HCPP-07 - Introduction To Components of The CloudFabric Solution-2022.01

HCPP-IP Network
Introduction to Components of the CloudFabric Solution

Page 0 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Foreword
 Huawei CloudFabric solution redefines DCN deployment, interconnection, and O&M to
build an intelligent, simplified, ultra-broadband, open, and secure intent-driven cloud
data center network (DCN). This solution uses CloudEngine series DC switches, iMaster
NCE-Fabric, and iMaster NCE-FabricInsight as core components, and its service-oriented
open architecture helps customers build next-generation cloud SDN networks.
 This document describes basic concepts, key features, and main components of Huawei
CloudFabric solution, and briefly describes the network architecture, security
architecture, O&M architecture, and multi-DC evolution.

Objectives
 Upon completion of this course, you will be able to:
 describe basic concepts of the CloudFabric solution.
 describe the architecture of the CloudFabric solution.
 describe components of the CloudFabric solution.

Contents
1. Basic Concepts of the CloudFabric Solution
2. Architecture of the CloudFabric Solution
3. Components of the CloudFabric Solution

Challenges Faced by Traditional Data Centers
Application and deployment Fast rollout of many Unified management of
location decoupling applications multi-DC resource pools
320 apps go online on

average every day
Service Service Service DC1
1 2 n Fabric
Network pooling
DC2 DC3
Fabric Fabric
Server Server Server Server Server Server
• Binding of service logical partitions • Networks are separated from services, • Fragmented network, scale-up
and physical locations resulting in low collaboration efficiency • Resource pool range from a single DC to
• Chimney-type network with a small • Rapid service rollout restricted by multiple DCs
Layer 2 range, where compute networks
resources cannot be migrated

Why Does a Cloud DC Need an SDN Controller
① Northbound: provides standard Neutron interfaces

Service to connect to the orchestration layer.
orchestration ② Southbound: shields differences at the
layer device layer and unifies service models.
1 Open network capabilities need to be
enabled for services, and the network ③ O&M: provides unified management and O&M of
configuration needs to be migrated with the physical and virtual networks.
cloud. Configuration verification is
④ Management scale: A single Huawei iMaster NCE-
required.
Fabric cluster can manage many switches.
2 Cloud-based network resources need to be
dynamically scheduled and elastically
allocated.
Fabric
vSwitch vSwitch 1800V 1800V
VM VM VM VM
VM VM Hypervisor VM VM
VM VM VM VM
SDN architecture

Overview of the Underlay Network
External
network Spine-leaf architecture
PE  Spine and leaf nodes are fully meshed to build a
highly reliable, high-performance, and low-latency
Border leaf network.
Fabric
 The oversubscription ratio is low, and a non-blocking
Spine network is built.
 This architecture supports scale-out, that is, the

Server leaf Server leaf Service
leaf number of spine or leaf nodes can be increased as
required.
…
 Network nodes include switches and VAS devices
(firewalls and LBs).
 The number of spine or leaf nodes can be flexibly

configured based on the DC scale and oversubscription
ratio.
Device Roles
Spine:
• Is used for interconnection between leaf
nodes. Generally, two or more large-capacity
switching devices are deployed as spine nodes.
• Is a forwarding node on a VXLAN network.
WAN/Internet DCI gateway:

DC 2 • Is used for DCI in the multi-site multi-DC
Border leaf:
solution, which is implemented in segment
• Provides external traffic access VLAN mode.
and is deployed at the egress of
• Functions as an NVE node on a VXLAN
a DC.
network.
• Functions as a common NVE node on
a VXLAN network.
Server leaf:
• Connects to servers. Service leaf:
• Functions as a common NVE node on • Connects to firewalls and LBs.
a VXLAN network. • Functions as a common Network Virtualization
Edge (NVE) node on a VXLAN network.

