To understand the Huawei Enterprise ADN , it is helpful to first take a quick tour of the challenges corporate networks face today.
There is no doubt that digital transformation will not bypass any large organization. And this process is unthinkable without a worthy infrastructure support. To meet the demands of digitalization, the corporate network must be reliable, flexible and scalable.
Such a network has two main parts - an access network and a core network. In the above diagram, to the left of the regional equipment location is just the same access network designed to provide connection to corporate campuses, branches, external structures, IoT environments, etc. On the right, interregional and "inter-cloud" connections are displayed.
Although the architecture is fundamentally the simplest, in practice, as a rule, you have to deal with a huge heterogeneous network based on equipment from different vendors. Its operating and maintenance costs are sometimes significantly higher than purchasing it. Here are four major aggravating factors that make life difficult for the designers and administrators of modern corpus networks.
I. Network silos, which disconnect services from the network infrastructure, create confusion with too many network tasks, the configuration of the network itself becomes overcomplicated, and O&M loses efficiency.
II. A high degree of network heterogeneity, with their motley
equipment park . This leads to many difficulties, including the dependence of the successful operation of the infrastructure on the experience of individual experts, long problem-solving cycles, ineffective checks, and errors caused by the need to perform a large part of operations manually.
III. Separation of business-level services and network infrastructure.As a result, the full functioning of NaaS (Network as a Service) is impossible, either in a separate zone or between zones of the network. Amidst a flurry of countless network activity metrics, alerts, and logs, the administrator is unable to guarantee that the services will work flawlessly at any given time.
IV. Lack of end-to-end network visualization and tools for its comprehensive analysis. It is the real scourge of those who build and operate networks. Malfunctions are depressingly often revealed directly during the operation of services, users have time to encounter them, since they cannot be quickly detected and eliminated.
To meet these challenges, Huawei has created an autonomous driving network (ADN) solution called the iMaster NCE. It contains the functionality of a "digital twin", end-to-end analysis of intentions (we have already written about the concept of intent-driven network in more detail on Habré ), as well as the technology of intelligent decision making.
- The intent-driven principle. Throughout the life of a network, those who manage it can use simple WYSIWYG tools to keep the network under control.
- Intelligent decision making. The system makes it easier for a person to choose optimal solutions. For example, at the stage of service deployment, it is able to "prompt" suitable network settings and configurations, and when analyzing problems, it makes it possible to quickly find the root cause of the problem and itself suggests steps to eliminate it.
- " Digital twin ". The iMaster NCE includes a multi-tier modeling and management KPI infrastructure based on big data that operates with “virtual snapshots” of any physical devices in the network. In this case, the solution performs bi-directional mapping between the network and its "twin".
With the help of ADN, five important transformations are thus possible.
- «», , , , , . iMaster NCE .
- , , , . , O&M- .
- . , , , .
- «» . — , , — .
- Replace work based on the human factor, mainly on the experience of experts, using a model where decision-making with the help of "smart" technologies prevails, including in network design, monitoring, analysis and optimization of network interactions
The main thing in the intent-driven analysis model is the transfer of user business requests to the network layer. The process has three significant components.
- Formation of an abstract model of intentions (intent abstraction). In corporate networks, most of the intent relates to interactions between users, endpoints, and applications. As a consequence, a model is needed that will generalize their requirements throughout the entire life cycle of the network and ensure their customization based on a scenario approach.
- (intent conversion). - . .
- «» , , , , ., «», (solver), .
- - « ». , «» , .
- . . :
- ;
- - ;
- (SDN, OVS .);
- , .
Let's turn to modeling what is happening in the network, to what scenarios it is designed for and due to which, using it, it becomes much easier to build networks with maintaining a guaranteed level of service (SLA).
In essence, we simulate the network configuration, resources and forwarding system to create a virtual network that will reflect the characteristics and specifics of the operation of the original, real network.
When working with a virtual network, we use formal proof - a mathematical method that allows us to verify if the network meets the SLA criteria, such as stable network connectivity, continuous routing, properly configured forwarding, policy consistency, latency and acceptable packet loss levels, etc. etc.
Let's take a quick look at the basic scenarios for using the method.
- Comprehensive end-to-end intent modeling proactively validates the solution to ensure that new intentions do not disrupt the processes that are already taking place on the network.
- After the implementation of the intention in the corporate network, it is checked whether it is functioning as expected, and the risks of all kinds of excesses are monitored - before they have time to affect the operation of services.
