A Primer for Smarter Networks

The Next Generation Network Architecture with H3C’s SDN, NFV & Overlay

Mobile Internet and applications have made major strides in recent years. Cloud computing, virtualization and big data have become hot trends, but at the same time created countless problems:

• Network scale grows and becomes increasingly difficult to maintain and manage.

• Network provisioning becomes more dynamic and requires flexibility and expansion that existing networks can’t deliver.

• Tenant specifications have improved significantly and had outgrown what traditional VLANs are designed for.

• Resource virtualization is fast gaining popularity but traditional network can’t cope with it when it comes to management measures.

• Virtual machine migration is increasingly common but migration cannot be performed across layer-2 over traditional network.

• Security threats are more hostile and granular security control in traditional network is not designed for today’s threat landscape.

• While application deployment becomes more rapid, traditional networks do not allow easy application deployment and upgrade.

The challenges brought by cloud computing, virtualization and big data are not only related to application deployment on networks but also to application-driven networks. As networks are the backbones for user applications, they need to evolve as applications change. However, most traditional network equipment was designed by vendors whose proprietary devices work only in a close system, lack flexibility, and require a long time to develop. As this legacy model cannot resolve those problems, an innovative network architecture is needed.

Innovative Network Technology

H3C’s latest network technology is created with these challenges in mind. Its control and forwarding planes are separated. As a result, software and hardware are decoupled and network applications run on stock hardware platform. Network is configured flexibly, top-down, on demand using software and is driven by user application. Network configured this way could satisfy myriad requirements such as central maintenance, elastic deployment, resource pool management, colossal tenant specification and isolation as well as network security. This new network technology is backed by three pillars: SDN, Overlay, and NFV.

SDN

Software Defined Network (SDN) is an innovative network architecture. It separates the network equipment’s control plane and data plane through standardization technologies such as OpenFlow to implement an agile network flow, as well as centralized and granular control. This creates a platform that allows central management and accelerates application innovation. Enterprises and operators gain unprecedented programmability, automation and control ability of network. They can also build a highly extensible and agile network that meets changing business needs.

OpenFlow is a critical component of an SDN architecture while an SDN controller executes an SDN idea. OpenFlow allows direct access and control of network equipment’s forwarding plane. The network devices can be physical or virtual routers and switches.

Overlay

Overlay, when coined in the domain of networking, is a virtualization technology over the network layer. Separated with other network applications, overlay helps manage the network workload without a major overhaul of the underlying network. As such, the essential IP-based technology completely frees itself from the restrictions of layer-2 networks. With Overlay, raw user data can be distributed over the network through routers and the technology exhibits great extensibility. Currently VXLAN (Virtual eXtensible LAN) is widely adopted and becomes the de facto standard for Overlay technology.

Overlay network is the extension of physical network towards virtualization as well as cloud. Thus, it is crucial to loud and network convergence. Overlay unleashes the cloud resource pool from physical network restrictions and makes it work flexibly at your command. Overlay comes in three implementation models: network overlay, server overlay, and hybrid overlay. Network Overlay completes the Virtual Tunnel End-Points (VTEP) encapsulation and de-encapsulation in physical switches. Forwarding can thus be implemented with relative ease while subnet interoperability can be maintained between physical servers which haven’t been virtualized. Yet the downside is the need to upgrade the network with compatible devices. With server overlay, VTEP encapsulation and de-encapsulation are done by servers. It requires minimal changes to an existing network, but might create forwarding bottleneck. Hybrid overlay combines the best of the both worlds, maximizing the forwarding capability of hardware gateway while minimizing the changes to the existing network.

The use of SDN allows implementation of a control panel of network overlay, easy integration with computing resources, consistency between network and application, and a fully dynamic implementation of overlay application workflow.

NFV

Network Functions Virtualization (NFV)’s goal is to employ commoditized hardware for all kinds of network software. This shortens the configuration time when it comes to network nodes and clients in datacenter, speeds up network deployment and reconfiguration, simplifies application deployment, lowers total cost of ownership, and standardizes network equipment.

NFV and SDN complement each other. While NFV increases the agility of deployment, SDN makes the NFV’s deployment flexible and straightforward. For instance, when the SDN control plane and data plan are separate, the former is moved to a better location and the latter is extracted from proprietary devices and becomes standardized. This helps eliminate the need to invest in new hardware when upgrading networks and applications. It also helps simplify deployment and lower operating and maintenance costs. NFV and SDN also provide new architecture support for operations, such as running control plane and data plane on standard servers, replacing proprietary equipment with stock hardware and high-end software, as well as simplifying SDN deployments.