Introduction to vSwitch
• vSwitches run on a virtualized platform, providing Layer 2 network access and some Layer 3
network functions for VMs on a physical server. VMs connect to a network through a vSwitch. The
vSwitch binds a virtual uplink to a physical NIC of a physical host so that VMs can access the
external network.
• Each VM has its own virtual NIC, and each virtual NIC has
its own MAC address and IP address. A, B, C, and D are
virtual ports on the vSwitch. The vSwitch connects a virtual
NIC to a physical NIC, forwards data packets on a VM from
the physical NIC, receives packets from the physical NIC,
and forwards the packets to the corresponding virtual NIC.
The vSwitch also supports security control, VLAN, network
monitoring, port mirroring, QoS, and automatic network
management.

Overlay Network Overview
Logical network 1 Logical network 2 Overlay network definition:
• An overlay network is a software-defined virtual logical network

built over an existing physical network. Without having to making
great modifications on the physical network, the logical network
is defined to carry applications, solving problems such as Layer
2 communication between large-scale VMs in a traditional DC.
Overlay network (logical network)
Characteristics of the overlay network:
Physical • Decouples from the physical network (underlay network) to build

device
an application-oriented adaptive logical network (overlay
network).
• Allows elastic scaling of the underlay network.
• Separates IP addresses from locations and allows services to be

Underlay network (physical network) deployed flexibly.
• Achieves centralized management through iMaster NCE-Fabric and

implements automatic and rapid service provisioning.

Overlay Network Types
Overlay network
On a VXLAN network, there are three types of overlay networks depending on the role of overlay network edge
devices (VXLAN NVE nodes): network overlay, host overlay, and hybrid overlay. Huawei CloudFabric solution
recommends the VXLAN network of the network overlay type.
 Network overlay: Physical switches function as NVE nodes.
 Host overlay: vSwitches function as NVE nodes.
 Hybrid overlay: Some physical switches and vSwitches function as NVE nodes.

Three Overlay Modes
Network Overlay Host Overlay Hybrid Overlay
Spine
Leaf
vSwitch vSwitch vSwitch vSwitch vSwitch vSwitch
VM VM VM VM VM VM VM VM VM VM VM VM
The network overlay has high forwarding The host overlay has low forwarding performance. The hybrid overlay has low forwarding performance.
performance. VXLAN tunnels are established based on VXLAN tunnels are established based on vSwitches VXLAN tunnels are established between physical
physical switches; VXLAN processing does not occupy and VXLAN processing occupies CPU resources of switches and vSwitches. Hardware-based forwarding
CPU resources of servers; physical devices have servers. The forwarding performance is greatly does not occupy CPU resources of servers, but
high forwarding performance; devices on the live affected by the CPU. All devices on the live software VXLAN processing occupies CPU resources of
network can be reused and have good compatibility; network are reused and have poor compatibility. servers. Access devices on the live network are
the network overlay allows the SDN network and Interconnection between the SDN network and reused and have poor compatibility. The SDN network
traditional network to communicate with each other. traditional network is not supported. and traditional network can communicate with each
other.

Overlay Network Type — Network Overlay
Network overlay
Spine/Border leaf
 On the network overlay, VTEPs of a VXLAN tunnel
are both physical switches.
VXLAN tunnel  The network overlay falls into centralized and
Leaf
distributed modes.
vSwitch vSwitch  Centralized network overlay: Leaf nodes act as

VM VM VM VM Layer 2 VXLAN gateways; spine nodes or border
leaf nodes act as Layer 3 VXLAN gateways.
Spine/Border Layer 3 Spine/Borde  Distributed network overlay: Leaf nodes function
leaf gateway r leaf
as Layer 2 and Layer 3 VXLAN gateways; spine
Layer 2 nodes only forward IP packets at a high speed and
Leaf Leaf Layer 2/
gateway
Layer 3 gateway do not process VXLAN packets.
Centralized gateway Distributed gateway

Overlay Network Type — Host Overlay
Spine
Host overlay
VXLAN tunnel
Leaf
 On the host overlay, all VTEPs are vSwitches
deployed on servers.
vSwitch vSwitch
VM VM VM VM  East-west traffic in DCs is forwarded through VXLAN
tunnels between vSwitches. Physical switches that
Spine are used as leaf and spine nodes only forward IP
packets at a high speed and do not process VXLAN

Leaf packets.
vSwitch Layer 2/ vSwitch

Layer 3 gateway
Distributed gateway

Overlay Network Type — Hybrid Overlay
Spine
Hybrid overlay
VXLAN tunnel  On the hybrid overlay, endpoints of a VXLAN tunnel can

Leaf
be vSwitches or physical switches.
vSwitch  East-west traffic in DCs is forwarded through VXLAN

VM VM
tunnels between vSwitches and physical switches (leaf
nodes); north-south traffic is forwarded through VXLAN

Spine Layer 3 gateway
tunnels between vSwitches or physical switches (leaf
nodes) and spine nodes or border leaf nodes.

