Download - VRP on Your Side_VRP V8_en
-
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Huawei Confidential
Security Level:
VRP on Your Side
VRP V8 Main Slide
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 2
Contents
VRP Overview
VRP Highlights
VRPs thinking about future network
1
2
3
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 3
VRP inside
VRP
VRP(Versatile Routing Platform):high reliable Network OS
VRP (Versatile Routing Platform) is a network OS running in IP devices, similar to iOS and Windows.
VRP is the brain of IP devices which constructs the global network.
VRP has high reliability which ensures IP network secure and stable operation.
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 4
VRP serves Multi-product families
IAS Security
BRAS NGN
IT
Switch
AR
Router
NE5000E NE80E
NE40E
CX600
ATN
PTN6900
ME60
SSP5000
E8000 SIG 9800
CE12800 CE6800/5800
Ethernet Switch VRP
Consistent user experience
Fast response and delivery
AR G3
UA5000
MA5600T MXU
WLAN AC
SGSN/GGSN MAG9811
OSTA
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 5
VRP Supports Multi-solutions
The resilient component /modularity of VRP can meet the requirement of various network
scenarios
IPTV Solution
IP RAN Solution
Metro Solution
IP Core Solution
Enterprise Solution
DC Solution
IP Broadband Solution
IPv6 Solution
L2V
PN
L3V
PN
MV
PN
SLA
BA
S
Mo
bile
3rd
Part
So
ftware
Valu
e A
dd
ed
Service
L2V
PN
L3V
PN
MV
PN
SLA
BA
S
Mo
bile
3rd
Part
So
ftware
Valu
e A
dd
ed
Service
RIP
OSP
F
ISIS
BG
P
RSV
P
LDP
PIM
L2 P
roto
col
CLI
SNMP
Netconf
WebUI
CFG
Perf Mgmt
Fault Mgmt
DB Mgmt
Management Plane
Service Plane
Control Plane
Data Plane
Device FIB
Host Service
MFIB LSP Interface Tunnel
Component Mgmt HA Communication Memory Scheduler
Dist. Middleware
OS Kernel
VS 1# VS n#
RIP
OSP
F
ISIS
BG
P
RSV
P
LDP
PIM
L2 P
roto
col
FTTX Solution
WLAN Solution
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 6
VRP: Leading a New Network Era
Distributed process capability partially
Better reliability
Better scalability
Parallel and distributed architecture of full services
Non-Stop Anything
Cloud-routing capability
Flexible virtualization
High APSO
Coarse-Grained Modular
Fine-Grained Modular
Resilient Component System
Coarse-Grained
Modular
Resilient component
system
Fine-Grained
Modular
VRP V8
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 7
Contents
VRP Overview
VRP Highlights
VRPs thinking about future network
1
2
3
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 8
More Diversified Services , Broader Area and More Concentrated
Data in Could Era
HQ WAN Branch
Voice
Date
Video Campus
Network DC
Larg
er
netw
ork
scale
Co
mp
lex N
etw
ork
Dev
ices
C
on
cen
trate
d
Date
.
More and more services processing in cloud DC, concentrated data calls for higher reliability According to statistic, the world's top 2000 enterprises are all consolidating their data centers.
Different network and complicated device types from HQ to branch
Complex enterprise IT architecture ,higher Opex
Larger network scale, more locations access to network Diversified services, increasing real-time applications and multi-service concurrent processing
Challenges for Network
Capacity
Scalability O&M
Efficiency
Reliability Performance
In Cloud era,
What network we need?
What network OS we need?
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 9
Fast improvement of
hardware performance Explosive growth of network traffic
Network OS required
higher performance
+ The high bandwidth time is coming : cloud data center traffic grows at a much
faster rate of 66 percent CAGR, or twelvefold
growth between 2010 and 2015
In 2011, increase rate of e-commerce and video market exceeded 60%.
By 2015, the global Internet traffic volume will be 4 times the current value and reach
966EB.
