July 13, 2016 at 17:02

Network Infrastructure Virtualization and SDN Solution



    Our report today is a little different in a number of other materials from the Cloud Technologies in Russia forum : Part I , Part II , Part III , Part IV. Speaking about cloud technologies, everything primarily implies, of course, virtualization of IT equipment, such as storage servers and so on. Nevertheless, a data transmission network is that integral element that actually allows us to provide cloud technologies on the one hand, that is, to provide connectivity, on the other hand, we need it for the actual implementation of data centers, for the organization of connectivity between data centers, and in fact, in almost 90% of the current organizations, it is the data network today that is becoming the bottleneck, that bottleneck, which, in fact, makes it difficult to introduce new services in subsoilization of new applications.




    Sergey Aksenov, Senior Product Manager, Datacom, HUAWEI

    Colleagues, good afternoon again, today Sergey Aksenov, Huawei. Huawei has a new concept, a new solution called the Agile Network. The word Agile can be translated into Russian as flexible, manageable, fast intelligent. These are the values ​​that are laid down in the concept of next-generation networks. And if it’s so a little wider to look into history, then, probably, over the past 10 years, nothing radically new in terms of network technologies and network solutions has appeared. There were some improvements, additional innovations, but there were essentially no fundamental changes. And now we are just on the verge of a new generation of networks, the so-called SDN networks, Software Defined Networking, that is, software-defined networks, and the Agile Network itself is that very software-defined network.

    Why is it needed, how to use it, what are the advantages compared to traditional solutions, in fact, today I’ll try to reveal it.

    In addition to the term SDN, I’ll give you right away to put all the points above and, I’ll say that there is the term NFV - Network Function Virtualization, that is, the main purpose of this term is that we essentially move away from expensive hardware-based specialized network devices and we we shift to the computing infrastructure for virtualization on the server, we will talk about this a little bit now too.

    Actually, if you look at current trends in the field of information technology, they are shown on this slide, it’s no secret to anyone, over the past 5-6 years we have been talking about them, the annual explosive growth in traffic, the emergence of new television standards for the appearance of ultra high-definition video UltraHD, the explosive growth in the number of terminals: these are technologies of mobility, these are also technologies of the Internet of things. It is estimated that by 2020, about 5 billion devices will already be connected to the global network, while about 70% of all devices are devices related to the internet of things, that is, the Internet of things. Actually, cloud computing and again social networks that create huge volumes of traffic, actually exchanging various types of content are all these trends,



    It’s no secret that the data center has already begun the era of virtualization, that is, how less and less organizations are using hardware servers, probably quite a resin business, that is, the era of virtualization in the data center has actually come. This transition to a new resource model, from the point of view of servers and storage, occurred 10 years ago, from the point of view of the network, this change is happening now. The network is becoming a bottleneck for introducing new services, for introducing new applications. That is, if we consider the very same virtualization system, then most of the routine tasks are automated there, that is, if we need to deploy a new virtual serverfor some service, for example, or copy this server from one data center to another data center - there all these routine operations can be completed in 15 minutes, there’s nothing complicated for the administrator.



    Moreover, the data network often requires manual configuration, manual control. That is, if we want a virtual machineor some kind of new virtual environment has migrated for us to deploy there in our data center, for this we often need to manually make all these changes, we need to involve a network administrator who will prescribe new routing policies, switching policies, quality of service, security and this makes it difficult for us to introduce new services, that is, in this scenario it will take no more than 15 minutes from the point of view of virtualization of the computing infrastructure, but it will take up to 2 days.



    The next negative point, which we often see in many organizations, is that component management and complexity in troubleshooting are still independent of us. If you look at the structure of any large or medium-sized organization there, then, as a rule, there are 2 types of engineers in the IT service department. The first type of engineers is network engineers, who are responsible for the data network and the second regiment of engineers, these are system administrators who are responsible for the servers and are responsible for storage. Actually, the slides show, in fact, we have a watershed. As from the point of view of operation from the point of view of planning, the use of resources, we have different components and the point of view of their interaction. They are still despite the fact that interact, however, disparate components.



