huawei cloud fabric and vmware collaboration innovation ... · pdf filehuawei cloud fabric and...

Huawei Cloud Fabric and VMware Collaboration—Innovation Solution in Data Centers

1

VMware Data Center and Cloud Computing Solution Components

Extend virtual computing to all applications

vSphere

Virtualize networks to improve speed and

efficiency

vCNS/NSX

Transform storage networks to meet application

requirements

Virtual SAN

Managementtools replaced by automation

Cloud computing automation

Cloud computing operation

Cloud computing servicesvCloud® Suite

2

Huawei Cloud Fabric and VMware Converged Resource Pool Solutions

Huawei Unicloud Converged Resource Pool Solution

Compute & Network Collaboration Resource Pool Solution

ManageOne

VXLAN NetworkLB

Firewall

Spine

ToR

FusionCompute

Hypervisor

OVS(VLAN)

VM VM VM

VTEP VTEP VTEP VTEP

AC Web Portal

&Orchestration

VMMWeb Portal

&Orchestration

Physical Server

(Oracle DB )VLAN Network

VTEP

VXLAN NetworkLB

Firewall

Spine

ToR

vCenter

Hyper-V

vSwitch(VLAN)

VM VM VM

VTEP VTEP VTEP VTEP

AC Web Portal

&Orchestration

VMMWeb Portal

&Orchestration

Microsoft

Windows

vSphere

vSphere Distributed Switch

(VDS-VLAN)

vSphere

VM VM VM


(VDS-VLAN)

VM VM VM

VTEP

Physical Server


vCenter

vSphere

VM VM VM


(VDS-VLAN)

Hypervisor

OVS(VLAN)

VM VM VM

3

VMware Cloud Data Center & Huawei Joint Solution

vSphere

NSX OVS(VXLAN)

VM VM VM

vSphere

NSX OVS(VXLAN)

VM VM VM

Hypervisor

vSwitch(VLAN)

VM VM VM

Third-partyVirtualization

VTEP VTEP

VTEP

HuaweiCloudEngine

Switch

vRealize Automation

NSX

VMMWeb Portal

&Orchestration

NSX Web Portal

&Orchestration

vCenter

NSX Edge

VLAN NetworkPhysical Server(Oracle DB)

OVSDB

VXLAN Network

4

Solution 1: Huawei Unicloud Converged Resource Pool Solution–– Overview

Huawei Unicloud Converged Resource Pool Solution Unified management of a converged resource pool• Unified management of virtual and physical resources • Multi-vendor device management • Unified monitoring

FusionSphere Cloud Platform• Standard OpenStack interface

Use APIs originating from the OpenStack community; quickly synchronize with latest version released on the OpenStack community.

• Support for third-party systems and devices Compatible with the OpenStack ecosystem; supports heterogeneous hypervisor platforms and hardware devices.

• Hardening for commercial use, OpenStack enhancement Easy deployment, easy O&M, high reliability, security hardening, automation, scalability

SDN-based hardware overlay network• Automated network deployment

Open controller architecture, automated service orchestration and collaboration with VMM, high reliability and scalability of controller

• Elastic, reliable network Ability to evolve to 40G/100G network, network virtualization, path optimization

• Refined network O&MVisible: What you see is what you get; measurable packet loss ratio, latency, jitter; operability

Virtual and physical resource pool convergence• Support for KVM, VMware, and Xen virtualization platforms • Automated provisioning of bare metal servers • Physical server connection with L2 bridges • Automated resource pool management and resource sharing

ManageOne

VXLAN NetworkLB

Firewall

Spine

ToR

FusionCompute

Hypervisor

OVS(VLAN)

VM VM VM

VTEP VTEP VTEP VTEP

AC Web Portal

&Orchestration

VMMWeb Portal

&Orchestration

Physical Server


VTEP

vCenter

vSphere

VM VM VM


(VDS-VLAN)

Hypervisor

OVS(VLAN)

VM VM VM

5

Solution 1: Huawei Unicloud Converged Resource Pool Solution –– Service Provisioning

Step 1: Provision network resources.

• A Tenant Administrator creates a logical network on the service provisioning UI of the cloud platform.

• The Agile Controller interoperates with vCenter using Java interface to complete local network provisioning on VMware VDS.

Step 2: Provision compute resources.

• The Tenant Administrator provisions compute resources (bring VMs online/offline, migrate VMs), and binds VMs to the logical network on the cloud platform.

