Technology Trends and Current SDN Data Center Solutions

Published on June 21, 2017

Technology Trends and Current SDN Data Center Solutions

    We continue to publish materials from the forum “Joint Security of Cloud Solutions for Business” , which we held together with Kaspersky Lab and HUAWEI on May 31 in Moscow. Presenting a report by Sergei Aksenov from HUAWEI "Technology Trends and Current SDN Solutions for Data Centers"

    Colleagues, good afternoon. My name is Sergey Aksenov, I am a representative of Huawei and, accordingly, at Huawei I am responsible for the development of the network solutions direction.
    My today's topic relates to data networks, to network infrastructure. And the new trend that arose some time ago, which is finally beginning to be implemented on the real customer’s infrastructure, is, in fact, SDN, a software-defined infrastructure.

    In fact, today's event is entirely devoted to cloud technologies, and if we even looked at those conferences that were held even two or three years ago, the data transmission network, just for the clouds, would be considered simply as such an auxiliary element as a kind of substrate, but in virtualization platforms, cloud technologies have always been at the forefront. But today, SDN solutions are actually an integral part of the cloud. SDN solutions have become absolutely adequate in terms of their functionality, their cost and, most importantly, their capabilities. And today, those traditional solutions that have been applied over the past five to six years, they already look rudimentary, that is, they are really behind. And SDN solutions are where the industry is heading, where the industry is heading. But I, too, will not talk for a long time about all the advantages of the cloud, and so on, but if you look at the IDC reports, by 2020, about 50 percent of the corporate infrastructure will be completely transferred to the cloud. Today, communicating with customers, with customers of the Enterprise market, we certainly see that the main model is still a bimodal approach. When, accordingly, the customer already had some kind of its own infrastructure, considerable funds were invested in it and simply abandoning the use of this infrastructure, it’s all wrong to transfer everything onto the rails and it’s probably difficult. Therefore, the bimodal approach is that those applications, those services that, in fact, existed on a traditional infrastructure of their own, they continue to work, but some new applications, which the company plans to launch or launches right now, of course, they are already more correctly implemented using the cloud. At the same time, the data transmission network in the form in which it was, these are the traditional technologies, switching and routing de facto they have not practically changed over the last ten years, that is, they were based on some common things, of course there were minor improvements, changes and so on. But with the advent of SDN, things are starting to change dramatically. there certainly were minor improvements, changes, and so on. But with the advent of SDN, things are starting to change dramatically. there certainly were minor improvements, changes, and so on. But with the advent of SDN, things are starting to change dramatically.

    First, let's talk about traditional networks, why were they actually bad. The traditional network implied a static and fragmented approach to managing network infrastructure. That is, for example, we have a data center, which consists of ten to twenty racks, each of the racks has a pair of top-of-rack switches for connecting servers of computing resources, and the traditional approach implied that, firstly, each of these devices requires special attention, requires a static configuration. At the same time, from the point of view of some kind of centralization, it was either absent, or there was simply some kind of monitoring and control system that allowed assessing the status of the infrastructure, but did not give any flexibility from the point of view of a centralized unified management. Again, the traditional infrastructure is not agile. The principle of agile, when we actually plan to launch some kind of new service, some kind of new service, accordingly we work it out, develop, during development we see that some other changes are needed, we make them at the development stage. After that, we launch the service in the productive, that is, we test it on our customers, and when we launch it in the productive, we understand that some other changes are required. That is, there is constant adaptability, a constant change in our infrastructure. Accordingly, the traditional solution, in principle, did not allow this from the point of view of the network, because, for example, a trivial situation, you want to test the new 1C release so that this all happens, you need to deploy some kind of virtual machine with certain properties, with a specific operating system. From the point of view of computing resources, everything is simple and clear, that is, we just create this virtual machine, endow it with the necessary properties, and everything starts working automatically in 5-10 minutes. But from the point of view of the data transmission network, it is required to involve a network administrator, a network engineer each time, who will manually make any specific configurations on the network equipment, on each specific port, and give virtual machines some configurations. Again, today, speaking of cloud infrastructure, many customers are interested in either a commercial cloud or their own private cloud. But at the same time, it must be geographically dispersed, that is, this solution is active - active, in which software or hardware failures in one of the data centers, they in no way affect the operation of applications and services. Accordingly, virtual machines that fly from one data center to another data center, they also require attention. That is, if we are talking about a traditional data transfer network, then of course it will not allow a virtual machine that moves from one physical data center to another data center, firstly, to maintain its addressing, to preserve the security policy rules that were on it assigned to these constant movements.