Leaf
Layer 3 gateway
vSwitch Layer 3 gateway
Distributed gateway

Overlay Network — Recommended Networking
Spine Spine
Architecture of the distributed network overlay
 The distributed VXLAN gateway solution is used, and

the Layer 3 VXLAN gateway is deployed on a leaf node.
 Physical switches function as NVE nodes.

Server Service Border
NVE NVE NVE
leaf leaf leaf
Layer 3
gateway
Layer 3
gateway
Layer 3
gateway
 L2VNIs are used to isolate tenants at Layer 2.
 L3VNIs are used to isolate tenants at Layer 3.
 The forwarding path of Layer 2 and Layer 3 traffic

Server Firewal LB Egress PE Egress PE
l between different hosts of the same tenant is optimal.

Overview of a Tenant, a VPC, and Other
Logical Models
Tenant
The CloudFabric solution
VPC VPC provides a network service
Logical Logical
firewall firewall orchestration model,
External Logical External Logical
network router network router
Logical Logical including the tenant, VPC,
LB LB
logical router, logical
switch, logical firewall,
Logical Logical
Logical switch Logical switch
switch switch logical LB, and end port.
End port End port End port End port End Port End port

Tenant Concept
• Tenants apply for network, storage, and compute resources in a DC and use them. If an
enterprise has multiple departments, different departments can be planned as different
tenants, or the entire enterprise can be planned as a tenant.
• A tenant administrator of a DC creates administrator

accounts for different tenants on the network controller
to allocate network resources.
• The tenant administrator creates multiple VPCs for

different departments or services as required. In each
VPC, one logical router, multiple logical switches, and
multiple logical ports can be created.

VPC Concept
A VPC provides isolated VMs and network environments, which correspond to a type of services or a department.
• Each VPC can provide independent virtual firewalls (vFWs), elastic IP addresses, security groups,
firewalls, and NAT gateways.
Tenant A
VPC
vFW vLB vFW vLB
vFW vRouter vLB
vRouter vRouter
vSwitch vSwitch vSwitch vSwitch

vSwitch vSwitch
VM VM VM VM
VPC1 VPC2 VM VM VM VM
Department 1 Department 2
of tenant A of tenant A

Other Concepts
Logical Entity Name Description

Serves as the Layer 3 service gateway of servers. It connects to servers on
Logical router different subnets to enable the servers to communicate with other servers and
external networks across network segments.
Corresponds to a Layer 2 subnet and is equivalent to multiple Layer 2 switches. It
Logical switch connects to servers in different locations to implement Layer 2 communication
between servers on the same network segment.
Corresponds to a port on the network device side of a switch connected to a server.
Logical port It is often a Layer 2 sub-interface that is associated with a BD on a network
device.
Is an NIC port on a server. Each port corresponds to a VM on the server side or a
End port
device connected to a fabric in the form of a VM.

Quiz
When devices are deployed independently and distributed gateways are used, which of the following
roles does not need to support VXLAN?
A. Service leaf
B. Server leaf
C. Border leaf
D. Spine

Contents
1. Basic concepts of the CloudFabric Solution
2. Architecture of the CloudFabric Solution

Huawei CloudFabric Data Center Network
Solution Architecture
B2C B2B
Application
layer
Gaming WeChat Video VPC Industry DCI leased

cloud line
vCenter
Virtualizati
Resource on
management Huawei Cloud Stack
management layer platform
Multi-DC controller (MDC)
Domain1 Domain2
Fabric network layer