The new network OS should support high performance to adapt the fast improvement
of hardware performance and meet the requirement of fast traffic increase.
Network
Hardware
Software
OS
Service &
Application
The network OS needs to adapt to the
hardware performance, in order to
support the growth of service traffic well.
Challenges Brought by Rapid Growth of Service Traffic and
Hardware Performance
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 10
Current problem Network Virtualization New Challenge
Tenant A Tenant B
Tenant n
Multi-Tenant Services
Era of Server Virtualization
+
Security and reliability of multi-services
Management isolation of multi-users.
N:1 virtualization
1:N virtualization
The New network OS should support virtualization technology to achieve comprehensive virtualization
capability of network
Network Equipment Virtualization like IT Resource
Low utilization ratio of network equipment, high
Capex
Increasing complexity of network scale and
management , high Opex
By 2013, 65% of computing will be completed on VMs.
Customers start to lease virtual servers instead of
physical servers.
Ho
rizo
nta
l inte
gra
tion
:
Less O
pex
Easy m
anagem
ent
Vertic
al s
ep
ara
tion
Less C
apex,
Serv
ice is
ola
tion
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 11
Current problem New O&M Experience New Challenge
Changes based on demands &
deployment automatically
VM
VM
VM
VM
VM
Network
Layer
Virtual
Machine
Detects VM migration and performs
deployment automatically
+
Simple
The fact that1:N virtualization creates more management
elements requests end to end management ability from
network equipment, server to VM.
Efficient
Service provisioning faster, service
deployment automatically through
perception of VMs transfer
Safe
Optimize the performance and availability of end-
to-end application. Improve the ability
of troubleshooting to reduce network failure.
Good maintainability and fast service deployment are very significant to reduce Opex
Automation : Key Consideration for O&M Issue
O&M cost becomes the biggest one in
DC spending
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 12
22%
15%
5% 5%
23%
20%
1%
9%
Software Upgrade/Configration Software-Control plane Software-Data plane
Software-Other
hardware Failure
Link Failure
Power Outage
The new network OS should have higher reliability to achieve non-stop service. Some important
features should be supported, like failure isolation, fast self-recovery of fault, ISSU and so on.
High ratio of software failures
to whole network failures Great loss by network failure Higher reliability
+
Cloud Service Requires High Reliable Network
Enterprises zero-tolerance of key data loss
requires DC network with higher stability and
reliability.
Software related failures: 47%,
thereamong, software upgrade/configuration related
failures are 22%, control plane & data plane related
failures are 20%.
Key point: Software related failures account
for 66% of whole network failures.
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 13
VRP APSOCope with challenge with you
Scalability Performance Availability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 14
Availability
Comprehensive security management
High strength password encryption
Aircraft grade black box records
Multidimensional defense system
Fine user authorization management
Protect your network
NSA for multi-scenario reliability
NSR/NSB of full service
NSU for smooth upgrading
NSP for resource leak recovery
Without any service interruption
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 15
A2NSR/NSB for all services
Traditional NSF
Disadvantages: Long blackout period, can not
respond to topology changes
Need neighbors support GR
Unable to respond when
neighbor is busy
Generally, NSR/NSB
just support part of
services
VRP support full-
service NSR/NSB
Disadvantages: If devices need to support
NSR / NSB, deployment
of the services which dont support NSR/NSB will be limited
The services will not be
protected by NSR/NSB, If they
dont support NSR / NSB
So only supporting part of the
service NSR / NSB will
reduce the reliability
TCP-based Protocols
(eg: BGP/L2VPN)
ACK-based Protocols
(eg: OSPF/ISIS)
Soft-state Protocols (eg: VRRP/
MSTP)
Support 3 kinds of
standard service
model
Contrast of NSR-NSF
blackout period
O&M Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 16
A3NSU for smooth upgrading
Customer ChallengeIf the old version is not compatible with the new one, the data can not be synchronized , resulting in non-smooth upgrading and many limits in the version consistency.
Supports online and offline
check on compatibility between
the source and target versions.
