1. Development trend of campus networks in the digital era
In the digital era, the access forms in the traditional campus network have gradually evolved from mobile devices to IoT devices. The campus network is the bearer network for services. With the development of the IoT services, the number of service types proliferate, service changes occur more frequently, and network O&M becomes increasingly complex. Therefore, building an elastic, scalable, manageable, and maintainable SDN architecture is a must for campus networks in digital transformation. AI and big data technologies need to be introduced to campus networks to make network O&M more efficient and intelligent.
2. Challenges for traditional campus network O&M
In a traditional campus network, we usually perform network partitioning by geographical location. If our employees move from building A to building B in the campus, the network is disconnected, the IP address needs to be obtained again, and a new security policy needs to be deployed for the new IP address. Assume if our employees have to leave their work space and go to the meeting room where they need to share some PPT files and resources and require the previous permissions, if our employees leave the marketing department and visit the R&D department where they need to share some technical information and communicate with others, or if our employees travel from headquarters to branch offices where they expect they still retain the permissions to key services, then enterprises are faced with challenges on how to provide consistent user experience in frequently changing scenarios. In a traditional solution, the IP address changes once a user's location changes, so the mainstream security devices, such as the firewall that configures a security policy for such IP address, have to adjust their security policies. This brings unprecedented challenges to interworking between various network products and security products. So how do we ensure users' IP addresses change accordingly when users move to different locations with the previous permissions retained? This is an issue that needs to be dealt with promptly for traditional networks and security.
IoT is one of core technologies that are required to build a smart campus. In addition to intelligent terminals such as traditional PCs, notebook computers, PADs, and phones in a campus network, Ethernet-based IoT terminals (broadband IoT terminals) will also grow on a large scale. These terminals also include dumb terminals such as printers, IP phones, cameras, and smart sockets in an office network.
Figure 1 Forecast on number of connected IoT devices - data source: IDC
When a large number of IoT terminals are connected to a network, it poses a big challenge on how to implement batch and fast deployment, as well as unified and simple management over them.
For most network O&M engineers, it is not easy to cope with various security threats, complete service deployment and rollout quickly, or troubleshoot issues as soon as possible due to an increasing number of service types and a larger campus network size. The problem with a traditional campus is that wired and wireless networks are split, with separate management and monitoring. In this case, if the network needs to be expanded or serve new services, it usually involves joint commissioning, which is time-consuming and painful, and if anything goes wrong, the existing services are affected. As the number of service types increases, it is also not easy to divide a network into reasonable segments so that different services are separated and different users are granted proper permissions. Overall, the traditional campus network O&M is inefficient and costly.
Figure 2 Issues facing a campus network
These are the challenges facing a traditional campus network, so next let's take a look at how H3C's smart campus solution addresses these issues.
3. H3C's smart campus network AD-Campus
To put it simply, AD-Campus is a solution with the SDN architecture, also an application-driven smart campus network. It is intended to weaken the underlying physical network, so that the O&M personnel are more focused on network application and can drive top-down O&M. AD-Campus supports unified management and control, intelligent analysis, and service orchestration on networks. Its overall architecture is as follows:
Figure 3 AD-Campus architecture
From bottom to top, there are physical layer, network layer, control layer, and management & orchestration layer. Similar to a traditional network, the physical layer contains hardware network devices, such as switches, routers, wireless ACs and APs, and servers. At the network layer, the overlay network is abstracted on the basis of the underlay network to implement the logical isolation of each service. The overlay network will be described in detail later. One layer above comes the controller layer. The controller layer contains the network control platform, network analysis platform, and terminal access authentication system, to implement automated network deployment, policy distribution, user management and O&M. On the top level there comes the management & orchestration layer. At this layer, multiple components can be installed based on our SNA Center, providing administrators with a portal for unified service configuration and network status display, and with an interaction and presentation interface for network design, policy, deployment, and assurance.