Huawei Cloud Fabric and VMware Collaboration Innovation ... · PDF fileHuawei Cloud Fabric and...
Transcript of Huawei Cloud Fabric and VMware Collaboration Innovation ... · PDF fileHuawei Cloud Fabric and...
Huawei Cloud Fabric and VMware Collaboration—Innovation Solution in Data Centers
1
VMware Data Center and Cloud Computing Solution Components
Extend virtual computing to all applications
vSphere
Virtualize networks to improve speed and
efficiency
vCNS/NSX
Transform storage networks to meet application
requirements
Virtual SAN
Managementtools replaced by automation
Cloud computing automation
Cloud computing operation
Cloud computing servicesvCloud® Suite
2
Huawei Cloud Fabric and VMware Converged Resource Pool Solutions
Huawei Unicloud Converged Resource Pool Solution
Compute & Network Collaboration Resource Pool Solution
ManageOne
VXLAN NetworkLB
Firewall
Spine
ToR
FusionCompute
Hypervisor
OVS(VLAN)
VM VM VM
VTEP VTEP VTEP VTEP
AC Web Portal
&Orchestration
VMMWeb Portal
&Orchestration
Physical Server
(Oracle DB )VLAN Network
VTEP
VXLAN NetworkLB
Firewall
Spine
ToR
vCenter
Hyper-V
vSwitch(VLAN)
VM VM VM
VTEP VTEP VTEP VTEP
AC Web Portal
&Orchestration
VMMWeb Portal
&Orchestration
Microsoft
Windows
vSphere
vSphere Distributed Switch
(VDS-VLAN)
vSphere
VM VM VM
vSphere Distributed Switch
(VDS-VLAN)
VM VM VM
VTEP
Physical Server
(Oracle DB )VLAN Network
vCenter
vSphere
VM VM VM
vSphere Distributed Switch
(VDS-VLAN)
Hypervisor
OVS(VLAN)
VM VM VM
3
VMware Cloud Data Center & Huawei Joint Solution
vSphere
NSX OVS(VXLAN)
VM VM VM
vSphere
NSX OVS(VXLAN)
VM VM VM
Hypervisor
vSwitch(VLAN)
VM VM VM
Third-partyVirtualization
VTEP VTEP
VTEP
HuaweiCloudEngine
Switch
vRealize Automation
NSX
VMMWeb Portal
&Orchestration
NSX Web Portal
&Orchestration
vCenter
NSX Edge
VLAN NetworkPhysical Server(Oracle DB)
OVSDB
VXLAN Network
4
Solution 1: Huawei Unicloud Converged Resource Pool Solution–– Overview
Huawei Unicloud Converged Resource Pool Solution Unified management of a converged resource pool• Unified management of virtual and physical resources • Multi-vendor device management • Unified monitoring
FusionSphere Cloud Platform• Standard OpenStack interface
Use APIs originating from the OpenStack community; quickly synchronize with latest version released on the OpenStack community.
• Support for third-party systems and devices Compatible with the OpenStack ecosystem; supports heterogeneous hypervisor platforms and hardware devices.
• Hardening for commercial use, OpenStack enhancement Easy deployment, easy O&M, high reliability, security hardening, automation, scalability
SDN-based hardware overlay network• Automated network deployment
Open controller architecture, automated service orchestration and collaboration with VMM, high reliability and scalability of controller
• Elastic, reliable network Ability to evolve to 40G/100G network, network virtualization, path optimization
• Refined network O&MVisible: What you see is what you get; measurable packet loss ratio, latency, jitter; operability
Virtual and physical resource pool convergence• Support for KVM, VMware, and Xen virtualization platforms • Automated provisioning of bare metal servers • Physical server connection with L2 bridges • Automated resource pool management and resource sharing
ManageOne
VXLAN NetworkLB
Firewall
Spine
ToR
FusionCompute
Hypervisor
OVS(VLAN)
VM VM VM
VTEP VTEP VTEP VTEP
AC Web Portal
&Orchestration
VMMWeb Portal
&Orchestration
Physical Server
(Oracle DB )VLAN Network
VTEP
vCenter
vSphere
VM VM VM
vSphere Distributed Switch
(VDS-VLAN)
Hypervisor
OVS(VLAN)
VM VM VM
5
Solution 1: Huawei Unicloud Converged Resource Pool Solution –– Service Provisioning
Step 1: Provision network resources.