    And here one of the cases is shown, which, due to the fragmentation due to the fact that they are not tightly integrated, do not interact with each other, that is, they do not see that some problem is happening on the part of one of the components, this does not affect the second. Here, a direct case is shown, it’s simple that a short-term problem is on the network infrastructure, it entails that all the VPS we migrate in one of the areas to one of the servers, thereby we observe a reboot, while the other is idle at this time. This is a network problem, it was very short-lived, it would in no way affect the quality of work of various applications and services.



    All this became prerequisites for the development and transition to new generation networks, to networks with software-defined architecture. The core values ​​are written here, that the network should be more flexible and transparent for users of services and applications. It should become flexible, dynamic, fast and more intelligent. Agile Network, as I said, this Software Defined Networking is a software-defined infrastructure and, in fact, it is a whole concept that differs significantly from the traditional principles of building and implementing a data network. If you look at the traditional approach, at the traditional networks that have existed for a long time, then the network administrator operated on physical ports, physical devices, topology, that is, he was rigidly attached to physical devices. Speaking of the concept of Agile Network, about a software-defined network, we focus here on users of services and applications. We define user profiles, determine the quality of a particular service and, in fact, we can forget about our topology, about physical devices. In traditional networks, we observed such a manual configuration and a separate approach, that is, for example, there is an infrastructure consisting of 50 network devices and a separate approach implied that each of the devices required a separate manual configuration, i.e. it was necessary to go to each them of these pieces of iron, connect via the web interface or via the command line and, in fact, individually configure each of these devices. The complexity of operation, the complexity of the settings, the complexity of managing such a network, it is significantly complex. In the new concept, we come to universal interaction and dynamic management of the entire infrastructure, that is, we not only configured the infrastructure using the command line, but for example, this configuration lives there, in this SDN scenario, everything changes on the fly, that is, it not the static network we configured it for, it, in fact, responds to all these changes that occur, these changes can be from the point of view of introducing new services, the appearance of new users, or the introduction of some new security policies, t oh, is it that we now have such a living organism, and from the point of view of intellectual control, intelligence again appears here, but about this a little further. And actually, such an innovation appears here as constant monitoring and quality management. We’re not just randomly configuring our network, prescribe routing rules, switching policies. In real time, we can now control how this or that application works, how this or that service works. That is, in fact, we can set the SLA parameters for the operation of this or that application and actually monitor and ensure the implementation of this SLA within our infrastructure.



    The Agile Network concept is suitable for almost any organization, any enterprise and it consists of 4 main blocks. The first block is the campus network, that is, this is the corporate network used by your organization. Even though you will use cloud services, you will use the services of external providers, your internal campus network is necessary for connecting users and their terminals, now these terminals can be wireless, but nevertheless, you have a campus network there. The second component is the Agile Network component for data centers. About data centers there will be separate slides, about them I will tell you how it is implemented. Most of the customers who interact with us, such as retail, they have such a distributed architecture, for example, a distributed chain of stores of several hundred or thousands of objects and a centralized data center, the actual problem tasks are exactly the same here, it is a fragmented architecture that is managed centrally, the Huawei solution itself allows this to be realized. Finally, the 4 Agile Wan component is a component for managing an external communication channel. Today, more and more customers are interested in using cloud technologies, are interested in having several data centers geographically dispersed, and just quality management through external channels, through the channels of service providers, this is also an actualizer of the actual problem. Well, let's take it in order, first let's talk about campus networks. it is a disparate architecture that is managed centrally; the Huawei solution itself allows this to be implemented. Finally, the 4 Agile Wan component is a component for managing an external communication channel. Today, more and more customers are interested in using cloud technologies, are interested in having several data centers geographically dispersed, and just quality management through external channels, through the channels of service providers, this is also an actualizer of the actual problem. Well, let's take it in order, first let's talk about campus networks. it is a disparate architecture that is managed centrally; the Huawei solution itself allows this to be implemented. Finally, the 4 Agile Wan component is a component for managing an external communication channel. Today, more and more customers are interested in using cloud technologies, are interested in having several data centers geographically dispersed, and just quality management through external channels, through the channels of service providers, this is also an actualizer of the actual problem. Well, let's take it in order, first let's talk about campus networks. Today, more and more customers are interested in using cloud technologies, are interested in having several data centers geographically dispersed, and just quality management through external channels, through the channels of service providers, this is also an actualizer of the actual problem. Well, let's take it in order, first let's talk about campus networks. Today, more and more customers are interested in using cloud technologies, are interested in having several data centers geographically dispersed, and just quality management through external channels, through the channels of service providers, this is also an actualizer of the actual problem. Well, let's take it in order, first let's talk about campus networks.



