Fully integrated network virtualization technology (1)

Source: Internet
Author: User

Fully integrated network virtualization technology (1)

Server virtualization technology changes CPU, memory, disk, I/O, and other hardware into a "resource pool" that can be dynamically managed, thus improving resource utilization and making IT more adaptable to business changes. IT systems are composed of network server storage and many other factors. Partial innovation does not bring about an overall upgrade of the IT system, so storage also needs to be virtualized, the Network also needs to be innovated to meet the overall performance upgrade of the IT system.

I. Problems Caused by server virtualization

Deployment of Layer 2 Technology

Virtualization of multiple servers into a resource pool requires all servers to be in the same L2 domain. Therefore, various Layer 2 technologies such as FabricPatch, Trill, and SPB have emerged, however, all these layer-2 technologies require that all devices support this feature and there are various restrictions during deployment. Therefore, these technologies are not widely used, there must be an innovative technology to solve the problem of layer-2 deployment.

Management Boundary Problems

Before server virtualization, the computing and network boundaries are clear, and the Management Division is clear. All network policies for servers can be deployed on the access switch. However, after server virtualization is introduced, A Virtual Machine switch is added between virtual machines and physical network devices. Traffic Monitoring and access control of virtual machines on the same vSwitch must be completed in the vSwitch, however, a vswitch is generally maintained by the host administrator. Due to technical reasons, the host often does not configure network policies, and the network administrator does not have the permission to access the vswitch, as a result, vswitch becomes a management blind zone, and the vswitch scale is huge. This increases the it o & M risk. A new technology is required to solve the vSwitch management problem.

How to follow the Virtual Machine migration policy

Before server virtualization, a physical server corresponds to a switch with a physical port and a fixed IP address. After an application system is deployed, the entire architecture is fixed. After server virtualization, one of the major advantages of deploying virtual machines is to increase the flexibility of service deployment and improve the reliability of services. Therefore, virtual opportunities are constantly migrated over the network. This requires that when the virtual machines are migrated to new servers, the corresponding network security policies are also migrated to new network devices. The current Layer 2 technology only solves the Layer 2 interconnection problem and does not have the function of interacting with virtual machines, therefore, the virtual machine policy cannot be followed. Network O & M personnel need to manually complete the configuration migration, resulting in a huge amount of management workload. At the same time, manual operations pose a high risk of misoperations, configuration migration increases the operational risks of the entire IT system. Therefore, a new solution is required to solve the problem of following Virtual Machine migration policies.

Multi-tenant security isolation

The core of public cloud is to achieve resource pooling through virtualization technology, and then achieve resource redistribution through security isolation technology, leasing the subdivided resources to different users. The existing L2 security isolation domain VLAN has a maximum of 4 K space, which is far from enough for public cloud multi-tenant construction, A new layer-2 Isolation Domain Technology is required to solve the Security Isolation Problem of multiple tenants.

The above problems can be solved through the following methods. The device virtualization technology simplifies the physical network architecture, improves the reliability of the physical network, and reduces the O & M difficulty. The Overlay virtual connection technology simplifies the connection between virtual machines, decoupling Virtual machines from physical networks. Then, through the VCF (Virtual Converged Framework) architecture, the network can be centrally controlled and managed to achieve interaction between Virtual machines and Virtual networks; the VXLAN protocol used in this architecture supports 16 million L2 isolation domains, which can also meet the multi-tenant Isolation Problem in public cloud construction.

Ii. network device Virtualization

Device virtualization technology mainly includes multi-virtual and One-technology horizontal virtualization IRF2, vertical virtualization IRF3, and one virtual multi-technology MDC.

M IRF2 virtualizes multiple devices of the same model into one device. It has a unified control plane and a unified management portal. It is a device virtualization technology used by most data centers.

MDC virtualizes multiple MDC devices after IRF2 virtualization. Each MDC has its own independent control plane and independent hardware system. Different MDC devices are physically isolated, for the outside world, an MDC is a physical switch. Therefore, redundant ports can be divided into new MDC to improve device utilization.

Mirf3 virtualizes different types of devices. It supports heterogeneous system expansion in vertical dimensions, that is, based on the formation of a logical virtual device, add a box-type device as a remote interface board to the main device system to expand the I/O port capability and perform centralized control and management.

Through IRF2 and IRF3 technologies, the convergence switches and access switches in various regions are fully virtualized to achieve a flat architecture (1 shown in), which can effectively simplify the network and improve network reliability. The flat architecture of the network can also reduce the number of network management devices, make the network cabling of the data center more convenient, and the large Layer 2 network is more suitable for deployment and migration of virtual machines. Meanwhile, the data forwarding plane is virtualized, convenient Automatic Network orchestration.

Figure 1 full virtualization Architecture

Iii. Network Connection Virtualization

1. Overview of Overlay Technology

In the field of network technology, Overlay refers to a virtualization technology mode superimposed on the network architecture. Its general framework is the condition that the basic network is not modified on a large scale, it implements the bearer of applications on the network and can be separated from other network services. It is mainly based on the IP-based basic network technology. OverlayOverlay is a virtual network built on an existing physical network. Upper-layer applications are only related to virtual networks. An Overlay network consists of three parts: edge device, control plane, and forwarding plane (2 ). Edge devices are directly connected to virtual machines. The control plane is used to establish and maintain virtual tunnels and advertise host accessibility information. The forwarding plane is the physical network that carries Overlay packets.

Figure 2 Overlay Architecture

Currently, mainstream Overlay technologies include VXLAN, NVGRE, and STT. The three layer-2 Overlay technologies are generally designed to carry Ethernet packets to a certain tunnel layer, the difference lies in the difference between selection and construction of tunnels, while the underlying layer is IP forwarding. Table 1 shows a comparison of the three key technical features. VXLAN uses existing universal UDP transmission, which is highly mature. In general, VLXAN technology is advantageous.

Table 1 Overall Comparison of Three IETF Overlay Technologies

2. VXLAN packet forwarding

The essence of Overlay is the L2 Over IP tunneling technology. The technical framework of server vSwitch and physical network is ready. From the perspective of current technology selection, although multiple tunnels are implemented at the same time, however, VXLAN technology implemented in L2 over UDP mode has great advantages, and has been implemented in ESXi, Open vSwitch, and mainstream chips on the current network, and has become the mainstream choice of Overlay Technology, therefore, the Overlay networks in the later section refer to VXLAN-related technical components. Other NVGRE, STT, and so on are similar.

As shown in 3, VXLAN network devices have three main roles: VTEP (VXLAN Tunnel End Point), vxlan gw (VXLAN Gateway), and vxlan ip gw (vxlan ip Gateway ), they are all edge devices of the physical network, and three edge devices constitute the VXLAN Overlay network. For application systems, they are only related to these three devices, but not to the underlying physical network.

VTEP is a device directly connected to the EndSystem. It is responsible for VXLAN encapsulation and encapsulation of original Ethernet packets. It can be either a virtual switch or a physical switch.

In addition to the VTEP function, vxlan gw is also responsible for ing and forwarding between VLAN packets and VXLAN packets, mainly based on physical switches.

Vxlan ip gw has all the functions of vxlan gw. In addition, it is also responsible for handling packet communication between different VXLAN, and is also the egress of internal services of the data center to publish services, it mainly uses high-performance physical switches.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.