Download the document - Support

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Wake-on-LAN wikipedia , lookup

Distributed operating system wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Airborne Networking wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Network tap wikipedia , lookup

Storage virtualization wikipedia , lookup

Transcript
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
Virtual Machine in Data Center Switches
——Huawei Virtual System
By Liang Ru
Introduction
Virtualized applications of servers are emerging in the cloud computing era. Virtual machines
have increased the use efficiency of physical computing resources while reducing IT system
operation and maintenance (O&M) costs. In addition, virtual machines enable the dynamic
migration of computing resources, enhancing system reliability, flexibility, and scalability.
Virtual machines can be used on many network devices that function as critical network
elements.
This article describes the necessity of virtualizing one physical device into multiple virtual
devices. Specifically, this article takes the next-generation Huawei Virtual System (VS) as an
example to describe the virtual machine's architecture, application scenarios, and benefits for
customers.
VS: From the Aspect of Virtualization Technology
Cloud computing technologies virtualize IT resources. The virtualized IT resources have
become similar to other household utilities such as electricity. Users can obtain the
virtualized IT resources on demand. Virtualization is one of the critical cloud computing
technologies. Virtualization on different layers abstracts physical resources using the
virtualization technology to share or isolate cloud resources. According to analysis from
International Data Corporation (IDC), after virtualization is introduced into cloud computing,
resource use efficiency is increased from 15% to 80%. Various universal hardware devices
are used. In addition, IT resource O&M costs are reduced by tens of times.
Virtualization in the cloud computing era consists of computing virtualization, storage
virtualization, and network virtualization. Similar to server virtualization and desktop
virtualization, network virtualization allows users to obtain network resources on demand.
Network virtualization also implements flexible service deployment and isolation, bringing
great advantages for cloud network users.
2017-05-08
Huawei C onfidential
Page1, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
There are two types of network virtualization: N-to-1 and 1-to-N. In N-to-1 virtualization,
multiple physical network resources are virtualized as a logical resource such as the stacking
and cluster technology. In 1-to-N virtualization, one physical resource is virtualized into
multiple logical resources.
Typical examples of 1-to-N are channel virtualization and service virtualization. Channel
virtualization has been widely used in traditional networks. Logical channels are provided
over the network so that user traffic can be isolated, controlled, and processed using various
VPN, VLAN, and QinQ technologies. Multi-instance services are logically isolated using
MSTP multi-process or virtual firewalls. Channel virtualization and service virtualization are
partial virtualization technologies that apply to certain application scenarios. In many
scenarios, network administrators have to integrate multiple virtualization technologies. Such
technology integration makes network deployment and O&M complicated. To simplify
virtualization, a system-level virtualization technology is required, that is, network device
virtualization. This technology virtualizes the entire network device, but is not limited to
certain services or channels.
1-to-N virtualization uses the same mechanism as virtual machines in data centers.
VS: From the Aspect of Market Driving
The continuous expansion of information and communications technology (ICT) networks,
particularly the data center network, has enriched network services but complicated network
management. Accordingly, the ICT networks pose high requirements on network attributes
such as service isolation, security, and reliability. As hardware capabilities on networks are
greatly improved, multi-chassis, cluster, and distributed routing and switching system are
rapidly developing. Service processing capabilities of a single physical network device
continue to reach unprecedented high levels. Effectively utilizing these high levels of service
processing can meet current service requirements and implement seamless network
migration?
The following network problems and concerns are key aspects customers face:
 Contradiction Between High Device Investment Costs and Low Device Resource
Use Efficiency
The rapid development of data centers and expanded ICT infrastructure have resulted in the
following disadvantages:

The maintenance cost is considerably increased.

The number of network devices continuously grows.

The network investment cost surges.

