Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks
Size: px
Start display at page:

Download "Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks"

Transcription

1 Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks HUAWEI TECHNOLOGIES CO., LTD.

2 Contents Server Virtualization Challenges in Data Center Networks Huawei VM Aware Solution Implementation Huawei VM Aware Solution Deployment HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 2

3 Mass Application of Server Virtualization in the Cloud Computing Era 69% of workloads virtualized by VM density per core rising to 8.4 in % VMware growth over last three years 3 76% of enterprises pursuing private cloud strategy by IDC, 2011, Market Analysis Perspective: Worldwide Datacenter Trends and Strategies. 2. IDC, WW Server Virtualization Shipment Forecast, VMware published financial reports. 4. Thomas Bittman, Gartner Data Center Conference % 70% 60% 50% 40% 30% 20% 10% 0% WW installed workloads (Virtualized) 65% 69% 59% 51% 42% 33% 22% 9% 14% HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 3

4 Server Virtualization Challenges for Data Center Networks (Operation and Maintenance) Confusion of management responsibilities The vswitch is embedded in the server, which is managed by the system administrator. The vswitch is also a switch, managed by the network administrator. Who should manage the vswitch? How do the system administrator and network administrator cooperate to complete VM network configuration? Difficulty in locating VM faults The VM position is related to its access switch because of VM mobility. VSwitch Hypervisor VM1 VM2 VM3 Server 1 VM migration VSwitch Hypervisor VM7 VM2 VM9 Server N The network administrator cannot locate VM faults, network faults, or traffic exchange between VMs. Dynamic migration of network configuration How does the network configuration migrate accordingly as the VM migrates? VM Complicated policy control The vswitch cannot provide policy control. Implementing policy control on the vswitch causes high CPU resource consumption. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 4

5 Server Virtualization Challenges for Data Center Networks (Forwarding) VM traffic forwarding implemented by software switch Intelligent network adapter implements switch functions Access switch performs loopback forwarding Advantage Disadvantage Mature TOR switch Consumes CPU resources Advantage Disadvantage High performance TOR switch Interworking problem Advantage Disadvantage High performance Unified management TOR hardware needs to be upgraded to support forwarding models. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 5

6 Contents Server Virtualization Challenges in Data Center Networks Huawei VM Aware Solution Implementation Huawei VM Aware Solution Deployment HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 6

7 Server Virtualization Solutions Confusion of management responsibilities Difficulty in locating VM faults Dynamic migration of network configuration VM complicated policy control Network administrator manages network configuration Visualized virtual resources Visualized VM traffic VM migration detection Access switch performs VM network policy control The ncenter is used for configuring vswitches. The network administrator learns the vswitch/vm topology. In-band mode: VDP Out-of-band mode: vcenter notification 802.1Qbg: VEPA 802.1BR: Port-Extension HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 7

8 Data Center Standards for Server Virtualization 802.1Qbg 802.1br 802.1Qbg defines forwarding, discovery, and configuration mechanisms for server virtualization. Many vendors including HP and IBM have participated in development of 802.1Qbg br defines that the virtual interface implements centralized forwarding and control using external switches. This standard was originally called 802.1Qbh and is promoted by Cisco. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 8

9 Forwarding Control Solutions Software switch implementing forwarding VEB defined in 802.1Qbg Intelligent network adapter implementing switch functions VEB defined in 802.1Qbg Access switch providing looback forwarding VEPA defined in 802.1Qbg Visualized VM traffic Network policy control To collect traffic statistics, create a VM in the physical server to provide the probe function. It is difficult to implement traffic control and ACLs. The hardware supports traffic control and there are few ACLs. The traffic statistics are collected on the access switch. The access switch implements traffic control and ACLs. Huawei VM aware solution supports three forwarding models. Huawei recommends the loopback forwarding mode on access switches to meet the requirements for traffic management and control. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 9

10 Access Switch Performs Loopback Forwarding Access switch 2 Access switch VEPA 1 3 VEPA VM1 VM2 VM3 VM4 VM5 VM6 VM1 VM2 VM3 VM4 VM5 VM6 VM1 and VM3 belong to the same VLAN. The traffic sent from VM1 to VM3 is looped back by an access switch. Security policies are deployed on access switches and do not affect forwarding performance. VM1, VM3, and VM5 belong to the same VLAN. The access switch replicates broadcast packets sent by VM1 to interfaces in the VLAN and sends a copy to vswitches. The vswitches replicate the broadcast packets to other VMs in the VLAN. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 10

