IP Multicast in a Data Center
Data Center Architecture Overview
A dedicated VLAN is used to connect multicast sources that are not located in the front-end layer. An example multicast source that will be placed in the dedicated VLAN is a streaming media application, like an IP/TV broadcast server.
Some sources are part of another server role that may need to be located in the front-end layer. An example of a multicast source that is located in the front-end layer is Multicast Music-on-Hold (MMoH). MMoH is often deployed in a co-resident fashion with Cisco Call Manager.
The front-end layer consists of infrastructure, security, and management devices supporting the front-end server farms. The front-end layer is analogous to the traditional access layer in the campus network and provides the same functionality. The front-end server farms typically include FTP, Telnet, TN3270, SMTP, Web servers, and other business application servers. In addition, it includes network-based application servers, such as IPTV Broadcast servers, and call managers that are not placed at the aggregation layer due to port density or other design caveats.
The specific features required depend on the server and their functions. For example, if Video streaming over IP is supported, multicast must be enabled, or if Voice over IP is supported, QoS must be enabled. Layer 2 connectivity through VLANs is required between servers and service devices, such as content switches, and between servers that belong to the same server farm or subnet and are located in the same or different access switches. This is known as server-to-server communication, which could also span multiple tiers. Other features may include the use of host IDS if the servers are critical and need constant monitoring. In general, the infrastructure components such as the Layer 2 switches provide intelligent network services that enable front-end servers to provide their functions.
Cisco Catalyst switches support IGMP snooping or CGMP at Layer 2. Because IGMP snooping or CGMP (platform dependent) is enabled on Layer 2 switches by default, no multicast configuration is required at the front-end layer.
The application layer consists of the infrastructure, security, and management devices that support the application servers. Applications servers run a portion of the software used by business applications and provide the communication logic between front-end and the back-end, which is typically referred to as the middleware or business logic. Application servers translate user requests to commands the back-end database systems understand. Increasing the security at this layer is focused on controlling the protocols used between the front-end servers and the application servers.
The features required at this layer are almost identical to those needed in the front-end layer. Like the front-end layer, the application layer infrastructure must support intelligent network services as a direct result of the functions provided by the application services. However, the application layer requires additional security.
Additional security is based on how much protection is needed by the application servers as they have direct access to the database systems. Depending on the security policies, firewalls between web and application servers, IDS, and host IDSs are used. By default firewalls do not permit nor do they support multicast forwarding. Careful consideration must be given to the deployment of firewall services when multicast traffic is to be permitted across a secure boundary. It is not uncommon to deploy GRE tunneling, multicast helper, or Policy Based Routing (PBR) to support multicast across secured boundaries. These methods are difficult to deploy and troubleshoot. They also require Layer 3 intelligence in an area of the network that needs only Layer 2 features.
Cisco AVVID Network Infrastructure IP Multicast Design