VRP On Your Side - VRP V8 - en

HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Huawei Confidential
Security Level:
VRP on Your Side
VRP V8 Main Slide

HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD.

Page 2

Contents
VRP Overview
VRP Highlights
VRPs thinking about future network
1
2
3

Page 3

VRP
inside

VRP
VRP(Versatile Routing Platform):high reliable Network OS
VRP (Versatile Routing Platform) is a network OS running in IP devices, similar to iOS and Windows.
VRP is the brain of IP devices which constructs the global network.
VRP has high reliability which ensures IP network secure and stable operation.

Page 4

VRP serves Multi-product families
IAS
Security
BRAS
NGN
IT
Switch
AR
Router
NE5000E NE80E
NE40E
CX600
ATN
PTN6900
ME60
SSP5000
E8000
SIG 9800
CE12800
CE6800/5800
Ethernet Switch
VRP
Consistent user experience
Fast response and delivery
AR G3
UA5000
MA5600T MXU
WLAN AC
SGSN/GGSN MAG9811
OSTA

Page 5

VRP Supports Multi-solutions
The resilient component /modularity of VRP can meet the requirement of various network
scenarios
IPTV Solution
IP RAN Solution
Metro Solution
IP Core Solution
Enterprise Solution
DC Solution
IP Broadband Solution
IPv6 Solution
L
2
V
P
N

L
3
V
P
N

M
V
P
N

S
L
A

B
A
S

M
o
b
i
l
e

3
r
d

P
a
r
t

S
o
f
t
w
a
r
e

V
a
l
u
e

A
d
d
e
d

S
e
r
v
i
c
e

L
2
V
P
N

L
3
V
P
N

M
V
P
N

S
L
A

B
A
S

M
o
b
i
l
e

3
r
d

P
a
r
t

S
o
f
t
w
a
r
e

V
a
l
u
e

A
d
d
e
d

S
e
r
v
i
c
e

R
I
P

O
S
P
F

I
S
I
S

B
G
P

R
S
V
P

L
D
P

P
I
M

L
2

P
r
o
t
o
c
o
l

CLI
SNMP
Netconf
WebUI
CFG
Perf Mgmt
Fault Mgmt
DB Mgmt
Management
Plane
Service Plane
Control Plane
Data Plane
Device FIB
Host Service
MFIB LSP Interface Tunnel
Component Mgmt HA Communication Memory Scheduler
Dist. Middleware
OS Kernel
VS 1# VS n#
R
I
P

O
S
P
F

I
S
I
S

B
G
P

R
S
V
P

L
D
P

P
I
M

L
2

P
r
o
t
o
c
o
l

FTTX Solution
WLAN Solution

Page 6

VRP: Leading a New Network Era
Distributed process capability partially
Better reliability
Better scalability
Parallel and distributed architecture of full services
Non-Stop Anything
Cloud-routing capability
Flexible virtualization
High APSO
Coarse-Grained Modular
Fine-Grained Modular
Resilient Component System
Coarse-Grained
Modular
Resilient component
system
Fine-Grained
Modular
VRP V8

Page 7

Contents
VRP Overview
VRP Highlights
1
2
3

Page 8

More Diversified Services , Broader Area and More Concentrated
Data in Could Era

HQ WAN Branch
Voice
Date
Video
Campus
Network
DC

L
a
r
g
e
r

n
e
t
w
o
r
k

s
c
a
l
e

C
o
m
p
l
e
x

N
e
t
w
o
r
k

D
e
v
i
c
e
s

C
o
n
c
e
n
t
r
a
t
e
d

D
a
t
e

.
More and more services processing in cloud DC, concentrated data calls for higher reliability
According to statistic, the world's top 2000 enterprises are all consolidating their data centers.

Different network and complicated device types from HQ to branch
Complex enterprise IT architecture ,higher Opex
Larger network scale, more locations access to network
Diversified services, increasing real-time applications and multi-service concurrent processing

Challenges for Network
Capacity
Scalability
O&M
Efficiency
Reliability
Performance

In Cloud era,
What network we need?
What network OS we need?


