Today, our focus is not only on Huawei's data center network product line, but also on how to build advanced end-to-end solutions based on them. Let's start with scenarios, move on to specific features supported by hardware, and finish with an overview of specific devices that can form the basis of modern data centers with the highest level of network process automation.
No matter how impressive the characteristics of network equipment may be, the possibilities of applied architectural solutions based on it are determined by how effective the mutual integration of hardware, software, virtual and other technologies associated with it can be. Trying to keep up with the times, we try to quickly offer our customers modern and promising features that often outstrip the most daring ideas of other vendors.
Cloud Fabric-based solutions include a data center network, an SDN controller, and other project-specific components, including those from other manufacturers.
The first and simplest scenario involves the use of a minimum number of components: the network is built on Huawei hardware and third-party tools to automate network management and monitoring processes. For example, such as Ansible or Microsoft Azure.
The second scenario implies that the customer is already using a virtualization and SDN system for data centers, say NSX, and wants to use Huawei equipment as a hardware VTEP (Vitual Tunnel End Point) within the existing VMware solution. On this company's website Huawei equipment that has been tested and can be used as VTEP. After all, it's no secret to anyone that, no matter how successful VXLAN (Virtual Extensible LAN) software solutions on virtual switches are, hardware implementations are more efficient in terms of performance.
The third scenario is the construction of hosting & computing class systems that include a controller, but lack any higher platform with which to integrate. One way to implement this scenario is to have a separate SDN Agile Controller-DCN. This architecture can be used by system administrators to perform day-to-day network management operations. A more advanced version of the third scenario is based on the interaction of Agile Controller-DCN with VMware vCenter, united by a certain business process, but again without a higher administration system.
The fourth scenario is noteworthy - integration with a higher platform based on OpenStack or our FusionSphere virtualization product. We register a lot of requests for such architectural solutions, among which OpenStack (CentOS, Red Hat, etc.) is the most popular. It all depends on which platform for orchestration and management of computing resources is used in the data center.
The fifth scenario is completely new. In addition to the well-known hardware switches, it includes the CloudEngine 1800V (CE1800V) distributed virtual switch, which can only be operated with KVM (Kernel-based Virtual Machine). This architecture combines the Agile Controller-DCN with the Kubernetes containerization platform using the CNI plugin. Thus, Huawei moves along with the whole world from host virtualization to operating system virtualization.
More about containerization
We have previously mentioned the CE1800V virtual switch deployed with the Agile Controller-DCN. In combination with Huawei hardware switches, they form a kind of “hybrid overlay”. In the near future, container scenarios from Huawei will receive support for NAT functions and load balancing.
An architectural limitation is that the CE1800V cannot be used separately from the Agile Controller-DCN. Also, keep in mind that one PoD of the Kubernetes platform can contain no more than 4 million containers.
Connection to the VXLAN data center network occurs via VLAN (Virtual Local Area Network), however, there is an option in which the CE1800V acts as a VTEP with the BGP (Border Gateway Protocol) process. This allows you to exchange BGP routes with the backbone network without involving separate hardware switches.
Intent-Driven Networks: networks that analyze intents
Huawei Intent-Driven Network (IDN) concept back in 2018. Since then, the company has never stopped working on networks that use cloud computing technology, big data and artificial intelligence to analyze the goals and intentions of users.
In fact, we are talking about moving from automation to autonomy. The intent expressed by the user is returned in the form of network products' recommendations on how to implement the intent. At the core of this functionality are the Agile Controller-DCN capabilities that will be added to the product to enable the implementation of the IDN ideology.
In the future, with the introduction of IDN, it will be possible to deploy network services in one click, which implies the highest degree of automation. The modular architecture of network functions and the ability to combine these functions will allow the administrator to simply specify which services need to be made available on which network segment.
To achieve this level of manageability, the ZTP (Zero Touch Provisioning) process is very important. Huawei has made significant strides in this and offers the ability to fully deploy a network out of the box.
The further installation and deployment process necessarily includes a procedure for checking the connectivity between resources (network connectivity) and assessing changes in network performance depending on its modes of operation. This stage involves running a simulation before starting the actual operation.
The next step is setting up services for the needs of the client (service provisioning) and their verification, performed by Huawei's built-in tools. Then it remains only to check the result.
It is now possible to go the entire described path with the help of a single complex mechanism based on the iMaster NCE platform, containing the Agile Controller-DCN and the eSight network element management system (EMS).
Currently, the Agile Controller-DCN is able to check the availability of resources and the presence of connections, as well as proactively (after the approval of the administrator) respond to problems in the network. Adding the necessary services is now done manually, but in the future, Huawei intends to automate this and other operations, such as deploying servers, configuring networks for storage, etc.
