Relational Database scaling Techniques

If Master/Slave, Master/Master replication and database tuning techniques are unable to meet your growing database demand, consider one of the design mentioned below.

1. Federation
   • Splits up database by functions (Example: 3 Databases – Forums, Users & Products)
2. Sharding
   • Distribute data across different database such that each database can only manage a subset of the data (Example: User Databases by grouping First letter- Users [A-C], Users [D-F] …. Users [X-Z])
3. Denormalization:
   • Attempts to improve read performance at the expense of some write performance. Redundant copies of the data are written in multiple tables to avoid expensive joins.
   • Once data becomes distributed with techniques such as federation and sharding, managing joins across data centers further increases complexity. Denormalization might circumvent the need for such complex joins.

Note: Consider using non-relation database for non-relation or data intensive workload.

 

 

 

 

IWAN: WAN Optimization – MACH5 – Blue Coat

Things to keep in mind when designing Intelligent WAN (IWAN) to use MACH5(WAN optimizer) – Blue Coat instead of Cisco WAAS for IWAN deployment.

MACH5 configuration

• Configure MACH5 for transparent tunneling.
• Routing preference should be set to prefer transparent connections over advertised routers.
• Enable return to sender (RTS) for Inbound and Outbound requests. Inbound RTS is enabled by default, but you must enable RTS for Outbound. “return-to-sender outbound enable”.

Cisco Router configuration

• Configure WCCP IN/OUT on DMVP tunnel interface.

Loop Guard versus UDLD

Loop guard and Unidirectional Link Detection (UDLD) functionality overlap, partly in the sense that both protect against STP failures caused by unidirectional links. However, these two features differ in functionality and how they approach the problem. This table describes loop guard and UDLD functionality:

Functionality	Loop Guard	UDLD
Configuration	Per-port	Per-port
Action granularity	Per-VLAN	Per-port
Autorecover	Yes	Yes, with err-disable timeout feature
Protection against STP failures caused by unidirectional links	Yes, when enabled on all root and alternate ports in redundant topology	Yes, when enabled on all links in redundant topology
Protection against STP failures caused by problems in the software (designated switch does not send BPDU)	Yes	No
Protection against miswiring.	No	Yes

Based on the various design considerations, you can choose either UDLD or the loop guard feature. In regards to STP, the most noticeable difference between the two features is the absence of protection in UDLD against STP failures caused by problems in software. As a result, the designated switch does not send BPDUs. However, this type of failure is (by an order of magnitude) more rare than failures caused by unidirectional links. In return, UDLD might be more flexible in the case of unidirectional links on EtherChannel. In this case, UDLD disables only failed links, and the channel should remain functional with the links that remain. In such a failure, the loop guard puts it into loop-inconsistent state in order to block the whole channel.

Additionally, loop guard does not work on shared links or in situations where the link has been unidirectional since the link-up. In the last case, the port never receives BPDU and becomes designated. Because this behaviour could be normal, this particular case is not covered by loop guard. UDLD provides protection against such a scenario.

As described, the highest level of protection is provided when you enable UDLD and loop guard.

Reference Link:

http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10596-84.html

IP Fast Reroute: Loop-Free Alternates

The IP Fast Reroute: Loop-Free Alternate feature allows the Routing Protocol to reduce the routing transition time to less than 50 ms by precomputing repair paths or backup routes and installing these paths or routes in the Routing Information Base (RIB). Fast Reroute (FRR) is the mechanism that enables traffic that traverses a failed link to be rerouted around the failure.

Fast Convergence requires each and every step listed below to be fine-tuned. IP Fast Reroute: Loop-Free Alternates address RIB/FIB (step 4) update time for Fast convergence.

1. Failure detection
2. Failure propagation
3. New information process
4. Update new route into RIB/FIB

Network Topologies

In a network world whenever there is a mention of word TOPOLOGIES we always think about LAN (L2) topologies (Bus, Ring, Star etc.).  WAM (L3) topology which is foundation / building block of any stable &  fast convergence network is normally ignored.