Page 9

Fast improvement of
hardware performance
Explosive growth of network traffic
Network OS required
higher performance
+
The high bandwidth time is coming :
cloud data center traffic grows at a much
faster rate of 66 percent CAGR, or twelvefold
growth between 2010 and 2015
In 2011, increase rate of e-commerce and
video market exceeded 60%.
By 2015, the global Internet traffic volume
will be 4 times the current value and reach
966EB.

The new network OS should support high performance to adapt the fast improvement
of hardware performance and meet the requirement of fast traffic increase.
Network
Hardware
Software
OS
Service &
Application
The network OS needs to adapt to the
hardware performance, in order to
support the growth of service traffic well.
Challenges Brought by Rapid Growth of Service Traffic and
Hardware Performance

Page 10

Current problem Network Virtualization New Challenge
Tenant A
Tenant B

Tenant n
Multi-Tenant Services
Era of Server Virtualization
+
Security and reliability of multi-services
Management isolation of multi-users.
N:1 virtualization
1:N virtualization
The New network OS should support virtualization technology to achieve comprehensive virtualization
capability of network
Network Equipment Virtualization like IT Resource

Low utilization ratio of network equipment, high
Capex
Increasing complexity of network scale and
management , high Opex
By 2013, 65% of computing will be completed on VMs.
Customers start to lease virtual servers instead of
physical servers.

H
o
r
i
z
o
n
t
a
l

i
n
t
e
g
r
a
t
i
o
n
:

L
e
s
s

O
p
e
x

E
a
s
y

m
a
n
a
g
e
m
e
n
t

V
e
r
t
i
c
a
l

s
e
p
a
r
a
t
i
o
n

L
e
s
s

C
a
p
e
x
,

S
e
r
v
i
c
e

i
s
o
l
a
t
i
o
n


Page 11

Current problem New O&M Experience New Challenge
Changes based on demands &
deployment automatically

VM

VM
VM

VM

VM
Network
Layer
Virtual
Machine

Detects VM migration and performs
deployment automatically
+
Simple
The fact that1:N virtualization creates more management
elements requests end to end management ability from
network equipment, server to VM.
Efficient
Service provisioning faster, service
deployment automatically through
perception of VMs transfer
Safe
Optimize the performance and availability of end-
to-end application. Improve the ability
of troubleshooting to reduce network failure.
Good maintainability and fast service deployment are very significant to reduce Opex

Automation : Key Consideration for O&M Issue

O&M cost becomes the biggest one in
DC spending

Page 12

22%
15%
5%
5%
23%
20%
1%
9%
Software
Upgrade/Configration
Software-Control
plane
Software-Data plane
Software-Other
hardware Failure
Link Failure
Power Outage
The new network OS should have higher reliability to achieve non-stop service. Some important
features should be supported, like failure isolation, fast self-recovery of fault, ISSU and so on.
High ratio of software failures
to whole network failures
Great loss by network failure Higher reliability
+
Cloud Service Requires High Reliable Network
Enterprises zero-tolerance of key data loss
requires DC network with higher stability and
reliability.
Software related failures: 47%,
thereamong, software upgrade/configuration related
failures are 22%, control plane & data plane related
failures are 20%.
Key point: Software related failures account
for 66% of whole network failures.

Page 13

VRP APSOCope with challenge with you
Scalability Performance
Availability
O&M

Page 14

Availability
Comprehensive security management
High strength password encryption
Aircraft grade black box records
Multidimensional defense system
Fine user authorization management

Protect your network
NSA for multi-scenario reliability
NSR/NSB of full service
NSU for smooth upgrading
NSP for resource leak recovery
Without any service interruption
Performance Availability Scalability O&M

Page 15

A2NSR/NSB for all services
Traditional NSF
Disadvantages:
Long blackout period, can not
respond to topology changes

Need neighbors support GR

Unable to respond when
neighbor is busy

Generally, NSR/NSB
just support part of
services
VRP support full-
service NSR/NSB
Disadvantages:
If devices need to support
NSR / NSB, deployment
of the services which dont
support NSR/NSB will be limited

The services will not be
protected by NSR/NSB, If they
dont support NSR / NSB

So only supporting part of the
service NSR / NSB will
reduce the reliability
TCP-based
Protocols
(eg: BGP/L2VPN)