Service chains and microsegmentation
The Agile Controller-DCN is capable of processing Net Service Headers (NSH) contained in VXLAN packets. This comes in handy for creating service chains. For example, you intend to send certain kinds of packets along a route different from that offered by the standard routing protocol. Before leaving the network, they must pass through some device (firewall, etc.). To do this, it is enough to configure a service chain containing the necessary rules. Due to such a mechanism, it is possible, for example, to configure security policies, but other areas of its application are also possible.
The diagram clearly shows the operation of RFC-compliant service chains based on NSH, as well as a list of hardware switches that support them.
Huawei's service chain capabilities are complemented by micro-segmentation tools, a network security technique that isolates security segments down to individual workload elements. Bypassing the bottleneck of Access Control Lists (ACLs) is helped by not having to manually configure a huge number of ACLs.
Intelligent operation
Turning to the issue of network operation, one cannot fail to mention another component of the iMaster NCE umbrella brand - the intelligent network analyzer FabricInsight. It provides ample opportunities for collecting telemetry and information about data flows in the network. Telemetry is collected using gRPC and accumulates data on passed, buffered and lost packets. The second large array of information is aggregated using ERSPAN (Encapsulated Remote Switch Port Analyzer) and gives an idea of the data flows in the data center. In fact, we are talking about collecting TCP headers and the amount of information transmitted during each TCP session. You can do this using various Huawei devices - their list is presented in the diagram.
SNMP and NetStream are also not forgotten, so Huawei uses both old and new mechanisms in order to move from a network as a "black box" to a network that we know literally everything about.
AI Fabric: Lossless Smart Grids
The AI Fabric features supported by our hardware are designed to turn Ethernet into a high performance, low latency, no packet loss network. This is necessary to implement the main scenarios for deploying applications in the data center network.
In the diagram above, we see the problems that there is a risk of encountering when operating the network:
- packet loss;
- buffer overflows;
- the problem of optimal network loading when using parallel links.
Huawei equipment implements mechanisms to solve all these problems. For example, at the chip level, a technology of virtual incoming queues is implemented, which at the same time does not allow blocking at the input (HOL blocking).
At the protocol level, the Dynamic ECN mechanism operates - dynamic buffer size change, as well as Fast CNP - fast sending packets of messages about a problem in the network to the source.
Equalize flows и Support for Dynamic Packet Prioritization (DPP) technology helps, which consists in placing short fragments of data from different streams into a separate high-priority queue. Thus, short packets are better able to survive long, heavy streams.
Let us clarify that for the effective operation of the above mechanisms, they must be supported directly by the equipment.
All these functions are applied in one of three scenarios for using Huawei equipment:
- when building artificial intelligence systems based on distributed applications;
- when creating distributed data storage systems;
- when creating systems for high performance computing (HPC).
Ideas embodied in hardware
After discussing typical scenarios for using Huawei solutions and listing their main features, let's move on to the hardware.
CloudEngine 16800 is a platform that provides for operation over 400 Gb / s interfaces. Its characteristic feature is the presence, along with the CPU, of its own forwarding chip and an artificial intelligence processor, which is necessary to implement the capabilities of AI Fabric.
The platform is made according to the classic orthogonal architecture with a front to back airflow system and comes with one of three types of chassis - 4 (10U), 8 (16U) or 16 (32U) slots.
The CloudEngine 16800 can use several types of line cards. Among them are both traditional 10-gigabit, and 40-, as well as 100-gigabit, including completely new ones. Cards with 25 and 400 Gb/s interfaces are planned for release.
As for ToR (Top of rack) switches, their current models are indicated on the timeline above. Of greatest interest are the new 25 Gigabit switches, 100 Gigabit switches with 400 Gigabit uplinks, and high-density 100 Gigabit switches with 96 ports.
Huawei's main fixed-configuration switch is currently the CloudEngine 8850. It should be replaced by the 8851 model with 32 100Gb/s interfaces and eight 400Gb/s interfaces, as well as the ability to split them into 50, 100, or 200Gb/s .
Another fixed-configuration switch, CloudEngine 6865, remains in the current Huawei product line. It's a proven workhorse with 10/25Gbps access and eight 100Gbps uplinks. In addition, it also supports AI Fabric.
The diagram shows the characteristics of all new models of switches, the appearance of which we expect in the coming months, or even weeks. Some delay in their release is due to the situation around the coronavirus. Also, the issues of sanctions pressure on Huawei are still relevant, however, all these events can only affect the timing of the premiere.
To learn more about Huawei solutions and applications, please subscribe to our webinars or contact Huawei directly.
***
As a reminder, our experts regularly host webinars on Huawei products and the technologies they use. A list of webinars for the coming weeks is available at .
Source: habr.com