner email address, then download/install iris.
• if your partner company is not registered with iris, one time only, a representative of your company must email irisaccess@hpe.com giving them your:
• partner name
• partner country
• partner source account id (aka: location id)
• alternatively use the copy installed in the remote lab

• after you login to Intangi, visit their video tutorial site, there is some very good training available to augment the instructions provided to you in the lab guide

• https://www.intangi.com/support/iris.php?id=video_main

• recommended video watch list order
• 1: Get to Know Iris
• 2: Configure a Product
• 3: Connecting Products
• 4: Design groups
• 5: Connection dialog
• 6: Topology & Mapping
• the rest of them

Tips on how to google our site for documentation

• googling for Aruba AOS-CX related topics
• site:arubanetworks.com -inurl:pdf inurl:AOS-CX inurl:10\.13 "evpn"

• googling for Aruba Central related topics
• site:arubanetworks.com inurl:latest "evpn"

• search option notes:

• site:x only searched that domain
• -inurl:x don't report links with this text in the URL
• inurl:x only report on links with text
• (ideal for finding specific version documentation)

Helpful Links

• about Aruba training and this course

• aruba: Aruba Worldwide Education Services training portal
• datasheet: Certified Network Architect Data Center

• where to find more information

• asp: ESP Campus Design (basis of this course)
• aruba: Aruba Technical Product Documentation Portal
• here you find:
• Technology Briefs
• Validated Reference Designs
• Aruba Validated Designs
• Compliancy Documentation related to GDPR
• airheads: community.arubanetworks.com
• abc: Airheads Broadcasting Channel
• afp: Partner Technical Webinars
• aruba: Central Demo

• where to find online documentation

• asp: Central Latest Online Help
• techdocs: The CLI Bank (all products)

• AOS-CX specific links

• aruba: feature-navigator.arubanetworks.com
• aruba: HPE ArubaNetworking 3D Catalog
• asp: CX Documentation Portal
• asp: CX_10.12 EVPN VXLAN Guide
• asp: CX_10.12 IP Services Guide
• asp: CX_10.12 Security Guide
• asp: CX_10.12 NAE
• asp: CX_10.12 Monitoring Guide
• asp: CX_10.12 ACLs and Classifier Policies Guide - 6[34]00,8360
• asp: CX_10.12 CoPP Guide
• asp: CX_10.11 IP Routing
• asp: CX_10.12 Online CLI Guide
• asp: CX_10.12 Fundamentals Guide
• asp: CX_10.13 Hardening Guide
• www.arubanetworks.com/assets/ds/DS_4100iSwitchSeries.pdf
• www.arubanetworks.com/assets/ds/DS_6000Series.pdf
• www.arubanetworks.com/assets/ds/DS_6100Series.pdf
• www.arubanetworks.com/assets/ds/DS_6200Series.pdf
• www.arubanetworks.com/assets/ds/DS_6300Series.pdf
• www.arubanetworks.com/assets/ds/DS_6400Series.pdf
• www.arubanetworks.com/assets/ds/DS_8100Series.pdf
• www.arubanetworks.com/assets/ds/DS_8320Series.pdf
• www.arubanetworks.com/assets/ds/DS_8325Series.pdf
• www.arubanetworks.com/assets/ds/DS_8360Series.pdf
• www.arubanetworks.com/assets/ds/DS_8400Series.pdf
• www.arubanetworks.com/assets/ds/DS_9300Series.pdf
• www.arubanetworks.com/assets/ds/DS_10000Series.pdf

Day 1 - Lecture Modules & Labs

M00: Course Introduction

• Lab 0 - Testing Lab Connectivity
• 0.1: Access to the Remote Lab Virtual Machine for IRIS
• 0.2: Accessing IRIS