    The core and heart of campus infrastructure is the 2 components in the Agile Network solution. The first component is specialized software called an SDN controller, we call it Agile campus controller, actually this software that allows you to centrally manage policies, user connection profiles, allows you to manage configurations of network elements and actually manage traffic transmission routes, now we essentially go to such models that are not 50 disparate devices, but 50 devices that simply connect, that is, transmit data and one point be a centralized intelligence system of the brain that controls for absolutely all of the logic for the transfer of traffic, according to the security policy, the quality of service. And actually the second component is the data network, a new generation of specialized switches is needed here, they are already called Agile switches, that is, these are network elements that can interact with centralized intelligence, with a centralized SDN controller and actually using OpenFlow protocol, or about NETCONF protocols, they understand how to transfer traffic, how to connect one or another user, how to respond to a particular threat, that is, now these are essentially managed devices. In addition to controllability using centralized intelligence, there are 5 more innovations that Huawei is talking about, this is the convergence of wired and wireless network elements. Convergence here means that we bring our network to a single denominator. Organizations often viewed Wi-Fi as complementary to wired networks. because Wi-Fi for a long time could not provide either sufficient quality or sufficient bandwidth, today with the advent of standard 802.11ac with gigabits of bandwidth through radio interfaces with full implementation of braids, we can talk about the fact that our wireless network is becoming part of our wired network. In fact, this is really a single denominator, we need to centrally manage both components of our infrastructure. The second innovation is absolute mobility, quality management control, unified security and programmability. We will dwell on each element now in more detail, we will talk in details. 11ac with gigabits of bandwidth through radio interfaces with a full implementation of braids, we can talk about the fact that our wireless network is becoming part of our wired network. In fact, this is really a single denominator, we need to centrally manage both components of our infrastructure. The second innovation is absolute mobility, quality management control, unified security and programmability. We will dwell on each element now in more detail, we will talk in details. 11ac with gigabits of bandwidth through radio interfaces with a full implementation of braids, we can talk about the fact that our wireless network is becoming part of our wired network. In fact, this is really a single denominator, we need to centrally manage both components of our infrastructure. The second innovation is absolute mobility, quality management control, unified security and programmability. We will dwell on each element now in more detail, we will talk in details. unified security and programmability. We will dwell on each element now in more detail, we will talk in details. unified security and programmability. We will dwell on each element now in more detail, we will talk in details.