Suggests an upgrading mode
Enables the system to run
properly and manage different
software versions.
Support services data backup
between modules of different
versions and format
Support plane isolation between the old
and new versions, preventing incompatible
data from affecting the system.
Support thorough software compatibility
verification, ensuring that the NSU function
is tested and available
VRP provides NSU solution
Perfectly solve software upgrading problem for different versions
O&M Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 17
Installing a lossless patch can reclaim all leaked
resources through NSP. All services are not affected
in the whole process.
A4NSP for resource leak recovery without any service interruption
Installing a traditional patch removes only the bug
itself and cannot reclaim leaked resources because
of a software error. You need to reset the whole
service to reclaim the resources, which leads to a
service interruption.
Reduce the number of cold patches
which effect services.
Install a cold patch to reclaim leaked
resources, which affects services.
Resource Leak
Routing
Module
A software bug leads to
resource leak.
Resource Leak
Routing
Module
Load patch
The bug is
removed, but the
leaked resources
cannot be
reclaimed.
Resource Leak
Routing
Module
A software bug leads
to resource leak.
Resource Leak
Routing
Module
Load patch
The bug is
removed, the
leaked
resources are
reclaimed
through NSP
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 18
O&M Performance Availability Scalability O&M
The objectives and principles of network security
Objectives
Confidentiality
Integrality Availability
Principle
Cost-
effectiveness
Minimum
Authority Multiple
Defenses
VRP security
Security = Sustainability threat analysis+ design + management + deployment + evaluation + enhancement
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 19
O&M Performance Availability Scalability O&M
Comprehensive security management
Safe
ty man
ag
em
en
t
Default safety Dont remotely access without the safety configuration
Access control
Privilege control
Secret protection
Communication safety
Alarm audit
Integrity protection
Minimum service
Three-direction isolation
Safety reinforcement OS reinforcement
Physical isolation Process isolation Path isolation
Minimum service
Dont access without the authentication Flexible authentication mechanism
Privilege control based on task Extended hierarchical control Execution of sensitive operations only by management level
Full ciphertext storage High strength password encryption Irreversible encryption
SSH SNMPV3 SSL
Complete operating / running log
IKE/IPSEC
Aircraft-grade black box records Major events alerts
Check for software package integrity
Don't start idle service Port can be opened and closed
Protocol reinforcement
Comprehensive security management ensures security
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 20
Multidimensional defense system
Malformed packet recognition; Broadcast suppression; L2 loop detection; Slice
flooding suppression; URPF
PHY&MAC Framer of interface
card
The L2 message format check; Flow
classification and TM control
Forw
ard
ing
Pla
ne
Contro
l/Managem
ent
Pla
ne
Protocol stack state/Session firewall
Package flow-classification
Black
List White list
Protocol/HOST
flow control
AAA; AUDIT; SSH; Active ARP; ACL;
NAT/ALG;IPSEC/IKE;SSL; DHCP SNOOPING; GTSM;
Protocol Authentication; KEY CHAIN;
Anti-attacked by malformed packet of protocol;
Route filtering control
OS/Protocol stack safety reinforcement
Ne
two
rk
La
ye
r A
pp
lica
tion
laye
r D
evic
e L
aye
r
Upper &
lower
linkage
Anti-attack by package
from forwarding plane
Management/control/
forwarding plane linkage
Based on state/
session firewall
Answer ARP/ICMP/PPP
in the lower layer
Feature and function
O&M Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 21
High
strength
password
encryption
Running
information
Operation
information
Error
information
Full ciphertext storage: Reduces the plaintext
password leak risk
Irreversible encryption: Ensure that the
password can not be cracked and leaked
Complex password: Avoid simple passwords
being guessed, and fraudulent access
equipment
Use high-end memory or NVRAM
for storage
No influence on system performance
Real time information record
The information is not lost after
system restart
Aircraft-grade
black box records High strength
Password encryption
Fine user authorization
management
Performance Availability Scalability O&M
User or command-based
authorization management
level 3 Management Level
level 2 Configuration Level
level 1 Monitoring Level
level 0 Visiting Level
Task Group 1
Ospf_ task
cmd1 read
cmd 2 write
PPP_task
Task Groupe2 BGP_task
cmd1 read
cmd 2 write
ARP_task
User Group
read write
Level-based authorization
management
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 22
Comprehensive tests and verification
VRP
is safe
Black-box test
White-box test
Testing based on the
threat scenario
Penetration test
The third party test
Nessus system
vulnerability scanning
APPSCAN Web
safety vulnerability scanning
NMAP
port scanning WebScarab
Web safety testing
Xdefend DoS
Protocol robustness testing Codenomicon
Protocol robustness testing
Fortify code safety
static analysis
Coverity
code safety static analysis
testing Verification
Authenticated by Common
Criteria EAL3
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 23
Performance
Full service distribution
Multi-CPU/Multi-chassis
High performance meets
information tsunami challenges.