• A Tenant Administrator creates a logical network on the service provisioning UI of the cloud platform.
• The Agile Controller interoperates with vCenter using Java interface to complete local network provisioning on VMware VDS.
Step 2: Provision compute resources.
• The Tenant Administrator provisions compute resources (bring VMs online/offline, migrate VMs), and binds VMs to the logical network on the cloud platform.
• Nova-Scheduler works with vCenterDriver to set up an independent resource pool with the vSphere cluster managed by vCenter. Nova-Scheduler does not select hosts in the vSphere cluster. vCenter schedules ESXi hosts based on dynamic entitlements and resource allocation settings, and provides LB and Dynamic Resource Scheduling (DRS) functions automatically.
vCenterHost Agent
Web Portal/App Portal
HYP
ER
VIS
OR Internal
Port
UplinkPort
vSphereVSS/VDS
PortGroup
VM
VTEP VTEP
Nova Neutron
VM
VM
vCenter
VXLAN Network
Service provisioning
6
Solution 1: Huawei Unicloud Converged Resource Pool Solution –– Traffic Model
Types of traffic on a hardware VXLAN network
• Depending on traffic flow direction, traffic in a DCN is classified into east-west traffic (intra-DC communication) and north-south traffic (communication with external networks).
• Depending on transmission scope, traffic is classified into four types: 1. intra-subnet traffic within a tenant network; 2. inter-subnet traffic within a tenant network; 3. inter-tenant traffic; 4. traffic from outside DC.
Traffic transmission paths
• 1) Intra-subnet traffic within a tenant network is transmitted within a VXLAN L2 broadcast domain, and therefore is forwarded at L2.
• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall.
• 3) Inter-tenant traffic needs to be forwarded by a VXLAN L3 gateway and processed by a firewall for secure isolation.
• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and ToR switch.
Leaf
Egress Router
Spine
VXLAN Gateway
LBFW
Internet/WAN
VTEPVTEP VTEP VTEP
vSwitch vSwitch
Tenant 1192.168.1.10/24
Tenant 1192.168.2.30/24
Tenant 2192.168.10.10/24
Physical Server
vSwitch
Tenant 1192.168.1.20/24
Virtualized Server Virtualized ServerVirtualized Server
1234
VTEP
7
Success Story: XX Bank of China’s SDN Private Cloud
Solution
• The infrastructure uses a spine-leaf architecture, and the overlay network is a VXLAN-based large L2 network, with VTEPs deployed on leaf switches.
• The network uses centralized VXLAN L3 gateway deployment. More gateway groups can be deployed to support service expansion.
• Hardware FWs are used for north-south traffic, deployed in inline or bypass mode (inline routed mode recommended).
• The network controller works with an OpenStack cloud platform to automate network service deployment.
Benefits
• Hardware overlay networking ensures microsecond-level latency and jitter. Stacking and all-active gateway deployment provide high network performance and reliability.
• Centralized gateway deployment suits O&M models of traditional data center networks.
• Network resource sharing and automated service deployment improve the efficiency of application deployment.
• Multi-vendor virtualization platforms are converged to enable unified management of compute resource pool.
POD 1
Spine
Physical Server
VXLAN
Inter-POD Core Switches
Service NodeLeaf
Controller
VDS VSD VDS OVS OVS
VMVMVM
VMVMVM
VMVMVM
VMVMVM
VMVMVM
VMVMVM
OVS
KVMVMware Bare Metal Server
L3 GW, FW, LB
8
Centralized management of network resource pool• Virtual and physical network resource polling, unified management,
and on-demand allocation • Application-based network service orchestration, drag-and-drop
provisioning, what you see is what you get • Unified network monitoring and management, application, logical,
and physical networks mutually visible
Compute and network collaboration• Compute and network resources cannot be managed by a unified
cloud platform in a short period. • Compute administrators create compute and storage resource pools
on the VMM, without affecting running services. • The Agile Controller creates a virtual network and is interoperable
with multiple virtualization and physical host management platforms. It supports unified provisioning of physical and virtual networks and enables network policies to be migrated with VMs.