    Convergence of wired and wireless network elements. Many data centers have been using architecture for a long time, when there is some kind of main switch, there are top-of-rack switches for directly connecting servers, and, in fact, these top-of-rack switches act as switching factories, as external line cards, no matter what kind of data center we have, no matter how many access switches we have there, for connecting servers, all this could be controlled centrally using these large virtual switches. As a matter of fact, about the Agile Campus solution, we come to exactly the same model, our entire network infrastructure, consisting of 50 elements earlier, comes to the model that this is essentially one large virtual switch, which consists of 50 virtual cards, etc. From one point, with the help of a single unified centralized management, we can manage our entire network infrastructure. Here it is actually painted. Here we had some kind of campus infrastructure consisting of kernel levels, now all this turns into a single virtual switch, in which the N-th number of virtual cards appears. At the same time, the Wi-Fi access points that we always looked like such a separate element, required the installation of a specialized BLDC controller, now all this again comes down to one point, that is, the access points we have will look like access ports. Now all this turns into a single virtual switch, in which the N-th number of virtual cards appears. At the same time, the Wi-Fi access points that we always looked like such a separate element, required the installation of a specialized BLDC controller, now all this again comes down to one point, that is, the access points we have will look like access ports. Now all this turns into a single virtual switch, in which the N-th number of virtual cards appears. At the same time, the Wi-Fi access points that we always looked like such a separate element, required the installation of a specialized BLDC controller, now all this again comes down to one point, that is, the access points we have will look like access ports.



    The second one. For a long time, a wireless network was considered superimposed on a wired network and required separate management. We built a specialized wireless network, we built CAPWAP tunnels there, installed wireless controllers, we had to think about how to authenticate and connect users using a password or through an active directory to authorize them or there is still a server radius, on the other hand, we have was the second part of the infrastructure, wired in which there were its own security policy rules, its own user authentication rules. Actually, in the Agile Network solution we come to the conclusion that no matter where and how the user is connected, we can authenticate him and upload his profile at a single point. For example, we have an accountant in an institution on the 2nd floor, at some point, all the accounting moves to the 4th floor. In the traditional approach, this would require network engineers to remove the settings that were on the switch on the 2nd floor and actually transfer them to the access switch on the 4th floor. That is, here the position of such an overload would take 1-2 days. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. In the traditional approach, this would require network engineers to remove the settings that were on the switch on the 2nd floor and actually transfer them to the access switch on the 4th floor. That is, here the position of such an overload would take 1-2 days. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. In the traditional approach, this would require network engineers to remove the settings that were on the switch on the 2nd floor and actually transfer them to the access switch on the 4th floor. That is, here the position of such an overload would take 1-2 days. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. that were on the switch 2 floors, they actually deleted everything there, and transferred to the access switch on the 4th floor. That is, here the position of such an overload would take 1-2 days. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. that were on the switch 2 floors, they actually deleted everything there, and transferred to the access switch on the 4th floor. That is, here the position of such an overload would take 1-2 days. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. In the Agile Network scenario, since we have a single intellect here that saves all user profiles, regardless of what floor they are on, they connect using a laptop or connect using Wi-Fi, we simply load their profile using an identification mechanism, be it radius , be it a web portal with some login and password, and actually all these policies, all these rules are downloaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. be it a web portal with some login and password, and actually all these policies, all these rules are uploaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced. be it a web portal with some login and password, and actually all these policies, all these rules are uploaded to the access ports. That is, here we have the complexity of operating the network is sharply reduced.



    The same thing happens from the point of view of absolute mobility technology, today they’re probably already erased the working hours framework, we work not only from 9 to 6 as we used to, now we all have a smartphone, we have a tablet, there is a possibility of remote access, I often observe myself that I spend much less time in the office than actually on business trips, at events, and the possibility of obtaining a unified user experience is very important. Regardless of where the user is connected from and how, it will always receive its bandwidth, its own rules and security policies. At the same time, we can manage these policies in several planes in order to ensure internal information security. Again, an example. For instance, I come to the office and from my laptop I connect to the corporate network with my username and password. Actually, I get access to absolutely all internal resources, a mail server, an ERP system, a CRM system, that is, I have no restrictions here. At the same time, the employer wants, for example, when I work from home in the evening I could not copy any information so that I had access only to corporate mail. Actually, I come home, enter the same username and password and now the system determines that this is my profile, but my location is outside the office. Actually, new policies are automatically loaded that will not allow me now to access internal resources. The same thing can be done by becoming attached to the type of terminal. For example, in the office with your laptop, with my login and password, I again get access to all internal corporate resources from the same office with my smartphone or ipad, by entering exactly the same login and password I only get access to the Internet, that is, we can now authenticate in several planes user, to identify his affiliation by terminal type, by network, poppy address, ip address, access time, location, we can now flexibly manage and load security policies. In this case, from the point of view of the network administrator, you do not need to do anything, configure network policies once, and they are simply respected. Here we get advanced-personal network management. that is, we can now authenticate the user in several planes, identify his affiliation by terminal type, by network, poppy address, ip address, access time, location, we can now manage and load security policies very flexibly. In this case, from the point of view of the network administrator, you do not need to do anything, configure network policies once, and they are simply respected. Here we get advanced-personal network management. that is, we can now authenticate the user in several planes, identify his affiliation by terminal type, by network, poppy address, ip address, access time, location, we can now manage and load security policies very flexibly. In this case, from the point of view of the network administrator, you do not need to do anything, configure network policies once, and they are simply respected. Here we get advanced-personal network management. configure network policies once, and they are simply enforced. Here we get advanced-personal network management. configure network policies once, and they are simply enforced. Here we get advanced-personal network management.



