HPE Aruba Central Two-Tier Data Center for Lossless Ethernet
The HPE Aruba Networking Two-Tier Data Center for Lossless Ethernet is optimized for storage traffic performance and can be configured using HPE Aruba Central or Fabric Composer (FC). The Two-Tier Lossless deployment for iSCSI uses Layer 2 multi-chassis links between a VSX pair of core switches and a set of server access switches. Link Layer Flow Control (LLFC) provides lossless operation using Quality of Service (QoS) best practices for storage traffic. The Data Center Connectivity Design guide covers additional use cases and designs. The following deployment example uses HPE Aruba Central to configure and manage the network.
Table of contents
iSCSI Deployment Overview
The HPE Aruba Networking CX switching portfolio offers a wide range of products designed for both core and access layers in the data center, providing all of the capabilities necessary for the implementation of lossless Ethernet for storage traffic. Detailed documentation is available on HPE Aruba Networking Central, including a list of supported AOS-CX switches.
The Single Point Of Connectivity Knowledge (SPOCK) database provides validated and tested compatibility information for HPE Storage components, including CX switches. Notably, the HPE Aruba Networking CX 8325 and CX 9300 series switches are SPOCK-validated and approved by the HPE Storage Networking Team.
This two-tier data center is best suited to small- and medium-size data centers with dedicated iSCSI networks. Network resiliency is provided by multi-chassis link aggregations (MC-LAGs) at both switch tiers. Well-managed data storage is a critical requirement for any organization, with emphasis on maintaining data integrity and reliability.
Primary uses for dedicated iSCSI fabrics include:
- Mid-to-large enterprise data center that requires a dedicated iSCSI network.
- Applications using iSCSI SAN for storage connectivity.
- Layer 2 fabric focusing on simplicity, redundancy and performance.
This deployment guide describes how to implement an iSCSI storage network with a Two-Tier data center architecture, and focuses on:
LLFC protocol to provide a lossless Ethernet fabric.
VLAN segmentation for iSCSI.
Redundant and highly available design using Aruba VSX and MCLAG technology.
Best practice for QoS for packet Prioritization, Classification, Queueing, Transmission and monitoring.
iSCSI Two-Tier Data Center Topology with LLFC
The following Two-Tier Data Center Lossless Ethernet design provides connectivity between iSCSI initiator hosts and target arrays. High availability is provided by a Device Mapper Multi Path (MPIO), that builds two paths between target arrays and initiator host, where each path has its own network and a single VLAN (ex., VLAN 1101,1102).
The lossless feature is provided by deploying a set of QoS components for packet prioritization, classification, queueing, and transmission. LLFC is used as a congestion control protocol. All devices in the network are configured to use, establish, or accept QoS settings to achieve a full lossless path for storage traffic. Each VSX Member manages a path to the target array in an active-active mode, governed by the MPIO feature.
Two-Tier Core Layer
The core layer provides redundant Layer 2 connectivity to downstream access switches. A VSX pair of core switches is configured with an MC-LAG to each downstream rack. All links from the core layer to the access layer for a single rack are members of the same MC-LAG, whether the rack is populated with a single switch or with a VSX-pair of access switches. MC-LAG provides network resiliency and load balancing. It also mitigates the need for loop avoidance mechanisms between the core and access layer switches. All the links are enabled with LLFC to avoid congestion for storage traffic.
Two-Tier Access Layer
The access layer provides lossless Layer 2 connectivity between downstream data center iSCSI initiators and target arrays.
With VSX pairing, the access layer provides physical switch redundancy to directly attached initiator hosts and target arrays. This model supports uninterrupted host connectivity, even when one of the ToR switches fails or a firmware upgrade is performed. Each access layer switch also is connected to each core switch. All core links across redundant access switches are members of the same MC-LAG for redundancy and loop avoidance. The initiator hosts and target arrays connected to access switches use Multi Path IO (MPIO) for high availability in place of MC-LAG.
Multi Path I/O (MPIO)
Multi Path I/O (MPIO) in enterprise storage environments provides redundancy, load balancing, and improved performance between initiator hosts and target arrays such as the HPE Alletra MP 10000. MPIO establishes multiple active physical paths between the initiator host and the target array to ensure high availability and enhances overall system availability. In addition to fault tolerance, MPIO intelligently balances I/O traffic across available paths to maximize throughput and reduce latency, making it especially beneficial for high-demand workloads such as virtualization, databases, and transactional systems. When used with iSCSI over an Ethernet trunk, MPIO complements LACP by managing I/O flows at the OS and application layer, delivering end-to-end path optimization from initiator host to target array.
In summary, to deploy a lossless network on HPE Networking CX switches, a set of QoS components should be applied for packet prioritization, classification, queueing, and transmission. The flow control protocol used in this scenario is Link Level Flow Control (LLFC). All devices in the network must be configured to use, establish, or accept QoS settings to achieve full lossless path for storage traffic. Note that initiator host interfaces and target array interfaces are 25G/100G host bus adapters. Each VSX member manages a path to the target array in an active-standby mode or active-active mode, governed by the Multi Path I/O (MPIO) feature.
iSCSI Storage (Target Array)
The target array used in this deployment guide for iSCSI connectivity is the HPE Alletra MP 10000 model. It is a next-generation, modular storage platform designed for mission-critical workloads, offering exceptional performance, scalability, and flexibility across block and file protocols including iSCSI, NVMe/TCP, and Fibre Channel. With its disaggregated scale-out architecture, it supports multi-petabyte capacity, delivers sub-millisecond latency, and integrates cloud-native management through HPE GreenLake and predictive analytics via HPE InfoSight. The system supports Ethernet trunking with VLAN tagging and LACP aggregation, for efficiency, high-throughput, and resilient connectivity to modern data center networks such as HPE Aruba CX fabrics, making it an ideal solution for virtualization, databases, hybrid cloud, and enterprise applications.
Planning the Deployment
This section provides sample values and rationale for naming and numbering schemes. Adjust values and formats as needed to accommodate specific requirements. Using a consistent approach in the physical and logical configurations improves the management and troubleshooting characteristics of a network.
Naming Conventions
Establish a switch naming convention that indicates the switch type, role, and location to simplify identification and increase operating efficiency.
Example values used in this guide:
| Switch Name | Role | Description |
|---|---|---|
| RSVDC-CORE1-1 | Core | Roseville Data Center Core Switch, VSX Pair Member 1 (primary) |
| RSVDC-CORE1-2 | Core | Roseville Data Center Core Switch, VSX Pair Member 2 (secondary) |
| RSVDC-ACCESS1-1 | Access | Top-of-Rack Access Switch in Rack 1, VSX Pair Member 1 (primary) |
| RSVDC-ACCESS1-2 | Access | Top-of-Rack Access Switch in Rack #1, VSX Pair Member 2 (secondary) |
| RSVDC-ACCESS2-1 | Access | Top-of-Rack Access Switch in Rack 2, VSX Pair Member 1 (primary) |
| RSVDC-ACCESS2-2 | Access | Top-of-Rack Access Switch in Rack #2, VSX Pair Member 2 (secondary) |
HPE Aruba Central Groups
HPE Aruba Central organizes devices in groups with common configuration elements. I a the two-tier data center architecture, the data center core and access layers share configuration elements. An HPE Aruba Central group should be created for each layer.
Example HPE Aruba Central groups used in this guide are:
- DC-RSVCORE
- DC-RSVACESS
HPE Aruba Central Sites
In addition to group membership, a device can be associated with a site that represents a physical location. Sites can be used to aggregate visibility, statistical analysis, and troubleshooting tools across switches that are members of different groups.
In this guide, all data center switches are assigned to a site named RSVDC.
IP Address Planning
Plan a consistent IP numbering scheme with values that can accommodate the current deployment size and leave room for growth. Define a range that can represent loopback addresses, IP addresses used in support protocols, and a range for data center hosts and storage arrays. It is beneficial to assign data center host subnets from a larger range of maskable IP addresses that summarizes all host subnets in the data center.
Example IP address ranges used in this guide:
| Subnet | Functional Description |
|---|---|
| 10.255.12.0/24 | Routed interface IP addresses |
| 10.250.12.0/24 | Loopback IP addresses |
| 10.12.0.0/16 | Summary range of all data center host and storage subnets |
| 10.12.101.0/24 | Example of a specific data center host/storage subnet |
| 10.12.102.0/24 | Example of a specific data center host/storage subnet |
MAC Address Planning
A Locally Administered Address (LAA) should be used when defining virtual MAC addresses for VSX and active gateway functions. This is required when configuring an Active Gateway for an SVI on a VSX pair and when configuring the system MAC address of VSX. An LAA is a MAC in one of the four formats shown below:
x2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx
The x positions can contain any valid hex value. It is helpful to create a hexadecimal representation of the associated IP address or VLAN ID using the hex positions. For more details on the LAA format, see the IEEE tutorial guide.
In this guide, VSX system MAC addresses are set to 02:00:00:00:10:xx, where xx is replaced with the rack number of the VSX pair and the core switches use a value of 00.
Active Gateway MAC address are set to 02:00:xx:xx:xx:xx, where the last four octets are assigned a hexadecimal representation of the Active Gateway IP address. For example, the IP address 10.1.101.1 results in a MAC address of 02:00:0a:01:65:01. This simple method ensures that unique MAC address are associated with Active Gateway IP addresses for troubleshooting purposes.
Table of contents
- Aruba Central Initial Configuration
- Two-Tier Core
- Two-Tier Server Access
- Two-Tier Lossless Ethernet Reference Configurations