DCI
Fabric
VM VM
Server VM VM Container PM VM VM Container PM
VM VM

Multi-DC Network Evolution
Two-site and three-DC, and multi-cloud
Multi-DC network evolution
ensure service continuity
1.0 Single-PoD 3.0 Multi-site
Collaborative orchestration
Remote DR DC Public cloud
IP network
Site1 Site2
Intra-city Intra-city
primary DC backup DC Public & private cloud
collaboration
VM VM
PoD1 PoD2 Private cloud Public cloud

2.0 Multi-PoD 4.0 Hybrid Cloud

Multi-DC Solution — Multi-PoD
Service requirements Multi-PoD
Active/Standby
External arbitration device External
DC1 DC2
network network
Cluster nodes 1 and 2 Cluster nodes 3 and 4 DC1 DC2

(Active) (Standby)
Cross-DC cluster deployment
IP network
DC1 DC2
Border leaf DCI Border leaf
VM VM
VM VM
VM
VM VM Spine Spine
Inter-DC VM migration E2E VXLAN

Server leaf Service leaf Server leaf Service leaf
User
Active path Standby path
DC1 DC2
VM VM
VM VM
VM
VM
• Controllers are deployed in active/standby mode, and an arbitration device is deployed at a
VM
different place to improve reliability.
Active/Standby DR
• Active and standby egresses are supported.

Multi-DC Solution — Multi-site
Service requirements Multi-site
Inter-DC VPC
Application layer Large VPC …
DC1 DC2 communication
Service A Service A Third-party

Orchestration and
orchestrator MDC (PoC)
collaboration
Inter-DC communication in layer
a large VPC
API
VPC1 VPC2 Single-domain

DC1 DC2 control layer
VPC3
Fabric gateway Fabric gateway
Spine Spine Spine Spine
Infrastruc
Inter-DC communication
ture layer
between VPCs
Server leaf Border leaf Server leaf Border leaf
DC1 DC2

CloudFabric Easy Solution
CloudFabric Easy SDN Solution CloudFabric Easy Intelligent O&M Solution
SDN Networking： Analyzer
Telemetry all-scenario KPI Telemetry all-scenario KPI

Border Leaf / Service Leaf Device configuration data Device configuration data
FW Syslog Syslog
LB Huawei POD Cisco POD

Spine
VM VM VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM VM VM
Server Leaf Competitiveness

Competitiveness CloudFabric Easy Solution Competitiveness 1: Third-party device management
Leaf Management Quantity 2-30 Competitiveness 2: Periodical push of network health reports and
proactive warning before service loss
Single-node controller
Support Competitiveness 3: Locating root causes of faults in minutes and
deployment
providing rectification suggestions
Drag-and-drop deployment Support
Competitiveness 4: Device-Board-Port level KPI visualization and
Remote-Leaf Support device status visualization
Contents
1. Basic concepts of the CloudFabric Solution
2. Architecture and Functions of the CloudFabric Solution

OpenStack
 OpenStack is an open-source cloud computing management platform project. It controls large-scale compute, storage, and network
resource pools in a DC and provides northbound UIs, CLIs, and APIs to provide management resources for users. The
virtualization technology represented by OpenStack is one of basic cloud computing technologies because one technical feature
of cloud computing technologies is elastic computing. The emergence of VMs makes it possible to implement elastic computing.
Your Applications
OpenStack
OpenStack
Dashboard
Compute resource pool Storage resource pool Network resource pool
Compute Storage Networking
OpenStack Shared Services

VMM — Computing Management Platform
A virtualization management platform manages virtual resources, such as VMs, virtual switches (vSwitches), and
cluster file systems. It also provides graphical user interfaces (GUIs) for performing operations on virtual
resources, such as creating VMs, creating vSwitches, and uploading files.
Virtualization management platform (PM or VM)

Compute cluster
Administrator (VRM/vCenter/System Center)
management
VM management
VN management
DCN Data storage management