    It is also a concept that already works, nevertheless, is identified security. From the point of view of a corporate network or a data center, some kind of network device was always considered, usually a firewall that stood along the perimeter of the network and in fact it provided traffic filtering. Filtering could be based on access control lists or some kind of DPI, we deeply sorted this traffic, understood what application was working, what kind of vulnerability it could be, whether there were viruses and so on. But this is a static approach. We set it up once and hope that nothing will happen there, that they will be effective once configured policies, will protect our network infrastructure. But in fact, if the type of threat changes, some new type of threat appears, then you just can’t keep track of this moment. Therefore, in fact, in the implementation of Huawei, each network element can collect and transmit information about all traffic passing through it, and transfer it to a single point in the security center. That is, now, in real time, on real traffic flows, we can collect information about absolutely all events that occur inside the network infrastructure, and if at some moment changes occur there, there is some sharp surge in traffic, then we can in real time track the situation, notify the administrator, and the system will automatically take action to protect against various types of attacks, even new ones that are just emerging.



    Actually, iPCA technology for quality control and management. Here, again, it’s simpler by the example that we have some kind of infrastructure, let it be a campus infrastructure, data center infrastructure, and if we needed to check how our network works, what quality this or that application will work with, then we need to stimulate it the additional traffic flow from point A to point B and by passing this traffic could compare, understand what delay is what loss, and actually determine how our network, this or that application can work. Again, this required creating an additional load on the network, accumulating traffic flows, and in fact we did not get the real picture. Actually, iPCA technology is a technology of end-to-end control and quality assurance, it allows for real traffic flows, without creating any load, determine the SLA, set the quality parameter and observe. If at some point the set parameters begin to deteriorate, then the system automatically allows you to rebuild the transmission paths of the traffic so that the SLA is executed.



    Actually, in conclusion about the campus solution, it is also called SDN, a software-defined infrastructure, but from the point of view of Huawei, the transition to next-generation networks should not be revolutionary, which requires a complete replacement of all network elements, it should be evolutionary. That is, those network solutions, applications, services that have already worked on the customer’s infrastructure, they must be preserved, they must continue to work as they work. The network infrastructure that was built, it must also continue to work. But at the same time, our switches can work in parallel in a software-defined infrastructure, as well as in legacy legacy switched, routed networks. From the point of view of hardware implementation, in fact today it is already the 5th generation of switches,



    Now we are talking about the 5th generation of switches that use new chipsets, these are not traditional ASICs that are tightly attached to processing various protocols using a certain algorithm. ENP processors are fully programmable. If we have some kind of new protocol, some non-standard service that requires some changes in the protocol, then ENP processors allow you to respond quite flexibly to this problem, just change the firmware of this microprocessor and it will also be able to process new types on the fly traffic. What is it for? Since the SDN is not de facto standardized today, there is an OpenFlow protocol in different versions, but it is still being developed, many vendors have many proprietary things, their improvements. Today the customer buys this equipment intended for next-generation networks, he wants to be sure that the equipment he purchased will be relevant in 5-6 years, when the SDN will be completely standardized. Actually, flexible programmable network processors allow us to solve this problem.