• Nova-Scheduler works with vCenterDriver to set up an independent resource pool with the vSphere cluster managed by vCenter. Nova-Scheduler does not select hosts in the vSphere cluster. vCenter schedules ESXi hosts based on dynamic entitlements and resource allocation settings, and provides LB and Dynamic Resource Scheduling (DRS) functions automatically.

vCenterHost Agent

Web Portal/App Portal

HYP

ER

VIS

OR Internal

Port

UplinkPort

vSphereVSS/VDS

PortGroup

VM

VTEP VTEP

Nova Neutron

VM

VM

vCenter

VXLAN Network

Service provisioning

6

Solution 1: Huawei Unicloud Converged Resource Pool Solution –– Traffic Model

Types of traffic on a hardware VXLAN network

• Depending on traffic flow direction, traffic in a DCN is classified into east-west traffic (intra-DC communication) and north-south traffic (communication with external networks).

• Depending on transmission scope, traffic is classified into four types: 1. intra-subnet traffic within a tenant network; 2. inter-subnet traffic within a tenant network; 3. inter-tenant traffic; 4. traffic from outside DC.

Traffic transmission paths

• 1) Intra-subnet traffic within a tenant network is transmitted within a VXLAN L2 broadcast domain, and therefore is forwarded at L2.

• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall.

• 3) Inter-tenant traffic needs to be forwarded by a VXLAN L3 gateway and processed by a firewall for secure isolation.

• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and ToR switch.

Leaf

Egress Router

Spine

VXLAN Gateway

LBFW

Internet/WAN

VTEPVTEP VTEP VTEP

vSwitch vSwitch

Tenant 1192.168.1.10/24

Tenant 1192.168.2.30/24

Tenant 2192.168.10.10/24

Physical Server

vSwitch

Tenant 1192.168.1.20/24

Virtualized Server Virtualized ServerVirtualized Server

1234

VTEP

7

Success Story: XX Bank of China’s SDN Private Cloud

Solution

• The infrastructure uses a spine-leaf architecture, and the overlay network is a VXLAN-based large L2 network, with VTEPs deployed on leaf switches.

• The network uses centralized VXLAN L3 gateway deployment. More gateway groups can be deployed to support service expansion.

• Hardware FWs are used for north-south traffic, deployed in inline or bypass mode (inline routed mode recommended).

• The network controller works with an OpenStack cloud platform to automate network service deployment.

Benefits

• Hardware overlay networking ensures microsecond-level latency and jitter. Stacking and all-active gateway deployment provide high network performance and reliability.

• Centralized gateway deployment suits O&M models of traditional data center networks.

• Network resource sharing and automated service deployment improve the efficiency of application deployment.

• Multi-vendor virtualization platforms are converged to enable unified management of compute resource pool.

POD 1

Spine

Physical Server

VXLAN

Inter-POD Core Switches

Service NodeLeaf

Controller

VDS VSD VDS OVS OVS

VMVMVM

VMVMVM

VMVMVM

VMVMVM

VMVMVM

VMVMVM

OVS

KVMVMware Bare Metal Server

L3 GW, FW, LB

8

Centralized management of network resource pool• Virtual and physical network resource polling, unified management,

and on-demand allocation • Application-based network service orchestration, drag-and-drop

provisioning, what you see is what you get • Unified network monitoring and management, application, logical,

and physical networks mutually visible

Compute and network collaboration• Compute and network resources cannot be managed by a unified

cloud platform in a short period. • Compute administrators create compute and storage resource pools

on the VMM, without affecting running services. • The Agile Controller creates a virtual network and is interoperable

with multiple virtualization and physical host management platforms. It supports unified provisioning of physical and virtual networks and enables network policies to be migrated with VMs.

SDN-based hardware overlay network• Automated network deployment

Open controller architecture, automated service orchestration and collaboration with VMM, high reliability and scalability of controller

• Elastic, reliable network Ability to evolve to 40G/100G network, network virtualization, path optimization

• Refined network O&MVisible: What you see is what you get; measurable packet loss ratio, latency, jitter; operability

Virtual and physical resource pool convergence• Support for VMware and Hyper-V virtualization platforms.• Physical server connection with L2 bridges • Interoperable with traditional networks, allowing for future network

convergence• Automated resource pool management and resource sharing

Solution 2: Compute & Network Collaboration Resource Pool Solution –– Overview


VXLAN NetworkLB

Firewall

Spine

ToR

vCenter

Hyper-V

vSwitch(VLAN)

VM VM VM

VTEP VTEP VTEP VTEP

AC Web Portal

&Orchestration

VMMWeb Portal

&Orchestration

Microsoft

Windows

vSphere


(VDS-VLAN)

vSphere

VM VM VM


(VDS-VLAN)

VM VM VM

VTEP

Physical Server


9

Solution 2: Compute & Network Collaboration Resource Pool Solution –– Service Provisioning

Step 1: Provision network resources.

• A Network Administrator creates a logical network on the network provisioning UI of the Agile Controller.