WAN (L3) Network Topologies

Ring Topology

Any given node is connected to two nodes only.

Advantages:

• Scalable.
• Cost effective. (Minimal cost to add new node)
• New node can be added without real impact of overall network operations (if carefully planned).

Disadvantages:

• Not scalable — Increases total number of hop counts (no good for latency sensitive traffic).
• Difficult to manage QoS.
• Cannot withstand more than one link failure.
• Redundancy in any ring generally requires every link in the ring to be able to carry double the normal traffic.

Full Mesh

Each any every node is connected to each other.

Advantages:

• Best for Traffic engineering.
• Withstand more multiple link failure.

Disadvantages:

• Expensive.
• Difficult to scale.

Partial Mesh

Most partial mesh topologies are collection of interconnected rings build to match the geography of the network.

Advantages:

• Provides good balance between traffic engineering and cost.

Disadvantages:

• Uncontrolled organic growth.
• Slow convergence.
• Difficult to understand, troubleshoot and manage.

Clost Network (Spine & Leaf)

• Best for Data Center build for high density network traffic.
• East-west traffic is converted into north-south traffic.
• Nodes on the ingress and egress spines are note connected to force traffic from any devices attached to an ingress / egress to travel through the center of the spine.

Advantages:

• Ease of capacity planning.

Disadvantages:

• Careful planning required for link state protocol.

Disjoint Parallel Planes (Dual Ring Core)

In most networks where this type of topology is deployed, it is only the core which is fully disjoint.

Advantages:

• Redundancy (can withstand multiple failures).

• Ease of deployment.

Disadvantages:

• Complex.

• Costly.

Routing Timers

EIGRP

• It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match. The hold time is included in the hello packets so each neighbor should stay alive even though the hello interval and hold timers do not match.
• If you change the hello interval, the hold time is not automatically adjusted to account for this change – you must manually adjust the hold time to reflect the configured hello interval.
• The hold time is typically three times the hello interval.

**You can configure as low as 1 second hello and 3 second hold interval.

OSPF

• OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals are different, these routers will not become neighbors on a particular segment.
• The dead interval is typically four times the value of the hello interval.

**OSPF fast hello packets are achieved by using the ip ospf dead-interval command. The dead interval is set to 1 second, and the hello-multiplier value is set to the number of hello packets you want sent during that 1 second, thus providing subsecond or “fast” hello packets.

IS-IS

• Hello intervals and hold times donot have to match between IS-IS neighbors for an adjacency to form.
• By default, an IS-IS router waits 3 times the hello interval until it considers a neighbor dead. (The isis hello-interval and the isis hello-multiplier commands are changed on a per-interface basis. Timers can vary on different interfaces.)

** A faster hello interval facilitates faster convergence but increases bandwidth and CPU use. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU use.

BGP

• You can configure two BGP neighbors with different hold timers. The lowest value out of two is accepted.
• After the TCP connection is up, the routers send open messages in order to exchange values. The values that the routers exchange include the AS number, the BGP version that the routers run, the BGP router ID, and the keepalive hold time. After the confirmation and acceptance of these values, establishment of the neighbor connection occurs.
• The hold time is typically three times the keepalive interval.

**You can configure as low as 20 second keepalive and 60 second hold timer.

**Hardware base BFD is best option to use instead of routing timers for fast convergence.

BFD is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators.

Multicast Support with a Layer3 MPLS VPN

Must have

• Multicast enable VRFs on PE Routers
• Multicast domain (MDT)

The global PIM instance is used to create the MDTs used to connect mVRFs.

A multicast domain (MDT) essentially maps all customer multicast groups within a given VPN into a single unique global multicast group within the P network.

The service provider administers this global multicast group.

The mapping is achieved by encapsulating the original multicast packet in a GRE packet whose destination address is a multicast group know globally within the service provider P network, and it is associated with the given multicast domain.