    To date, we have already released several models of flexible switches, the first such flagship was the S12700 line, the modular switches that are traditional there, which are valid for 8, on 12 interface boards, well, nothing surprising, that is, equipment that can be used at the core of the network and at the aggregation level, but they are already built on this flexible architecture with an ENP processor.

    We have already implemented the Nth number of different projects, and the global project, in essence the Agile Network architecture is a concept, it has been present on the market for 1.5 years, but many different projects have already been implemented. In Russia, last year, we already had our first signs, we did an interesting project at Moscow State Pedagogical University (MGPU), but restructuring is underway in universities in Russia, that is, the main university and smaller ones, colleges, they cling to this head organization, the head university. And there, in fact, the same problem was there, there was an internal infrastructure, a network of Moscow State Pedagogical University, plus smaller universities clung there, colleges clung, and there was absolutely fragmentation, that is, someone had fresh Cisco equipment, someone had Huawei, someone had then there were D-Link equipment, MikroTik, and all this was difficult to manage, a completely fragmented infrastructure, different syntax, different network engineers with different skills and so on. Actually, the Agile Network solution allows us to bring all this to a common denominator, we can put a centralized controller, we don’t need to change all the equipment, we only need to replace some nodes and we can use a single monitoring system, using a single control system infrastructure to observe. We can make changes, get information about some problems, malfunctions, build reports and so on. Agile Network solution allows us to bring all this to a common denominator, we can supply a centralized controller, we don’t need to change all the equipment, we only need to replace some nodes and we can monitor all this infrastructure using a single monitoring system, using a single control system . We can make changes, get information about some problems, malfunctions, build reports and so on. Agile Network solution allows us to bring all this to a common denominator, we can supply a centralized controller, we don’t need to change all the equipment, we only need to replace some nodes and we can monitor all this infrastructure using a single monitoring system, using a single control system . We can make changes, get information about some problems, malfunctions, build reports and so on.



    The second component is the Agile Branch solution, which when our infrastructure is not just a closed campus, our corporate network, but when we have a fragmented infrastructure, that is, we have several remote offices, there is some kind of central point, and again we wanted us to be able to manage completely different policies centrally from this point. For this, Huawei is releasing a new line of routers, they are called Agile Gateways, we can translate flexible gateways, and before there were such devices, they were such multi-service routers all in one, they provided Internet access approximately, voice wiring, had a built-in firewall and built-in access point.

    Now speaking of multiservice routers, they have become even more multiservice routers, even more flexible, if I may say so.

    Now they are built on the X86 architecture, in fact, this is such a mini server, there is a built-in SSD drive where you can put a full-fledged operating system: Windows. Linux Android, that is, absolutely anything. This gives us the opportunity to offer not just traditional communication solutions, when we need to combine several points, it makes it possible to create completely new business applications. As an example, with one of the system integrators, we are now working on solutions; they want to put screens, televisions with a webcam and HDMI output in public transport, in shopping centers. Our smart routers with a Windows operating system and a written application are put there. A person approaches this screen, the built-in webcam allows you to analyze who came up: male / female, and how old: child or senior citizen. After we determine the gender and gender affiliation of this person, we can show him targeted advertising. The child is shown an advertisement for diapers, lollipops, a pensioner to show advertisements for medicines or diapers. Also relevant.
    Now we have additional flexibility, we are not just building a communication network, we are building a network on which such value-added services can be deployed. Why are routers needed there? In principle, all this could be realized using ordinary servers, using some PCs, connecting the same screens. Routers are needed here from the point of view that you need to provide connectivity at all those sites, somewhere it's a wired connection, somewhere DSL, somewhere 3G, somewhere 4G. We need to manage information security, we need to manage the connection policy, the update policy of these devices. Previously, if this disparate infrastructure was presented - 100 stores + the main data center, now it is 10 thousand screens + 1 main data center. That is, these 10 thousand devices must also be centrally managed.



