Huawei DCN: Five Scenarios for Building a Data Center Network

Today, our focus is not only on Huawei's data center network product line, but also on how to build advanced end-to-end solutions based on them. Let's start with the scenarios, move on to the specific functions supported by the equipment, and end with an overview of specific devices that can form the basis of modern data centers with the highest level of automation of network processes.







No matter how impressive the characteristics of network equipment are, the possibilities of applied architectural solutions based on it are determined by how effective the mutual integration of hardware, software, virtual and other technologies associated with it can be. Trying to keep up with the times, we try to promptly offer our clients modern and promising opportunities, which often outstrip the most daring ideas of other vendors.







Cloud Fabric solutions include a data center network, SDN controller, and other components required for a specific project, including those from other manufacturers.



The first and simplest scenario involves the use of a minimum number of components: the network is built on Huawei hardware and third-party tools to automate network management and monitoring processes. For example, such as Ansible or Microsoft Azure.



The second scenario assumes that the customer is already using virtualization and SDN for data centers, say NSX, and wants to use Huawei equipment as a hardware VTEP (Vitual Tunnel End Point) within the existing VMware solution. The website of this company contains a list ofHuawei equipment that has been tested and can be used as a VTEP. After all, it is no secret to anyone that, no matter how successful the VXLAN (Virtual Extensible LAN) software solutions on virtual switches, hardware implementations are more efficient in terms of performance.



The third scenario is the construction of hosting & computing class systems that include a controller, but are deprived of any higher-level platform with which to integrate. One of the options for implementing this scenario assumes a separate Agile Controller-DCN SDN controller. System administrators can use this architecture to perform day-to-day network management operations. A more advanced version of the third scenario is based on the interaction of the Agile Controller-DCN with VMware vCenter, united by a certain business process, but again without a higher-level administration system.



The fourth scenario is notable - integration with an upstream platform based on OpenStack or our virtualization product FusionSphere. We register many requests for similar architectural solutions, among which OpenStack is the most popular (CentOS, Red Hat, etc.). It all depends on which orchestration and compute resource management platform is used in the data center.



The fifth scenario is completely new. In addition to the well-known hardware switches, it includes a CloudEngine 1800V (CE1800V) distributed virtual switch, which can only be operated with a KVM (Kernel-based Virtual Machine). This architecture involves combining the Agile Controller-DCN with the Kubernetes containerization platform using the CNI plugin. Thus, Huawei is moving along with the whole worldfrom host virtualization to operating system virtualization .







More about containerization



We have previously mentioned the CE1800V virtual switch deployed using the Agile Controller-DCN. In combination with Huawei hardware switches, they form a kind of "hybrid overlay". In the near future, container scripts from Huawei will receive support for NAT and load balancing functions.



A limitation of the architecture is that the CE1800V cannot be used separately from the Agile Controller-DCN. It should also be borne in mind that one PoD of the Kubernetes platform can contain no more than 4 million containers.



The connection to the VXLAN network of the data center occurs via VLAN (Virtual Local Area Network), however, there is an option in which the CE1800V acts as a VTEP with the BGP (Border Gateway Protocol) process. This allows BGP routes to be exchanged with the backbone without the need for separate hardware switches.







Intent-Driven Networks: intent-analyzing networks



Huawei introduced the Intent-Driven Network (IDN) concept back in 2018. Since then, the company has continued to work on networks that allow cloud computing, big data and artificial intelligence to analyze the goals and intentions of users.



Basically, we're talking about moving from automation to autonomy. The intent expressed by the user is returned in the form of recommendations from the web products on how to implement that intent. This functionality is based on the Agile Controller-DCN capabilities that will be added to the product to ensure that the IDN ideology is embodied.



In the future, with the introduction of IDN, it will be possible to deploy network services in one click, which implies the highest degree of automation. The modular architecture of network functions and the ability to combine these functions will allow the administrator to simply specify which services should be made available on a particular network segment.



To achieve this level of controllability, the ZTP (Zero Touch Provisioning) process is essential. Huawei has made significant strides in this, offering the ability to fully deploy the network out of the box.



The further process of installation and deployment necessarily includes a procedure for checking the connectivity between resources (network connectivity) and assessing changes in network performance depending on its operating modes. This stage involves carrying out a simulation before starting actual operation.



The next step is service provisioning and verification performed by the built-in Huawei tools. Then it remains only to control the result.



The entire journey is now complete with a single, comprehensive engine based on the iMaster NCE platform, containing the Agile Controller-DCN and the eSight Element Management System (EMS).







At the moment, the Agile Controller-DCN is able to check the availability of resources and the presence of connections, as well as proactively (after the approval of the administrator) respond to problems in the network. Adding the necessary services is now done manually, but in the future Huawei intends to automate this and other operations, such as deploying servers, configuring networks for storage systems, etc.







