Securely Scale and Allocate Optimum Bandwidth for Your Multi-Tenant Cloud Network with Lenovo and Emulex

SOLUTIONS BRIEF

Securely scale and allocate optimum bandwidth for your multi-tenant cloud network with Lenovo and Emulex

Private VLAN Technology The Business Challenge – Scaling multi-tenant deployments n Defined by IETF RFC 5517 with Layer 2 isolation n Supported by Lenovo switches Managed Service Providers (MSP), Cloud Service Providers (CSP) and n Conforms to the 802.1Q standard larger enterprises deploying a multi-tenant cloud infrastructure require Private VLAN Solution Benefits virtual LAN (VLAN) provisioning at scale. This ensures network privacy and security for virtual machines (VMs) of individual tenants or business units. n Scalable multi-tenant isolation and security by breaking the 4,094 VLAN ID barrier However, the limit of 4,094 available VLAN IDs restricts scalability, especially since an individual tenant may require multiple VLAN IDs. n Minimizes potential waste of IP addresses n Enables secure public, hybrid or private clouds Additionally, to enable IP routing, each VLAN is assigned a subnet address space or a block of addresses, potentially resulting in inefficient IP Lenovo & Emulex Advantages addressing. Assigning a block of addresses to a customer VLAN can result n Maximum flexibility from Lenovo switches’ ability to enable the in unused IP addresses. As the number of devices in a VLAN increases, the isolation and sharing of PVLAN traffic across multiple switches quantity of assigned address might be inadequate. Standard Private VLAN n Optimum 10GbE bandwidth allocation between VM, storage or (PVLAN) and Unified Fabric Port (UFP) technologies offer capabilities that backup and virtualization services (vMotion/management) from aid with security and network scaling. Lenovo 10GbE VFA adapter provided by Emulex with Unified Fabric Overview of Private VLAN and Universal Fabric Port (UFP) Technology Port (UFP) technology Private VLAN partitions a single (primary) VLAN broadcast domain into n Superior workload performance with dynamic allocation of unused or underutilized allocated bandwidth with UFP technology multiple (secondary) VLAN sub-domains while keeping existing IP subnet and Layer 3 configurations. There are three different types of standard Lenovo & Emulex Supported Products networking port designations associated with a PVLAN implementation. n Lenovo Flex System Fabric switches (EN4093R, CN4093) When used in a cloud deployment, these port designations regulate how n Lenovo Flex System compute nodes (x240, x240 M5, x280/480/880 the VMs and end devices communicate on their secondary isolated or X6) community VLANs.

n Lenovo 10GbE Virtual Fabric Adapter (VFA) provided by Emulex n Promiscuous ports belong to the primary VLAN and can communicate (CN4058S, CN4054R, CN4052) with any isolated or community port

n Community ports belong to a community VLAN and can communicate with any other community port in that particular community VLAN or Promiscuous with a promiscuous port Ports

n Isolated ports belong to an isolated VLAN and cannot communicate with either other isolated ports or community ports. It only communicates with a promiscuous port Host Host Host Host X E F A B X Isolated VLAN 101 Community VLAN 103

X X Host Host C D

Community VLAN 102 Core Router

Promiscuous Port = Primary VLAN1

vMotion P – Promiscuous Port Backup Layer 2/3 Switch Mgmt. VM I/O Lenovo EN4093R/CN4093 vPort1.1 vPort1.4 vPort2.1 vPort2.4

Emulex VFA5 10GbE Adapter PVLAN1 Trunk

Community UFP1 UFP2 UFP3 UFP4 VLANc UFP1 UFP2 UFP3 UFP4

i c – Community VLAN i i – Isolated VLAN

i c Distributed vSwitch c i

Lenovo Flex Lenovo Flex

The Lenovo UFP technology is a cost effective way to allocate, share Using this approach provides complete traffic isolation all the way and dynamically control network throughput. UFP creates a virtual down to the VM. This is a very important feature for MSPs and their interface called a vPort that appears as a physical interface to the tenants who are concerned with security. By supporting UFP with host and can intelligently adjust bandwidth allocations dynamically PVLAN trunk port technology, Lenovo and Emulex solve some of the key as traffic needs change. Instead of dropping packets when an security and bandwidth management issues associated with deploying allocated bandwidth limitation is reached, UFP reshapes the traffic large cloud networks. for lossless throughput. Use Cases This helps maximize the benefits of costly 10Gb per second (and higher) There are two different use cases that are ideal for deploying PVLAN trunk physical Ethernet network adapters by allowing multiple virtual ports and UFP technology in MSP or private and hybrid cloud deployments: connections to meet data center requirements. In this configuration, n High VM density – This use case is ideal for MSPs supporting tenants, UFP-compliant Emulex adapters and Lenovo Ethernet switches can who are hosting virtual desktop infrastructures where high volumes carve a single 10Gb Ethernet (10GbE) port into four vPorts for VM of VMs are deployed per host. In these types of deployments applications, where each vPort may be independently configured with thousands, or possibly, tens of thousands of VMs are deployed in a a different minimum and maximum bandwidth allocation. single data center. This solution is ideal because it affords the VLAN The Solution – Extend PVLANs into the hypervisor layer with UFP and IP address scaling required by these architectures. bandwidth control n Reserving host assets – This use case is ideal for large enterprise Lenovo and Emulex, an Avago Technologies Company, address the and even MSPs where a few tenants (e.g. e-mail, Web, FTP or VoIP challenge of scaling up large multi-tenant deployments by delivering application in a DMZ) are deployed across a single host based on an optimum solution, which combines UFP technologies and PVLAN an integer count of a specific host asset such as CPU core count, so trunk ports to the switches facing the host servers. PVLAN trunk the hypervisor may associate that entire asset with a specific VM. ports allow private VLANs to be extended all the way down to the For instance, a 2 socket host with the latest Intel Xeon E7-2800 distributed vSwitch. With this capability, an MSP can place a large v2 processor consisting of 15 cores per CPU might be limited to a number of VMs in secondary VLAN sub-domains (isolated & maximum of 30 VMs, where every VM is associated with a core. community), which may extend across multiple hosts but still consume only a few VLAN IDs. For example, all the VMs may be Conclusions placed into an isolated VLAN, consuming just a single VLAN ID. This Deploying large cloud architectures requires provisioning secure enables the solution to easily scale beyond 10,000 VMs without private VLANs at scales extending beyond the traditional 4,094 VLAN approaching the traditional limiting capacity of 4094 VLANs. limit. Lenovo and Emulex deliver a PVLAN solution that: In this configuration, all the traffic from the VMs on a host passes 1. Enables deployment of 10,000 or more VMs per tenants with layer 2 through a single vPort. This frees up the other three vPorts on a isolation 10GbE link, which can be allocated and bandwidth shaped for bi- 2. Provides the flexibility to span multiple host servers directional traffic flow to support hypervisor management, backup 3. Utilizes Lenovo-exclusive UFP technology to optimally allocate 10GbE and VM migration services. bandwidth with UFP-compliant VFA adapters provided by Emulex

For product information, please visit our website at www.emulex.com/Lenovo

Avago, Avago Technologies, Emulex, LightPulse and the Emulex logo are trademarks of Avago Technologies in the United States and other countries. All other brand and product names are the trademarks of their respective owners. Copyright ©2015 Avago Technologies. All rights reserved.

ELX15-2584 · 5/15