Virtual Machine in Data Center Switches Huawei Virtual System

Similar documents
TRILL Large Layer 2 Network Solution

CloudEngine Series Data Center Switches. Cloud Fabric Data Center Network Solution

SDN, a New Definition of Next-Generation Campus Network

Cloud Fabric. Huawei Cloud Fabric-Cloud Connect Data Center Solution HUAWEI TECHNOLOGIES CO.,LTD.

TRILL for Data Center Networks

How To Manage A Virtualization Server

Non-blocking Switching in the Cloud Computing Era

Lecture 02b Cloud Computing II

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Virtualization, SDN and NFV

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Software-Defined Networks Powered by VellOS

Customer Training Catalog Training Programs IDC

Data Center Networking Designing Today s Data Center

Scalable Approaches for Multitenant Cloud Data Centers

CloudEngine Series Data Center Switches

CloudEngine Series Data Center Switches. Cloud Fabric Data Center Network Solution

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

Network Virtualization

Huawei One Net Campus Network Solution

White Paper on NETWORK VIRTUALIZATION

Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

BUILDING A NEXT-GENERATION DATA CENTER

Next Gen Data Center. KwaiSeng Consulting Systems Engineer

Trademark Notice. General Disclaimer

Extending Networking to Fit the Cloud

Securing Virtualization with Check Point and Consolidation with Virtualized Security

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

SOFTWARE DEFINED NETWORKING

VMDC 3.0 Design Overview

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

White Paper. Requirements of Network Virtualization

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

Control Tower for Virtualized Data Center Network

Network Technologies for Next-generation Data Centers

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

CloudEngine 6800 Series Data Center Switches

CON Software-Defined Networking in a Hybrid, Open Data Center

Analysis of Network Segmentation Techniques in Cloud Data Centers

Cisco Virtualized Multiservice Data Center Reference Architecture: Building the Unified Data Center

PROPRIETARY CISCO. Cisco Cloud Essentials for EngineersV1.0. LESSON 1 Cloud Architectures. TOPIC 1 Cisco Data Center Virtualization and Consolidation

How To Design A Data Centre

CloudEngine 5800 Series Data Center Switches

Global Headquarters: 5 Speen Street Framingham, MA USA P F

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

Enterprise Network Solution

Huawei Agile Network FAQ What is an agile network? What is the relationship between an agile network and SDN?... 2

Virtualizing the SAN with Software Defined Storage Networks

Building the Virtual Information Infrastructure

Network Virtualization

Relational Databases in the Cloud

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Multitenancy Options in Brocade VCS Fabrics

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Network Virtualization

STATE OF THE ART OF DATA CENTRE NETWORK TECHNOLOGIES CASE: COMPARISON BETWEEN ETHERNET FABRIC SOLUTIONS

How To Create A Network Access Control (Nac) Solution

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

CloudEngine 1800V Virtual Switch

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Private Cloud Computing

SummitStack in the Data Center

Pluribus Netvisor Solution Brief

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

1.Agile Network: SDN Concepts + 3 Architectural Innovations

Lecture 02a Cloud Computing I

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

WHITE PAPER. Network Virtualization: A Data Plane Perspective

Walmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

全 新 企 業 網 路 儲 存 應 用 THE STORAGE NETWORK MATTERS FOR EMC IP STORAGE PLATFORMS

Evolution from the Traditional Data Center to Exalogic: An Operational Perspective

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Data Center Solution V100R001C00. DC Technical Proposal. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

Manjrasoft Market Oriented Cloud Computing Platform

Using LISP for Secure Hybrid Cloud Extension

Driving Down the Cost and Complexity of Application Networking with Multi-tenancy

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Data Center Convergence. Ahmad Zamer, Brocade

Private Cloud Migration

Networking Issues For Big Data

Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015

CoIP (Cloud over IP): The Future of Hybrid Networking

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

Next-Gen Securitized Network Virtualization

White Paper. Using VLAN s in Network Design. Kevin Colo

Transcription:

Virtual Machine in Data Center Switches Huawei Virtual System

Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From the Aspect of Architecture... 5 5 VS Software Architecture... 6 6 VS System Resources... 7 7 VS Management and O&M... 8 8 VS: From the Aspect of Application Scenario... 9 9 Summary... 12 2013-03-18 Huawei confidential. No spreading without permission. Page 2 of 12