    Another case is that when we have such a fragmented infrastructure, consisting of hundreds, thousands of remote points, the big problem is the introduction and deployment of new objects. To do this, we need to send an engineer, some specialized one, who understands and has sufficient qualifications to configure this device, to these 10 thousand points. It is problematic, it is difficult. Therefore, in the Agile Network concept, we completely get away from this, we just send this box to the object, provide it with an Internet connection, insert the LTE USB-whistle, everything, after that the device automatically loads the configuration, loads all its settings using the centralized SDN controller. That is, the deployment of this infrastructure, the deployment of objects is very simple and affordable for most customers.



    Well, from the point of view of hardware models, here we have a large product line: for stationary use, for mobile use, for use in Internet of things scenarios, when we need to connect the nth number of smart sensors, some sensors, all it can be implemented in similar gateways. One more thing - virtualization and clouds are present here. You can do virtualization on this ordinary small router, there is KVM, that is, you can install Linux on one virtual environment, Windows on another, or something else. Virtualization has reached very simple boxes, subscriber devices, subscriber devices.



    The third component of the Agile Network solution, which is the closest to the topic of today's event, is the Cloud Network, this is the Agile Network solution for the cloud infrastructure, for the data center infrastructure. On the one hand, here the main requirements are, firstly, elasticity. Elasticity - it also means the performance of hardware devices, elasticity in terms of functionality, these devices must provide us with connectivity between different data centers, or they must provide connectivity within our data center. The second core value for data center networking equipment is openness. Data centers should not have a mono-vendor infrastructure, it is often multi-vendor, we must provide interaction, we must provide APIs for the interaction of various components, for their tight integration.
    The third whale is virtualization. On the one hand, for computing resources, on the other hand for network elements as well.



    Here we have also highlighted a line of equipment, switches from the Cloud Engine series, they are presented in the lobby, you can learn more about modular solutions - 12800 and top-of-rack switches. A wide range of equipment, on the one hand, they offer a unique architecture in terms of performance, if you look at those values ​​of switching capacity, bandwidth, port density, then Huawei is confidently ahead of all manufacturers with the same datasheets and you can see the manufacturability of our equipment. On the other hand, there is a full pool of technologies for virtualization.
    Briefly walk through them, our first technology is called Virtual Switch (VS). Imagine that there is some kind of large commercial data center and several tenants. At the same time, each of the tenants wants to independently manage not only the computing infrastructure, servers and services, but also wants to manage the network infrastructure, independently prescribe the routing policy, service quality policy, and security policy. VS technology allows us to present one physical switch in the form of 16 virtual ones. We can say that we have such a large switch, the first interface board, ports 1-7, 23, 25 are tenant number 1, the interface board 7, ports 17 through 25 are tenant number 2. We assign computing resources to them, and after that, these tenants work independently of each other. A DDOS attack may start on one of the tenants, but this will not affect the other in any way. They will work completely isolated from each other.

    Next technology: SVF - Super Virtual Fabric, Virtual Factory. There can be an arbitrarily large data center, consisting of 100 racks, while we can centrally from one point, with the help of a single switch, manage absolutely all of our network infrastructure. All these 40, 50, 100 racks will look just like additional virtual cards, additional extensions of our head switch. And one more urgent problem, an actual trend for data centers is to ensure connectivity between several data centers. The so-called disaster recovery solution, active-active solution. When we have several data centers geographically spaced. If at some point there are software or hardware failures in one of the data centers, then for services, for applications, For users, this should be completely invisible. Everything should work seamlessly. In this case, we need such a smooth migration of virtual machines from one data center to another data center. To do this, provide the so-called L2 connection. To do this, we also have a number of technologies, there is a proprietary technology called EVN, what CISCO calls OTV. But today, all vendors come to a common denominator, EVPN technology, which will allow different vendors to work, will allow them to interact with each other and provide L2 connectivity. Our equipment already supports such a mainstream technology, that is, all this is inherent. To do this, provide the so-called L2 connection. To do this, we also have a number of technologies, there is a proprietary technology called EVN, what CISCO calls OTV. But today, all vendors come to a common denominator, EVPN technology, which will allow different vendors to work, will allow them to interact with each other and provide L2 connectivity. Our equipment already supports such a mainstream technology, that is, all this is inherent. To do this, provide the so-called L2 connection. To do this, we also have a number of technologies, there is a proprietary technology called EVN, what CISCO calls OTV. But today, all vendors come to a common denominator, EVPN technology, which will allow different vendors to work, will allow them to interact with each other and provide L2 connectivity. Our equipment already supports such a mainstream technology, that is, all this is inherent.