• The Agile Controller interoperates with vCenter using SOAP interface to complete local network provisioning on VMware VDS.

Step 2: Provision compute resources.

• A System Administrator provisions compute resources (bring VMs online/offline, migrate VMs), and binds VMs to the logical network on vCenter.

• The Agile Controller interoperates with vCenter using SOAP interface to detect VM login/logout/migration events and dynamically delivers configuration to network devices based on VM locations.

• T h e N e t w o r k A d m i n i s t r a t o r i s u n a w a r e o f t h e S y s t e m Administrator’s operations on VMs.

Service Provisioning

vCenterHost Agent

HYP

ER

VIS

OR Internal

Port

UplinkPort

vSphereVSS/VDS

PortGroup

VM

VTEP VTEP

VM

VM

vCenter

VXLAN Network

Web Portal/App Portal Web Portal/App Portal

Network AdministratorSystem Administrator

10

Solution 2: Compute & Network Collaboration Resource Pool Solution –– Traffic Model

Types of traffic on a hardware VXLAN network





• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall.


• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and ToR switch.

Leaf

Egress Router

Spine

VXLAN Gateway

LBFW

Internet/WAN

VTEPVTEP VTEP VTEP

vSwitch vSwitch

Tenant 1192.168.1.10/24

Tenant 1192.168.2.30/24

Tenant 2192.168.10.10/24

Physical Server

vSwitch

Tenant 1192.168.1.20/24

Virtualized Server Virtualized ServerVirtualized Server

1234

VTEP

11

Success Story: A Large Nordic ISP’s DC SDN Solution

Solution

• The customer is the largest IT services provider in Nor ther n Europe and provides multi-tenant and hosting services on a public cloud.

• The Agile Controller works with a cloud platform to complete service provisioning automatically.

• Tenants apply for cloud services on the self-service portal page, without intervention by Administrators.

• The fabric network is deployed using VXLAN technology.

• Agile Controller implements tenant isolation and controls tenants’ access to branches and Internet.

Benefits

• Simplified O&M: Services of tenants can be provisioned automatically based on requirements of tenants.• Openness and scalability: The service is compatible with the customer’s service platform.• Flexible deployment: As the customer’s network and IT departments have not been converged, network automation can be implemented first, and

network and compute resource convergence can be implemented later.• Resource convergence: Physical servers and virtualization platforms VMware vSphere and Microsoft Hyper-V can be used to set up a compute

resource pool.

ComputeAdministrator

Tenant Administrator

Create VM

Get LLDP informationConfiguration GW/FW policy

Hypervisor

vSwitch

VM VM VM

Hypervisor

vSwitch

VM VM VM

Hypervisor

vSwitch

VM VM VM

Create network

Portgroup Push

VM login/logout

1

6

4

5

8

0 7Network

Administrator

Select Host7

Create Tenant2

vtep vtep

Create VDS，Add Hosts to VDC

9 ConfigurationVLAN -VxLAN mapping

LLDP

vCenterSystemCenter

VXLAN

vtep

12

Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Overview

VMware vRealize cloud management platform

• Reuse the existing infrastructure, management tools, and management experience.

• Automatic deployment in various environments reduces development cost.

NSX-based software overlay network

VMware NSX is a transformative system that realizes the full potential of software-defined data centers by creating and operating a network on existing hardware devices.• Agility and simplified O&M model

NSX can be deployed on the physical infrastructure without interrupting running services. Similar to server virtualization, NSX virtualizes a physical network into a transmission resource pool and uses the policy-driven model to provide network and security services.

• Advanced network connection and security service platformTraditional networks cannot change quickly to adapt to changes in data center services and are subject to configuration mistakes. NSX can configure virtual networks dynamically and automatically, enabling you to add virtual and physical services flexibly based on your service requirements.

Huawei and VMware Joint Solution

• CloudEngine data center switches use open software architecture and provide programmability using container technology.

• With a plug-in installed, CloudEngine data center switches can interoperate with NSX to enable communication between physical and virtual servers, and between VXLAN and traditional networks.

• CloudEngine switches ensure access layer reliability using stacking and M-LAG technologies.

• NSX centrally manages the overlay network and can connect to multi-vendor VAS devices to provide L4-L7 services.

High-performance VXLAN GW

• Interconnection between VXLAN and

• non-VXLAN networks• High-performance

communication between servers

Flexible service deployment

• Flexible VM migration, automatic network resource scheduling for migrated VMs

• Unified VXLAN topology view


vSphere

NSX OVS(VXLAN)

VM VM VM

vSphere

NSX OVS(VXLAN)

VM VM VM

Hypervisor

vSwitch(VLAN)

VM VM VM

3rd-party Virtualization

VTEP VTEP

VTEP

HUAWEICloudEngine

Switch

vRealize Automation

NSX

VMMWeb Portal

&Orchestration

NSX Web Portal

&Orchestration

vCenter

NSX Edge

VLAN NetworkPhysical Server(Oracle DB)

OVSDB

VXLAN Network

13

Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Interoperation

NSX and CloudEngine switch interoperation framework Open architecture of Huawei CloudEngine switches

NSX Controller Cluster

Monitor OVSDB information, translate it into configuration, and write configuration to switches:• Gateway activate/de-

activate configuration• VXLAN configuration.