ACK-based
Protocols
(eg: OSPF/ISIS)
Soft-state
Protocols
(eg: VRRP/
MSTP)
Support 3 kinds of
standard service
model
Contrast of NSR-NSF
blackout period
O&M Performance Availability Scalability O&M

Page 16

A3NSU for smooth upgrading
Customer ChallengeIf the old version is not compatible with the new one, the data can not be synchronized ,
resulting in non-smooth upgrading and many limits in the version consistency.
Supports online and offline
check on compatibility between
the source and target versions.
Suggests an upgrading mode
Enables the system to run
properly and manage different
software versions.
Support services data backup
between modules of different
versions and format
Support plane isolation between the old
and new versions, preventing incompatible
data from affecting the system.
Support thorough software compatibility
verification, ensuring that the NSU function
is tested and available
VRP provides NSU solution
Perfectly solve software upgrading problem for different versions

Page 17

Installing a lossless patch can reclaim all leaked
resources through NSP. All services are not affected
in the whole process.
A4NSP for resource leak recovery
without any service interruption

Installing a traditional patch removes only the bug
itself and cannot reclaim leaked resources because
of a software error. You need to reset the whole
service to reclaim the resources, which leads to a
service interruption.
Reduce the number of cold patches
which effect services.
Install a cold patch to reclaim leaked
resources, which affects services.
Resource Leak
Routing
Module

A software bug leads to
resource leak.
Resource Leak
Routing
Module

Load patch
The bug is
removed, but the
leaked resources
cannot be
reclaimed.
Resource Leak
Routing
Module

A software bug leads
to resource leak.
Resource Leak
Routing
Module

Load patch
The bug is
removed, the
leaked
resources are
reclaimed
through NSP

Page 18

O&M
The objectives and principles of network security
Objectives

Confidentiality

Integrality Availability
Principle
Cost-
effectiveness
Minimum
Authority
Multiple
Defenses
VRP security
Security = Sustainability threat analysis+ design + management + deployment + evaluation + enhancement

Page 19

Comprehensive security management
S
a
f
e
t
y

m
a
n
a
g
e
m
e
n
t

Default safety
Dont remotely access without the safety configuration
Access control
Privilege control
Secret protection
Communication safety
Alarm audit
Integrity protection
Minimum service
Three-direction isolation
Safety reinforcement OS reinforcement
Physical isolation Process isolation Path isolation
Minimum service
Dont access without the authentication Flexible authentication mechanism
Privilege control based on task Extended hierarchical control
Execution of sensitive operations
only by management level
Full ciphertext storage High strength password encryption Irreversible encryption
SSH SNMPV3 SSL
Complete operating / running log
IKE/IPSEC
Aircraft-grade black box records Major events alerts
Check for software package integrity
Don't start idle service Port can be opened and closed
Protocol reinforcement
Comprehensive security management ensures security

Page 20

Multidimensional defense system
Malformed packet recognition; Broadcast suppression; L2 loop detection; Slice
flooding suppression; URPF
PHY&MAC Framer of interface
card
The L2 message format check; Flow
classification and TM control
F
o
r
w
a
r
d
i
n
g

P
l
a
n
e

C
o
n
t
r
o
l
/
M
a
n
a
g
e
m
e
n
t

P
l
a
n
e

Protocol stack state/Session firewall
Package flow-classification
Black
List
White list
Protocol/HOST
flow control
AAA; AUDIT; SSH; Active ARP; ACL;
NAT/ALG;IPSEC/IKE;SSL; DHCP SNOOPING; GTSM;
Protocol Authentication; KEY CHAIN;
Anti-attacked by malformed packet of protocol;
Route filtering control
OS/Protocol stack safety reinforcement
N
e
t
w
o
r
k

L
a
y
e
r

A
p
p
l
i
c
a
t
i
o
n

l
a
y
e
r

D
e
v
i
c
e

L
a
y
e
r

Upper &
lower
linkage
Anti-attack by package
from forwarding plane
Management/control/
forwarding plane linkage
Based on state/
session firewall
Answer ARP/ICMP/PPP
in the lower layer
Feature and function