M01: Information Gathering

• hpe: Why Network as a Service (NaaS)?
• VMware: DRS
• VMware: vMotion

• fbi: Threat to U.S. Critical Infrastructure
• fbi: Cyberthreat to Threat to Entire Nation
• web: Ransomware Payments Exceed $1 Billion in 2023
• web: 60 minutes cyber-espionage in the Wind Industry

• Activity 1: Gathering Information

• 1.1: Read the RFP
• 1.2: Identify Objectives
• 1.3: Identify Missing Information

M02: Architecture the Solution

• hpe: Products & Solutions Now
• aruba: Aruba Switch Feature Navigator
• techdocs: How STP works with VSX

• Cabling Links
• td: AOS-S and AOS-CX Transceiver Guide Edition
• aruba: LRM J9152D does not require MCP when using with OM1/2
• web: MTP MPO cables – All Basics You need to know
• web: PC vs UPC vs APC Connector: Selecting the Right Fiber Connector Type
• aruba: Corning 400G Cabling for Aruba QSFP-DD

• VMware Links
• youtube: VMware DCV 019 - vCenter Distributed Switch Overview and Deployment
• vmware: vSphere Distributed Switch Architecture

• AFC Links
• aruba: Aruba Fabric Composer User Guide 6.5
• aruba: Aruba Fabric Composer Developer Guide
• abc: Aruba AOS-CX & Aruba AFC Series: Introducing Aruba Fabric Composer
• abc: Aruba AOS-CX & AFC Series: Deploying Aruba Fabric Composer Part 1
• abc: Aruba AOS-CX & AFC Series: Deploying Aruba Fabric Composer Part 2

• Activity 2: Architect the Solution

• 2.1: Design the high-level solution
• 2.2: Select switches
• see the lab access worksheet for access to this tasks:
• "Select switches - Activity 2 spreadsheet"
• 2.3: Start configuring the BOM
• 2.4: Design VLANs and routing
• 2.5: Plan the management solutions

M03: Propose and Implement the Solution

• hpe: Partner Portal (after login, search for HPE Proposal Wizard)

• Activity 3: Propose and Implement the Solution

• 3.1: Complete the BOM
• 3.2: Document the solution
• 3.3: Document assumptions
• 3.4: Create a migration plan

Day 2 - Lecture Modules & Labs

M04: Introduction to a Complex Data Center Architecture

• Activity 4: Recommend a High-Level Solution

• 4.1: Recommend a Solution based on the Customer Requirements
• read the introduction only section of the University ABC scenario, then answer 

M05: Design an L3 Spine and Leaf Topology

• rfc: rfc4271 (BGP-4)

• Activity 5A: Design an L3 Spine and Leaf Topology

• 5a.1: Select Switches 
• 5a.2: Configure switches and accessories and create a block diagram in IRIS

• Activity 5B: Design an L3 Spine and Leaf Underlay Topology

• 5b.1: Design the underlay
• 5b.2: Propose a management solution
• 5b.3: Create an executive summary

M06: Design EVPN VXLAN (begin)

• abc: AOS-CX 10.07 Release update: IPv4 DHCP Relay in VXLAN Overlay
• @ 00:10.48 explains both intra and inter-VRF DHCP loopback requirements
• @ 00:12.40 explains loop2 for sourcing dhcp relay, and loop3 for sourcing ICMP for connectivity testing
• @ 00:13.xx explains loop2 for dhcp relay in or not in the same VRF, if AG_IP is not the same as the SVI_IP loop2 is not required
• @00:14.xx Vincent explains loop2 for dhcp relay if the server in the same VRF as the client, loop2 is required if AG_IP is the same as the SVI_IP

Day 3 - Lecture Modules & Labs

M06: Design EVPN VXLAN (end)

• Activity 6: Design EVPN VXLAN

• 6.1: Design the overlay
• 6.2: Make a high-level implementation plan

    M07: Design Micro-Segmentation

• vsg: Secure an Aruba EVPN Fabric
• techdocs: AMD Pensando PSM for DSS Guide 1.72.1-T
• abc: Aruba Data center networking with AOS-CX, AFC and PSM