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 24
VRP software architecture
VRP adopts RDF (Resilient Distributed Framework) greatly enhance the whole system's flexibility, reliability and scalability. VRP can adapt various network service scenarios flexibly.
Resilient Distributed Framework
Flexible scheduling framework
Full-service distribution
DC Network
Metro Network
Campus Network
Core Network
O&M Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 25
VRP V8 OS Architecture Character
Deployment of multi-instances of a
protocol/service in a multi-CPU system,
improving system performance and reliability.
Full service distribution Real-time scheduling policy
Make scheduling process for different services
with different priorities according to pre-defined
policy, improving performance and availability.
Advanced
Architecture
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 26
TRILL Instance1 OSPF Instance1
L2 Basic 1 L3VPN Instance1 Core1
Core2
CoreN
TRILL Instance2 ISIS Instance1
L2 Basic 2 L2VPN Instance1
TRILL InstanceN ISIS InstanceM
L2 Basic N L2VPN InstanceX
TRILL Instance1
.. TRILL InstanceN
OSPF Instance1
L2 Basic 1
L2 Basic N
ISIS Instance1
ISIS InstanceM
L3VPN Instance1
L2VPN Instance1
. L2VPN InstanceX
Parallel computing on multiple cores for one service, significantly
improving service processing performance
Different services on different cores, meeting diversified requirements
for service processing
Independent processes: one process does not affect
another
Modular design: isolates memory space and improves
system reliability
High performance High reliability
Performance Availability Scalability O&M
High Performance and Reliability
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 27
Full-service distributed deployment
VRP supports a fine-grained distributed architecture and processes distributed services by deploying
multi-instances of a protocol/service in a multi-CPU/core system, improving system performance and
reliability.
Service
distribution Scenario
Distribution
mode Advantages
ARP
message
processing
DC,
Campus, Interface
1. Achieve high capacity and
performance of ARP l2-proxy.
2. Enhance system security through
direct l2-proxy of ARP message in
line card
3. Boost speed of ARP l2-proxy,
decrease CPU utility ratio.