Page 21

High
strength
password
encryption
Running
information
Operation
information
Error
information

Full ciphertext storage: Reduces the plaintext
password leak risk
Irreversible encryption: Ensure that the
password can not be cracked and leaked
Complex password: Avoid simple passwords
being guessed, and fraudulent access
equipment

Use high-end memory or NVRAM
for storage
No influence on system performance
Real time information record
The information is not lost after
system restart

Aircraft-grade
black box records
High strength
Password encryption
Fine user authorization
management
User or command-based
authorization management

level 3 Management Level
level 2 Configuration Level

level 1 Monitoring Level
level 0 Visiting Level

Task Group 1
Ospf_ task
cmd1 read
cmd 2 write
PPP_task

Task Groupe2
BGP_task
cmd1 read
cmd 2 write
ARP_task
User Group
read write
Level-based authorization
management

Page 22

Comprehensive tests and verification
VRP
is safe
Black-box test
White-box test
Testing based on the
threat scenario
Penetration test
The third party test
Nessus system
vulnerability scanning
APPSCAN Web
safety vulnerability scanning
NMAP
port scanning
WebScarab
Web safety testing
Xdefend DoS
Protocol robustness testing
Codenomicon
Protocol robustness testing
Fortify code safety
static analysis
Coverity
code safety static analysis
testing Verification
Authenticated by Common
Criteria EAL3

Page 23

Performance
Full service distribution
Multi-CPU/Multi-chassis
High performance meets
information tsunami challenges.

Page 24

VRP software architecture
VRP adopts RDF (Resilient Distributed Framework) greatly enhance the whole system's flexibility,
reliability and scalability. VRP can adapt various network service scenarios flexibly.
Resilient Distributed Framework
Flexible scheduling framework
Full-service distribution
DC
Network
Metro
Network
Campus
Network
Core
Network
O&M

Page 25

VRP V8 OS Architecture Character
Deployment of multi-instances of a
protocol/service in a multi-CPU system,
improving system performance and reliability.

Full service distribution Real-time scheduling policy
Make scheduling process for different services
with different priorities according to pre-defined
policy, improving performance and availability.
Advanced
Architecture

Page 26

TRILL Instance1 OSPF Instance1
L2 Basic 1 L3VPN Instance1
Core1
Core2
CoreN
TRILL Instance2 ISIS Instance1
L2 Basic 2 L2VPN Instance1
TRILL InstanceN ISIS InstanceM
L2 Basic N L2VPN InstanceX
TRILL Instance1
..
TRILL InstanceN
OSPF Instance1
L2 Basic 1

L2 Basic N

ISIS Instance1

ISIS InstanceM
L3VPN Instance1
L2VPN Instance1
.
L2VPN InstanceX

Parallel computing on multiple cores for one service, significantly
improving service processing performance
Different services on different cores, meeting diversified requirements
for service processing
Independent processes: one process does not affect
another
Modular design: isolates memory space and improves
system reliability
High performance High reliability
High Performance and Reliability

Page 27

Full-service distributed deployment
VRP supports a fine-grained distributed architecture and processes distributed services by deploying
multi-instances of a protocol/service in a multi-CPU/core system, improving system performance and
reliability.
Service
distribution
Scenario
Distribution
mode
Advantages
ARP
message
processing
DC,
Campus,
Interface
1. Achieve high capacity and
performance of ARP l2-proxy.
2. Enhance system security through
direct l2-proxy of ARP message in
line card
3. Boost speed of ARP l2-proxy,
decrease CPU utility ratio.
VRRP
DC,
Campus,
Interface
Achieve fast detection and high
reliability through distributed VRRP
processing based Vlanif interface
DHCP Campus, Line card
Effectively enhance the processing
performance of DHCP message
through distributed processing of line
card
L2 Multicast
DC,
Campus
Port
Meet high capacity requirement of
multicast in DC/ campus network
through distributed processing of Lind
card
O&M

Page 28

Scalability
N:1 Virtualization ----CSS
1:N Virtualization ----VS
Flexible, Resilient, and satisfying