New Network Architecture and Components

H3C’s latest innovative network turns products into software, virtualizes network features, and manages network centrally. Its networks are self-defined, automated, flexible, and easy to maintain. Compared with traditional networks, H3C’s innovative network is a paradigm shift in terms of ideas, models, and services. It involves more technologies and products such as SDN controllers, vSwitch, and new NFV products, without limiting itself to traditional and physical network devices. Our network is built with Overlay technology, providing seamless connection to the north (cloud platform), and is compatible with more third party products. This forms an even more complete and broad network architecture.

Overview of Innovative Network Architecture


Innovative network architecture consists of the following layers:

• Network equipment layer: It consists of various typical legacy networks, OpenFlow network, NFV networks and so on. Hetero-geneous network resources are consolidated through controllers.

• Controller cluster layer: It supports VCF controller cluster, implements load balancing and failover reliability, cross-datacenter orchestration, and communicates with network equipment through standard south-bound interfaces such as OpenFlow, Open vSwitch Database Management Protocol (OVSDB) and Network Configuration Protocol (NETCONF).

Resource abstraction layer: Deployed in controller as an SDN application, it provides centralized logical processing to the network and offers centralized network resource pool control and orchestration for the northern clients.

• Top management layer: A controller interfaces with cloud platforms such as OpenStack, H3C CSM and HP CloudSystem through plugins and APIs, and realizes a consolidated IT infrastructure.

SDN Controller Cluster

VCF controller cluster acts much like the ‘brain’ of the new network architecture. It is responsible for the control and coordination of physical and virtual networks, and interfaces with various cloud platforms from the north in an open, collaborative way. Its third party apps installation feature allows speedy deployment and configuration of network applications:

• Centralized control: It provides centralized control and support for traditional networks, OpenFlow Network, Overlay network, and NFV network.

• Distributed cluster: A VCF controller cluster supports the dynamical addition of a controller to the cluster. Number of controller can be adjusted according to the network scale while the cluster can centrally control and manage massive-scale network. The leader controller in the cluster provides a single IP for the north and interacts with all applications in the above layer. All controllers are located in the same layer-2 network while every controller has a unique south-bound IP. A cluster manages network devices in the south by putting them in a unique Region while controllers within a Region share the load and back up

• Essential feature pack: It provides OpenFlow-based basic feature pack such as software defined L2, L3, QoS, Overlay App, service chain App, Cloud POP App, automated provisioning, and massive cluster of controller.

• Highly open: North bound standard APIs can interface with various cloud platforms such as OpenStack and iMC while south-bound support for network equipment configuration and management is provided by standard protocols such as NETCONF and OVSDB. It also supports embedded and independent third-party applications. User can develop their own application based on their business requirements.

NFV

Ease of use and flexible expansion are always the essentials in network construction. There is no exception when it comes to NFV. H3C always has its customer in mind, implementing service chain, and delivering network services that satisfy user applications needs. It does so by using virtualization technologies running on standardized hardware. These technologies come with lightweight provisioning capability, unparalleled application elasticity, and self-defined networks for the creation and deployment of NFV resources.

Professional NFV

H3C NFV is application driven, highly programmable and built on-demand. Its core idea is Network Functions Virtualization as a service (NFVaaS). NFVaaS fully satisfies network application, integrates with physical network, and allows easy plug-in for addition-al applications to provide the most versatile customized network service:

• Network service pooling: virtualized network features are abstracted as a resource pool. Service capabilities can be expanded and migrated on-demand. Network services are thus endowed with high programmability and expandability, able to support the smooth addition of new applications.

• Automated provisioning and dynamic orchestration: NFV devices can automatically connect to the network. Resource can follow traffic, resulting in automated and real-time allocation of network service resources. Through service chain and other technologies, one may implement graphical program and auto-provision NFV functions, completely decoupling network functions and their physical locations.

• Manageable, presentable, traceable: NFV provides comprehensive management strategies, simple yet efficient management style, highly effective management workflow, reliable and repeatable management results. Resourceful multi-level visualization—including resource usage, predictable service results, and resource application report—supports adjustment of strategies related to user resource, service, and management. Network service failure and even network security problems can also be easily traced.

Open NFV

Comware is an open platform with an open application architecture. It provides rich application interface for third-party vendors.

H3C NFV inherits the benefits of Comware:

• Structurally, every H3C NFV component provides an open interface externally to allow flexible linkage of different components.

• Operation wise, H3C NFV supports all major virtualization platforms, such as Linux KVM, VMware ESXi, Citrix Xen, and Micro-soft Hyper-V. It is able to fulfill the needs of all major application scenarios.

• Standard wise, H3C initiated the network function virtualization study in 2012, and have been following the NFV organization standard as well as cultivating its development. H3C is also joining communities such as OPENFV to actively contribute to NFV development.

H3C NFV provides an open, verifiable and innovative ecosystem. By adhering to an established technology framework and a repository of network experience, forming joint venture, securing technical support, getting open laboratory certification and sharing best practices, H3C lays a good foundation and strives to obtain a win-win situation with it clients.


vSwitch

vSwitch is now the new entrant in the arena of network cloud computing applications. It is installed as an application pack to computing nodes. vSwitch can forward traffic between virtual machines (VMs) in the nodes or between VMs and external network.

