H3C Application-Driven Data Center Solution
10-07-2019Solution Overview
H3C Application-Driven Data Center (AD-DC) is a unified next-generation data center solution designed to support accelerated service delivery. It helps customers build an intelligent data center network that can change quickly to accommodate exponentially growing traffic and accelerated service provisioning driven by cloud computing, big data, and mobile Internet.
The H3C AD-DC solution offers the following capabilities:
Orchestration—Deploys AD-DC solution to provide a converged architecture and GUI-based basic network management that enables unified, graphic, visualized orchestration across the entire network and concentrates management, control, and analytics concentrated on a single platform. It provides a one-stop, end-to-end closed-loop solution that encompasses network architecture design, simulation, deployment, and operations.
Automation—Deploys the SeerEngine platform to automate network device incorporation and service provisioning and enable network adaptive to cloud.
Analytics—Deploys the SeerAnalyzer platform to offer AI- and big data-assisted analytics, enabling administrators to gain a holistic view of the network and quickly identify and resolve network issues.
Lossless fabrics—Deploys H3C high-performance data center switches designed for this cloud computing era to build lossless fabrics that offer ultra-broadband and ultra-low latency.
Figure 1. AD-DC solution architecture
Features and Benefits
Elastic, Reliable Network Architecture
H3C AD-DC is designed for openness. It provides extensive support for standard protocols, including BGP EVPN, VXLAN, OVSDB, OpenFlow 1.3, NETCONF, INT, gRPC, and ERSPAN. Customers can integrate it with mainstream resource management platforms or cloud platforms to provide unified management or avoid the risk of vendor lock-in.
Dater center networks (DCNs)
H3C offers a full portfolio of DC switches to address diversified demands of customers for connection speeds within a data center, from GE, 10 GE, 25 GE, 40 GE, and 100 GE, to 400 GE. All these switches support state-of-the-art overlay technologies such as BGP EVPN and VXLAN for elastic expansion of data center networks.
AD-DC offers multiple networking solutions including network-based overlay, distributed gateway, and centralized gateway for you to choose as needed.
An AD-DC overlay network is typically built on top of a spine-leaf physical network. The underlying hardware devices improve BGP EVPN and VXLAN protocol efficiency. Devices of each role are deployed in high availability by using technologies such as ECMP, IRF, or DRNI. Distributed gateways ensure optimal hardware forwarding paths. Severs access leaf switches through DRNI with a VXLAN tunnel as the IPL or an Ethernet aggregate link as the IPL to adapt to different networking requirements.
Friendly with small-scale networking scenarios, AD-DC allows leaf devices to access computing resources and security resources simultaneously to improve resource utilization.
Multiple borders can be used as fabric egresses on an AD-DC. Different tenants or VPCs can choose different borders as egress devices, and network traffic can be ECMP-balanced among multiple borders, which improves network egress reliability and scalability.
Multiple controllers form a cluster at the control layer of AD-DC. In the northbound direction, the controller provides a unique IP address for interaction with the upper layer applications. In the southbound direction, the cluster provides load sharing and redundant backup for the managed forwarding devices through intra-region backup and inter-region backup.
With support for EVPN-based Layer 2/Layer 3 multicast, AD-DC ensures delivery of video on demand (VOD) services in the financial media industry, information distribution in the financial industry.
Dater center interconnect (DCI)
H3C offers a wide range of hardware platforms for DCI and high-performance switching products that can provide connections as fast as 400 Gbps.
The H3C AD-DC solution deploys Ethernet Virtual Interconnect 2.0 (EVI 2.0) to support distributed service deployment across data centers. EVI 2.0 uses VXLAN in the data plane and MP-BGP EVPN in the control plane. This allows the solution to interconnect the virtual resources pools of data centers for unified resource management and allocation.
Figure 2. AD-DC solution network architecture
End-to-end Automation
Network fabric automation—The solution offers not only automated role-based underlay deployment but also automated overlay deployment.
Service automation—The SeerEngine provides automated service-based network configuration deployment to help customers accelerate service provisioning. The SeerEngine communicates with devices through standard southbound protocols such as NETCONF, OVSDB, and OpenFlow. When IT managers or tenants launch new services, the controller quickly delivers the abstracted logical network configuration to related physical devices, improving service deployment efficiency greatly.
Integrated All-facet Security Protection
On-demand security resource scheduling—Security resources are pooled, service-oriented for orchestration based on policy-driven security service chaining. Security policies can be established automatically to meet businesses' security requirements on demand, providing comprehensive protection of both internal and external traffic for tenants.
Unified network and security for coordinated defense—Through network-wide "network + security" collaboration and coordinated defense, and cooperation with the SeerEngine module, AD-DC provides a three-tier coordinated closed-loop defense system that encompasses analysis, control, and implementation capabilities. Through SeerEngine, AD-DC automates business-driven policy establishment and deployment and enables the transition from using manual approaches for network management and maintenance to AI-driven operations (AIOps).
Fine-grained isolation based on EPGs—Hardware entry-based EPGs allow you to group hosts by discrete IPs and configure flexible inter-group strategies to provide whitelists, blacklists, stateless firewalls, and service chains, and provide host-granularity network isolation for the data center network.