Service Chains and Micro-segmentation



The Agile Controller-DCN is capable of handling Net Service Headers (NSH) contained in VXLAN packets. This comes in handy for creating service chains. For example, you intend to send a certain kind of packets along a different route from that offered by the standard routing protocol. Before leaving the network, they must go through some kind of device (firewall, etc.). To do this, it is enough to configure the service chain containing the required rules. Due to such a mechanism, it is possible, for example, to configure security policies, but other areas of its application are also possible.







The diagram clearly shows the operation of RFC-compliant service chains based on NSH, as well as a list of hardware switches that support them.







The capabilities of Huawei's service chain solutions are complemented by micro-segmentation tools - a network security method that isolates security segments down to individual workload elements. Bypassing the Access Control List (ACL) bottleneck, there is no need to manually configure a huge number of ACLs.







Intelligent operation



Moving on to the issue of network operation, one cannot fail to mention another component of the iMaster NCE umbrella brand - the FabricInsight intelligent network analyzer. It provides extensive capabilities for collecting telemetry and information about data flows on the network. Telemetry is collected using gRPC and accumulates data on passed, delayed in the buffer and lost packets. The second large array of information is aggregated by means of ERSPAN (Encapsulated Remote Switch Port Analyzer) and gives an idea of ​​the data flows in the data center. Basically, we are talking about collecting TCP headers and the amount of information transmitted during each TCP session. This can be done using various Huawei devices - a list of them is presented in the diagram.



SNMP and NetStream are also not forgotten, so Huawei is using both old and new mechanisms to move from the black box network to the network we literally know everything about.







AI Fabric: Lossless Smart Grids



The AI ​​Fabric features supported by our hardware are designed to transform Ethernet into a high performance, low latency, packet loss free network. This is necessary to implement the main scenarios for deploying applications in a data center network.







In the diagram above, we see the problems that there is a risk of encountering when operating the network:



  • packet loss;
  • buffer overflow;
  • the problem of optimal network load when using parallel links.




The Huawei equipment implements mechanisms to solve all these problems. For example, at the chip level, the technology of virtual inbound queues is introduced, which at the same time does not allow blocking at the entrance (HOL blocking).



At the protocol level, there is a Dynamic ECN mechanism - dynamic change of the buffer size, as well as Fast CNP - fast sending of packets of messages about a network problem to the source.



Equalizing the rights of Elephant and Mice streams helps support Dynamic Packet Prioritization (DPP) technology, which consists in placing short pieces of data from different streams in a separate high-priority queue. Thus, short packets "survive" better in the environment of long, heavy streams.



Let us clarify that for the above mechanisms to work effectively, they must be supported directly by the equipment.







All of these functions are applied in one of three use cases for Huawei equipment:



  • when building artificial intelligence systems based on distributed applications;
  • when creating distributed data storage systems;
  • when creating systems for high performance computing (HPC).








Ideas embodied in "hardware"



After discussing typical use cases for Huawei solutions and listing their main capabilities, let's go directly to the equipment.



CloudEngine 16800 is a platform that provides work on 400 Gbps interfaces. Its characteristic feature is the presence, along with the CPU, of its own forwarding chip and an artificial intelligence processor, which is necessary to implement the capabilities of the AI ​​Fabric.







The platform is made according to the classic orthogonal architecture with a front to back airflow system and comes with one of three chassis types - 4 (10U), 8 (16U) or 16 (32U) slots.







Several types of line cards can be used in CloudEngine 16800. Among them are both traditional 10-gigabit, and 40-, as well as 100-gigabit, including completely new ones. Cards with 25 and 400 Gbit / s interfaces are planned for release.







As for the ToR (Top of rack) switches, their current models are indicated on the timeline above. Of greatest interest are the new 25 Gigabit models, 100 Gigabit switches with 400 Gigabit uplinks, and high-density 100 Gigabit switches with 96 ports.







The main Huawei switch with a fixed configuration at the moment is CloudEngine 8850. It should be replaced by the 8851 model with 32 100 Gb / s interfaces and eight 400 Gb / s interfaces, as well as with the possibility of splitting them to 50, 100 or 200 Gb / s ...







Another fixed-configuration switch, CloudEngine 6865, remains in Huawei's current product line. It is a well-proven workhorse with 10/25 Gbps access and eight 100 Gbps uplinks. Add, it also supports AI Fabric.











The diagram shows the characteristics of all new switch models, the appearance of which we expect in the coming months, or even weeks. Some delay in their release is due to the situation around the coronavirus. Also, while the issues of sanctions pressure on Huawei remain relevant, however, all these events can only affect the timing of the premieres.



More information about Huawei solutions and their use cases is easy to obtain by signing up for our webinars or by contacting Huawei directly.



***



We remind you that our experts regularly host webinars on Huawei products and the technologies they use. A list of webinars for the coming weeks is available here .



All Articles