From fd9e48538867df93d906498e73b162af54350989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Sch=C3=B6chlin?= Date: Fri, 13 Dec 2024 11:19:19 +0100 Subject: [PATCH] Add a diagram which illustrates the network setup (#236) --- .../network-physical-wiring.drawio.svg | 510 ++++++++++++++++++ docs/src/overview/network-vrfs.drawio.svg | 496 +++++++++++++++++ docs/src/overview/networking.md | 7 + 3 files changed, 1013 insertions(+) create mode 100644 docs/src/overview/network-physical-wiring.drawio.svg create mode 100644 docs/src/overview/network-vrfs.drawio.svg diff --git a/docs/src/overview/network-physical-wiring.drawio.svg b/docs/src/overview/network-physical-wiring.drawio.svg new file mode 100644 index 0000000000..de80b9b32d --- /dev/null +++ b/docs/src/overview/network-physical-wiring.drawio.svg @@ -0,0 +1,510 @@ + + + + + + + + + + + + + +
+
+
+ Leaf Layer +
+
+
+ + + Leaf La... + + + + + + + +
+
+
+ Spine Layer +
+
+
+ + + Spine L... + + + + + + + + + +
+
+
+ Server Layer +
+
+
+ + + Server... + + + + + + + + + +
+
+
+ Leaf 1 +
+
+
+ + + Leaf 1 + + + + + + + +
+
+
+ Firewalls +
+ and +
+ Machines +
+
+
+ + + Firewalls... + + + + + + + + + +
+
+
+ Leaf 2 +
+
+
+ + + Leaf 2 + + + + + + + + + +
+
+
+ Spine 1 +
+
+
+ + + Spine 1 + + + + + + + + +
+
+
+ Exit 1 +
+
+
+ + + Exit 1 + + + + + + + + + + + +
+
+
+ Leaf 3 +
+
+
+ + + Leaf 3 + + + + + + + +
+
+
+ Firewalls +
+ and +
+ Machines +
+
+
+ + + Firewalls... + + + + + + + + + +
+
+
+ Leaf 4 +
+
+
+ + + Leaf 4 + + + + + + + + + +
+
+
+ Spine 2 +
+
+
+ + + Spine 2 + + + + + + + + +
+
+
+ Exit 1 +
+
+
+ + + Exit 1 + + + + + + + +
+
+
+ + External +
+ Networks + +
+
+
+ + + External... + + + + + + + +
+
+
+ Exit Layer +
+
+
+ + + Exit La... + + + + + + + + + +
+
+
+ Management Leaf 1 +
+
+
+ + + Management Le... + + + + + + + + +
+
+
+ Management Leaf 2 +
+
+
+ + + Management Le... + + + + + + + + +
+
+
+ Management Spine 1 +
+
+
+ + + Management Sp... + + + + + + + + + +
+
+
+ Management Spine 2 +
+
+
+ + + Management Sp... + + + + + + + + +
+
+
+ Management Firewall 1 +
+
+
+ + + Management Fi... + + + + + + + + +
+
+
+ Management Firewall 2 +
+
+
+ + + Management Fi... + + + + + + + +
+
+
+ + metal-stack +
+ Control Plane + +
+
+
+ + + metal-stack... + + + + + + + + + +
+
+
+ Management Server 1 +
+
+
+ + + Management Se... + + + + + + + + +
+
+
+ Management Server 2 +
+
+
+ + + Management Se... + + + + + + + +
+
+
+ Server BMCs +
+
+
+ + + Server BMCs + + + + + + + + + +
+
+
+ Switch +
+ Administration +
+
+
+ + + Switch... + + + + + + + + + Text is not SVG - cannot display + + + + diff --git a/docs/src/overview/network-vrfs.drawio.svg b/docs/src/overview/network-vrfs.drawio.svg new file mode 100644 index 0000000000..a274bb0b42 --- /dev/null +++ b/docs/src/overview/network-vrfs.drawio.svg @@ -0,0 +1,496 @@ + + + + + + + + + + + + +
+
+
+ Leaf Layer +
+
+
+ + + Leaf La... + + + + + + + +
+
+
+ Spine Layer +
+
+
+ + + Spine L... + + + + + + + +
+
+
+ Exit Layer +
+
+
+ + + Exit La... + + + + + + + +
+
+
+ Server Layer +
+
+
+ + + Server... + + + + + + + + + +
+
+
+ Internet Pod +
+
+
+ + + Internet Pod + + + + + + + +