    Another problem that we see among customers is always a certain operation service that supports the IT infrastructure. Moreover, this operation service is always divided into two camps. The first camp is the network engineers who are fully responsible for data transmission and the second camp are those people who are responsible for the so-called IT resources, for the computing infrastructure, for the data storage system. Between them there is such a hard watershed, respectively, we get independent control of the components and in the event of any problems, in the event of any failures. Troubleshooting, identifying the root of the problem, fixing it takes a considerable amount of time, and at the same time it can be very difficult to understand on which side the problem arose and who should fix it. Here we come to a situation
    If you look at those solutions and the problems that are on the SDN market today, then absolutely all network vendors are large, Huawei, our competitors, offer a ready-made SDN concept. That is, it is a vertically built infrastructure that allows for centralized management, allows for automation, and allows tight integration with computing resources. But if you look at the end customer, the end customer is very dissatisfied with the current situation for the simple reason that each vendor offers its own proprietary solution, that is, buy my switches, buy my SDN controller, it can only work in this configuration, it can only with such a hypervisor. Moreover, from the point of view of the customer, ICT - infrastructure, IT - infrastructure should be diversified, that is, built on several vendors, while the controller or network equipment, servers, storage can be from different manufacturers. That is, this is the model that almost any customer goes for today. Therefore, this problem really exists today, and Huawei, nevertheless, if you look at the strategy, is trying to release a more open SDN solution.

    I’ll continue to show here that we have an ecosystem of partners, these are the largest developers of virtualization platforms and network equipment, respectively, we follow the ideology of an open infrastructure, that is, these are open software interfaces that do not bind the customer to using only our equipment using the solution SDN

    The solution that Huawei offers is called Huawei Cloud Fabric, a cloud factory or programmable factory. From the point of view of architecture, the picture shows, in principle, everything is quite simple, understandable and, probably, logical. On the one hand, we have data transmission networks — these are some physical devices, some ports to which we connect hardware servers, we keep these our servers, while on top we have an application layer and a cloud platform. Here a key element appears, which is called the SDN controller, in terms of Huawei it is an agile controller. This is the orchestra that has on the one hand southern interfaces for communicating with virtualization platforms, and on the other hand it has northern interfaces for communicating with virtualization platforms and southern for communicating with the network level, that is, with conventional network switches. This is the traditional openflow protocol used to program network devices. And here are three main pillars, three main directions of this solution - it is simple - simple, elastic - flexible, and open - open infrastructure. What is the plus.

    The main plus is that when we talked about this simplest scenario, we need to test the new 1C release, we can’t immediately launch it in the productive, we need to deploy some kind of test environment, we create a virtual machine, we give it some then the properties using the graphical interface, which is in the agile controller and then all the configurations that must occur from the point of view of the network, they occur completely automated. That is, we do not need to go to a specific switch for this virtual machine every time, configure the rules of the security policy, the quality of service policy there. We simply create, conditionally speaking, an icon for this virtual machine in the graphical interface, we endow it with certain properties, and these properties absolutely automatically make a move.
    A key theme of today's event is security. And here they talked about security in terms of compromising data, external attacks and other threats. But another threat that lurks is the threat of unprofessional personnel who operate. That is, due to some incorrect actions, from the point of view of the data transmission network or virtualization, the business may also suffer, that is, we will have some kind of virtual machine disconnected, which is necessary to ensure business processes.