Monitor device information and write it into OVSDB server:• Physical_Switch Table• Physical_Port Table• Ucast_Macs_Local Table

OVSDB (Extension)

TCP/SSL

Linux OS

VRP Platform

Virtualization (VM/LXC etc.)

CloudEngine Switch NETCONF

NSX-OVSDB-App

OVSDB-SERVER

OVSDB-Client Read

OVSDB-Client Write

VXLAN L2 GW (VTEP)

• Support containers and multiple virtualization technologies, allowing for integration with third-party applications.

• Provide various open APIs to enable programmability, automation, and visualization.

• Elastic: Triples industry average switching capacity to support 10 years of business development.

• Virtualized: Industry’s highest 1:16 virtualization capability improves ICT resource utilization.

• Agile: Full openness accelerates cloud service innovation.• High quality: High-value services deliver high-quality experience.

Open APIOVSDB (NSX) OpenFlow (Vyatta) Puppet Agent

Virtualization (VM/LXC etc.)Forwarding plane

Network OS (Linux compatible)

…

14

Solution 3: VMware Cloud Data Center & Huawei Joint Solution–– Traffic Model

Types of traffic on a hybrid VXLAN network





• 2) Inter-subnet traffic within a tenant network is transmitted across VXLAN L2 broadcast domains. It needs to be forwarded by a VXLAN gateway but does not need to pass through a firewall. NSX OVS provides VXLAN L3 gateway function and allows VMs on different hosts to communicate directly.


• 4) Traffic from outside DC needs to be forwarded to a tenant server through IPS/FW, LB, VXLAN gateway, and VTEPs.

1234

VXLAN Domain

NSX OVS

OVSDB

NSX OVS

VM

VM

VM

VM

VM

VM

VM

VM

VM

NSX OVS

Non-VXLAN Domain

ToR SwitchVXLAN L2 GW

Spine

ToRSwitch

ToR Switch

VXLAN L3 GW

NSX EdgeRouter

NSX EdgeHW -VTEP

VXLAN L3 GW

NSX

Node MAC IP VNI

Server-1 MAC –

Server1 10.1.1.11 5000

Server-2 MAC –

Server2 10.1.2.11 5001

Node MAC IP VNI VM3 MAC –VM3 10.1.2.10 5001VM1 MAC –VM1 10.1.1.10 5000

15

Success Story: XX Carrier’s Public Cloud Project

Solution

• The customer is a Tier-1 carrier in Europe and built multiple data centers over the same physical network architecture to provide public and rack renting/hosting services.

• I n t h e N S X o v e r l a y a r e a , t h e N S X c o n t r o l l e r m a n a g e s C l o u d E n g i n e switches and enables communication between traditional hosting services and VM services.

• T h e O p e n S t a c k o v e r l a y a r e a u s e s H u a w e i’s h a rd w a r e o v e r l a y S D N solution, in which the Agile Controller i m p l e m e n t s a u t o m a t i c s e r v i c e provisioning.

NSX vSw

SDN Controller 2

NSX OverlayColocation/Hosting

TI Network

Spine

Leaf

VXLAN

Neutron Overlay 1

vSwitch

VM VM

Neutron Overlay 2

VXLAN Fabric

SDN Controller 1

Service Area

OpenStack Release Kilo

Vanilla Distribution

VTEPVTEPVTEPVTEPVTEPVTEP

VLAN VLAN VLANVLAN VLANVLAN

VXLAN Fabric

vSwitch

VM VMVM VM

VTEPNSX vSw

VM VM

VTEP

NSX API

NSX Manager

NSX Controller Cluster

Benefits

• The VMware NSX and multiple OpenStack cloud platforms are deployed on the same fabric network. Both hardware and software overlay networks are deployed.

• The NSX-based software overlay solution provides unified management of virtual and physical networks. NSX manages PaloAlto and Fortinet firewalls to provide high-level security protection (micro-segmentation) for east-west traffic.

• The hardware overlay solution incorporates OpenStack and hosting services, and implements automated provisioning of physical and virtual networks.

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.

Trademark Notice

General Disclaimer

, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

huawei cloud fabric and vmware collaboration innovation ... · pdf filehuawei cloud fabric and...

Documents