I. Why do I need a second layer?
1. challenges posed by virtualization to data centers
The traditional three-tier data center architecture is designed to cope with the service client-server application's vertical large traffic, and enables network administrators to manage the traffic flow. Engineers use Spanning Tree Protocol (STP) in these architectures to optimize the client-to-server path and support connection redundancy.
Virtualization fundamentally changes the network architecture of the data center. The most important thing is that virtualization introduces the Virtual Machine Dynamic migration technology. Therefore, the network must support a wide range of L2 domains. This has fundamentally changed the traditional three-tier network to govern the data center network.
2. Virtual Machine migration and data center L2 network changes
In the traditional Data Center Server area network design, the L2 network is usually limited to the network access layer to avoid a wide range of L2 broadcast domains.
1. Because the traditional data center server utilization is too low, the average is only 10% ~ 15%, wasting a lot of power and data center resources. Virtualization technology can effectively improve server utilization, reduce energy consumption, and reduce customer O & M costs. Therefore, virtualization technology has been greatly developed. However, virtualization not only improves the server utilization, but also changes the network architecture. Specifically, Virtual Machine Dynamic migration (such as VMware's VMotion), a companion Technology of virtualization technology, has been widely used in data centers. Simply put, the virtual machine migration technology can flexibly allocate computing resources in the data center and further improve the utilization of Virtual Machine resources. However, virtual machine migration requires that the IP address and MAC address remain unchanged before and after the Virtual Machine migration, which requires that the network before and after the Virtual Machine migration is in the same L2 domain. As the customer requires a larger range of Virtual Machine migration, or even migration across different regions and data centers, the second-layer network of the data center is becoming wider and wider, there have even been special topics in the new field of big L2 Networks.
Figure 1 Data Center virtualization and large-scale L2 Network
3. Why is the Layer 2 of traditional networks not big?
In a data center network, the "region" corresponds to VLAN division. The terminals in the same VLAN belong to the same broadcast domain, have the same VLAN-ID, two-layer connection; the terminals in different VLANs need to access each other through the gateway, two-layer Isolation, three-layer connection. In the traditional data center design, the Division granularity of regions and VLANs is relatively small, depending on the "requirements" and "network scale ".
Traditional data centers are mainly divided based on functions, such as WEB, APP, DB, office area, business area, inline area, and external area. Different regions communicate with each other through gateways and security devices to ensure the reliability and security of different regions. At the same time, different regions have different functions, so when you need to access data from each other, as long as the terminals can communicate with each other, it is not necessarily required that both parties are in the same VLAN or L2 network.
Traditional data center network technology, STP is a very important protocol in L2 Networks. When a user builds a network, redundant devices and links are usually used to ensure reliability, which inevitably forms a loop. While the L2 network is in the same broadcast domain, broadcast packets are repeatedly transmitted in the loop to form a broadcast storm, which can immediately cause port congestion and device paralysis. Therefore, a loop must be formed to prevent broadcast storms. In this way, redundant devices and redundant links must be converted into backup devices and backup links to prevent loop formation and ensure reliability. That is, redundant device ports and links are normally blocked and do not participate in data packet forwarding. Only when the devices, ports, and links that are currently forwarded fail and the network is disconnected, redundant device ports and links are opened, so that the network can be restored to normal. STP (Spanning Tree Protocol) is used to implement these automatic control functions ).
Due to STP convergence performance and other reasons, the STP network generally has no more than 100 switches. At the same time, because STP needs to block redundant devices and links, it also reduces the bandwidth utilization of network resources. Therefore, during actual network planning, the STP network scope will be controlled as much as possible in terms of forwarding performance, utilization rate, and reliability.
4. The second layer is also for the purpose of Circulation
With the development of big data sets and the application of virtualization technology, the scale of data centers is increasing, which not only requires a wider range of L2 Networks, but also raises new challenges in demand and management level.
As the scale of the data center area and business processing requirements increase, more and more cluster processing applications are available, and the servers in the cluster need to be in a layer-2 VLAN. At the same time, the application of virtualization technology, on the basis of convenience and flexibility of business deployment, virtual machine migration has become a problem that must be considered. To ensure the continuity of the service carried by the virtual machine, the IP address before and after the Virtual Machine migration remains unchanged. Therefore, the Migration scope of the virtual machine must be in the same L2 VLAN. That is, how far can virtual machines be migrated if the L2 network is large.
The traditional STP-based backup equipment and link solution can no longer meet the needs of data center scale and bandwidth, and the STP protocol can converge from several seconds to several minutes, and cannot meet the reliability requirements of the data center. Therefore, new technologies are required to fully utilize redundant devices and links while meeting the needs of L2 Networks to improve Link Utilization, in addition, the data center's fault convergence time can be reduced to sub-seconds or even milliseconds.
Ii. What is the size of the second layer?
To what extent is the L2 network needed to expand? This depends on the Application Scenario and technology selection.
1. Data Center
The second layer first needs to solve the problem of network expansion in the data center. Through large-scale L2 network and VLAN extension, virtual machines can be migrated within the data center in a wide range. Because the large L2 network in the data center must cover multiple access switches and core switches, there are two main technologies.
Ž vswitch Technology
The starting point of the vswitch technology is very simple and belongs to the engineering school. Since the core of the L2 network is the loop problem, the loop problem occurs with redundant devices and links, if two or more redundant devices, two or more links are combined into one device and one link, the single device and single link can be returned, the loop naturally does not exist. Especially with the development of switch technology, vswitches have been widely used from low-end box-type devices to high-end box-type devices, and have a considerable degree of maturity and stability. Therefore, vswitch technology has become the most widely used layer-2 solution.
Vswitch technology is represented by IRF of H3C company and VSS of Cisco company. It features support only by upgrading the switch software, low application cost and simple deployment. Currently, these technologies are independently implemented and completed by various vendors. virtualization can only be implemented between the same series of products of the same manufacturer. At the same time, as the performance and density of high-end frame switches are getting higher and higher, the technical requirements for Virtual Switches are getting higher and higher. Currently, the virtualization density of frame switches is as high. The density of vswitches limits the size of L2 Networks to approximately 10 thousand ~ About 20 thousand servers.
Shield Tunneling Technology
The tunnel technology belongs to the Technical School, and the starting point is to take a boat out to sea. L2 Networks cannot have loops, and redundant links must be blocked. However, L3 networks obviously do not have this problem, and ECMP (equivalent link) can also be used. Can we borrow it? By inserting an additional frame header in front of a layer-2 packet, and using route computing to control the whole network data forwarding, not only can broadcast storms be prevented under redundant links, but also ECMP can be implemented. In this way, the L2 network can be expanded to the entire network without being limited by the number of core switches.
Tunnel Technology, represented by TRILL and SPB, implements large-scale expansion of L2 Networks by leveraging the computing and forwarding modes of the IS-IS routing protocol. These technologies are characterized by the ability to build a super-large-scale L2 Network (used in large-scale Cluster Computing) that is larger than the virtual switch technology. However, they are not yet completely mature and are currently being standardized. In addition, traditional switches require both software upgrades and hardware support.
2. Cross-Data Center
With the deployment of multiple centers in the data center, the demands of virtual machines for cross-data center migration, disaster recovery, and cross-data center service load sharing make the expansion of L2 networks not only close to the boundaries of the data center, you also need to consider extending the data center area to the local backup center and remote disaster recovery center.
Generally, the connection between multiple data centers is connected through a route, which is a layer-3 network. To connect two L2 Networks connected through a three-tier network, you must implement "L2 over L3 ".
There are also many L2oL3 technologies, such as the traditional VPLS (MPLS L2VPN) technology and the emerging Cisco OTV and H3C EVI technologies, all use tunneling, the layer-2 data packet is encapsulated in a layer-3 message, spanning the layer-3 network in the middle, to achieve the interconnection of layer-2 data between two locations. This kind of tunnel is like a virtual bridge that connects the L2 Networks of multiple data centers.
In addition, some virtualization and software vendors have proposed L2 over L3 technical solutions for software. For example, VMware's VXLAN and Microsoft's NVGRE encapsulate Layer 2 data in UDP and GRE packets in the vSwitch on the virtualization layer, and build a layer of Virtual Network Layer on the physical network topology, this frees you from the layer-2 and layer-3 restrictions on the network device layer. These technologies are not widely used due to performance and scalability.
Iii. Conclusion
The demand for large-scale L2 Networks is already very clear, and various vendors have put forward targeted technologies and solutions to meet the current requirements and future expansion requirements of the L2 network. However, from the perspective of actual application, in addition to verifying the maturity and applicability of the vswitch technology, other related technologies are still being improved. At the same time, the industry also hopes to speed up the standardization process of related technologies, so as to enhance the compatibility and interconnectivity of devices of various manufacturers, and reduce the deployment and maintenance costs of users.