…
vSwitch vSwitch vSwitch
VM VM VM VM VM VM VM VM VM
Server Server Server

CloudFabric O&M Overall Architecture
iMaster NCE
iMaster NCE- Obtain full
iMaster NCE-
O&M entry
Fabric configuration and FabricInsight
Service O&M entry subscribe to Troubleshooting entry
Management and Troubleshooting incremental Closed-loop fault
Network health
monitoring configuration
management
Service component NE management Fault locating Hardware Fault Fault
Link Entry
component detection locating
Network Fault System Application
Protocol Fault impact analysis
management rectification resource flow
Subscribe to
ARP/FIB entries
Database service: unified inventory (alarm, configuration, Analysis: common services of the big data
AI engine
and slow state performance) platform
Unified
southbound Slow state High-speed state
Configuration Traffic Log
collection Performance Performance
service
management collection collection
collection collection
SNMP NETCONF gRPC ERSPAN NetStream Syslog

Infrastructure TCP\UDP
standard Specified TCP/UDP
interface
Device Telemetry TCP control flows
Hardware KPI flow collection Logs
configuration device metrics
Note: After a network device is managed by

Physical iMaster NCE-Fabric, the network administrator
network
can log in to a device and run O&M commands as
a supplement to CloudFabric O&M.

iMaster NCE Integrates Management, Control,
and Analysis
Past Now
Cloud platform & application Cloud platform & application
iMaster NCE
EMS/NMS SDN controller Network analyzer Open API
Intent engine
eSight/U2000 iMaster NCE- iMaster NCE- Design
Fabric FabricInsight Studio
Management Control Analysis
Unified cloud management platform
NETCONF/YANG Telemetry
CLI/SNMP/Qx NETCONF/YANG
OpenFlow/OVSDB Telemetry
CLI/SNMP/Qx OpenFlow/OVSDB
Traditional Traditional
SDN device SDN device
device device
• Multiple independent products, including the NMS, • Manager, controller, and analyzer convergence
controller, and analyzer • Closed-loop automation

iMaster NCE-Fabric
B2C B2B iMaster NCE-Fabric
Application • Provides full lifecycle DCN management and simplified and automated
layer deployment.
Gaming Industry DCI leased
WeChat Video VPC
cloud line • Abstracts network resources and services in the northbound and adapts to
various devices and networks in the southbound.
Big Data
Zero-waiting deployment through E2E automated network deployment
Cloud platform
layer/ • Ultra-fast network provisioning: Simple service logic and drag-and-drop
management and FusionStage FusionSphere operations on the GUI ensures high deployment efficiency.
control layer • Fast container rollout: 10K/min
Zero-error configuration through pre-evaluation of change risks

• Pre-event simulation: Before network deployment, use formal verification
algorithms to simulate the live network configuration plane, evaluate
the impact of the configuration changes on the network, and evaluate
whether live network resources are sufficient.
• Post-event verification: Verify the connectivity, interfaces, and routes
of the underlay network on the configuration plane.
Network layer
Intelligent rectification of typical faults, ensuring zero interruption
• "1-3-5" troubleshooting: Typical faults of 75 categories are detected

VM
VM VM Container PM within 1 minute, located within 3 minutes, and recovered within 5
VM minutes.
• Network health: The network health is comprehensively evaluated based on
service experience to proactively predict potential faults.
Drag-and-Drop UI
Create a single service VPC and drag

different logical units in the VPC
view to complete network deployment.
Application scenario
Scenarios where users are unfamiliar
with configuration operations or
manual configuration is required for
small-scale services
Solution highlights
Intuitive and visible drag-and-drop
configuration, wizard-based
configuration, and user-friendly UI

Post-event Verification
Verify underlay network faults such as network-wide interfaces, links, and routes to prevent manual
configuration errors.
 The proportion of DCN configuration faults is high, and the proportion of configuration faults caused by route problems is high.
 Network engineers spend a lot of time in checking and verifying the network. Because route changes take a long time, they need to
spend a lot of time in checking network connectivity and route configurations and changes.
Case 2: [Underlay network verification] Check network connectivity after DCNs are created
Case 1: [Route configuration fault] When the and expanded.
network administrator modifies the route
 After devices are powered on, cables are connected based on the network plan, and the
configuration on the device, a routing loop
is incorrectly introduced. underlay network is automatically configured. It takes 5 person-days to manually check
the network connectivity and verify the network connection correctness.
It takes a long time to manually detect
 It takes 5 person-days to check network-wide route configurations for loops and
faults.
blackholes after automatic route configuration and route addition/deletion.
Rely on expert experience Automated and

and manual verification intelligent
verification • Automatic verification of the
underlay network, proactively
detecting configuration errors
and faults
• Reducing expert dependency and
improving O&M efficiency

