Huawei DCN: five scenarios for building a data center network
No matter how impressive the characteristics of network equipment may be, the capabilities of applied architectural solutions based on it are determined by how effective the mutual integration of hardware, software, virtual and other technologies connected with it can be. Trying to keep up to date, we try to promptly offer customers modern and promising opportunities that are often ahead of the wildest ideas of other vendors.
Cloud Fabric-based solutions include a data center network, an SDN controller, and other components necessary for a particular project, including from other manufacturers.
The first and simplest scenario involves the use of a minimum number of components: the network is built on the hardware base of Huawei and third-party tools to automate network management processes and its monitoring. For example, such as Ansible or Microsoft Azure.
The second scenario assumes that the customer is already using a virtualization system and SDN for data centers, say NSX, and wants to use Huawei equipment as VTEP (Vitual Tunnel End Point) hardware as part of the existing VMware solution. This company’s website contains a list of Huawei equipment that has been tested and can be used as VTEP. After all, it is no secret to anyone that no matter how successful VXLAN (Virtual Extensible LAN) software solutions on virtual switches are, hardware implementations are more efficient in terms of performance.
The third scenario is the construction of hosting & amp; computing, incorporating a controller, but devoid of any higher platform with which it would be necessary to integrate. One of the options for implementing this scenario assumes a separate Agile Controller-DCN SDN controller. System administrators can use this architecture to perform daily network management operations. A more developed version of the third scenario is based on the interaction of Agile Controller-DCN with VMware vCenter, united by a certain business process, but again without a higher administration system.
The fourth scenario is noteworthy - integration with a higher platform based on OpenStack or our FusionSphere virtualization product. We register a lot of requests for such architectural solutions, among which OpenStack (CentOS, Red Hat, etc.) is the most popular. It all depends on which orchestration and computing resource management platform is used in the data center.
The fifth scenario is completely new. In addition to the well-known hardware switches, it includes the CloudEngine 1800V distributed virtual switch (CE1800V), which can only be operated with KVM (Kernel-based Virtual Machine). This architecture involves integrating the Agile Controller-DCN with the Kubernetes containerization platform using the CNI plugin. Thus, Huawei, along with the whole world, is moving from host virtualization to operating system virtualization .
Learn more about containerization
Earlier, we mentioned the CE1800V virtual switch deployed using Agile Controller-DCN. In combination with Huawei hardware switches, they form a kind of “hybrid overlay”. In the near future, container scripts from Huawei will receive support for NAT functions and load balancing.
A limitation of the architecture is the inability to use the CE1800V separately from the Agile Controller-DCN. Also note that a single KuDnet platform PoD can contain no more than 4 million containers.
Connecting to the VXLAN network of the data center is done via VLAN (Virtual Local Area Network), however there is an option in which the CE1800V acts as VTEP with the BGP (Border Gateway Protocol) process. This allows you to exchange BGP routes with the backbone network without involving separate hardware switches.
Intent-Driven Networks: Intent-Driving Networks
The concept of Intent-Driven Network (IDN) Huawei introduced back in 2018. Since then, the company has not interrupted work on networks that allow using the technology of cloud computing, big data and artificial intelligence to analyze the goals and intentions of users.
In fact, we are talking about moving from automation to autonomy. The intention expressed by the user is returned in the form of recommendations from network products on how to implement this intention. This functionality is based on the Agile Controller-DCN features that will be added to the product to bring IDN ideology to life.
In the future, with the introduction of IDN, it will be possible to deploy network services in one click, which implies the highest degree of automation. The modular architecture of the network functions and the ability to combine these functions will allow the administrator to simply indicate which services need to be made available in a particular network segment.
To achieve this level of control, the ZTP process (Zero Touch Provisioning) is very important. Huawei has made major strides in this, thanks to which it offers the ability to fully deploy the network out of the box.
The further installation and deployment process necessarily includes a procedure for checking the connectivity between resources (network connectivity) and evaluating changes in network performance depending on its operating modes. This stage involves the simulation before the actual operation.
The next step is to configure services to meet the needs of the client (service provisioning) and their verification, performed by built-in Huawei. Then it remains only to control the result.
You can now go through the entire described path with the help of a single integrated mechanism based on the iMaster NCE platform, which contains the Agile Controller-DCN and the eSight network element management system (EMS).
Currently, Agile Controller-DCN is able to check resource availability and connections, and proactively (after administrator approval) to respond to network problems. Adding the necessary services is now done manually, but in the future, Huawei intends to automate this and other operations, such as server deployment, network configuration for storage, etc.