Figure 3. All-facet, integrated security protection
Compute Resource Collaboration
As the pipeline to transport data, the data center network requires seamless integration and compatibility with compute resources. Based on the standard OpenStack architecture and projects, AD-DC can automate provisioning of all types of compute resources including virtual, bare metal, and containerized, improving compute resource provisioning efficiency greatly.
Virtual resource provisioning—By coupling with OpenStack's VLAN model and hierarchical port binding feature, AD-DC provides support for most mainstream compute virtualization platforms in the industry including KVM, VMware, and CAS. SeerEngine can interoperate with virtualization platforms such as VMware vCenter to achieve dynamic online association between computing and network resources.
Bare metal resource provisioning—Based on the OpenStack Ironic project, AD-DC seamlessly integrates with OpenStack to provide one-stop, full-lifecycle service for bare metal resources on tenant networks.
Container network resource provisioning—AD-DC can cooperate with open-source container platforms developed based on Kubernetes and Openshift to automate container network resource provisioning on demand.
Proactive Operations and Maintenance
Powered by SeerAnalyzer and technologies such as gRPC, Telemetry, ERSPAN and in-band telemetry (INT), AD-DC can achieve millisecond-precision data capture, megascale VM data analysis, and real-time fault detection. Based on global network monitoring, visual tenant network presentation, and business model deduction capabilities, AD-DC allows customers to perform accurate fault location, risk prediction, and trend analysis. AD-DC provides closed-loop business O&M that encompasses perception, pre-judgment, and execution, shortening fault resolution time from hours to minutes.
AD-DC provides underlay and overlay topologies and their correlations. It also provides AI-enabled network health monitoring capabilities to give administrators a holistic view of the entire network and quickly identify and resolve network issues.
By collecting and comparing device configurations and logical items across the network, SeerAnalyzer can track the changes in the network configuration and logical items in real time, provide visibility and a holistic view into network changes, and help locate and fix issues in the event of a failure.
With SeerAnalyzer and SeerEngine, AD-DC automates a closed-loop process for fault events from discovery, diagnosis, solution, to closure.
When a fault occurs in the network, SeerAnalyzer will detect, locate, and diagnose the fault event in real time.
The SeerEngine controller then issues a solution for the fault event and continues to monitor whether the fault is resolved. When the fault is resolved, the fault event process is closed.
Figure 4. Health degree of data center network
Openness and Programmability
A software-defined data center network allows administrators to customize the data center more flexibly at the control plane. As an SDN-based controller, H3C SeerEngine is the real performer and core of programmable data centers. With its high reliability, high performance, fully open interfaces, and programmable extensibility, SeerEngine is changing the deployment mode and operation mode of the network. SeerEngine provides richer and more flexible functions to help enterprises adapt to changing network trends and build an intelligent, secure, and reliable information network.
In the northbound direction, SeerEngine adopts open, standard RESTful APIs or Java embedded APIs, allowing users to develop programmable SDN apps of their own. In the southbound direction, SeerEngine adopts standard southbound interfaces defined by the OpenDayLight organization, including OpenFlow, NETCONF, and OVSDB interfaces.
Solution Values
Provide a converged architecture and concentrate management, control and analytics to improve operational efficiency.
Accelerate business provisioning and delivery with end-to-end automation ability.
Provide closed-loop business O&M to ensure business consistency.
Build a zero-trust network by comprehensive security capabilities.
Setup an ecological foundation with open and programmable platform
Support Matrix
AD-DC solution currently supports the following switches and security devices:
S12500G-AF (TD, TE) | Spine, Leaf, Border, ED |
S12500X-AF (HB, HF) | Spine, Leaf, Border, ED |
S9850 | Spine, Leaf, Border, ED |
S6850 | Spine, Leaf, Border, ED |
S6800 | Spine, Leaf, Border, ED |
S6805 | Spine, Leaf, Border, ED |
S9820-64H | Spine |
S6860 | Leaf |
F5000 | Security Service |
Ordering Information
LIS-vDHCP1000 | H3C vDHCP1000 License(Comware 9,STANDARD Edition,Permanent) |
LIS-SeerEngine-DC-BAS1 | H3C SeerEngine DC Software Additional 1 Server Node License |
LIS-SeerEngine-DC-PSW-VAR | H3C SeerEngine DC Software Additional 1 Physical NE License |
LIS-SeerEngine-DC-SC-VAR | H3C SeerEngine DC Software Additional 1 Virtual Service Node License |
LIS-SeerAnalyzer-DC | H3C SeerAnalyzer Software Data Center Edition License |
LIS-SeerAnalyzer-DC-Analyzer | H3C SeerAnalyzer Software Data Center Edition Analyzer License, 1 Managed Node |
LIS-SeerAnalyzer-DC-PSW-VAR | H3C SeerAnalyzer Software Data Center Edition License, 1 Managed Physical Switch |
LIS-SeerAnalyzer-DC-PSWFA-VAR | H3C SeerAnalyzer Software Data Center Edition Traffic Analysis License, 1 Managed Physical Switch |
LIS-SeerAnalyzer-Collector-I | H3C SeerAnalyzer Software Collector Type I License |