The Aruba 8400 Switch is the Future of Enterprise Core Switching

  1. Lofty Goals for The Campus Core: Aruba 8400 Series and OS-CX
  2. Moving beyond the CLI with Aruba 8400 (Enabling SDN for NetOps)
  3. Diving Into Design With The Aruba 8400
  4. Designing a Campus Switch with a “Carrier-Grade” Mindset
  5. The Aruba 8400 Switch is the Future of Enterprise Core Switching

Aruba, a Hewlett Packard Enterprise company, just released a new programmable core/aggregation switch, purposefully designed for the mobile-cloud and IoT era. Their “game-changing” claims are not unfounded. The new Aruba 8400 (http://www.arubanetworks.com/aruba-8400/) Core and Aggregation chassis switch not only changes the game for the Aruba campus switching product line, it opens a frontier to new ways we interact with core switching hardware.

In case you’re unfamiliar, Aruba (http://www.arubanetworks.com/) is a Hewlett Packard Enterprise company focused on “mobile first” solutions. Supporting the mobile-first strategy is a full range of networking solutions, including wireless, switching, analytics, security, sensors, and a variety of software suites that bring it all together. Aruba’s annual Atmosphere conference is one of the most favorites of conferences in the networking industry, complete with full training programs, events, expos, and plenty of nerdery.

Introducing the Aruba 8400 Switch

Switching infrastructure (http://www.arubanetworks.com/products/networking/switches/) is not new to Aruba; their product line historically has spanned the access layer up to the distribution layer, including PoE+, Multi-gigabit Ethernet, wire-speed 1/10/40G, stacking, and the full gamut of switching capabilities to be expected in any Enterprise. However, one area they hadn’t focused was the core of the network.  With customers wildly pleased with the Aruba product line, wireless and wired, the next logical integration would be at the network’s center – its core. The 8400 has all the traditional core features you would expect, both hardware and operations, plus some!

About the Hardware

The Aruba 8400 (http://www.arubanetworks.com/aruba-8400/) is a modular chassis Ethernet switch, weighing in at 8RU, 26” in depth and 240lbs. It sports 8 Line card slots, 3 fabric card slots, 2 management slots, 4 PSUs and a whopping 18 fan modules. From a performance perspective, we’re looking at 1.2Tb/s forwarding (ingress and egress) per slot, with a max up to 19.2 Tbps switching capacity. Management modules are redundant, serving as the centralized control plane and providing the system with HA at 99.999% availability.

As of this writing, three interface modules are available, all of which are hot-swappable:

  • 32-port 10G Ethernet with MACSec
  • 8-port 40G Ethernet
  • 6-port 40/100G Ethernet

The Aruba 8400 is a high-speed fully distributed architecture, with centralized control plane and distributed data plane. All cards have multiple discrete sensors read by the management modules (MM), placing reliance on the cards without dependency on the chassis. All fabric cards are situated behind the fan trays but are serviceable without impacting the system. Each line card has a direct orthogonal connection to the fabric cards, which is not just for ease and modularity, but for speed and performance. For a deeper dive into the hardware design, be sure to read the articles “Diving Into Design with the Aruba 8400” by John Herbert (http://gestaltit.com/exclusive/mrtugs/diving-design-aruba-8400/) and “Lofty Goals for The Campus Core: Aruba 8400 Series and OS-CX” by Brandon Carroll (http://gestaltit.com/exclusive/brandoncarroll/lofty-goals-campus-core-aruba-8400-series-os-cx/).

About the Software

The Aruba 8400 (http://www.arubanetworks.com/aruba-8400/) shines when it comes to the Operating System. ArubaOS-CX is a brand-new Operating System, purpose-built for the new 8400 platform, and likely the go-forward strategy for many future products. This Operating System is rooted in a philosophy Aruba adopted in early development:

Create a modern Network Operating System leveraging existing cloud architecture best practices and twenty years of networking protocol implementation. It should be database-driven, leveraging Linux, fully programmable, resilient, and supportable.

They did just that.

ArubaOS-CX (http://community.arubanetworks.com/t5/Aruba-Unplugged/ArubaOS-CX-A-Modern-Programmable-Network-for-the-Mobile-and-IoT/ba-p/304372) is database-driven. What? Databases? This concept was something I had not thought about previously, but it makes perfect sense, and here is why. The entire current state of the system, including configuration, statuses, statistics, internal happenings, are all in a database. This database is the single source of truth, meaning that agents of the system must interact with the database and not directly with each other outside of it. A database-driving software architecture provides modularity, extensibility, modeled programmability, and ease of syncing when failures are detected.

Linux is the kernel of choice for OSS, interoperability, security, and extensibility. With Linux-based ArubaOS-CX, customers are confident in the capabilities and longevity of their network operating system, always moving forward, never left behind. For each physical interface, there is a corresponding Linux kernel interface. One interesting aspect of ArubaOS-CX is the fact that you can hop right into the Linux shell and run actual Linux commands against the system.  Indeed, you can even install your own agents, software, or code directly into Linux, leveraging the local storage and full capabilities of the OS. An honest warning – things may be a bit awkward with Support if your Core breaks because the code you installed corrupted the system.

Three letters:  A-P-I.  Yes, ArubaOS-CX is fully programmable, including a beautifully documented REST API guide for programming anything and everything on the system. Everything in the database, including historical data, is available and exposed via REST. This is an exciting shift the industry has long desired, and I’m not the only one excited(http://gestaltit.com/exclusive/cxi/moving-beyond-cli-aruba-8400-enabling-sdn-netops/).