Flow

1. CE router maintains PIM adjacency.
2. mVRFs is used on PE routers
3. PE router forms a PIM adjacency with any remote PE routers that hold mVRFs that belong to the same multicast domain.
4. PE to P PIM adjacency within the global PIM instance.

Carrier to Carrier’s Architecture

As a trade-off to provide connectivity for customers with large routing requirements, and as an complement to the  regular Layer 3 MPLS VPN services for other VPN or non-VPN carriers that want to obtain basic IP connectivity.

This architecture allows for the direct exchange of customer routes between their own site and the use of the Layer 3 MPLS VPN backbone as pure IP transport between these sites.

Carries Supporting Carrier (CSC) PE router

The same as a normal PE router, except that it provides MPLS-to-MPLS label forwarding rather than IP-to-MPLS label imposition, as with the normal Layer3 MPLS VPN service.

Carrier Supporting Carrier CE router

The same as a normal CE router, except that it runs a label distribution protocol with the PE router.

Because the BGP-4 next-hop address for these routers will be within the customer routing space, these address need to be exchanged with the Carrier Carrier service provider so that an end-ton-end packet forwarding path can be achieved.

There are three way to provision Inter-AS connectivity.

1. Inter-AS Back-to-Back VRFs (PE to CE concept) (known as Option A as well).
2. Inter-AS VPNv4 Exchange (using eBGP) (known as Option B as well).
3. Inter-AS VPNv4 Exchange between Route Reflectors (known as Option C as well).

Issues with Option B and Option C inter-AS solutions when connecting with regional service providers.

• Coordination of RD/RT assignments with regional service providers is complex.
• Security from label spoofing, intrusion, and DoS attacks is difficult to achieve with 100% accuracy.
• Forwarding is based on the global LFIB rather than a VRF-specific FIB and therefore is arguably more open to abuse.
• Exchange of Carrier’s IP address space would be necessary if inter-AS option C were chosen.
• Certain services such as Multicast and IPv6 are more complex to deploy.

MPLS VPN

MPLS = Multiprotocol Label Switching

MPLS provides two VPN Solutions

• Layer 2 (L2VPN & VPLS uses pseudowire technology)
• Layer 3

VPN = Virtual Private Network (Private Service over shared network)

VPN Categories

• Overlay VPN (Requires provision an individual connection from each site to every other site)
• Network based (Each site needs only connection to its locally attached PE)

The service provider needs to be able to distinguish between different customer routers. This is achieved through the creation of VPNv4 prefixes at the PE routers using extensions to BGP-4 (MP-BGP) before the routes are advertised into the core network.

VPNv4 prefixes are constructed by prepending a 64-bit route distinguisher to the IPv4 address.

A number of different formats for the route distinguisher are possible. It should be noted that the route distinguisher value may differ at each PE router, even for the same VPN, because its purpose is to uniquely distinguish IPv4 routes, not to identify a given VPN. (Different route distinguisher for the dual home site can be used for load balancing traffic when using BGP)

Layer 3 MPLS VPN services typically uses two-level label stack, the outer label in the stack corresponds to the label assigned to the IP address of the remote PE router (the BGP next ho for a given remote VPN prefix). The inner label in the stack represents the label assigned to the customer route itself by the originating (egress) PE router. This is essentially the VPN label.

EIGRP Default Delay

Interface	bandwidth (kb/s) for LAN	Delay(us)
Ethernet	10000	1000
Token ring	16000	630
Fddi	100000	100
Serial	1544	20000
Low-speed serial: WIC on 1600/2600/3600 series, sync/async interfaces on 252x, sync/async serial modules on 2600/3600, etc..	115	20000
ISDN BRI & PRI	64	20000
Dialer	56	20000
Channelized T1 or E1	n * 64	20000
Async	tty line speed	100000
Lo	8000000	5000