- The behavior of the virtual network is checked in scenarios involving one zone, in inter-zone, in hybrid (using cloud resources, etc.), and again it can be completely isolated from the main corporate network in automatic mode.
In short, network analysis is performed in this sequence.
- Based on the existing network topology and information about network elements, a control model of the virtual network is built.
- A simulation configuration is used to generate a virtual network forwarding system.
- A formal proof method is used to model the behavior of the network in all aspects, such as: configuration, resource allocation, routing.
- The platform algorithmically suggests recommendations for making changes to the network.
After all these steps are taken, the previously mentioned intelligent active monitoring technology comes into play. It is designed to digitalize the entire network infrastructure in such a way as to make possible the integrated management of its operation, support, optimization and further design.
A couple of examples of how this works. Let's say a signal comes from some business unit of the company that they have lost access to the application. The iMaster NCE platform, primarily through dynamic network topology modeling, makes it easy to query and visualize all metrics related to an application. Also, thanks to the routing navigator, it is convenient to trace at all levels of the network where and where the traffic was going, according to the end-to-end principle - right up to a specific physical device, such as a smartphone (it checks the reach of sections and network elements, loops and black holes of routing etc.). In turn, thanks to the complex visualization of the work of analytical tools, you can quickly check whether the entries for specific devices in the routing tables are in order,as well as monitor notifications, logs and records of configuration changes. And with the help of a solution recommended by the RunBook service (of course, the administrator is free to choose to do as he sees fit), if necessary, the operability of the network components and services is quickly restored and malfunctions in it are eliminated.
Another scenario is to check the status of the network. For this, a model is used with five levels of control, each of which tracks its own slice of the infrastructure:
- Is the equipment functioning stable - are the boards, fans, power supplies, processors, memory, etc .;
- whether there are any problems in the connections between the physical devices entering the network, including whether the port statuses and traffic are normal, the length of the queues and the optical attenuation coefficient, whether the percentage of "broken" packets is too high, etc .;
- whether M-LAG aggregation, routing via OSPF, BGP, etc work;
- is everything good with the imposed network infrastructure, including the current statuses of BD, VNI, VRF, EVPN and SRV6;
- whether redirection is carried out regularly at the service level, and in particular what are the settings for the TCP connection.
There are two technologies at the heart of a smart monitoring service. The first is the previously mentioned "digital twin" system, which relies on virtual modeling of the network situation in real time using big data, which allows you to easily track cause-effect relationships and find sources of difficulty. Critical to implementing this mechanic is having a single model to replicate the lifecycle of the enterprise network.
The second is a set of front-end and back-end solutions used to build a high-precision map of network activity, which is built on the basis of the “digital twin” concept. The front-end part includes smart search, multi-level granularity of analytical summaries, routing navigation, an integrated data visualization system, etc. The backend is primarily an engine for dynamically reproducing network topology and a system for flexible import of third-party network models.
The work of smart monitoring is supported by the use of an intelligent network analysis method based on knowledge graphs.
Through modeling, abstract descriptions of network elements can be translated into concrete queries in the object model plane.
Using telemetry, network KPIs, traffic flows at the service level, configuration information, and network event logs are monitored - and based on this information, machine learning algorithms capture deviations from the norm on the fly and correlate them with the data of the object model.
Also, the iMaster NCE platform provides an environment for safely working out the potential consequences of all kinds of failures: problems that have occurred in other real-life networks are “run in” in the simulation of this particular network. Thus, resorting to the combined experience of experts who previously managed to cope with certain abnormal network situations, we train ML-models so that they further more effectively help to overcome excesses - including identifying patterns of new problems and thereby multiplying the overall knowledge available to all those companies using the iMaster NCE.
The previously listed technologies enable the network administrator to quickly detect problems. However, intellectual analysis is not enough - it is important to help a person make the most effective decisions to overcome them, which is the very essence of ADN: now such decisions are developed and implemented with the direct help of AI.
Collecting intentions and analyzing data on what is happening in the network on the fly, making decisions, implementing them and analyzing the consequences of their adoption form a closed loop that makes smart decision-making possible. Four factors are key to the effectiveness of this model of work.
- , : , on-premise cloud- ML-, iMaster NCE.
- . .
- . , , .
- . .
***
Huawei engineers continue to improve ADN solutions to increase the degree of "self-sufficiency" of the network infrastructure and its ability to "self-heal", and we will certainly write about new developments in this direction. And you can get acquainted with the solution of iMaster NCE-Fabric live in our demo cloud with the help of Huawei presale engineers.