Service chains and microsegmentation
Agile Controller-DCN is capable of processing service headers (Net Service Headers, or NSH) contained in VXLAN packets. This comes in handy for creating service chains. For example, you intend to send a certain type of packet along a route that is different from that offered by the standard routing protocol. Before leaving the network, they must go through some device (firewall, etc.). To do this, just configure the service chain containing the necessary rules. Due to this mechanism, it is possible, for example, to configure security policies, but other areas of its application are possible.
The diagram illustrates the operation of RFC-compatible service chains based on NSH, as well as a list of hardware switches supporting them.
The capabilities of Huawei solutions in the field of creating service chains are complemented by microsegmentation tools - a network security method that involves isolating security segments down to individual elements of the workload. Bypassing the bottleneck of Access Control Lists (ACLs) helps to avoid having to manually configure a large number of ACLs.
Turning to the issue of network operation, one cannot fail to mention another component of the iMaster NCE umbrella brand - the FabricInsight intelligent network analyzer. It provides ample opportunities for collecting telemetry and information about data streams in the network. Telemetry is collected using gRPC and accumulates data about the past, delayed in the buffer and lost packets. The second large amount of information is aggregated by means of ERSPAN (Encapsulated Remote Switch Port Analyzer) and gives an idea of the data flows in the data center. In essence, we are talking about collecting TCP headers and the amount of information transmitted during each TCP session. You can do this using various Huawei devices - their list is presented in the diagram.
SNMP and NetStream are also not forgotten, so Huawei uses both old and new mechanisms in order to move from the network as a “black box” to a network about which we know literally everything.
AI Fabric: Lossless Smart Networks
The AI Fabric features supported by our hardware are designed to turn Ethernet into a network with high performance, low latency, and packet loss. This is necessary to implement the main application deployment scenarios in the data center network.
In the diagram above, we see the problems that there is a risk of encountering during the operation of the network:
- packet loss;
- buffer overflows;
- the problem of optimal network load when using parallel links.
Huawei equipment implements mechanisms to solve all these problems. For example, at the chip level, the technology of virtual incoming queues has been introduced, which at the same time does not allow blocking at the input (HOL blocking).
At the protocol level, the Dynamic ECN mechanism operates - dynamic buffer size change, as well as Fast CNP - fast sending to the source of packet of messages about the problem on the network.
Equalize the streams Elephant and Mice helps support Dynamic Packet Prioritization (DPP) technology, which consists in placing short pieces of data from different streams in a separate high-priority queue. Thus, short packets “survive” better in an environment of long, heavy flows.
Let us clarify that for the effective operation of the above mechanisms, they must be supported directly by the equipment.
All these functions are used in one of three scenarios for using Huawei equipment:
- when building artificial intelligence systems based on distributed applications;
- when creating distributed storage systems;
- when creating high performance computing (HPC) systems.
Ideas embodied in the hardware
Having discussed typical scenarios for using Huawei solutions and listing their main features, we will go directly to the equipment.
CloudEngine 16800 is a platform that provides work on 400 Gb/s interfaces. Its characteristic feature is the presence, along with the CPU, of its own forwarding chip and artificial intelligence processor, necessary to implement the capabilities of AI Fabric.
The platform is made according to the classical orthogonal architecture with a front to back airflow system and comes with one of three types of chassis - 4 (10U), 8 (16U) or 16 (32U) slots.
CloudEngine 16800 can use several types of line cards. Among them are both traditional 10-gigabit and 40-, as well as 100-gigabit ones, including completely new ones. Cards with interfaces of 25 and 400 Gbit/s are planned for release.
As for switches of the ToR (Top of rack) type, their current models are indicated on the timeline above. Of greatest interest are the new 25-gigabit models, 100-gigabit switches with 400-gigabit uplinks, as well as high-density 100-gigabit with 96 ports.
The main Huawei switch with a fixed configuration at the moment is CloudEngine 8850. It should be replaced by model 8851 with 32 100 Gbit/s interfaces and eight 400 Gbit/s interfaces, as well as with the possibility of splitting them into 50, 100 or 200 Gbit/s.
Another fixed-configuration switch CloudEngine 6865 remains in the line of current Huawei products. This is a well-established "workhorse" with 10/25 Gb/s access and eight 100-gigabit uplinks. Add it, it also supports AI Fabric.
The diagram shows the characteristics of all new models of switches, the appearance of which we are expecting in the coming months, or even weeks. Some delay in their release is associated with the situation around the coronavirus. Also, issues of sanctions pressure on Huawei remain relevant, however, all these events can affect exclusively the terms of the prime minister.
You can easily get more information about Huawei solutions and their applications by subscribing to our webinars or by contacting company representatives directly.
We remind you that our experts regularly conduct webinars on Huawei products and on the technologies that are used in them. The list of webinars for the coming weeks is available at the link .