With the increasing demand for application integration, more and more users hope to improve resource utilization by integrating or sharing physical assets. The pooling of physical resources in the data center can not only increase by 50% ~ 60% utilization, and rapid deployment and re-deployment of resources, while also reducing physical equipment, cables, space, power, cooling, and other needs, it can meet the rapidly changing business development needs.
The Network virtualization technology, represented by IRF, helps enterprises meet the needs of the IT big set, that is, the requirement of "integration", which simplifies the network topology and improves network performance, this makes it possible to build a larger data center. However, enterprises are also faced with a large number of insufficient system utilization issues. Different systems run in exclusive hardware resources, resulting in low efficiency and data center energy consumption and space problems gradually emerge. How can we "share" network resources and reallocate network resources in a centralized manner to solve the problem of insufficient system utilization? H3C Multitenant Device Context (MDC) technology will help solve this problem.
1 Multitenant Device Context (MDC)
1.1 MDC Introduction
MDC is a completely 1: N network device virtualization technology that virtualizes a physical network device into multiple logical network devices through software, the Virtualized logical network device is referred to as MDC (1 ).
In terms of software, MDC technology completely virtualizes the data plane, control plane, and management plane of the operating system of network devices. Each user-state process starts and runs independently in each MDC, each MDC shares an operating system kernel.
In terms of hardware, MDC virtualizes hardware resources of network devices, not only can boards, ports, and other hardware resources be divided into independent logical devices, you can also configure the CPU weight, memory, storage space, and other resources for each logical device.
Figure 1 MDC Technology
With the combination of software and hardware virtualization, MDC logical devices have complete device functions, independent software environments and data, and independent hardware resources. It can even be restarted independently like a physical device, without affecting the normal operation of other MDC on the physical device. All this makes MDC very close to a separate physical device, you can use MDC logical devices like physical devices.
MDC technology has the advantages of reuse, isolation and high scalability:
Reuse: Multiple MDC instances share the resources of physical devices to make full use of physical resources;
Isolation: Multiple MDC devices on the same physical device have independent hardware and software resources, and independent operation does not affect each other;
High scalability: You can integrate multiple physical networks to one physical device, or expand a physical device to multiple logical networks.
Currently, H3C S12500 and S10500 vswitches support MDC technology. You can logically simulate a physical switch into multiple virtual switches.
1.2 MDC architecture and implementation
MDC uses container-based OS virtualization technology. Compared with the Hypervisor and Bare-metal technologies currently used in 1: N computing virtualization, all MDC share the kernel space, the OS-level virtualization scheduling performance is the best, with the least resource consumption.
The overall MDC architecture 2 is shown below:
Figure 2 MDC architecture Diagram
MDC logical devices have independent security management boundaries and fault isolation domains, including management plane isolation, control plane isolation, basic architecture plane isolation, and data plane isolation, each MDC can run its own control protocol processes. Each MDC is completely isolated and runs independently.
After a device supports the MDC function, the entire physical device is an MDC, which is called the default MDC (also known as MDC management ). By default, MDC has all permissions on the entire physical device. It can use and manage all hardware resources of the device. By default, MDC can create and delete non-default MDC, allocate APIs, CPU resources, disk space, and other resources to non-default MDC instances.
What corresponds to the default MDC is non-default MDC (also known as the user MDC). MDC cannot be created or deleted without the default MDC. It can only use the default MDC to allocate hardware resources to itself, it also works within the limits specified by the default MDC, and cannot seize other MDC or the remaining hardware resources of the system.
For software and hardware resources of devices, you can allocate MDC resources by means of configuration to achieve the most effective use of resources. Global software and hardware resources can be managed only in the default MDC without virtualization and maintained by the device administrator.
Network devices supporting MDC support hierarchical permission management, which isolates and re-authorizes the management plane. MDC technology has two levels of permissions for virtualization and four user roles:
Physical device level
The network-admin role can operate on all functions and resources of the system and has the permission to create and delete MDC;
The network-operator role can be used to execute all functions and resource-related display commands of the system. It can be used to switch between MDC commands. After logging on to MDC, You can execute resource-related display commands in MDC.