SDN-based hardware overlay network• Automated network deployment
Open controller architecture, automated service orchestration and collaboration with VMM, high reliability and scalability of controller
• Elastic, reliable network Ability to evolve to 40G/100G network, network virtualization, path optimization
• Refined network O&MVisible: What you see is what you get; measurable packet loss ratio, latency, jitter; operability
Virtual and physical resource pool convergence• Support for VMware and Hyper-V virtualization platforms.• Physical server connection with L2 bridges • Interoperable with traditional networks, allowing for future network
convergence• Automated resource pool management and resource sharing
Solution 2: Compute & Network Collaboration Resource Pool Solution –– Overview
Compute & Network Collaboration Resource Pool Solution
VXLAN NetworkLB
Firewall
Spine
ToR
vCenter
Hyper-V
vSwitch(VLAN)
VM VM VM
VTEP VTEP VTEP VTEP
AC Web Portal
&Orchestration
VMMWeb Portal
&Orchestration
Microsoft
Windows
vSphere
vSphere Distributed Switch
(VDS-VLAN)
vSphere
VM VM VM
vSphere Distributed Switch
(VDS-VLAN)
VM VM VM
VTEP
Physical Server
(Oracle DB )VLAN Network
9
Solution 2: Compute & Network Collaboration Resource Pool Solution –– Service Provisioning
Step 1: Provision network resources.
• A Network Administrator creates a logical network on the network provisioning UI of the Agile Controller.
• The Agile Controller interoperates with vCenter using SOAP interface to complete local network provisioning on VMware VDS.
Step 2: Provision compute resources.
• A System Administrator provisions compute resources (bring VMs online/offline, migrate VMs), and binds VMs to the logical network on vCenter.
• The Agile Controller interoperates with vCenter using SOAP interface to detect VM login/logout/migration events and dynamically delivers configuration to network devices based on VM locations.
• T h e N e t w o r k A d m i n i s t r a t o r i s u n a w a r e o f t h e S y s t e m Administrator’s operations on VMs.
Service Provisioning
vCenterHost Agent
HYP
ER
VIS
OR Internal
Port
UplinkPort
vSphereVSS/VDS
PortGroup
VM
VTEP VTEP
VM
VM
vCenter
VXLAN Network
Web Portal/App Portal Web Portal/App Portal
Network AdministratorSystem Administrator
10
Solution 2: Compute & Network Collaboration Resource Pool Solution –– Traffic Model
Types of traffic on a hardware VXLAN network
• Depending on traffic flow direction, traffic in a DCN is classified into east-west traffic (intra-DC communication) and north-south traffic (communication with external networks).
• Depending on transmission scope, traffic is classified into four types: 1. intra-subnet traffic within a tenant network; 2. inter-subnet traffic within a tenant network; 3. inter-tenant traffic; 4. traffic from outside DC.
Traffic transmission paths
• 1) Intra-subnet traffic within a tenant network is transmitted within a VXLAN L2 broadcast domain, and therefore is forwarded at L2.
• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall.
• 3) Inter-tenant traffic needs to be forwarded by a VXLAN L3 gateway and processed by a firewall for secure isolation.
• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and ToR switch.
Leaf
Egress Router
Spine
VXLAN Gateway
LBFW
Internet/WAN
VTEPVTEP VTEP VTEP
vSwitch vSwitch
Tenant 1192.168.1.10/24
Tenant 1192.168.2.30/24
Tenant 2192.168.10.10/24
Physical Server
vSwitch
Tenant 1192.168.1.20/24
Virtualized Server Virtualized ServerVirtualized Server
1234
VTEP
11
Success Story: A Large Nordic ISP’s DC SDN Solution
Solution
• The customer is the largest IT services provider in Nor ther n Europe and provides multi-tenant and hosting services on a public cloud.