1 Introduction Virtualized applications of servers are emerging in the cloud computing era. Virtual machines (VMs) have increased the use efficiency of physical computing resources while reducing IT system operation and maintenance (O&M) costs. In addition, VM dynamic migration enhances system reliability, flexibility, and scalability. Virtual machines can be used on many network devices that function as critical network elements. This article describes the necessity of virtualizing one physical device into multiple virtual devices. Specifically, this article takes the next-generation Huawei Virtual System (VS) as an example to describe the virtual machine's architecture, application scenarios, and benefits for customers. 2 VS: From the Aspect of Virtualization Technology Cloud computing technologies virtualize IT resources. The virtualized IT resources have become similar to other household utilities such as electricity. Users can obtain the virtualized IT resources on demand. Virtualization is one of the critical cloud computing technologies. Virtualization on different layers abstracts physical resources using the virtualization technology to share or isolate cloud resources. According to analysis from International Data Corporation (IDC), after virtualization is introduced into cloud computing, resource use efficiency is increased from 15% to 80%. Various universal hardware devices are used. In addition, IT resource O&M costs are reduced by tens of times. Virtualization in the cloud computing era consists of computing virtualization, storage virtualization, and network virtualization. Similar to server virtualization and desktop virtualization, network virtualization allows users to obtain network resources on demand. Network virtualization also implements flexible service deployment and isolation, bringing great advantages for cloud network users. There are two types of network virtualization: N-to-1 and 1-to-N. In N-to-1 virtualization, multiple physical network resources are virtualized as a logical resource such as the stacking and cluster technology. In 1-to-N virtualization, one physical resource is virtualized into multiple logical resources. Typical examples of 1-to-N are channel virtualization and service virtualization. Channel virtualization has been widely used in traditional networks. Logical channels are provided over the network so that user traffic can be isolated, 2013-03-18 Huawei confidential. No spreading without permission. Page 3 of 12

controlled, and processed using various VPN, VLAN, and QinQ technologies. Multi-instance services are logically isolated using MSTP multi-process or virtual firewalls. Channel virtualization and service virtualization are partial virtualization technologies that apply to certain application scenarios. In many scenarios, network administrators have to integrate multiple virtualization technologies. Such technology integration makes network deployment and O&M complicated. To simplify virtualization, a system-level virtualization technology is required, that is, network device virtualization. This technology virtualizes the entire network device, but is not limited to certain services or channels. 1-to-N virtualization uses the same mechanism as virtual machines in data centers. 3 VS: From the Aspect of Market Driving The continuous expansion of information and communications technology (ICT) networks, particularly the data center network, has enriched network services but complicated network management. Accordingly, the ICT networks pose high requirements on network attributes such as service isolation, security, and reliability. As hardware capabilities on networks are greatly improved, multi-chassis, cluster, and distributed routing and switching system are rapidly developing. Service processing capabilities of a single physical network device continue to reach unprecedented high levels. Effectively utilizing these high levels of service processing can meet current service requirements and implement seamless network migration? The following network problems and concerns are key aspects customers face: (1) Contradiction Between High Device Investment Costs and Low Device Resource Use Efficiency The rapid development of data centers and expanded ICT infrastructure have resulted in the following disadvantages: The maintenance cost is considerably increased. The number of network devices continuously grows. The network investment cost surges. O&M costs, power consumption of devices, and space in equipment rooms keep rising. Network construction can be a slow process. To effectively cope with sharp increases in data center services during this time, customers generally select network devices with higher capacity than services actually require. As a result, the workload of current network devices is inevitably imbalanced, and in some cases the use efficiency of these devices is lowered. (2) Contradiction Between Centralized Multi-User Processing on Network Devices and Simplified Network Management, Isolation, and O&M The large expansion and centralized evolution of data centers have spurred customers to integrate services from various interior and exterior user clusters at different departments. These services are processed on data center networks in a centralized manner. Services from various user groups are often processed on the same network device. These user groups are distributed in production, R&D, and marketing departments. There are significant differences in service security, performance, and reliability of these user clusters. Each user group must have high management and isolation capabilities, and each department needs to deploy, manage, and maintain its own services independently from others. Network management personnel are challenged by how to effectively 2013-03-18 Huawei confidential. No spreading without permission. Page 4 of 12