MDC-level
The mdc-admin role can operate on all functions and resources of the MDC. You are not authorized to create or delete an MDC instance or to switch between MDC instances;
The mdc-operator role can execute all functions of the MDC and related resource display commands.
For non-default MDC, only the MDC-admin and mdc-operator roles are available. login users can only operate on resources in the mdc or configure the MDC, does not affect other MDC.
1.3 mdcvs vlan, Multi-VRF
The original network technology is used in the division of logical partitions. VLAN or Multi-VRF technology is generally used. VLAN uses VLAN tags to implement layer-2 logical isolation on the data forwarding plane, multi-VRF implements layer-3 logical isolation on the control plane by dividing independent route tables. However, whether it is VLAN or Multi-VRF technology, on the management plane of a single device, you still need to manage multiple VLANs or VRF. You cannot set management permissions to support separation of management domains.
Figure the relationship between MDC and VLAN and Multi-VRF
MDC technology completely virtualizes the data plane, control plane, and management plane of the operating system of network devices. Each user-state process starts and runs independently in each MDC, administrators can divide MDC to separate management domains. In addition, MDC's unique hierarchical permission management allows for more detailed network management and O & M, meeting network isolation needs at different levels.
It is worth noting that each MDC virtual device, like a physical device, has an independent data forwarding plane and control plane, this also means that each MDC can completely enjoy a 4 k vlan and corresponding route table items (the size depends on the actual specification). VLAN and Multi-VRF can be used together with MDC, it can meet the needs of more fine-grained isolation division.
2. Network reclamation using IRF and MDC
Network reclamation refers to the use of network devices as a type of IT resources to build network resource pools so that network resources can be allocated and recycled, effectively supporting the construction requirements of computing resource pools, adapt to the geographic location independence of computing resources, reducing CAPEX and OPEX without sacrificing efficiency, device utilization, and scalability ), this improves the running efficiency.
The key to building a network resource pool is implementation:
How network devices build resource pools;
Network Resources are allocated at what granularity and whether they can be recycled or not.
For the first point, the network device N: 1 virtualization technology IRF can Virtualize multiple physical network devices into one network device. For the second point, network device 1: N virtualization technology MDC can Virtualize multiple logical devices on a single network device, and the network resource pool can be allocated according to the logical device as the resource composition unit, at the same time, MDC technology supports the ability to add/delete logical devices in real time to achieve the recovery and redistribution of network resource pool resources.
Figure 4 Network Resource Pool Construction
4. Perform N: 1 for multiple physical devices through IRF virtualization, initially build a resource pool, and then use MDC's 1: N technology, divide logical device resources in the IRF virtual network resource pool, allocate on demand, recycle on demand, and deploy network nodes on demand, which improves the flexibility of the enterprise IT network architecture and the resource utilization of the data center, reduce operation costs.
3 MDC Technology Practices
As mentioned above, with the integration and development of business in the process of enterprise data sets, the business types of data centers are constantly enriched, and the scale of systems is constantly expanding, A single business system will also be implemented by a large server group. The demand for infrastructure resources, storage resources, computing resources, and network resources of the data center is growing substantially, this leads to a surge in distributed infrastructure resources and the emergence of a large number of new data centers in various regions. On the other hand, due to the differences in the design capacity and operation capacity of the data center, the overall infrastructure capabilities underutilized by the entire data center network are in excess.
In this phase, the data center partition design is generally based on the business type, while taking into account the security level requirements, this is the most effective partition method after the business concentration, similar businesses are deployed in the same partition, physical Isolation between different businesses, and secure deployment fully starts from the business security level. Taking the financial industry data center as an example, the data center partition architecture is basically 5 shown:
Figure 5 data center partition in centralized mode
With the development of enterprise business, there are more and more new business types and increasing customer demands, in terms of architecture, data centers can only carry more partitions, more servers, storage devices, and network devices. The number of underutilized systems continues to grow, at the same time, the data center's power investment, air conditioning and cooling investment and high manpower investment led to CAPEX and OPEX rising over time.