VRRP DC,
Campus, Interface
Achieve fast detection and high
reliability through distributed VRRP
processing based Vlanif interface
DHCP Campus, Line card
Effectively enhance the processing
performance of DHCP message
through distributed processing of line
card
L2 Multicast DC,
Campus Port
Meet high capacity requirement of
multicast in DC/ campus network
through distributed processing of Lind
card
O&M Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 28
Scalability
N:1 Virtualization ----CSS
1:N Virtualization ----VS
Flexible, Resilient, and satisfying
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 29
Flexible and resilient scalability
High resilient fabric architecture
High efficient virtualized architecture
Fabric Network
Data explosion Traffic
increase
Low
network
delay
Virtualization technology provides network good scalability
DC network Access Layer Aggregation Layer Core Layer
Virtualized network resource pool Access Layer Aggregation Layer Core Layer
Horizontal
Virtualization
Decentralized autonomous:
Self-organization, flexible scale out
Centralized management
The whole network as one device to manage and control
Performance Availability Scalability O&M
Vertical
Virtualization
Horizontal integration:
Reduce Opexeasy management
Vertical separation
Reduce Capex, service isolation
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 30
N:1 Virtualization-----CSS
Single logical device
Load balance
of link
Loop-free
network
High reliability
Simple O&M The whole network as one device managed simple O&M, decrease Opex
If one device failed ,others can take over
the work of control and forwarding, avoid
single point of failure
Link aggregation across devices. Avoid
loop when connecting CSS to other device
Link ECMP across devices, 100% utility
ratio of network link and bandwidth
Link aggregation
CSS is the first option of virtualization technology for small/middle-scale DC
Flexible connection Support different type of
devices to build CSS
Two types of management channel: in band/out-
of-band
Multiple bandwidth of forwarding channel
10GE/40GE, 100GE in the future
F l e x i b l e C SS a r c h i t e c t u r e
CSS forwarding channel:16 ports aggregation
Single port 40GE of forwarding channel
640GE broadband of CSS interconnection
H i g h s p e e d o f C SS i n t e r c o n n e c t i o n
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 31
CSS: Make network deployment more flexible
Long-distance stack
between cities
Inter-rack/building
stack
Intra-rack
stack
City A City B
Site 1
Site 2
Single hop 80km
Dedicated stack cable or common fibers
for stacking
Single hop distance of 80km(10GE
SFP+) when using fibers for stacking
Applicable to various scenarios
Load balance traffic among links of cluster
members
Prefer local paths for forwarding
Improve bandwidth efficiency
CSS stack capacity Long-distance stack Local forwarding preferentially
2 CE12800 switches in a stack, scalable
to 4 (2013 Q2)
Stacking with line cards interfaces, up to
640Gbps stack bandwidth(16*40GE),
scalable to 1600Gbps(16*100GE,2013Q2)
Up to 16 CE6800 switches in a stack
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 32
CSS: Simplify network topology and
reduce Opex
Traditional networking CSS networking Fewer network nodes are deployed, simplifying
network management.
Master switch synchronizes configuration file to other
member switches, simplifying device operation and
configuration.
Simplify O&M and reduce OPEX
Network topology
NMS
Network topology
Improve bandwidth efficiency and reduce
CAPEX
Ring protection protocols such as MSTP are not
required, and no link needs to be blocked.
100% of bandwidth is used. (Only 50% of bandwidth
is used on an STP network).
Build a highly reliable loop-free network
CSS, iStack, and Eth-Trunk build a loop-free network.
The convergence time is much shorter than STP.
The system is still running when a single device fails.
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 33
1:N Virtualization -----VS
Per VS physical card and interface
allocation
Per VS system resource
specifications
Virtual control and service plane
Virtual forwarding plane
Virtual management plane
Independent configuration,
management, and maintenance
Independent protocol processing
Isolation from other VSs
VS Components System Resource Allocation
Performance Availability Scalability O&M
Multi-core multi-process VRP8
Independent
Configuration
Independent
Management
VS2
Configuration file
BGP ISIS PIM . VLAN STP TRILL
VS 1 VS 2
VS 6 VS 5
VS 3 VS 4
VS 8 VS 7
VS 2
Independent Control &
Forwarding
Independent VS Operation
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 34
VS: Flexible resource allocation
Performance Availability Scalability O&M
ASIC 1
24*40G
ASIC 2
ASIC 3
ASIC 4
ASIC 1
24*40G
ASIC 2
ASIC 3 ASIC 4
VS1 VS3 VS4 VS2
Per port group allocation
A group of ports are allocated to one VS.
The VS exclusively use system service
specifications.
A VS can enable all services.
Per port allocation
Any port can be allocated to any VS.
VSs share system service specifications and
some features can only be enabled in one VS.
Some services (like multicast, MPLS, and
TRILL) can only be enabled in one VS.