    SDN is also good because, firstly, we have the possibility of centralized unified management, we have a full dashboard for analytics, for a complete understanding of how our infrastructure works. And if at some point we made some mistake, some problem from the point of view of configuration, then all this can be easily and quickly eliminated. Moreover, due to the fact that we have automated configurations, here manual labor, that is, some kind of really work from the command line, is minimized, that is, the possibility of an incorrect configuration of this error is reduced to almost the minimum.
    Another plus of modern network solutions, whether it’s cloud solutions, or just an enterprise infrastructure, is that there are completely new network processors, which Huawei calls ENP - Ethernet Processor. These are fully programmable solutions, which, firstly, provide a significantly larger increase in performance relative to traditional ASICs, on the other hand, they are fully programmable. That is, today the SDN, unfortunately, has not yet been standardized to the end, that is, there are some RFCs, some IE standards have appeared that vendors, manufacturers try to release solutions, but, nevertheless, some final version of standardization has not yet appeared. Therefore, these ENP processors are also good because, already buying equipment with such processors, you, as the end customer, receive investment protection. That is, just changing the firmware of this network processor is enough, and it will be able to support new types of protocols on the fly, new types of technologies that will appear. Traditional ASICs, traditional network processors did not allow this in principle.
    A big plus of the SDN is that when we talk about centralized and unified management, we, as an additional benefit, as an additional plus, get the opportunity to collect analytics and forecasting. That is, one way or another, we have a certain central point, a certain intellect, which controls the ways of transmitting traffic and understands what is happening in each segment of our infrastructure. Thanks to this, we can accumulate statistics regarding what is happening with the network infrastructure, and when at some point an external attack occurs or some non-standard pattern traffic appears in the case of DDoS or some kind of internal exploit, then the SDN controller about it will also notify. He has as one of the modules the central security module, this is the Big Data module, which actually stores a login about all traffic passing inside the network factory, that is, each switch here acts as some kind of agent that collects this information. And then we can also control at the network level what is happening with us in terms of security.

    If you look at existing SDN solutions, you can probably divide them into three types of architecture on which SDN is built today. The first option is the one that is most widely used today, probably, in the infrastructure of many customers. Some time ago, for example, the data center was built, that is, significant funds were invested in the network infrastructure, in the computing infrastructure, and now such a customer comes to the conclusion that the network is really the brake that does not allow him to more flexibly manage the infrastructure and provide new applications and services. Accordingly, he understands that he needs SDN, he needs programmability, he needs centralized management, but he does not want to change the network, that is, funds are invested in it, the network equipment is up and running, and why change it. Here the only way out is to build an overlay network, that is, on top of that traditional data network, which is, an overlay data network is created and this overlay network is created using software. That is, either with the help of virtual candles that can be created in the hypervisor, or with the help of simply superimposed software that runs from inside the virtual machine. That is, we are on top of a traditional network that simply provides connectivity, creating a logical network that provides us with automatic configurations and automatic provisioning. an overlay data network is created and this overlay network is created using software. That is, either with the help of virtual candles that can be created in the hypervisor, or with the help of simply superimposed software that runs from inside the virtual machine. That is, we are on top of a traditional network that simply provides connectivity, creating a logical network that provides us with automatic configurations and automatic provisioning. an overlay data network is created and this overlay network is created using software. That is, either with the help of virtual candles that can be created in the hypervisor, or with the help of simply superimposed software that runs from inside the virtual machine. That is, we are on top of a traditional network that simply provides connectivity, creating a logical network that provides us with automatic configurations and automatic provisioning.
    The second option that is offered is the option that Huawei and other network vendors actually offer. This solution consists in the fact that we install hardware switches, which now support full programmability, that is, it is not necessary, as I said, to individually configure each piece of hardware. We put just a new generation of programmable switches that work with a centralized controller.
    And the third option is such a hybrid option. We also install new switches that can support this programmability, while we put virtual switches in the existing data centers that spin on the server in the same place, relatively speaking, and thereby get such a complete solution.

    Another big plus of SDN is that now we can more efficiently utilize data channels.
    Speaking about these active - active solutions, about disaster recovery solutions, when we do not have all the computing resources within the same data center, and we do such geographical diversity, here the cost of links between data centers is also important, these links are very, very expensive. When we talked about traditional solutions, it was difficult for us to evaluate there, to get some kind of a comprehensive assessment about how the data channels are used, how busy they are. When we come to the SDN model, then one way or another, a controller appears that sees, that is, receives information regarding the load on the data transmission channels. This allows us to load, utilize them more efficiently, allows us to do load balancing, that is, load balancing. And thus we can distribute it more evenly,

    In terms of hardware resources, Huawei offers a whole line of switches here, about 120 modifications of switches today.