Page 29

Flexible and resilient scalability

High resilient fabric architecture

High efficient virtualized architecture

Fabric Network

Data
explosion
Traffic
increase
Low
network
delay
Virtualization technology provides network good scalability

DC network

Access Layer Aggregation Layer Core Layer

Virtualized network resource pool

Access Layer Aggregation Layer Core Layer

Horizontal
Virtualization
Decentralized autonomous:
Self-organization, flexible scale out
Centralized management
The whole network as one device to manage and control
Vertical
Virtualization
Horizontal integration:
Reduce Opexeasy management
Vertical separation
Reduce Capex, service isolation

Page 30

N:1 Virtualization-----CSS

Single logical device
Load balance
of link
Loop-free
network
High reliability
Simple O&M The whole network as one device
managed simple O&M, decrease Opex
If one device failed ,others can take over
the work of control and forwarding, avoid
single point of failure
Link aggregation across devices. Avoid
loop when connecting CSS to other device

Link ECMP across devices, 100% utility
ratio of network link and bandwidth
Link aggregation
CSS is the first option of virtualization technology for small/middle-scale DC

Flexible connection Support different type of
devices to build CSS
Two types of management channel: in band/out-
of-band
Multiple bandwidth of forwarding channel
10GE/40GE, 100GE in the future
Fl exi bl e CSS ar chi t ect ur e

CSS forwarding channel:16 ports aggregation
Single port 40GE of forwarding channel
640GE broadband of CSS interconnection
Hi gh speed of CSS i nt er connect i on

Page 31

CSS: Make network deployment more flexible

Long-distance stack
between cities

Inter-rack/building
stack
Intra-rack
stack
City A City B
Site 1
Site 2
Single hop 80km

Dedicated stack cable or common fibers
for stacking
Single hop distance of 80km(10GE
SFP+) when using fibers for stacking
Applicable to various scenarios
Load balance traffic among links of cluster
members
Prefer local paths for forwarding
Improve bandwidth efficiency
CSS stack capacity Long-distance stack Local forwarding preferentially
2 CE12800 switches in a stack, scalable
to 4 (2013 Q2)
Stacking with line cards interfaces, up to
640Gbps stack bandwidth(16*40GE),
scalable to 1600Gbps(16*100GE,2013Q2)
Up to 16 CE6800 switches in a stack


Page 32

CSS: Simplify network topology and
reduce Opex
Traditional networking CSS networking
Fewer network nodes are deployed, simplifying
network management.
Master switch synchronizes configuration file to other
member switches, simplifying device operation and
configuration.

Simplify O&M and reduce OPEX

Network topology

NMS
Network topology
Improve bandwidth efficiency and reduce
CAPEX
Ring protection protocols such as MSTP are not
required, and no link needs to be blocked.
100% of bandwidth is used. (Only 50% of bandwidth
is used on an STP network).

Build a highly reliable loop-free network

CSS, iStack, and Eth-Trunk build a loop-free network.
The convergence time is much shorter than STP.
The system is still running when a single device fails.


Page 33

1:N Virtualization -----VS

Per VS physical card and interface
allocation
Per VS system resource
specifications
Virtual control and service plane
Virtual forwarding plane
Virtual management plane
Independent configuration,
management, and maintenance
Independent protocol processing
Isolation from other VSs
VS Components System Resource Allocation
Multi-core multi-process VRP8
Independent
Configuration
Independent
Management
VS2
Configuration file

BGP ISIS PIM .
VLAN STP TRILL
VS 1 VS 2
VS 6 VS 5
VS 3 VS 4
VS 8 VS 7
VS 2
Independent Control &
Forwarding
Independent VS Operation

Page 34

VS: Flexible resource allocation
ASIC 1

24*40G
ASIC 2

ASIC 3

ASIC 4

ASIC 1

24*40G
ASIC 2

ASIC 3

ASIC 4

VS1 VS3 VS4 VS2
Per port group allocation

A group of ports are allocated to one VS.
The VS exclusively use system service
specifications.
A VS can enable all services.
Per port allocation
Any port can be allocated to any VS.
VSs share system service specifications and
some features can only be enabled in one VS.
Some services (like multicast, MPLS, and
TRILL) can only be enabled in one VS.