Per port group allocation
Per port allocation
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 35
VS: Save TCO for customer efficiently
Integrated
campus and DC core
Integrated
aggregation and core
Integrated
Multi-zone
DC
Campus
Max. 8 virtual switches( VS) in one chassis
VSs Two manners to manage VS: single VS / whole VS
Two modes to allocate physical resource: port / port group
Aggregation
Core
Office Zone
Production
Zone
DMZ
Campus
Core
DC Core
VS
VS Customer Value
Independent management for multi-
users
Reduce Capex & Opex
Service isolation, improve
reliability and security
Independent VS for different department
Less physical nodes required and
maintained, less Capex and Opex
Resource allocation on demand,
enhance device utility ratio
Less space required for devices placement
Different service running on different
VSs
Fault isolation between different VSs
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 36
O&M Efficient end to end O&M
Board forward compatibility
Alarm correlation analysis
Network-level configuring rollback
Interworking with a third party NMS
Efficient O&M reduces the cost
Performance Availability Scalability O&M
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 37
Demand 1: Effective network
configuration management
Difficult fault location
High skill requirements
Massive alarms
IP network fault location
is very difficult .
Demand 2: Fast and accurate
network fault location
Planned Maintenance
Unplanned Event
Human Factors Configuration changes causing outages
1. More than 60% network fault or breakdown
are due to manual configuration fault. Many
of network breakdown are caused by false
configuration modification.
2. Configuring automation is the best way
to solve this crucial problem.
O&M requirement: efficiency improvement
and cost reduction
Improve O&M efficiency is the key to low O&M cost
Demand 3: Fast and automatical
service deployment
There are over 20 thousands IP devices in Huaweis global IT network. The cost of deployment is much high
in phase of network construction. Take campus network
as example: The time of configuration delivery for 274
campus switches will take more than 36 hours.
The key point of fault management is alarm
amounts and locating efficiency.
No false alarm, no unwanted alarm, no
missing alarm
Performance Availability Scalability O&M
High cost for network deployment
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 38
Performance Availability Scalability O&M
Efficient end to end O&M
Network
construction 1
2
3
Services
deployment
Services
maintenance
Plug & play of box device
Free software debugging of chassis equipment
Auto-discovery physical resources
Automatic project acceptance
E2E efficient service deployment
Board reverse compatibility
Auto-verification of QOS
Detecting in service
High valid alarm, accurate fault location
Network-level configuration rollback,
effectively reducing configuration errors
Network O&M accounts for 25% of the total OpEx,
How to enhance efficiency, reduce O&M costs
10%
5%
4%
3% 2% 1%
cost efficiency
80%
80%
End to End efficient O&M
End-to-end O&M improves O&M efficiency and shields IP network complexity, lowers skill
requirements of staff, and reduces the manpower and OPEX.
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 39
Performance Availability Scalability O&M
Interworking with a Third Party NMS
Flexible CLI Interface
Standard SNMP Interface VRP
Powerful Netconf Interface
Interworking with a third party OSS/NMS is a must.
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 40
Contents
VRP Overview
VRP Highlights
1
2
3 VRPs thinking about future network
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 41
Network Virtualization Centralized Control Automatic Configuration Request
SDN/OpenFlow for Cloud Computing
Closed devices and distributed control
can not use advanced IT technology to
reduce cost
Rigid network pipe can not meet the needs of future network for cloud
services when computing/storage
resources are virtualized
Cloud computing needs a large number of
cooperative work, rigid pipe can not meet
the variability and dynamic of cloud computing Challenge
SDN/Openflow
Smartphone OTT
IDC IDC
3rd Party Service SP Service
IP Core Network
Internet of Things
Enterprise mailbox
Cooperative communication
ERP CRM Office suite
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 42
Software Defined Network (SDN) Principles
Centralized control of multi-vendor devicesSDN controller can control any OpenFlow-enabled devices of any vendor. Simplicity and fast development of new featuresProvides a flexible network automation and management framework and API,
deploys automatically new services, and simplifies the complexity.
