Multi-tenant cloud computing Overlay network (1)

Cloud computing has become the conventional form of enterprise IT construction, and virtualization widely adopted and deployed in cloud computing has almost become a basic technical model.

The extensive deployment of server virtualization technology greatly increases the computing density of the data center. Moreover, because the virtual machine itself is not subject to the constraints of the physical computing environment, it is required to change its business flexibility, you need to migrate the VM to the physical location of the target without restrictions in the network. (1) The rapid growth of VM and the migration of VM into a common business.

Figure 1 rapid growth of virtualization and intensive migration Effect

1. Challenges and innovations in cloud computing virtual networks

In the cloud, the high-density growth and flexible migration of virtual computing load put pressure on the network to a certain extent. However, the current scale and migration of virtual machines are subject to physical network capacity constraints, the service load in the cloud cannot be separated from the physical network.

Virtual Machine migration scope is limited by network architecture

Due to the network attribute requirements of Virtual Machine migration, it is required to migrate from one physical machine to another. If the Virtual Machine needs uninterrupted services, the parameter dimensions such as its IP address and MAC address remain unchanged, in this case, the service network must be a L2 network, and the network itself must have multi-path and multi-link redundancy and reliability. The traditional network generation Tree (STPSpaning Tree Protocol) technology is not only cumbersome to deploy, but also complex to implement protocols. The network size should not be too large, which limits the network scalability of virtualization. Based on the equipment-level (network N: 1) virtualization technology such as the IRF/vPC proprietary of various manufacturers, although it can simplify the topology and provide high reliability, however, there are mandatory topology limitations on the network, which are insufficient in terms of the network size and flexibility. It is only suitable for small-scale network construction and is generally applicable to the internal network of the data center. The TRILL, SPB, FabricPath, VPLS, and other technologies for large-scale network expansion solve the shortcomings of the above technologies, but they have special requirements on the network, that is to say, all devices in the network must upgrade hardware and software to support such new technologies, resulting in an increase in deployment costs.

Virtual Machine scale is limited by network specifications

In a large L2 network environment, data streams must be addressed through a clear network to ensure accurate arrival to the destination. Therefore, the size of the L2 Address Table (that is, the MAC address table) of the network device ), this limit determines the size of virtual machines in the cloud computing environment. Because the table items are not effective, the number of available virtual machines is further reduced, especially for low-cost access devices, because its table items are generally small in size, the number of virtual machines in the entire cloud computing data center is limited. However, if the address table items are designed to be of the same level as the core or gateway devices, this will increase network construction costs. Although the MAC and ARP specifications of core or gateway devices face challenges as virtual machines Grow, large specifications are inevitable service support requirements for the capabilities of such devices. To reduce the pressure on access device specifications, you can separate the gateway capabilities. For example, multiple gateways are used to share the terminal and bearing of virtual machines, but this will also increase costs.

Network isolation/isolation capability restrictions

Currently, the mainstream network isolation technology is VLAN (or VPN). There are two major limits for large-scale virtualization environment deployment: first, the number of VLANs is only 12 bits in the standard definition, the number of available products is about 4000. Such an order of magnitude is insignificant for public cloud or large virtualized cloud computing applications, and the network isolation and separation requirements easily exceed 4000; second, VLAN technology is currently a static Configuration Technology (only the 802.1Qbg Technology of EVB/VEPA can dynamically deploy VLANs at the access layer, but it is also mainly deployed on the ports of switches connected to hosts, the uplink port is still configured for all VLANs), so that the network of the entire data center is allowed to pass through almost all VLANs (especially for core devices ), as a result, unknown broadcast data of any VLAN will flood throughout the entire network, consuming unlimitedly the network switching capability and bandwidth.

For small-scale cloud computing virtualization environments, existing network technologies such as Virtual Machine Access Awareness (VEPA/802.1Qbg) and data center layer 2 network expansion (IRF/vPC/TRILL/FabricPath) the layer-2 technology (OTV/EVI/TRILL) between data centers can well meet business needs. The above restrictions do not become a bottleneck. However, because it relies entirely on the technical improvement of physical network devices, it does not seem to be able to completely solve the problems in large-scale cloud computing environments, to some extent, a wider range of technological innovations are needed to eliminate these limitations to meet the network capability requirements of cloud computing virtualization. Based on this driving force, the trend of Overlay virtualization network technology has gradually evolved.