Infrastructure integration becomes the primary means to solve the problem of low equipment utilization after the enterprise's business is concentrated.
The first change is the data center partitioning method. Data Center partitioning is no longer strictly divided by enterprise business, but by function, nature, and device type, taking into account the security level, by deploying computing virtualization, you can combine existing business partitions and integrate infrastructure to improve infrastructure utilization.
Taking the financial industry as an example, in the virtualization deployment phase, data center partition architecture 6 is shown below:
Figure 6 data center partition in the virtualization deployment phase
Because the Virtualization Technologies of mainframe, minicomputers and x86 system servers widely used in the financial industry are quite different, the mainframe and minicomputers can be considered as separate partitions, the business Servers Based on the x86 system form a separate zone to effectively take advantage of the advantages of computing Virtualization (such as rapid deployment, virtual machine migration, and rapid recovery). Other partitions are functional areas, provides data center O & M Management, Business Development/testing, and internal external services.
In terms of technical implementation, we first use frame-type network devices with high-density network interfaces to achieve partition aggregation and access through the N: 1 device virtualization technology IRF to meet the access requirements of massive servers. At the same time, we can use 1: N device virtualization technology MDC virtualizes multiple network devices on IRF Fabric to meet service isolation requirements (7 ).
Figure 7 IRF + MDC integrate network resources
For new services, you only need to virtualize an MDC device on the aggregation layer and use the MDC virtual network device as the allocation unit of network resources, the new MDC virtual network device is responsible for the core access of the new business logic partition to complete the deployment of the new business partition, without affecting other normal business operations (8 ).
Figure 8 Network Resource Allocation in MDC
Similarly, when a service area needs to be withdrawn, you can directly Delete the MDC virtual network device. The released network interface can be immediately added to other MDC to expand other partitions, reclaim and reallocate network resources.
4 Conclusion
With the popularization of virtualization technology, the application of virtualization technology in the data center is not limited to server virtualization and storage virtualization. Network virtualization technology has begun to enter the user's field of view.
On the one hand, the data center network needs to adapt to the changes brought about by server virtualization and storage virtualization, on the other hand, users' demand for network reclamation is also growing, through network equipment N: 1 Virtualization (IRF Technology) the initial construction of the resource pool is completed, network resources are redistributed through the network device 1: N Virtualization (MDC technology), and end-to-end network virtualization deployment is completed with the network path virtualization technology.
5 Appendix: three phases of network Reclamation
Network Technology also supports different stages of enterprise IT systems. The three phases of network reclamation can be roughly divided:
Figure periodic evolution of network Reclamation
The first phase is mainly the deployment of network equipment N: 1, corresponding to the enterprise IT centralization process, and mainly the deployment of IRF technology. In this process, the scattered data and IT resources of enterprises are physically concentrated, forming a large-scale data center infrastructure. The network scale has increased exponentially compared with the original, the network topology becomes more and more complex. The original STP networking becomes increasingly difficult to meet user needs in terms of bandwidth utilization and deployment complexity. Through the network equipment N: 1 technology, virtualizing multiple existing devices into one logical device simplifies the network topology and makes IT possible to build a larger data center. This leads to the next phase of enterprise IT construction.
In the second stage, the network equipment N: 1 and 1: N are deployed in combination. The IRF and MDC technologies are deployed in accordance with the enterprise IT virtualization process. After completing the deployment of computing virtualization and storage virtualization, the enterprise IT system initially solves the problem of insufficient system utilization of server devices and storage devices, system utilization, energy consumption, and space problems of network devices are gradually highlighted. Therefore, to reduce costs, improve IT operation flexibility, and improve resource utilization, network virtualization is deployed in the data center.
The third stage is the deployment of network resource management technology, which corresponds to the cloud computing stage of enterprise IT. The network will also become a type of resources used for enterprise IT operations, which can be obtained as needed. The scheduling, allocation, recovery and management of network resources solves the dynamic needs of IT network resources, this allows the IT department to focus on service provision and business operations.