• The Agile Controller works with a cloud platform to complete service provisioning automatically.
• Tenants apply for cloud services on the self-service portal page, without intervention by Administrators.
• The fabric network is deployed using VXLAN technology.
• Agile Controller implements tenant isolation and controls tenants’ access to branches and Internet.
Benefits
• Simplified O&M: Services of tenants can be provisioned automatically based on requirements of tenants.• Openness and scalability: The service is compatible with the customer’s service platform.• Flexible deployment: As the customer’s network and IT departments have not been converged, network automation can be implemented first, and
network and compute resource convergence can be implemented later.• Resource convergence: Physical servers and virtualization platforms VMware vSphere and Microsoft Hyper-V can be used to set up a compute
resource pool.
ComputeAdministrator
Tenant Administrator
Create VM
Get LLDP informationConfiguration GW/FW policy
Hypervisor
vSwitch
VM VM VM
Hypervisor
vSwitch
VM VM VM
Hypervisor
vSwitch
VM VM VM
Create network
Portgroup Push
VM login/logout
1
6
4
5
8
0 7Network
Administrator
Select Host7
Create Tenant2
vtep vtep
Create VDS,Add Hosts to VDC
9 ConfigurationVLAN -VxLAN mapping
LLDP
vCenterSystemCenter
VXLAN
vtep
12
Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Overview
VMware vRealize cloud management platform
• Reuse the existing infrastructure, management tools, and management experience.
• Automatic deployment in various environments reduces development cost.
NSX-based software overlay network
VMware NSX is a transformative system that realizes the full potential of software-defined data centers by creating and operating a network on existing hardware devices.• Agility and simplified O&M model
NSX can be deployed on the physical infrastructure without interrupting running services. Similar to server virtualization, NSX virtualizes a physical network into a transmission resource pool and uses the policy-driven model to provide network and security services.
• Advanced network connection and security service platformTraditional networks cannot change quickly to adapt to changes in data center services and are subject to configuration mistakes. NSX can configure virtual networks dynamically and automatically, enabling you to add virtual and physical services flexibly based on your service requirements.
Huawei and VMware Joint Solution
• CloudEngine data center switches use open software architecture and provide programmability using container technology.
• With a plug-in installed, CloudEngine data center switches can interoperate with NSX to enable communication between physical and virtual servers, and between VXLAN and traditional networks.
• CloudEngine switches ensure access layer reliability using stacking and M-LAG technologies.
• NSX centrally manages the overlay network and can connect to multi-vendor VAS devices to provide L4-L7 services.
High-performance VXLAN GW
• Interconnection between VXLAN and
• non-VXLAN networks• High-performance
communication between servers
Flexible service deployment
• Flexible VM migration, automatic network resource scheduling for migrated VMs
• Unified VXLAN topology view
Compute & Network Collaboration Resource Pool Solution
vSphere
NSX OVS(VXLAN)
VM VM VM
vSphere
NSX OVS(VXLAN)
VM VM VM
Hypervisor
vSwitch(VLAN)
VM VM VM
3rd-party Virtualization
VTEP VTEP
VTEP
HUAWEICloudEngine
Switch
vRealize Automation
NSX
VMMWeb Portal
&Orchestration
NSX Web Portal
&Orchestration
vCenter
NSX Edge
VLAN NetworkPhysical Server(Oracle DB)
OVSDB
VXLAN Network
13
Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Interoperation
NSX and CloudEngine switch interoperation framework Open architecture of Huawei CloudEngine switches
NSX Controller Cluster
Monitor OVSDB information, translate it into configuration, and write configuration to switches:• Gateway activate/de-
activate configuration• VXLAN configuration.
Monitor device information and write it into OVSDB server:• Physical_Switch Table• Physical_Port Table• Ucast_Macs_Local Table
OVSDB (Extension)
TCP/SSL
Linux OS
VRP Platform
Virtualization (VM/LXC etc.)