manage and isolate user groups and how to reduce the Operating Expense (OPEX). Centralized processing of services streamlines network management. (3) Contradiction Between Centralized Multi-Service Processing on Network Devices and Reliable and Secure Service Isolation The development of next-generation data centers brings new network technologies, such as transparent interconnection of lots of links (TRILL), MAC in IP, Fiber Channel over Ethernet (FCoE), and various inter-data center connection technologies. Customers require the services processed on networks be diversified. As a result, the processing capabilities and services on data center networks are enriched. Next-generation data centers urgently need to allow network devices to independently process these services using various technologies. Critical services of customers are migrated to cloud data centers, so next-generation data centers put higher requirements on the reliability and security of network devices than traditional data centers. The market-driven network devices can provide capabilities similar to those of the virtual machine. After the virtual machine is introduced in data center switches, multiple virtualized devices can be deployed on a physical device. These virtualized devices manage various user groups and process various services. Accordingly, the device resource use efficiency is significantly increased. 4 VS: From the Aspect of Architecture The virtual machine in data center switches removes barriers between physical devices, changing physical device resources into manageable logical resources. These logical resources run transparently on a physical device platform, implementing isolation and on-demand distribution of resources. The Huawei VS is a key feature of Huawei Cloud Fabric Data Center Solution. The Huawei VS provides the technical architecture of network device virtualization, dividing multiple logical or virtual systems on the physical devices. Each VS is a virtual machine on a network device and can be independently configured, managed, and maintained. In addition, each VS is isolated from other VSs, running and processing network services independently. Data center networks process various services and serve various user groups using the VS on physical devices, implementing the following functions: Enables service isolation and improves network reliability and security. Increases device use efficiency. Reduces users' investment. Enables isolation between user groups and manages user groups. Simplifies network O&M. 2013-03-18 Huawei confidential. No spreading without permission. Page 5 of 12

To put the virtualization technology into effect, devices must be abstracted, isolated, and encapsulated. The VS architecture is built into the following modes: Abstraction The software system of physical devices is abstracted into multiple virtual machines. The virtual machine has an independent and logical control and service panel, forwarding panel, and management panel. The hardware system resources are abstracted into standardized virtual hardware to meet uses' requirements. The standardized virtual hardware includes ports, boards, memory, and central processing unit (CPU) resources. Isolation Process-level isolation is implemented between multiple virtual machines that run on the same physical device. The abstracted virtual hardware is managed as a virtual machine. Moreover, VSs do not affect each other. Encapsulation The virtual machine is encapsulated independently from the virtual context on a specific physical device. Full-service and distributed capabilities and the fine-grained, multi-process mechanism of Huawei VRPv8 are used to build system-level dynamic migration capabilities. These system-level dynamic migration capabilities enable the flexible service deployment and improvement of virtual machine reliability as well as device use efficiency. 5 VS Software Architecture The VS uses a virtual, fine-grained, elastic, and distributed architecture. The entire VS is constructed based on full-service and distributed middleware of Huawei VRPv8. Similar to Hypervisor in the server virtual machine, VS control components uniformly schedule and manage multiple VSs. The control components virtualize the control and service plane, data plane, and management plane so that each VS can independently deploy services, upload configuration files, and control network management. Furthermore, the control components enable the VS to provide physical device capabilities. The VS also uses the full-service and distributed capabilities to implement fine-grained and distributed deployment of services. For example, various VS service modules can be distributed on different boards, which substantially increases the hardware resource use efficiency. 2013-03-18 Huawei confidential. No spreading without permission. Page 6 of 12

The virtual control and service plane transmits network control protocols and processes user services. Both network reliability and secure isolation are critical. The VS can run in different processes and provides fine-grained process control. The VS uses inter-process isolation and exclusive virtual memory space to prevent control protocols and services from affecting each other. Therefore, VS service reliability and secure isolation capabilities are considerably consolidated. The fine-grained process control mechanism sharply reduces the expense of each VS, and allows a physical device to virtualize 16 VSs simultaneously. The virtual forwarding plane uses independent forwarding environments and port resources. Data traffic of each VS is separated to ensure service isolation and security. The virtual management plane sets an independent management domain for each VS. This plane ensures service isolation in user, log, and alarm management and file configuration. Each VS is able to access only its own management information, therefore ensuring the independent management capability of each VS. 6 VS System Resources Physical device hardware system resources, including ports, boards, memory, and CPU resources, are virtualized into multiple VSs. Each VS has independent hardware resources. For example, when a port is designated to a specified VS, the VS occupies the port exclusively. Such virtualization ensures isolation between VSs and simplifies VS migration in devices. To ensure system resource use efficiency, certain system resources can be shared. For example: Multiple VSs can be flexibly deployed so that they can share the same MPUs and line cards. IPv4 and IPv6 route tables as well as VLAN and VRF resources can be shared by multiple VSs. Each VS's specifications are set to ensure appropriate distribution and use of system resources. 2013-03-18 Huawei confidential. No spreading without permission. Page 7 of 12

VLAN IDs of different VSs can overlap. Two VSs can share a physical port using logic port isolation, which saves physical links and networking costs. Therefore, each VS on a physical device can use system resources on demand. 7 VS Management and O&M Key concerns of the virtual machine in data centers involve effective management and O&M of multiple user clusters. The VS control components and the virtual management plane play a significant role in VS O&M. After a VS is created, it can be independently controlled and managed in the same way as a physical device. For example, a VS can be reset and suspended, and can switch services and allocate resources based on service requirements. Services can be deployed and configurations can be delivered independently in the VS view. Only specific network administrators can perform control and management as well as service deployment in the VS. Network administrators that have not been assigned rights to access the VS are unable to perform these tasks, allowing enterprise departments to manage their services independently. Each VS has its own file systems, configuration files, logs, alarms, and network management servers, implementing independent O&M. Each VS has exclusive network management channels and isolation rights, meeting multiple user clusters' requirements for independent management and secure isolation. This network management mode is called independent management mode. Each VS is managed as an independent network element that has its own topology. To satisfy customers' various network requirements, the VS also provides the unified management mode. In this mode, each VS is uniformly managed on a physical network element and does not have its own topology. The unified management mode is applicable to service isolation. The independent management mode integrates service isolation and network isolation, while still independently managing the network. 2013-03-18 Huawei confidential. No spreading without permission. Page 8 of 12

8 VS: From the Aspect of Application Scenario The virtual machine brings in many new applications. This section describes the VS benefits in certain application scenarios. Market Driving 1: Contradiction Between High Device Investment Costs and Low Device Resource Use Efficiency Application Scenario 1: Network Node Virtualization The VS is divided by network node. For instance, when two longitudinal VSs are divided at the core layer and aggregation layer, a single physical device meets the networking requirement for two physical devices. When two horizontal VSs are divided, the number of virtualized network devices decreases by half. With the same logic topology, the VS provides the following benefits in this application scenario: Reduces the number of physical network devices and reduces O&M costs. Improves device use efficiency. Reduces the power consumption of devices such as power modules and fans, as well as auxiliary devices including equipment rooms and air conditioners. Provides consistent service and management experience. Core layer Core layer VS 1# VS 1# Longitudinal Aggregation layer VS 2# Aggregation layer VS 2# Latitudinal VS 1# VS 2# VS 1# VS 2# 2013-03-18 Huawei confidential. No spreading without permission. Page 9 of 12

Market Driving 2: Contradiction Between Multi-Service Centralized Service Processing on Network Devices and Reliable and Secure Service Isolation Application Scenario 2: Service Virtualization The VS is divided by service. There is uncertainty and risks in service pilot projects. Deploying a specific service in an independent AS can reduce possible interference with other services. As shown in the following figure, Layer 3 services are deployed in VS 1, and Trill services are deployed in VS 2. In this application scenario, after services are isolated using VS assignment, services appear to run on an independent device. In addition, service resources are protected, and isolation security is enhanced. Internet WAN Layer 3 services Trill services VS 1# VS 1# VS 2# VS 2# Layer 3 services Trill services Market Driving 3: Contradiction Between Multi-User Centralized Service Processing on Network Devices and Simplified Network Management, Isolation, and O&M Application Scenario 3: User Cluster Virtualization The VS is divided by network user cluster. For example, the VS can be divided by the following types of user clusters: User service departments including production, R&D, marketing, customer service, and network management departments User attributes including the intranet, DMZ, and extranet User types such as users in financial services, including inner office, online banking services, and credit card services. In this application scenario, the VS provides the following benefits: Network service isolation and fault isolation are enabled between user clusters, which ensures high service reliability and security. Independent network management is enabled between user clusters, which prevents information security risks. 2013-03-18 Huawei confidential. No spreading without permission. Page 10 of 12

Application Scenario 4: Multi-Tenant Application In the public cloud, VSs are assigned by VIP tenant. VSs can be assigned at the core and aggregation layers on demand. Tenants can be divided in VLANs at layers below the VS. As shown in the following figure, VS 1 serves tenant A, and VS 2 serves tenant B. Applying the VS in multi-tenant scenarios has advantages when compared to the VRF isolation mode. These advantages include flexible service deployment, simplified O&M, streamlined management, high reliability, and secure isolation. Therefore, the VS can meet VIP customers' requirements for high-quality services. 2013-03-18 Huawei confidential. No spreading without permission. Page 11 of 12

9 Summary Virtual Machine in Data Center Switches--Huawei Virtual System This article describes the significance and values of virtual machines in data center switches from the aspects of virtualization evolution, marketing driving, architecture technology, and application scenario. The Huawei VS uses new-generation virtualized architecture and provides the following functions: Helps customers to flexibly construct virtual machines in data center switches. Simplifies multi-user management. Improves service reliability and security. Makes full use of network device resources to lower customers' investment costs. Furthermore, the Huawei VS integrates with other virtualization technologies such as Cluster Synchronization Services (CSS) to separate or combine network devices on demand. The Huawei VS also provides flexible and scalable services to build data center networks into elastic and virtualized cloud networks, with the goal of assisting customers in boosting their services in the cloud computing era. 2013-03-18 Huawei confidential. No spreading without permission. Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information