ZTP
Zero Touch Provisioning (ZTP) frees devices from onsite configuration
and deployment, reducing labor costs while improving deployment
efficiency. When a device is powered on, ZTP is started in one-click
Service network mode. The underlay network is automatically configured, and the device
Out-of-band management network is automatically managed by iMaster NCE-Fabric.
Characteristics
• Plug-and-play
• Batch device login
• Openness and customization
• Device login visibility
Spine • High-security device access through certificate authentication
Out-of-band • Link verification to reduce connection errors
management
switch Deployment mode
• Typical configuration mode: The planning file is automatically
Server leaf
generated, reducing the workload of filling in the topology
template.
• User-defined import mode: Topology planning is required, which is
highly refined.

Microsegmentation
Microsegmentation, also called EPG-based secure isolation,
groups servers on a DCN based on rules. It applies traffic
control policies based on End Point Groups (EPGs) to simplify
O&M and implement secure management and control.
• Efficient forwarding
Microsegmentation is effective in scenarios that require high
forwarding and weak security because it does not introduct
traffic detour or cause the bottleneck of forwarding
Delivers source and
destination EPGs to source performance.
and destination TOR
switches, and EPG policies
to the destination TOR
• Distributed security
switch
DIP: NVE2_IP
③
DIP: NVE2_IP
Traffic of VMs is isolated on access switches. East-west
SIP: NVE1_IP
④
SIP: NVE1_IP isolation can be implemented without relying on firewalls.
VNI ② VNI
NVE2
S_EPG NVE1 S_EPG • Unified isolation
Payload Payload
Microsegmentation implements the zero-trust security model. It
DIP: 10.10.20.3 ① ⑤ DIP: 10.10.20.3
SIP: 10.10.10.1 SIP: 10.10.10.1 implements fine-grained isolation based on discrete IP
Payload VM1 VM2 Payload
addresses and VM names. In addition, it provides unified
10.10.10.1 10.10.20.3
DC isolation for VMs, PMs, and BMs.

Open Architecture, Building an Open-Source
DCN Ecosystem
Northbound ecosystem
Third-party
OpenStack Kubernetes • Provides standard Neutron/GBP RESTful APIs to enable abstraction
app
of fabric configuration.
• Provides interconnection capability between Standard OpenStack and
Kubernetes
Service Resource
provisioning reporting
RESTful
Eastbound and westbound ecosystem
• Interconnects with third-party computing management platforms and
Resource Third-party
synchronization computing works with computing resources to implement on-demand VM online
management
platform and offline and elastic scaling.
Virtualizatio
n perception
Southbound ecosystem
Configuration
Status reporting • Provides standard service provisioning device configuration APIs
delivery
• Southbound APIs are based on Open API and OpenFlow to manage and
OpenFlow/OVSDB/NETCONF/BGP EVPN
control physical and virtual networks (including third-party
Load Computing devices).

Router Firewall Switch
balancer resource

CloudFabric Service Automation Scenarios
The CloudFabric solution supports four service automation scenarios, including network virtualization, computing,
cloud-network integration - OpenStack, and Kubernets container network.
Network virtualization Computing Cloud-network integration Container network
Network Computing Network Service Service

administrator administrato administrato administrato administrato
r r r r
VMware vCenter
System Center
OpenShift
VM VM VM VM C C
VM VM Hypervisor VM Hypervisor Hypervisor C
VM VM VM C
VM VM VM VM C
VM VM C
VM VM

