Control Tower for Virtualized Data Center Network

(1)

(2)

2013-03-18 Huawei confidential. No spreading without permission. Page 2 of 10

2013-03-18 Huawei confidential. No spreading without permission. Page 3 of 10 As technologies mature and new applications emerge, many enterprises' IT systems have taken a first step towards cloud computing. This step means the use of virtual machine. By virtualizing multiple servers on a physical server, IT systems can gain many benefits and enterprises do not need to purchase large numbers of servers. The virtual machine adds the high availability (HA) feature for data centers, reducing service interruptions and associated complaints. Virtualization technology effectively utilizes powerful hardware and can reduce hardware capability waste by more than 10%.

As shown in the IDC’s 2011 report, 51% of all installed workloads were virtualized in 2010.

IDC forecast that in 2013, 69% of all installed workloads will be virtualized.

As virtual machine technologies rapidly develop, the development of virtual machines is inhibited by current networks having insufficient capability to manage the virtual machines. Virtual machines communicate with each other through virtual switches. In order to manage virtual machines, server administrators must have in-depth network knowledge and network administrators must fully understand server software and hardware. If

administrators do not have sufficient knowledge, when a fault occurs on the virtual machine network it is difficult to identify whether the fault occurs on the physical network or virtual switches. With the wide use of virtual machine migration and resource pool scheduling technologies, destination networks must be ready for virtual machine migration. For example, the configurations and dynamic entries on the destination network must be prepared.

This is the same as an airport; before aircraft can land, the airport must be prepared. A control tower instructs the aircraft whether to land or wait. A "control tower" is also required for a virtualized data center network to instruct the "landing and takeoff" (migration) of virtual machines.

1 Virtual Machine Network Environment Analysis

IEEE 802.1Qbg has defined virtual machine implementation.

9% 14% 22% 33% 42% 51% 59% 65% 69% 0% 10% 20% 30% 40% 50% 60% 70% 80% 2006 2008 2010 2012

(4)

By Using Software By Using Smart NIC By Using Access Switch

Advantages: Products are mature

and all virtual machine platforms support this solution. Common Layer 2 switches can be used as access switches.

Disadvantages: A lot of server

resources are occupied. Network performance is poor and a few network functions are supported. Traffic management is difficult.

Advantages: Network

performance is high. Common Layer 2 switches can be used as access switches.

Disadvantages: Real-time

migration of virtual machines cannot be implemented unless a dedicated NIC is installed. Traffic management is difficult.

Advantages: Network

performance is high. Centralized network management is easy to implement. Traffic control is simple.

Disadvantages: The access

switches must support virtual machine migration.

The software solution is the original one and is easy to implement. Virtual machine platforms such as VMware ESX and Microsoft Hyper-V support this solution. The smart NIC solution is a hardware accelerating solution promoted by NIC vendors, and more and more virtual machine platforms can support this solution. These two solutions have difficulty in controlling traffic. For example, to sample traffic, a virtual machine must be created in the physical server to provide the probe function. The access switch solution provides the highest performance and traffic control capability. However, the access switches must support virtual machine migration. Therefore, this solution is applicable to newly constructed data centers.

The "control tower" must support all these solutions.

2 "Control Tower" Must Have an Overall Picture

of the Network

(5)

2013-03-18 Huawei confidential. No spreading without permission. Page 5 of 10 In this article, Huawei nCenter is used as an example to describe the technologies and implementation of the "control tower" and vCenter is the VM manager.

Virtual machine network management includes virtual resource management and virtual machine migration management. Virtual resource management includes collecting information about physical and virtual resources and managing the topologies. The resources include virtual machines, virtual switches, physical servers, and physical switches.

nCenter uses standard network management protocols to discover TORs and obtains virtual machine information (including the relationships between virtual machines and virtual switches) from vCenter through the open interfaces on vCenter.

TOR uses LLDP or CDP to discover virtual switches and the relationships between virtual switches and TORs. nCenter can create an overall picture for all physical and virtual resources and network topology. The following shows a virtual machine network topology created by nCenter.

Devices 38 and 40 indicate TORs, and the two panes below devices 38 and 40 indicate two physical servers, which contain several virtual switches and virtual machines. The figure clearly shows the physical nodes, virtual nodes, relationships, and topology. This figure is significant for fault location, improves network management efficiency, and reduces operation and management costs.

(6)

3 Virtual Machine Migration Scheduling

In addition to topology management, the "control tower" must be able to manage virtual machine migration. Before and after virtual machines are migrated, the network must be ready.

Each virtual machine should plan network configurations such as QoS and ACL based on the deployed services. A policy template needs to be created on nCenter to help a virtual machine plan the configurations. The policy template manages all parameters used for virtual machine migration.

3.1 Support on Virtual Machine Migration

IEEE 802.1Qbg provides two solutions for virtual machine migration: in-band and out-of-band. In-band management:

The VSI manager is the policy template that manages the virtual station interface configurations. The channel associated signaling (CAS) is defined in 802.1Qbg. CAS includes the Edge Control Protocol (ECP) used to encapsulate VDP, ECP-based VSI Discovery and Configuration Protocol (VDP) used to discover and configure VSI, and optional S-Channel Discovery and Configuration Protocol (CDCP) used to configure, create, and delete S-channels.