11 VM Aware Solution: In-Band Management Obtain policy CAS VDP VSI Manager Policy DC backbone network CAS VDP vcenter Policy The administrator creates a network policy of the specified VSI type on the VSI manager. The vcenter queries the VSI type and policy information on the VSI manager. The vcenter configures VM and VSI information on vswitches. The vswitches advertise the VSI type to the access switch using VDP defined in 802.1Qbg. The access switch queries the network policy with a specified VSI type on the VSI manager and completes network policy configuration. VMM APP OS VMM APP OS The vswitch advertises VM information to an access switch using VDP, so this solution is called in-band management Qbg is not launched into commercial use. VM platforms and switches in industry do not support VDP Qbg does not define the interfaces connected to the vcenter. The VSI manager provides interfaces based on the virtual machine platforms. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 11

12 VM Aware Solution: Out-of-Band Management Obtain policy ncenter vcenter The administrator creates a network policy for a specified port profile on the ncenter. The ncenter sends port profile information to the vcenter. The vcenter configures VM information and network policy on the vswitch. Policy DC backbone network Policy The ncenter obtains the relationships between VMs and vswitches and topology information from the vcenter to determine the connected access switch port. The ncenter delivers VM information to the access switch. The access switch then queries the VM network policy on the ncenter and completes network policy configuration. VMM APP OS VMM APP OS VM information is obtained from the vcenter, so this solution is called out-of-band management. Different VM platforms use different APIs, so the ncenter needs to adapt to various APIs. New protocols do not need to be developed on VM platforms. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 12

13 VM Aware Solution Selection: In-Band or Out-of-Band Management Inband management Out-of-band management Obtain policy VSI Manager Policy DC backbone network vcenter Policy ncenter Policy Obtain policy DC backbone network vcenter Policy CAS CAS VMM VMM VMM VMM APP APP APP APP OS OS OS OS Disadvantage Disadvantage 802.1Qbg is not launched into commercial use. VM platforms and switches in industry do not support VDP. Advantage Advantage The out-of-band management solution is compatible with all VM platforms. New protocols do not need to be developed on VM platforms. Disadvantage 802.1Qbg does not define the interfaces connected to the vcenter. Disadvantage There is no standard for the configuration of the interface used by the switch to obtain the configuration from the ncenter. The out-of-band management solution is highly mature and compatible, and supports dynamic VM management. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 13

14 VM Aware Solution Selection: Choose the Interface that Obtains the Network Policy from the ncenter Low-speed management interface High-speed RADIUS interface ncenter Netconf /SNMP/CLI vcenter ncenter ncenter Policy VMM DC backbone network Policy VMM The VM online rate determines interface selection. Policy VMM DC backbone network Migration Policy VMM APP OS Migration APP OS APP OS APP OS Busy physical server N servers Idle physical server Concurrent online rate = (N/2) x 4 / 3 x 60 N: Physical server quantity 2: VMs on half of busy servers migrate to half of idle servers. 4: Each server can migrate four (tested data, limited by bandwidth and CPU capability) VMs to other servers. 3 x 60: Migration of each VM requires 3 minutes. If there are 10,000 servers, the concurrent online rate is 111 p/s. VM online rate calculation model Netconf: Less than 20 VMs go online every second. Radius: 200 VMs go online every second. Resource pools require dynamic VM scheduling and RADIUS can deliver VM policies at a high rate. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 14

15 VM Aware Solution 1 The VM needs to migrate to a new physical server. ncenter Network management center 2 4 VM2 in physical server 1 needs to migrate to physical server 2 because of service adjustment. 2 The vcenter and ncenter exchange information. The vcenter provides VM migration information to the ncenter. 3 The vcenter delivers a policy. 3 Server 1 Server 2 The vcenter generates a policy on the original server where the VM is deployed and delivers the policy to the corresponding vcenter VM management center Hypervisor VM 1 VM 2 1 Hypervisor VM 3 VM 2 physical server. 4 The ncenter delivers a policy. The ncenter generates a network policy on the original VM and delivers it to the access switch connected to physical server 2, the VM migration destination. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 15

16 VM Aware Solution: Topology Management 1 Physical TOPO: LLDP Standard protocol discovery TOR 2 TOR->vSwitch TOPO: LLDP/CDP/Static configuration TOR TOR TOR LLDP LLDP CDP Static configuration EOR vswitch vswitch vswitch LLDP Gateway 3 vswitch->vm: The vcenter uses an API to obtain mapping between vswitches and VMs. vswitch vcenter API 4 ncenter manages the entire network topology: automatic network deployment basis TOR 3 Gateway 1 EOR 1 2 VM vswitch VM HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 16

17 VM Aware Solution: Policy Management VM policy concept VM policies include static and dynamic policies. Static policies include VLANs, ACLs, and QoS. Dynamic policies include DHCP snooping and MFF. Policy management Before the VM starts, the network administrator configures a policy profile on the ncenter. The ncenter sends the policy to the vcenter, which is displayed as a PortGroup. When creating a VM on the vcenter, the server administrator binds the VM to the policy profile and notifies the ncenter of binding. The ncenter traces and maintains the binding. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 17