• Activity 7: Designing Micro-Segmentation

• 7.1: Ensure support for micro-segmentation
• 7.2:  Design stateful firewall policies
• 7.3: Create an executive summary

M08: Design Lossless Networks

• vsg: Aruba ESP Data Center Storage and Lossless Ethernet

• Activity 8: Design a Storage Network

• 8.1: Create a BOM and block diagram
• 8.2: Design QoS

Day 4 - Lecture Modules & Labs

M09: Design a Multi-DC Solution

• techdocs: EVPN VXLAN multi-fabric solution

• Activity 9: Design a Secondary Data Center

• 9.1: Plan the network for the disaster recovery DC
• 9.2: Create a high-level implementation plan

M10: Design a DC Network for VMware NSX

• youtube: VMware NSX channel
• youtube: NSX / NSX-T Tech UnGlued
• youtube: Understanding the vDS, and N-vDS options with vSphere 7 and NSX-T 3.0
• SO: Fabric-Composer-VMware
• techdocs: AFC - VMware NSX-T
• techdocs: AFC - VMware SDDC Integration

• Activity 10: Design a Network for a Data Center Using VMware NSX

• 10.1: Design the underlay
• 10.2: Create a high-level implementation plan

Appendix

• Acronyms or Key terms

• vSS: virtual standard switch
• software emulating an L2 network device
• used on a single ESXi host
• used to connect VMs to:
• virtual networks
• each other
• physical networks, and external hosts
• uses the vmNICs (uplink adapters) associated with the ESXi host to connect the virtual network to the physical network
• vDS:virtual distributes switch 
• an vSS that can be assigned to one ore more ESXi
• can only be configured from vSphere
• N-vDS:
• a vDS that supports NSX Geneve and non tunneled port groups at the same time
• dvPortGroups
• specifies port configuration options for each member port on the distributed switch, such as:
• VLAN ID
• security policy
• traffic shaping, and so on
• has one or more uplinks, which are templates that map physical NICs of hosts to the distributed switch and define failover and load balancing policies
• vNIC
• a logical adapter belonging to Virtual Machine Guest Operating System
• vmNIC
• a real physical interface on an ESXi host that is physically connected to the access-layer switch
• vmknic 
• virtual network interface that is used by the VMKernel
• VMKernel
• vNICs that provide connectivity to ESXi and handle the system traffic such as vMotion, IP storage, Fault Tolerance

• L2 VNI
• an EVPN VXLAN Layer 2 overlay network allows host devices in the same subnet to send bridged or Layer 2 traffic to each other
• the network forwards the bridged traffic using a Layer 2 virtual network instance (VNI)
• interface vxlan 1
•    vni 10010
•       vlan 10

• L3 VNI
• configured per Tenant (VRF) to enable symmetrical IRB
• all VTEPs in the same VRF have an identical L3-VNI that is used for inter-vlan routing
• interface vxlan 1
•    vni 100001
•       routing
•       vrf VRF1


• EVPN type-2:
• advertises MAC addresses or MAC and IP addresses of clients connected to VNIs of a VTEP to all BGP routers within the same EVPN fabric (configured in the EVPN context)

• EVPN type-3: (aka IMET route)
• advertises which VNIs are configured on each VTEP, and the IP address of these VTEPs to all BGP routers within the same EVPN fabric (configured in the EVPN context)

• EVPN type-5:
• advertise IP prefixes and layer 3 VNIs of the subnets to other VTEPs that share the same global-scope route-target (configured in the VRF context)

• Unicast underlay:
• The primary purpose of the underlay in the VXLAN EVPN fabric is to advertise the reachability of Virtual Tunnel End Points (VTEPs) and BGP peering addresses.
• The primary criterion for choosing an underlay protocol is fast convergence in the event of node failures.

• Troubleshooting Tips
• placeholder