The virtual machine creation and deletion messages are sent to TORs using VDP, and TORs obtain network policies from the VSI manager to configure network attributes. The VDP protocol is transmitted over the same link with the virtual machine network, so this mode is called in-band management.

(7)

2013-03-18 Huawei confidential. No spreading without permission. Page 7 of 10 vCenter controls the creation, deletion and migration of virtual machines. vCenter notifies the creation, deletion, and migration messages to nCenter through the open interfaces, and the nCenter issues network policies to network devices.

The in-band management protocols have not yet been released, and virtual machine platform vendors have not yet launched products that support this solution. Protocols do not define the interfaces connected to vCenter. The VSI manager provides interfaces based on the virtual machine platforms. Therefore, the in-band management mode is difficult to implement.

In out-of-band management mode, all virtual machine platforms provide open interfaces. nCenter adapts to the virtual machine platforms based on the open interfaces. This mode is open and collaborative.

The out-of-band mode does not require that the virtual platforms support 802.11Qbg VDP. Instead, nCenter can use the open interfaces provided by the virtual machine platforms to discover virtual machines.

Huawei nCenter uses the out-of-band mode. It supports virtual machine platforms such as VMware, Citrix Xen, and Microsoft Hyper-V.

3.2 Efficient Scheduling

nCenter can use commands, SNMP, or NetConf to issue policies to network devices. In prototype test, only 10-20 virtual machines can go online every second. When RADIUS protocol is used, 200 virtual machines can go online every second. How many virtual machines can be supported?

Assume that there are N physical servers, among which 50% are busy. Each server needs to migrate four (tested data, limited by bandwidth and CPU capability) virtual machines to other servers, and migration of each virtual machine requires 180 seconds. The number of virtual machines migrated every second is N/2 x 4/180. If there are 10,000 physical servers, the number of virtual machines migrated every second is 111 (10000/2 x 4/180).

The processing performance of 200 virtual machines can support cloud computing for 18,000 (200 x 180/4 x 2) physical servers.

(8)

3.3 Migration Process

During virtual machine migration, nCenter is responsible for migrating network policies. It works with vCenter to ensure that the migration process is on schedule, accurate, and automated.

The following figure shows the virtual machine migration process.

Before the migration: The virtual machine Purple needs to be migrated to server 10.137.59.52.

(1) vCenter initiates the virtual machine migration. (2) The virtual machine migration starts.

(9)

2013-03-18 Huawei confidential. No spreading without permission. Page 9 of 10 (3) vCenter notifies nCenter that the migration starts through the open interface.

(4) nCenter notifies the destination TOR that the virtual machine has gone online. The online information includes the virtual machine ID, MAC address, VLAN, and policy template ID.

(5) The destination TOR uses the RADIUS protocol to request policies (such as ACL, QoS, DHCP, and snooping binding table) from nCenter.

(6) The internal RADIUS server on nCenter responds to the TOR's request and issues the policy to the TOR. The TOR then resolves the policy and configures data forwarding.

(7) vCenter notifies nCenter that the migration is complete through the open interface. (8) nCenter notifies the source TOR that the virtual machine has gone offline.

(9) The source TOR deletes the local policy and requests the RADIUS server to update user status through the RADIUS notification interface.

(10)

4 Huawei Virtual Awareness Solution Summary

nCenter is the core of the solution. It is compatible with various vCenters and issues static configurations and dynamic entries to access switches, thus fully supporting the virtual network environment. The open and high efficient nCenter supports virtual machine migration on the cloud.

Let's review the cooperation between network and virtual machines mentioned above.

Management interface: The system administrator only needs to manage servers and virtual machines, and the network administrator only needs to manage the network attributes of virtual switches, physical switches, and virtual machines. The management interface is clear.

Visual operation and management: nCenter provides a topology map for all virtual machines, virtual switches, physical servers, and physical switches, facilitating fault location.

Virtual awareness: nCenter can be aware of the creation and migration of virtual machines and take actions. It allows fast service launching and is compatible with virtual machine platforms and servers.

5 Conclusion

Huawei virtual awareness solution escorts virtual machine application, promotes virtual machine application in data centers, reduces IT system costs and improves IT system efficiency. In the future, Huawei will establish a completely virtual, automated, and high-efficient cloud computing system, and support various large-capacity service

Control Tower for Virtualized Data Center Network

Contents

1 Virtual Machine Network Environment Analysis ...3

2 "Control Tower" Must Have an Overall Picture of the Network ...4

3 Virtual Machine Migration Scheduling ...6

4 Huawei Virtual Awareness Solution Summary ... 10

1 Virtual Machine Network Environment Analysis

2 "Control Tower" Must Have an Overall Picture

of the Network

3 Virtual Machine Migration Scheduling

3.1

Support on Virtual Machine Migration

3.2

Efficient Scheduling

3.3

Migration Process

4 Huawei Virtual Awareness Solution Summary

5 Conclusion