+
+
+ Data Center Pod +
+
+
+ + + Data Center Pod + + + + + + + +
+
+
+ Internet VRF +
+
+
+ + + Internet VRF + + + + + + + +
+
+
+ DC VRF +
+
+
+ + + DC VRF + + + + + + + +
+
+
+ + Firewall Tenant 1 + +
+
+
+ + + Firewall Tenant 1 + + + + + + + +
+
+
+ Internet VRF +
+
+
+ + + Internet VRF + + + + + + + +
+
+
+ Tenant 1 VRF +
+
+
+ + + Tenant 1 VRF + + + + + + + + +
+
+
+ Machine +
+ Tenant 1 +
+
+
+ + + Machine... + + + + + + + + +
+
+
+ Machine +
+ Tenant 1 +
+
+
+ + + Machine... + + + + + + + + +
+
+
+ Machine +
+ Tenant 1 +
+
+
+ + + Machine... + + + + + + + + +
+
+
+ Machine +
+ Tenant 2 +
+
+
+ + + Machine... + + + + + + + + +
+
+
+ Machine +
+ Tenant 2 +
+
+
+ + + Machine... + + + + + + + + +
+
+
+ Machine +
+ Tenant 2 +
+
+
+ + + Machine... + + + + + + + +
+
+
+ + VXLAN + +
+
+
+ + + VXLAN + + + + + + + +
+
+
+ Tenant 1 VRF +
+
+
+ + + Tenant 1 VRF + + + + + + + +
+
+
+ VXLAN +
+
+
+ + + VXLAN + + + + + + + +
+
+
+ Tenant 2 VRF +
+
+
+ + + Tenant 2 VRF + + + + + + + + + + + + + +
+
+
+ Firewall Tenant 2 +
+
+
+ + + Firewall Tenant 2 + + + + + + + +
+
+
+ Tenant 2 VRF +
+
+
+ + + Tenant 2 VRF + + + + + + + +
+
+
+ DC VRF +
+
+
+ + + DC VRF + + + + + + + + + + + + + +
+
+
+ VXLAN +
+
+
+ + + VXLAN + + + + + + + +
+
+
+ VXLAN +
+
+
+ + + VXLAN + + + + + + + + + Text is not SVG - cannot display + + + + diff --git a/docs/src/overview/networking.md b/docs/src/overview/networking.md index 0bf0850764..3cf350c310 100644 --- a/docs/src/overview/networking.md +++ b/docs/src/overview/networking.md @@ -189,11 +189,18 @@ Reference: See the [CLOS overview picture](#CLOS) | Management Server | Jump-host to access all network switches within the CLOS topology for administrative purpose. | | Management Switch | Connected to the management port of each of the network switches. | +![Physical Wiring](network-physical-wiring.drawio.svg) + +> Picture 5: This illustration shows an example of a suitable physical wiring inside a metal-stack partition. Tenant servers are organized into a layer called projects. In case those tenant servers require access to or from external networks, a new tenant server to function as a firewall is created. Leaf and spine switches form the fundament of the CLOS network to facilitate redundancy, resilience and scalability. Exit switches establish connectivity to or from external networks. Management Switch and Management Server are mandatory parts that build a management network to access the network switches for administration. To operate the CLOS topology, software defined configuration to enable BGP, VRF, EVPN and VXLAN must be set up. +![Network VRFs across the different switch layers](network-vrfs.drawio.svg) + +> Picture 6: This illustration shows the VRF tenant separation and VRF termination happening on the firewall for the tenant VRF and external network VRFs. + ### Network Operating Systems SONiC as the network operating system will be installed on all network switches (leaves, spines, exit switches) within the CLOS topology. SONiC cannot be installed on bare metal servers that require BGP/EVPN but does not have a switching silicon.