Per port group allocation
Per port allocation

Page 35

VS: Save TCO for customer efficiently
Integrated
campus and DC core
Integrated
aggregation and core
Integrated
Multi-zone

DC

Campus
Max. 8 virtual switches( VS) in one chassis
VSs Two manners to manage VS: single VS / whole VS
Two modes to allocate physical resource: port / port group
Aggregation
Core
Office Zone
Production
Zone
DMZ
Campus
Core
DC Core
VS

VS Customer Value

Independent management for multi-
users

Reduce Capex & Opex

Service isolation, improve
reliability and security
Independent VS for different department
Less physical nodes required and
maintained, less Capex and Opex
Resource allocation on demand,
enhance device utility ratio
Less space required for devices placement
Different service running on different
VSs
Fault isolation between different VSs


Page 36

O&M
Efficient end to end O&M
Board forward compatibility
Alarm correlation analysis
Network-level configuring rollback
Interworking with a third party NMS

Efficient O&M reduces the cost

Page 37

Demand 1: Effective network
configuration management
Difficult
fault
location
High skill
requirements
Massive
alarms
IP network fault location
is very difficult .
Demand 2: Fast and accurate
network fault location
Planned
Maintenance
Unplanned
Event
Human Factors
Configuration changes
causing outages
1. More than 60% network fault or breakdown
are due to manual configuration fault. Many
of network breakdown are caused by false
configuration modification.

2. Configuring automation is the best way
to solve this crucial problem.

O&M requirement: efficiency improvement
and cost reduction
Improve O&M efficiency is the key to low O&M cost
Demand 3: Fast and automatical
service deployment
There are over 20 thousands IP devices in Huaweis
global IT network. The cost of deployment is much high
in phase of network construction. Take campus network
as example: The time of configuration delivery for 274
campus switches will take more than 36 hours.
The key point of fault management is alarm
amounts and locating efficiency.
No false alarm, no unwanted alarm, no
missing alarm
High cost for network deployment

Page 38

Efficient end to end O&M

Network
construction
1
2
3
Services
deployment

Services
maintenance
Plug & play of box device
Free software debugging of chassis equipment
Auto-discovery physical resources
Automatic project acceptance
E2E efficient service deployment
Board reverse compatibility
Auto-verification of QOS
Detecting in service
High valid alarm, accurate fault location
Network-level configuration rollback,
effectively reducing configuration errors
Network O&M accounts for 25% of the total OpEx,
How to enhance efficiency, reduce O&M costs
10%
5%
4%
3%
2%
1%
cost efficiency
80%
80%
End to End efficient O&M
End-to-end O&M improves O&M efficiency and shields IP network complexity, lowers skill
requirements of staff, and reduces the manpower and OPEX.

Page 39

Interworking with a Third Party NMS
Flexible CLI Interface
Standard SNMP Interface
VRP
Powerful Netconf Interface
Interworking with a third party OSS/NMS is a must.

Page 40

Contents
VRP Overview
VRP Highlights
1
2
3

Page 41

Network Virtualization Centralized Control Automatic Configuration Request
SDN/OpenFlow for Cloud Computing

Closed devices and distributed control
can not use advanced IT technology to
reduce cost
Rigid network pipe can not meet the
needs of future network for cloud
services when computing/storage
resources are virtualized
Cloud computing needs a large number of
cooperative work, rigid pipe can not meet
the variability and dynamic of cloud computing
Challenge
SDN/Openflow
Smartphone OTT
IDC IDC
3
rd
Party Service
SP Service
IP Core Network
Internet of Things
Enterprise
mailbox
Cooperative
communication
ERP CRM
Office
suite

Page 42

Software Defined Network (SDN) Principles
Centralized control of multi-vendor devicesSDN controller can control any OpenFlow-enabled devices of any vendor.
Simplicity and fast development of new featuresProvides a flexible network automation and management framework and API,
deploys automatically new services, and simplifies the complexity.
Improved reliability and securitySDN Controller with the entire network view can effectively implement access control, traffic
engineering, Qos, security, and other policies.
More elaborated network controlMulti-tuples-based flow control mode supports multi-tenants and isolates user traffic.
Better user experienceResponds to user needs rapidly with open API.
Customer Network Customer Network Customer Network
Network virtualization layer
Global physical network
Network OS
OpenFlow
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding

Page 43

Controller
OpenFlow
Flow
Table
Secure
Channel
OpenFlow
Protocol
hw
sw
OpenFlow Switch specification
Switch
Port
MAC
src
MAC
dst
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
Rule Action Stats
1.Forward packet to port(s)
2.Encapsulate and forward to controller
3.Drop packet
4.Send to normal processing pipeline
+ mask
Packet + byte counters
Unified cross-layer forwarding
capability
Simplify the forwarding table,
the meaning of forwarding table is
decided by the external controller
Take routing capability out of the
network equipment to improve the
flexibility of the routing (L2-L7)
Make full use of IT technology to
reduce costs and increase coupling
with the services

Decoupling of the software and hardware
Standardize hardware and software
interfaces, hardware and software can
develop independently
The ideal OpenFlow device can perform flow identification, routing, forwarding,
statistics, and label modification.
OpenFlow Principles

Page 44

Long-Term Evolution of SDN/OpenFlow
Network hardware and software coupled highly and complexly. It was difficult to decouple; Thousands of complex RFC
formed the industry barriers
SDN/Openflow need to transform the control mode of existing network.
Centralized controller need to further enrich and validate functionalities in terms of compatibility/ service abundance/
reliability / scalability (currently the main controller in industry can only support simple functionalities)
Openflow protocol itself is immature, still in the stage of rapid development
Compatible problem with commercial chip, Forwarding performance / capacity / cost is not satisfied
OF 1.1 :
Adds
tags/tunnels,
multipath,
multiple-
tables
OF 1.2 : Wire
protocol, IPv6,
basic
configuration,
extensible
expression
OF 1.3 :
Topology
discovery,
test
processes,
test suites...
OF 1.4 :
Capability
discovery,
test labs...
OF 2.0:
Revised
forwarding
model...
02/2011 12/2011 4/2012 8/2012 12/2012
Openflow development history
Idea
Standardize
Deployment
May be wait 10 years
IETF SDN vs. ONF SDN

Page 45

Controller as an intelligent brain to
centralized control DC network
The whole DC network is virtualized into a switch,
simplifying the O&M, and supporting traffic load balancing.
Supports isolation of one million tenants and flow
optimization policies at the network level.
Supports the auto-discovery between the controller and
other network devices.
Distributed controller architecture ensures high
performance and reliability, and DC services can be delivered
within minutes or seconds.
Open SDN architecture with advanced network traffic
engineering algorithm enables users to develop applications
VRP innovation practice of SDN - DC Network Virtualization
Distributed
protection
gateway
Virtual multi-tenant network
DC Network
centralized controller
large-scale layer 2 network
Layer3 network
Cloud
Gateway

Page 46

NowVirtual Cluster & Controller FutureSDN
VRP Supporting Smooth Evolution from Virtual clusters
to the SDN pipe OS
Advanced virtualization solution:
IP RAN virtualization: Unique and innovative dual control plane,
supports a variety of access topology, complete services protection
solutions and industry-leading solutions
IP Core virtualization: The first IP Core virtualization solution in
industry help operators to control the global flow of the backbone network
DC network virtualization: innovative L2/L3 full-service bear
architecture, open architecture provides flexible/on-demand DC services
SDN pipe OS:
Network OS Control plane can be achieved through
the server after further concentration, forming a unified
network-level OS
SDN/Openflow Implements flexible programming
and defining of services based on the unified control
plane and forwarding plane. OpenFlow supports
decoupling of the software and hardware and reduces
network costs.
Smooth
evolution
Customer Network Customer Network Customer Network
Network virtualization layer
Global physical network
Network OS
OpenFlow
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding
Data
Forwarding

Page 47

Thank you
www.huawei.com

VRP On Your Side - VRP V8 - en

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

VRP On Your Side - VRP V8 - en

Încărcat de

Drepturi de autor:

Formate disponibile

HUAWEI TECHNOLOGIES CO., LTD.

S-ar putea să vă placă și