    Speaking of data centers, another urgent task and problem is to increase the number of VLANs, that is, to increase the number of users of network resources that we provide. For this, our equipment supports such a mainstream technology called VXLAN, and it allows us to increase this number to 16 million VLANs with 4000 VLANs. Huawei equipment on the Cloud Engine line is also all inherent.



    Again, the TsODovsky equipment, it is convergent, there may be not only ethernet, there may be FCoE, it may just be a fiber channel, we also have various options for implementing network infrastructure. And the component that we already talked about, Agile Controller, that is, centralized intelligence, from the point of view of the data center, also brings us a lot of value. On the one hand, it will have a southern interface to the virtualization system, at the moment the virtualization system may be virtualization from Huawei, which is called Fusion Sphere, our hypervisor. It can be widely used by VMware, again it can be Microsoft virtualization (HYPER-V). On the other hand, the controller has an interface for interacting with the lower level, that is, with the level of network elements, network devices. That is, now all those changes



    And we come to a model of universal interaction, we get the opportunity to quickly implement services. Now we can implement those tasks of the routine deployment of some images, the routine deployment of new services, virtual machines thanks to the network infrastructure. Now we have a service provisioning model, now we don’t need to engage a separate IT administrator, we don’t need to attract a network administrator, now just a person who needs to deploy a new service, he orders this in the self-service portal, and the system automatically deploys the virtual machines there and automatically produces necessary changes in network infrastructure.

    That's all. These are the core values ​​that I wanted to tell you about the Agile Network. On the one hand, from the point of view of data centers, we have technologies that provide connectivity, provide active-active solutions. On the other hand, we provide campus networks that lead to a common denominator. We can manage user profiles, security policies, service quality policies, device configurations using a single point, that is, we are moving away from a separate static approach. And if we need to build such a distributed infrastructure, consisting of the nth number of elements, then here we can lead all this to a single point and centrally manage the entire network.

    Question from the audience:- If you use a switch from Cisco in one place, in another Huawei or some other company, is the cloud engine able to configure them in order to make changes?

    Sergey Aksenov: - In fact, all manufacturers of this are going to this, open flow has just created this interaction protocol, it was created so that the centralized SDN controller was from one vendor, the device from some other vendor, and all this is fine interacted. And today there is no such thing. Still, step by step, we are going to this, we are going to standardization. All these beautiful things and buns can be realized only on our equipment in full.

    Question from the audience: - So you can’t make friends iOS and something yours?

    Sergey Aksenov:- Here the question is what needs to be friends and what problem we are solving. Today, 90% of customers are interested in integrating Huawei and Cisco equipment as much as possible, despite the fact that Cisco has a certain number of proprietary proprietary technologies. Huawei understands this very well. 95% of customers have already built the infrastructure, that is, we come to everything ready. And if we want our equipment to work with the customer, then we must ensure full compatibility. We must ensure the preservation of those network services that he had in full. If we talk about traditional solutions, not SDN ones, then there we can provide full integration. Cisco and Huawei will work great. But from the point of view of the SDN with the controller, for all manufacturers it is still proprietary. This is not just a concept for the future,



    Tags:

    Also popular now: