Network and network device models

The following topics describe concepts associated with various networking scenarios including virtualization.

Server and workstation networking

BMC_ComputerSystem is used to model all types of network devices, both virtual and physical. The following attributes are used to differentiate the modeling of a network device (such as the software it hosts, cards, IP addresses, and so on) from that of a server and desktop:

PrimaryCapability
CapabilityList
Category
Type
Item

The following classes are important in modeling the network information that is local to servers and workstations:

BMC_NetworkPort—represents a physical port to which a network cable is plugged, or a virtual port if the machine is virtual. BMC_NetworkPort is used to model all kinds of network interfaces, including Fibre Channel interfaces, but the most common case in the context of networking is for it to model an Ethernet port.
BMC_LANEndpoint —represents the MAC address of the port.
BMC_IPEndpoint— it is possible to bind zero or more IP addresses to any given MAC address or network port, and these IP addresses are modeled by BMC_IPEndpoint CIs.

The following diagram shows the interaction between the classes:

Server and workstation networking.png

If the server or workstation is virtual, the model is exactly the same except that the BMC_ComputerSystem and BMC_NetworkPort has the isVirtual attribute set to Yes.

Network devices

Example of a CISCO router

CISCO Sample.png

Network devices, such as physical and virtual switches, routers, firewalls, and load balancers are all modeled as instances of BMC_ComputerSystem. The instances are differentiated by using the PrimaryCapability and CapabilityList attributes. For example, a router has PrimaryCapability=4 and CapabilityList="Router". Virtual devices have the isVirtual attribute set to Yes, while physical devices have this attribute set to NULL.

Network edge connectivity topology

Networks are traditionally defined as a two-tier or three-tier hierarchical model with core, distribution, and access as constituent layers. The access or edge layer of the network is the location where end devices, such as servers, desktops, printers, and so on connect to the network. The access switch is one of the key elements in providing the end device connectivity. Usually, modeling the access or edge connectivity is sufficient for most of the network models. Network devices, such as access switches are connected to computer systems to indicate the edge switch connectivity.

The following diagram shows a switch connected to three computer systems with the relationship represented as a BMC_Dependency relationship with Name=NETWORKLINK:

Network edge connectivity topology.png

Network subnet topology

A subnet is represented by a BMC_IPConnectivitySubnet class instance. This represents a group of related BMC_IPEndpoint instances that can communicate to each other as a member of a subnet.

Subnet with three IP endpoints model

The following diagram shows a subnet having three IP endpoint addresses. Each of these IP endpoint addresses are connected to other computers in the network.

LANs and circuits between switches and hosts model

Another example of modeling LANs and circuits between switches and hosts is shown in the following diagram. The only new concept introduced in this model is that the network switch has two ports, each connected to a computer system through BMC_LANEndpoint over a LAN segment that is represented by BMC_ConnectivitySegment.

Virtualization of network devices

Network devices can be virtualized. The virtualization model for networks is similar to the server virtualization model. The virtual devices have the isVirtual attribute set to Yes while physical devices have this attribute set to No or NULL.

Two virtual routers configured on a Juniper SRX 240 physical router model

In the following diagram, two virtual routers, blue-vr and red-vr, are configured on a Juniper SRX 240 series physical router. The relationship between a virtual and physical router is modeled as BMC_Dependency with Name=HOSTEDVIRTUALSYSTEM similar to the server virtualization model.

juniper srx virtual routers.png

Virtual switches on an ESX server model

Virtual switches allow virtual machines in a single VMware ESX server to communicate with each other and with external physical networks. Virtual switches allow a virtual machine connected to it to gain access to external physical networks. Each virtual switch is modeled as a BMC_ComputerSystem with Capability List="Switch" and PrimaryCapability=5. The relationship between each of the virtual switches and the ESX physical BMC_ComputerSystem CI on which it is hosted is modeled by using BMC_Dependency with Name=HOSTEDVIRTUALSYSTEM.

Cisco 1000V switch installed on an ESX server model

A Cisco 1000V switch that is installed on the physical ESX servers is modeled similar to a virtual switch that the ESX server provides. The Cisco 1000V switch is modeled as BMC_ComputerSystem with Capability List="Switch" and PrimaryCapability=5. The relationship between Cisco 1000V and the ESX phsyical BMC_ComputerSystem CI on which it is hosted is modeled by using BMC_Dependency with Name=HOSTEDVIRTUALSYSTEM.

Redundancy of network devices

When servers are connected to routers, it is desirable to have redundancy among these routers so that a failure of one of the routers does not impact the network connectivity. To achieve a high availability network, a router redundancy solution is deployed by using Virtual Router Redundancy Protocol (VRRP) or Cisco's Hot Standby Routing Protocol (HSRP).

In following diagram, two or more routers form a redundancy group in which one of the routers is a master while others are standby. This redundancy group has a virtual IP address that all end points use instead of using each of the router's IP address. BMC_Cluster represents a redundancy group or a cluster of network devices that appear as one virtual IP address to servers and other client end points. When one of the cluster members fails, another takes over transparently to the server. The cluster represents the virtual IP and virtual MAC address. Each server uses this virtual IP address as its default gateway.

router HA configuration.png

Note

The routers taking part in redundancy can be physical or virtual routers hosted on physical routers.

Physical and virtual firewalls

A virtual firewall (VFW) can be modeled by using BMC_ComputerSystem with isVirtual=Yes, CapabilityList = Firewall, and PrimaryCapability = 10.

A physical firewall is modeled as BMC_ComputerSystem, CapabilityList=Firewall, and {PrimaryCapability=10}}. The relationship between a VFW to the physical firewall is represented by BMC_HostedSystemComponent with Name=HOSTEDVIRTUALSYSTEM as well as a BMC_Dependency relationship.

Cisco ASA 5500 with three virtual firewalls model

In a server farm with several application tiers, it is important to have a firewall for each tier to protect that tier. Virtual firewalls can be used effectively to model this. The following diagram shows how firewalls are implemented. Cisco ASA 5500 appliance, which is a physical firewall, is modeled as an instance of BMC_ComputerSystem with PrimaryCapability=10, CapabilityList=Firewall, and isVirtual=NULL.

Each security context (virtual firewall) on this Cisco ASA 5500 is modeled as a BMC_ComputerSystem with PrimaryCapability=10, CapabilityList=Firewall, and isVirtual=Yes.

A higher level business service or application that is dependent on these three firewalls.

cisco asa virtual firewall 3 tiers.png

FWSM module on Cisco 6500 model

The Firewall Services Module (FWSM) on the Cisco 6500 is modeled as software installed on the Cisco 6500 to enable firewall virtualization. Guest virtual firewalls enabled by the FWSM module are modeled as virtual firewalls and related to the underlying device similar to the preceding model.