H3C vSwitch supports a variety of virtualization platforms such as VMware, KVM, XEN and CAS. It also supports rich features such as VXLAN, Distributed Virtual Router (DVR), Stateful inspection firewall, QoS, NAT, port mirroring. North-bound communication is done with standard protocols such as OpenFlow and OVSDB and a controller cluster. This provides new network solution for datacenter network virtualization and VPC.

Legacy network devices

Legacy network devices can be used as Underlay forwarding in the new network. For physical devices with VXLAN support, they can used as VTEPs. Highly reliable VXLAN hardware network gateway cluster supports application load balancing, elastic expansion and seamless device upgrade, as well as acting as a gateway between Overlay and classical network.


Core Values of New Network

With the new architecture and components, the operation of network device becomes more streamlined, supports multi-tenant virtual network, application and position decoupling. The network is flexible and user-defined while resources are allocated as a pool on-demand and ecosystem is highly open.

Streamlined and Centralized Operation

Streamlined operation has the following features:

• Centralized management: New network brings SDN and NFV together, and centrally coordinates and manages applications and pools of logical nodes.

• Visualized operation: Application traffic could be visualized to provide simple, effective management, and significantly reduces operation workload. It supports one-key traffic mirroring, thus allowing traffic redirection to be done with a single mouse click and easy capture of analysis of abnormal traffic.

• Automated provisioning: Applications in the new network are automatically distributed to access devices according to user-de-fined policies, thus greatly streamlining batch network device deployment. This ensures that replaced devices have a consistent configuration file.

• High reliability guaranteed: Control plane and forwarding planes are designed with high reliability in mind through distributed clusters. The whole datacenter application system can operate in a high stable and reliable way.

Multi-tenant Virtual Network

Multi-tenant virtual network supports grading of tenants and sub-network. These differentiated services in the service chain are essential for business differentiation, because tenant isolation ensures no cross-infection among tenants, no spill of data breach-related issues to other clients, as well as dynamic and on-demand network resources allocation.

Application and Position Decoupling

VXLAN provides location agnostic layer-2 abstraction through MAC-in-UDP encapsulation, and decouples Underlay networks and Overlay networks. Terminals can only see a virtual layer-2 connection relation, and is not aware of any physical network limitation. As a result, applications can be flexibly deployed in any location, and mitigates the network expansion problem after servers are virtualized.

Overlay technology supports virtualization across network borders, thus virtual machines can freely migrate – even across datacenters in disparate geographical locations. Virtual machines can now be connected anytime, anywhere without any restriction from physical locations. This is the best solution for pooling network resources, able to support rapid growth of cloud businesses, big data and, virtualization.

User-defined Network

Network is self-defined, and can achieve granular control based on flows. This satisfies users’ requirement for granularity and diversity in control. The three models of Overlay implementation let user leverage hardware-based physical gateway’s performance edge and flexibility of virtualized device application. One can achieve WYSIWYG in network through Overlay and service chain, and allocate the most appropriate resource based on user requirements.

On-demand Allocation of Resource Pool

New network integrates network resources through SDN, NFV and Overlay by presenting network assets to users in the form of a resource pool. While the devices in a resource pool might act as backup for each other, share the loading, and achieve massive scale deployment and high reliability, they can also be expanded flexibly and dynamically to allow users to adjust their applications based on their changing requirements. Application can also migrate freely within the resource pool, and policies are also migrated alongside with the application to sustain a highly-open environment.

• Open interface: Numerous open APIs such as REST and JAVA to the north meet the demand of user-developed apps. Open-Flow, NETCONF, OVSDB and SNMP support in the south facilitates central management of multiple network resources.

• Support third party application: Support for embedded and independent third party applications allows users to rapidly develop and deploy their own applications through north-bound APIs based on their business requirements.

• Compatible with multiple virtualization and cloud platforms: It is compatible with multiple virtualization platforms such as VMware, KVM, XEN and CAS, allowing cross-virtual platform management. It also supports embedded and independent third party application, and interfaces with various cloud platforms such as iMC, OpenStack and OpenStack clones to achieve consolidated resource management.

• Flexible developer and partnership model: H3C innovative network is backed by an experienced local development and customization team. The team can adopt multiple tailor-made collaborative development models to satisfy the user requirements of customization, diversification, and differentiation based on their application scenarios.

H3C innovative network consolidates numerous cutting edge technologies like SDN, Overlay and NFV, and orchestrates various network resources such as VCF controller, vSwitch, NFV as well as traditional network devices and security devices to implement on-demand migration of physical and virtual resource. The new model meets myriad user requirements such as simplified operation, elastic provisioning, resource pool management, gigantic tenant specification, tenant isolation and network security.