Improved reliability and securitySDN Controller with the entire network view can effectively implement access control, traffic engineering, Qos, security, and other policies.
More elaborated network controlMulti-tuples-based flow control mode supports multi-tenants and isolates user traffic. Better user experienceResponds to user needs rapidly with open API.
Customer Network Customer Network Customer Network
Network virtualization layer Global physical network
Network OS
OpenFlow
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 43
Controller
OpenFlow
Flow
Table
Secure
Channel
OpenFlow
Protocol
hw
sw
OpenFlow Switch specification
Switch
Port
MAC
src
MAC
dst
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
Rule Action Stats
1.Forward packet to port(s)
2.Encapsulate and forward to controller
3.Drop packet
4.Send to normal processing pipeline
+ mask
Packet + byte counters
Unified cross-layer forwarding
capability
Simplify the forwarding table,
the meaning of forwarding table is
decided by the external controller
Take routing capability out of the
network equipment to improve the
flexibility of the routing (L2-L7)
Make full use of IT technology to
reduce costs and increase coupling
with the services
Decoupling of the software and hardware
Standardize hardware and software
interfaces, hardware and software can
develop independently
The ideal OpenFlow device can perform flow identification, routing, forwarding,
statistics, and label modification.
OpenFlow Principles
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 44
Long-Term Evolution of SDN/OpenFlow
Network hardware and software coupled highly and complexly. It was difficult to decouple; Thousands of complex RFC
formed the industry barriers
SDN/Openflow need to transform the control mode of existing network.
Centralized controller need to further enrich and validate functionalities in terms of compatibility/ service abundance/
reliability / scalability (currently the main controller in industry can only support simple functionalities)
Openflow protocol itself is immature, still in the stage of rapid development
Compatible problem with commercial chip, Forwarding performance / capacity / cost is not satisfied
OF 1.1 : Adds tags/tunnels, multipath, multiple-tables
OF 1.2 : Wire protocol, IPv6, basic configuration, extensible expression
OF 1.3 : Topology discovery, test processes, test suites...
OF 1.4 : Capability discovery, test labs...
OF 2.0: Revised forwarding model...
02/2011 12/2011 4/2012 8/2012 12/2012
Openflow development history
Idea
Standardize
Deployment
May be wait 10 years
IETF SDN vs. ONF SDN
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 45
Controller as an intelligent brain to
centralized control DC network
The whole DC network is virtualized into a switch,
simplifying the O&M, and supporting traffic load balancing.
Supports isolation of one million tenants and flow
optimization policies at the network level.
Supports the auto-discovery between the controller and
other network devices.
Distributed controller architecture ensures high
performance and reliability, and DC services can be delivered
within minutes or seconds.
Open SDN architecture with advanced network traffic
engineering algorithm enables users to develop applications
VRP innovation practice of SDN - DC Network Virtualization
Distributed protection gateway
Virtual multi-tenant network
DC Network centralized controller
large-scale layer 2 network
Layer3 network Cloud
Gateway
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 46
NowVirtual Cluster & Controller FutureSDN
VRP Supporting Smooth Evolution from Virtual clusters
to the SDN pipe OS
Advanced virtualization solution:
IP RAN virtualization: Unique and innovative dual control plane,
supports a variety of access topology, complete services protection
solutions and industry-leading solutions
IP Core virtualization: The first IP Core virtualization solution in
industry help operators to control the global flow of the backbone network
DC network virtualization: innovative L2/L3 full-service bear
architecture, open architecture provides flexible/on-demand DC services
SDN pipe OS:
Network OS Control plane can be achieved through
the server after further concentration, forming a unified
network-level OS
SDN/Openflow Implements flexible programming
and defining of services based on the unified control
plane and forwarding plane. OpenFlow supports
decoupling of the software and hardware and reduces
network costs.
Smooth
evolution
Customer Network Customer Network Customer Network
Network virtualization layer
Global physical network
Network OS
OpenFlow
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
-
HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 47
Thank you
www.huawei.com