    This line is called CloudEngine. Here, the main trend that is being observed is the trend towards 25-gigabit connections, that is, if you look at the roadmap of absolutely all manufacturers of server equipment, then they unanimously say that 10 gigabytes is not enough, 40 gigabytes is very, very expensive, therefore 25 gigabits is the golden mean. In fact, it is. If you look at the cost of a 25-gigabit port, today it is already fully equal to the cost of a 10-gigabit interface. Therefore, today the modern data center is access, that is, connecting 25 gigabit servers and actually connecting the top-of-rack switches to the network core with 100 gigabits, that is 25 plus 100. This is the formula by which all modern data centers are built .

    Speaking of the ecosystem. As I said, for Huawei, one of the key areas of the SDN strategy is building an open infrastructure. When we offer a non-proprietary proprietary solution and tell the customer, buy only our equipment, throw away everything you have, and this is actually an open infrastructure.
    Here our partners in different directions are shown. If we talk about cloud platforms, about virtualization platforms, here we have passed the vmware and microsoft certification, work perfectly with openstack, and we have our own hypervisor, the fusion sphere, with which our SDN controller interacts just as well.

    There are some other open source solutions, for example, Puppet, which allows you to get complete freedom in terms of programmability, but higher qualifications of your network engineers are required here, in fact, they should for the most part even be programmers now. This decision is for a guru. For the average customer, the recommended solution is to use our controller with a clear graphical interface in which you use icons and templates to control your entire network infrastructure. That is, you don’t even have to go to the console, to the command line of any network equipment and configure anything there.

    And speaking of the prospects for SDN, today, as I said at the beginning, SDN has already turned into a really working solution from such a long-playing topic that arose almost 7-8 years ago. If you look at the forecasts that IDC gives, by 2020, about 95 percent of large commercial data centers will be built using SDN technology. Huawei feels very comfortable in this market, that is, we grow year by year by almost 70 percent in the supply of network equipment for data centers. And there they show examples, in different countries, what could we do.
    Speaking a little about Russia, here our largest SDN implementation is Sberbank, in fact it is one of the data centers that is used directly by developers. And there, they just needed on the fly, as quickly as possible to create some kind of new virtual infrastructure and test their new developments. The second SDN project that we have, which is implemented, is the NSPK, the national payment card system. If you know, these are MIR payment cards, which are now distributed to all state employees. Actually, these are two data centers operating in the active - active mode, that is, virtual machines are absolutely smooth, can seamlessly move between these data centers. Here, the entire infrastructure is also built on Huawei equipment using our CloudEngine lines.
    Colleagues, this is where I finish my tour of the software-defined networks “What is happening today?”


    World Data Center Data Centers are they located on our territory?
    Sure, of course. This is completely our infrastructure. The Central Bank oversees this topic, that is, everything is with us, yes, in the suburbs.
    But in principle, virtualization services, cloud solutions are located in China?
    No, look, those are the solutions that Huawei offers, controllers, it's all sold as a finished product, and it's all put in the local data center. Huawei itself does not provide any cloud resources, we work with our partner RUVDS, in fact, all the services from the partner.
    Is it possible to connect an SDN, agile controller, controller to something that will enrich the agent data that the switches supply?
    Good question really. Today, agile controller, SDN is on the path of development when it is centralized to control, first of all, equipment, on the other hand it is automation, provisioning of configurations and tighter integration with computing resources. The next step is really Big Data, this is when we can integrate with various external sources, for example, attacks, antiviruses and other things, and from there we can control it all. Today we do not have this in the framework of the agile controller, but we have our own separate firewalls, Next Generation devices, which integrate just with the agile controller. This allows the bundle to provide such a hardware and software solution.
    That is, the SDN controller pushes some rules on these firewalls or can it receive data from there?
    He pushes the rules there so far only. That is, for example, you want to say that virtual machine A must interact with virtual machine B, passing DPI, an in-depth analysis from the point of view of what kind of traffic is spinning there, and the agile controller simply extends this policy to network security devices, and this analytics takes place there.

    Thanks for attention!