O&M costs, power consumption of devices, and space in equipment
rooms keep rising.
Network construction can be a slow process. To effectively cope with sharp increases in data
center services during this time, customers generally select network devices with higher
capacity than services actually require. As a result, the workload of current network devices
is inevitably imbalanced, and in some cases the use efficiency of these devices is lowered.
 Contradiction Between Centralized Multi-User Processing on Network Devices and
Simplified Network Management, Isolation, and O&M
2017-05-08
Huawei C onfidential
Page2, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
The large expansion and centralized evolution of data centers have spurred customers to
integrate services from various interior and exterior user clusters at different departments.
These services are processed on data center networks in a centralized manner. Services from
various user groups are often processed on the same network device. These user groups are
distributed in production, R&D, and marketing departments. There are significant differences
in service security, performance, and reliability of these user clusters. Each user group must
have high management and isolation capabilities, and each department needs to deploy,
manage, and maintain its own services independently from others. Network management
personnel are challenged by how to effectively manage and isolate user groups and how to
reduce the Operating Expense (OPEX). Centralized processing of services streamlines
network management.
 Contradiction Between Centralized Multi-Service Processing on Network Devices
and Reliable and Secure Service Isolation
The development of next-generation data centers brings new network technologies, such as
transparent interconnection of lots of links (TRILL), MAC in IP, Fiber Channel over Ethernet
(FCoE), and various inter-data center connection technologies. Customers require the
services processed on networks be diversified. As a result, the processing capabilities and
services on data center networks are enriched. Next-generation data centers urgently need to
allow network devices to independently process these services using various technologies.
Critical services of customers are migrated to cloud data centers, so next-generation data
centers put higher requirements on the reliability and security of network devices than
traditional data centers.
The market-driven network devices can provide capabilities similar to those of the virtual
machine. After the virtual machine is introduced in data center switches, multiple virtualized
devices can be deployed on a physical device. These virtualized devices manage various user
groups and process various services. Accordingly, the device resource use efficiency is
significantly increased.
VS: From the Aspect of Architecture
The virtual machine in data center switches removes barriers between physical devices,
changing physical device resources into logical and manageable resources. These logical
resources run transparently on a physical device platform, implementing isolation and
on-demand distribution of resources.
The Huawei VS is a key feature of Huawei CloudFabric Data Center Solution. The Huawei
VS provides the technical architecture of network device virtualization, dividing multiple
logical or virtual systems on the physical devices. Each VS is a virtual machine on a network
device and can be independently configured, managed, and maintained. In addition, each VS
is isolated from other VSs, running and processing network services independently. Data
center networks process various services and serve various user groups using the VS on
physical devices, implementing the following functions:
2017-05-08

Enables service isolation and improves network reliability and security.

Increases device use efficiency.

Reduces users' investment.

Enables isolation between user groups and manages user groups.

Simplifies network O&M.
Huawei C onfidential
Page3, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
To put the virtualization technology into effect, devices must be abstracted, isolated, and
encapsulated. he VS architecture is built into the following modes:

Abstraction
The software system of physical devices is abstracted into multiple
virtual machines. The virtual machine has an independent and logical
control and service panel, forwarding panel, and management panel. The
hardware system resources are abstracted into standardized virtual
hardware to meet uses' requirements. The standardized virtual hardware
includes ports, boards, memory, and central processing unit (CPU)
resources.

Isolation
Process-level isolation is implemented between multiple virtual
machines that run on the same physical device. The abstracted virtual
hardware is managed as a virtual machine. Moreover, VSs do not affect
each other.

Encapsulation
The virtual machine is encapsulated independently from the virtual
context on a specific physical device. Full-service and distributed
capabilities and the fine-grained, multi-process mechanism of Huawei
VRPv8 are used to build system-level dynamic migration capabilities.
These system-level dynamic migration capabilities enable the flexible
service deployment and improvement of virtual machine reliability as
well as device use efficiency.
VS Software Architecture
The VS uses a virtual, fine-grained, elastic, and distributed architecture. The entire VS is
constructed based on full-service and distributed middleware of Huawei VRPv8. Similar to
Hypervisor in the server virtual machine, VS control components uniformly schedule and
manage multiple VSs. The control components virtualize the control and service plane, data
plane, and management plane so that each VS can independently deploy services, upload
configuration files, and control network management. Furthermore, the control components
enable the VS to provide physical device capabilities. The VS also uses the full-service and
distributed capabilities to implement fine-grained and distributed deployment of services. For
2017-05-08
Huawei C onfidential
Page4, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
example, various VS service modules can be distributed on different boards, which
substantially increases the hardware resource use efficiency.
The virtual control and service plane transmits network control protocols and processes user
services. Both network reliability and secure isolation are critical. The VS can run in different
processes and provides fine-grained process control. The VS uses inter-process isolation and
exclusive virtual memory space to prevent control protocols and services from affecting each
other. Therefore, VS service reliability and secure isolation capabilities are considerably
consolidated. The fine-grained process control mechanism sharply reduces the expense of
each VS, and allows a physical device to virtualize 16 VSs simultaneously.
The virtual forwarding plane uses independent forwarding environments and port resources.
Data traffic of each VS is separated to ensure service isolation and security.
The virtual management plane sets an independent management domain for each VS. This
plane ensures service isolation in user, log, and alarm management and file configuration.
Each VS is able to access only its own management information, therefore ensuring the
independent management capability of each VS.
VS System Resources
Physical device hardware system resources, including ports, boards, memory, and CPU
resources, are virtualized into multiple VSs. Each VS has independent hardware resources.
For example, when a port is designated to a specified VS, the VS occupies the port
exclusively. Such virtualization ensures isolation between VSs and simplifies VS migration
in devices.
To ensure system resource use efficiency, certain system resources can be shared. For
example:

2017-05-08
Multiple VSs can be flexibly deployed so that they can share the same
MPUs and line cards.
Huawei C onfidential
Page5, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL

IPv4 and IPv6 route tables as well as VLAN and VRF resources can be
shared by multiple VSs. Each VS's specifications are set to ensure
appropriate distribution and use of system resources.

VLAN IDs of different VSs can overlap.

Two VSs can share a physical port using logic port isolation, which saves
physical links and networking costs.
Therefore, each VS on a physical device can use system resources on demand.
VS Management and O&M
Key concerns of the virtual machine in data centers involve effective management and O&M
of multiple user clusters.
The VS control components and the virtual management plane play a significant role in VS
O&M. After a VS is created, it can be independently controlled and managed in the same
way as a physical device. For example, a VS can be reset and suspended, and can switch
services and allocate resources based on service requirements. Services can be deployed and
configurations can be delivered independently in the VS view. Only specific network
administrators can perform control and management as well as service deployment in the VS.
Network administrators that have not been assigned rights to access the VS are unable to
perform these tasks, allowing enterprise departments to manage their services independently.
Each VS has its own file systems, configuration files, logs, alarms, and network management
servers, implementing independent O&M.
Each VS has exclusive network management channels and isolation rights, meeting multiple
user clusters' requirements for independent management and secure isolation. This network
management mode is called independent management mode. Each VS is managed as an
independent network element that has its own topology.
VS 1#
VS 2#
Network
management
platform
VS
1#
Network
management
display view
Unified
mode
VS
2#
Independent
mode
VS 1#
VS 2#
To satisfy customers' various network requirements, the VS also provides the unified
management mode. In this mode, each VS is uniformly managed on a physical network
element and does not have its own topology. The unified management mode is applicable to
service isolation. The independent management mode integrates service isolation and
network isolation, while still independently managing the network.
2017-05-08
Huawei C onfidential
Page6, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
VS: From the Aspect of Application Scenario
The virtual machine brings in many new applications. This section describes the VS benefits
in certain application scenarios.
Market Driving 1: Contradiction Between High Device Investment Costs and Low Device
Resource Use Efficiency
Application Scenario 1: Network Node Virtualization
The VS is divided by network node. For instance, when two longitudinal VSs are divided at
the core layer and aggregation layer, a single physical device meets the networking
requirement for two physical devices. When two horizontal VSs are divided, the number of
virtualized network devices decreases by half.
With the same logic topology, the VS provides the following benefits in this application
scenario:

Reduces the number of physical network devices and reduces O&M
costs.

Improves device use efficiency.

Reduces the power consumption of devices such as power modules and
fans, as well as auxiliary devices including equipment rooms and air
conditioners.

Provides consistent service and management experience.
Core
layer
Core layer
VS 1#
VS 1#
Longitudinal
VS 2#
Aggregation
layer
VS 2#
Aggregation layer
Latitudinal
VS
1#
VS
2#
VS
1#
VS
2#
Market Driving 2: Contradiction Between Multi-Service Centralized Service Processing on
Network Devices and Reliable and Secure Service Isolation
2017-05-08
Huawei C onfidential
Page7, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
Application Scenario 2: Service Virtualization
The VS is divided by service. There is uncertainty and risks in service pilot projects.
Deploying a specific service in an independent AS can reduce possible interference with
other services. As shown in the following figure, Layer 3 services are deployed in VS 1, and
Trill services are deployed in VS 2.
In this application scenario, after services are isolated using VS assignment, services appear
to run on an independent device. In addition, service resources are protected, and isolation
reliability and security are enhanced.
Internet
WAN
Layer 3 services
Layer 3 services
VS 1#
VS 1#
VS 2#
VS 2#
Trill services
Trill services
Market Driving 3: Contradiction Between Multi-User Centralized Service Processing on
Network Devices and Simplified Network Management, Isolation, and O&M
Application Scenario 3: User Cluster Virtualization
The VS is divided by network user cluster. For example, the VS can be divided by the
following types of user clusters:

User service departments including production, R&D, marketing,
customer service, and network management departments

User attributes including the intranet, DMZ, and extranet

User types such as users in financial services, including inner office,
online banking services, and credit card services.
In this application scenario, the VS provides the following benefits:
2017-05-08

Network service isolation and fault isolation are enabled between user
clusters, which ensures high service reliability and security.

Independent network management is enabled between user clusters,
which prevents information security risks.
Huawei C onfidential
Page8, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
Internet
Data center egress zone
VS 1#
VS 3#
VS 2#
Core network zone of the
data center
Office zone
Production zone
DMZ
Application Scenario 4: Multi-Tenant Application
In the public cloud, VSs are assigned by VIP tenant. VSs can be assigned at the core and
aggregation layers on demand. Tenants can be divided in VLANs at layers below the VS. As
shown in the following figure, VS 1 serves tenant A, and VS 2 serves tenant B.
Applying the VS in multi-tenant scenarios has advantages when compared to the VRF
isolation mode. These advantages include flexible service deployment, simplified O&M,
streamlined management, high reliability, and secure isolation. Therefore, the VS can meet
VIP customers' requirements for high-quality services.
Public cloud Tenant A
Serves tenant A
VS
1#
Tenant B
VS
2#
VS
1#
VS
2#
Core layer
Tenants are mapped
to the VS.
Serves tenant B
Aggregation
layer
Tenants are mapped
to the VLAN.
2017-05-08
Huawei C onfidential
Page9, Tota l10
Virtual Machine in Data Cen ter Switches —Huawei Virtual Sy stem
INTERNAL
Summary
This article describes the significance and values of virtual machines in data center switches
from the aspects of virtualization evolution, marketing driving, architecture technology, and
application scenario. The Huawei VS uses new-generation virtualized architecture and
provides the following functions:

Helps customers to flexibly construct virtual machines in data center
switches.

Simplifies multi-user management.

Improves service reliability and security.

Makes full use of network device resources to lower customers'
investment costs.
Furthermore, the Huawei VS integrates with other virtualization technologies such as Cluster
Synchronization Services (CSS) to separate or combine network devices on demand. The
Huawei VS also provides flexible and scalable services to build data center networks into
elastic and virtualized cloud networks, with the goal of assisting customers in boosting their
services in the cloud computing era.
2017-05-08
Huawei C onfidential
Page10, Tota l10