CloudEngine Switch NETCONF
NSX-OVSDB-App
OVSDB-SERVER
OVSDB-Client Read
OVSDB-Client Write
VXLAN L2 GW (VTEP)
• Support containers and multiple virtualization technologies, allowing for integration with third-party applications.
• Provide various open APIs to enable programmability, automation, and visualization.
• Elastic: Triples industry average switching capacity to support 10 years of business development.
• Virtualized: Industry’s highest 1:16 virtualization capability improves ICT resource utilization.
• Agile: Full openness accelerates cloud service innovation.• High quality: High-value services deliver high-quality experience.
Open APIOVSDB (NSX) OpenFlow (Vyatta) Puppet Agent
Virtualization (VM/LXC etc.)Forwarding plane
Network OS (Linux compatible)
…
14
Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Traffic Model
Types of traffic on a hybrid VXLAN network
• Depending on traffic flow direction, traffic in a DCN is classified into east-west traffic (intra-DC communication) and north-south traffic (communication with external networks).
• Depending on transmission scope, traffic is classified into four types: 1. intra-subnet traffic within a tenant network; 2. inter-subnet traffic within a tenant network; 3. inter-tenant traffic; 4. traffic from outside DC.
Traffic transmission paths
• 1) Intra-subnet traffic within a tenant network is transmitted within a VXLAN L2 broadcast domain, and therefore is forwarded at L2.
• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall. NSX OVS provides VXLAN L3 gateway function and allows VMs on different hosts to communicate directly.
• 3) Inter-tenant traffic needs to be forwarded by a VXLAN L3 gateway and processed by a firewall for secure isolation.
• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and VTEPs.
1234
VXLAN Domain
NSX OVS
OVSDB
NSX OVS
VM
VM
VM
VM
VM
VM
VM
VM
VM
NSX OVS
Non-VXLAN Domain
ToR SwitchVXLAN L2 GW
Spine
ToRSwitch
ToR Switch
VXLAN L3 GW
NSX EdgeRouter
NSX EdgeHW -VTEP
VXLAN L3 GW
NSX
Node MAC IP VNI
Server-1 MAC –
Server1 10.1.1.11 5000
Server-2 MAC –
Server2 10.1.2.11 5001
Node MAC IP VNI VM3 MAC –VM3 10.1.2.10 5001VM1 MAC –VM1 10.1.1.10 5000
15
Success Story: XX Carrier’s Public Cloud Project
Solution
• The customer is a Tier-1 carrier in Europe and built multiple data centers over the same physical network architecture to provide public and rack renting/hosting services.
• I n t h e N S X o v e r l a y a r e a , t h e N S X c o n t r o l l e r m a n a g e s C l o u d E n g i n e switches and enables communication between traditional hosting services and VM services.
• T h e O p e n S t a c k o v e r l a y a r e a u s e s H u a w e i’s h a rd w a r e o v e r l a y S D N solution, in which the Agile Controller i m p l e m e n t s a u t o m a t i c s e r v i c e provisioning.
NSX vSw
SDN Controller 2
NSX OverlayColocation/Hosting
TI Network
Spine
Leaf
VXLAN
Neutron Overlay 1
vSwitch
VM VM
Neutron Overlay 2
VXLAN Fabric
SDN Controller 1
Service Area
OpenStack Release Kilo
Vanilla Distribution
VTEPVTEPVTEPVTEPVTEPVTEP
VLAN VLAN VLANVLAN VLANVLAN
VXLAN Fabric
vSwitch
VM VMVM VM
VTEPNSX vSw
VM VM
VTEP
NSX API
NSX Manager
NSX Controller Cluster
Benefits
• The VMware NSX and multiple OpenStack cloud platforms are deployed on the same fabric network. Both hardware and software overlay networks are deployed.
• The NSX-based software overlay solution provides unified management of virtual and physical networks. NSX manages PaloAlto and Fortinet firewalls to provide high-level security protection (micro-segmentation) for east-west traffic.
• The hardware overlay solution incorporates OpenStack and hosting services, and implements automated provisioning of physical and virtual networks.
Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
Trademark Notice
General Disclaimer
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.