18 VM Aware Solution: VM Aware (VM Creation) The network attribute profile of the VM is created on the ncenter. 2 The ncenter sends the network attribute profile to the vcenter. 3 The vcenter creates and starts a VM and configures network attributes on the vswitch. ncenter Network management center The ncenter detects VM login through the vcenter and saves the binding between the VM and the policy profile. 2 5 The ncenter instructs the VM in the TOR switch to go online using the netconf action mechanism. Online information includes the VM MAC address, VLAN ID, and policy profile ID. 4 vcenter VM management center 3 Server 1 Server 2 Hypervisor VM 1 VM 2 Hypervisor VM 3 VM 2 6 The TOR switch requests a VM policy, including ACL and QoS, from the ncenter through RADIUS. 7 The RADIUS server in the ncenter sends a response with the VM policy to the TOR switch. The TOR switch resolves the VM policy from the response. 8 If the VM requests an IP address using DHCP, after the TOR switch obtains the VM IP address using DHCP snooping, the TOR switch sends the VM IP address to the RADIUS server in the ncenter to be saved. * If a VM uses a static IP address, it is recommended that DHCP be used to request an IP address. In addition, assign a fixed IP address matching the VM match address. This is because DHCP snooping can be used to dynamically migrate security policies. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 18

19 VM Aware Solution: VM Migration ncenter 5 9 Network management center The vcenter initiates VM migration. 2 VM migration starts. 3 The vcenter notifies the ncenter that migration starts through the API. 4 The ncenter instructs the VM in the destination TOR switch to go online. Online information includes the VM MAC address, VLAN ID, and policy profile ID. 3 5 The destination TOR switch requests a VM policy such as ACL, QoS, and DHCP binding table from the ncenter through RADIUS. 7 1 Server 1 Server 2 6 The RADIUS server in the ncenter sends a response with the VM policy to the destination TOR switch. The destination TOR switch resolves the VM policy from the response. vcenter VM management center Hypervisor VM 1 VM 2 2 Hypervisor VM 3 VM 2 7 The vcenter notifies the ncenter that migration is complete through the API. 8 The ncenter notifies the originating TOR switch that the VM has gone offline. 9 The originating TOR switch deletes the local policy and requests the RADIUS server to update the user status through the RADIUS notification interface. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 19

20 VM Migration Process: Topology Before Migration VM Purple to be migrated The VM is located on the physical server ( ), connected to access switch 38. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 20

21 VM Migration Process: Initiating Migration in the vcenter Move the VM Purple from to Status: start HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 21

22 VM Migration Process: Viewing the Migration Progress in the vcenter Move the VM Purple from to Status: migration complete HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 22

23 VM Migration Process: Topology After Migration VM Purple has been migrated to the physical server ( ) connected to access switch 40. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 23

24 VM Migration Solution Specifications Supports virtualized management platforms: VMware Static configuration and automatic deployment of VLANs, ACLs, and QoS policies Built-in high-performance RADIUS server in ncenter that allows 200 VMs to go online every second Network topology collection and display including vswitch topology Dynamic configuration and automatic deployment of DHCP snooping and MFF Manages a total of 20,000 VMs, vswitches, and physical switches HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 24

25 VM Migration Solution Highlights Topology discovery Centralized management Intelligent configuration delivery On-demand resource allocation Automatic topology collection and update Centralized management of the physical network and virtual networks Automatic generation of network policies and automatic delivery of network configuration Real-time network resource monitoring and reclaiming HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 25

26 Contents Server Virtualization Challenges in Data Center Networks Huawei VM Aware Solution Implementation Huawei VM Aware Solution Deployment HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 26

27 VM Aware Deployment Network Management center vcenter is the center for managing VMs. ncenter is the network management center. ncenter Network management center vcenter and ncenter are deployed at the management center of the data center. Perform basic configurations on switches: establish VLANs or a TRILL network, enable LLDP, and establish management channels. Enable VM awareness on TOR switches. Hypervisor VM 1 VM 2 Hypervisor VM X VM Y vcenter VM management center Configure VM network profiles in the ncenter. Configure mapping between the ncenter and the vcenter. Server Perform VM creation and migration in the vcenter. HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 27

28 VM Aware Deployment: Centralized Management Through the Cloud Service Management Center Network Management center Add the CloudCenter. Perform basic configurations on switches: establish VLANs or a TRILL network, enable LLDP, and establish management channels. ncenter Network management center Enable VM aware on TOR switches. Configure VM network profiles in the ncenter. Hypervisor VM 1 VM 2 Hypervisor VM X VM Y vcenter VM management center CloudCenter Cloud service management platform Configure mapping between the ncenter and the vcenter. Perform VM requests and expansion in the CloudCenter. The CloudCenter then invokes the vcenter and ncenter to complete VM deployment. Server HISILICON HUAWEI TECHNOLOGIES SEMICONDUCTOR CO., LTD. Page 28

29 Huawei Enterprise A Better Way

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information