You can also absolutely interact with the 8400 via an intuitive, declarative, and familiar CLI, or via a Web UI. ArubaOS-CX lets you test configurations in a virtualized environment before committing to the device and includes automatic history with an easy rollback to any point in time.

Visibility & Analytics

Now that we’ve paved the parking lot and erected the building let’s take a look at some of the innovative things you can do inside. With the Aruba 8400 (http://www.arubanetworks.com/aruba-8400/) switch running ArubaOS-CX, advanced network analytics are integrated for ultimate visibility and augmented troubleshooting.

Have you ever received a phone call or support ticket stating something wasn’t working and can you ‘check the network’? By the time you’re able to log into the devices, if there was a problem, it’s not evident any longer as the system is clean and logs have already rolled over. Maybe you check your monitoring solution which sadly only uses SNMP and may have missed any events not explicitly configured to send traps.  Either way, the network looks fine, but is it? Aruba introduces on-box, real-time, and historical data to everything going on in the system, which means you have actual, granular access to telemetry data, either via CLI, Web UI, or API. The software will crunch this data and turn it into accessible and actionable insights, meaning you have less to analyze and can promptly get an accurate assessment.

Aruba didn’t stop there. This product is already advanced enough for segmented telemetry and detailed, granular analysis of the system on-box, so why not have the system do additional work for us to troubleshoot the issue? Enter the Aruba Network Analytics Engine.

Network Analytics Engine

The Network Analytics Engine (NAE) is an automated root-cause analysis solution baked right into the software, included as a part of the product solution when you buy an Aruba 8400 switch. We’re talking about policy-based active monitoring, automatic correlation to events, programmatic troubleshooting for preventative and faster discovery or resolution. The system literally monitors itself.

Take the example of some “issue” reported that you need to investigate in some part of the network. You’d typically check monitoring systems and likely end up logging into the device to issue a series of commands, maybe checking general system health, routing behaviors, interface statistics, possibly some pings or traceroutes for testing connectivity, perhaps some queues or counters, you name it. This process can be tedious, time-consuming, and by the time you get to it, possibly too late.

With Network Analytics Engine, you can automate this troubleshooting using Python and the Network Analytics Engine (NAE) Agents built into the system. The NAE run in an LXC libvirt container with access to system resources. The NAE Agents have full access to the databases mentioned early, meaning visibility to the configuration, protocol state, and network statistics. These Agents assist with automating troubleshooting by monitoring and triggering on anomalies, correlating events with configuration changes, even capturing details about systems external to the switch using probes. The intent is that the NAE Agent is essentially a programmable network technician sitting right in the box, helping you out before you get there.

The NAE Agent scripts are built in Python and loaded onto the platform. The scripts can run commands (CLI and Bash), set alert levels, generate syslog messages, make configuration changes, probe external systems, make outbound REST calls, and much more. An isolated sandbox allows you test the script before activating. Even handier, a Web UI page is automatically generated for each NAE agent script, meaning when you pull up HTTPS on the Aruba 8400, you can have a dedicated page for monitoring the analytics scripts.

NAE scripts can be built from scratch, or downloaded from the Aruba Solution Exchange (ASE) (https://ase.arubanetworks.com/), GitHub, or the Airheads community. ASE is the primary script portal, and GitHub is the developer portal where you can fork scripts to make modifications or enhancements. The scripts on the Aruba Solution Exchange are fully supported by Aruba Technical Support, which means you can install and operate in your production network with confidence.

During a presentation and NFDx (http://www.arubanetworks.com/nfdx), Aruba demonstrated a practical use case for automated DHCP monitoring and RCA. This NAE agent Python script performs a series of checks upon detection of a DHCP issue. It knows potential issues such as configuration errors, inoperable DHCP relays, address pool exhaustion, resource issues, network latency, blocked ports, and check each of these via a series of actions. The results are immediately available, which leads to ridiculously fast troubleshooting and resolution.

Closing Thoughts

The core of your network is pivotal for operations, and as such, should be highly resilient, extensible, open, programmatic, and intelligent enough to put in work for you so you can focus on more important tasks.  I wasn’t overly excited when I first heard that Aruba, a Hewlett Packard Enterprise company, announced a new core switch because I’m used to the traditional Enterprise core switches from vendor A and vendor B which haven’t provided substantial innovation in this space for quite some time. After reviewing the new Aruba 8400 (http://www.arubanetworks.com/aruba-8400/) running ArubaOS-CX, with the Network Analytics Engine, I’m all on board for this platform. Improved network resilience, actionable insights, automated network and application troubleshooting, deep visibility and analytics set this apart from the competition. If the core or aggregation layer of your network is ripe for modernization, make sure to include the Aruba 8400 in your bake-off.

About the author

David Varnum

David Varnum is Network and Data Center engineer, architect, consultant and blogger. CCIE DC #45880. His focus is adapting business strategies with emerging enterprise developments in data center, security and virtualization realms. Prior to his current role, he served as lead engineer and consultant in both private and public sectors. David holds his CCIE in Data Center and is an MCSE+ and VMware Certified Professional. A Cisco Champion, he also blogs at overlaid.net and blogs.cisco.com

1 Comment

Leave a Comment