Primary/Secondary DR: Automatic Switchover of
Application-Level System DR
Deployment architecture
Node1 Node2 Node3 Node1 Node2 Node3
Heartbeat • Remote DR is implemented to protect data in scenarios where site-
Data level emergent faults are caused due to factors such as power
iMaster NCE (active cluster) synchronization iMaster NCE (standby cluster)
outages, fire, floods, or earthquakes at the primary site. The
DC Site1 DC Site2
local cluster ensures service reliability in scenarios where
Manual DR mode service faults occur, for example, service process faults.
• The primary and secondary sites must be reachable at Layer 3. To

achieve better performance, a bandwidth of 1 Gbps with a latency of
DC Site3 Arbitrator
within 20 ms is recommended.
• Application-level DR: Logs are stored on the local host. Service

Obtain arbitration
information configuration data between the active and standby DCs is
synchronized in real time, achieving zero RPO. Alarm data is
synchronized in asynchronous mode, and the RPO is less than 60s.
Node1 Node2 Node3 Node1 Node2 Node3
Heartbeat • Automatic switchover: An arbitrator (server) is deployed at a third
site. Automatic active/standby switchover is supported, which takes
Data
iMaster NCE (active cluster) iMaster NCE (standby cluster)
synchronization a short period of time and does not require manual intervention.
DC Site1 DC Site2
Automatic DR mode
(recommended)
*RPO: Recovery Point Objective

iMaster NCE-FabricInsight
Huawei iMaster NCE-FabricInsight, an intelligent network analysis platform,
detects the fabric status and application behavior status in real time, and
breaks network and application boundaries. These strengths help customers
detect network and application issues promptly from the application
perspective, ensuring continuous and stable running of applications.
• Application and network visibility, and second-level

Collecto Analyzer fault location
r Obtain service flows and network KPI data in seconds based on telemetry.
Telemetry
Intelligently identify 10+ typical issues from the application
Flow characteristics,
packet loss, latency perspective.
Intelligent • Edge intelligent analysis and minute-level fault
chip's full-flow
analysis location
Spine Perform on-demand full-flow analysis based on switch's intelligent
Real-time chip.
visualization of
service flows Associate applications, paths, and devices to locate packet loss
• AI-based predictive maintenance, reducing the fault rate
Leaf positions in minutes.
by 68%
Build a dynamic baseline based on machine learning to intelligently
Server
Web APP1 APP2 DB
detect exceptions.
DCN Proactively predict optical module faults.

Main Functions of iMaster NCE-FabricInsight
Intelligent O&M
Telemetry-Powered Network Health
Monitoring Evaluation "1-3-5" Troubleshooting
Common indicators: Health check report: Multi- Abnormal root causes: Quick
Proactive monitoring in dimensional heath details diagnosis and rectification
multiple modes
• Real-time monitoring and • Comprehensive network health • Root cause diagnosis for a
proactive subscription to all- check based on the five-layer detected typical fault in 3
scenario data model minutes
• Data collection using multiple • Real-time or periodic push of • Troubleshooting together with
modes, such as gRPC or syslog professional health check reports iMaster NCE-Fabric

Telemetry Network Health "1-3-5" Troubleshooting
Telemetry-Powered Proactive Monitoring and

Real-Time Network Visibility
Efficient data collection
Proactive quasi-real-time
subscription based on gRPC,
delivering high performance and Real-time monitoring of key metrics in seven dimensions,
efficiency gaining deep insights into network status
SNMP Extensive data types
Data collection from
seven dimensions,
proactive management of
Telemetry common metrics Identify devices with abnormal metrics.
Intuitive status
Intelligent exception detection
based on dynamic baselines,
intuitively displaying historical
trends and facilitating network
optimization
Object Metric Default Interval
Device CPU usage and memory usage 1 min Set up a benchmark, compare against baseline
CPU usage and memory usage metric trends, and identify abnormal metrics.
Board 1 min
FIB/MAC entry usage
Chip TCAM usage 1 min
Numbers of received/sent packets and
bytes, lost packets, error packets,
Interface 1 min
broadcast packets, multicast packets, and
unicast packets
Queue Buffer size 100 ms
Rx/Tx power, current, voltage, and
Optical module 30 min
temperature
Packet loss
Packet loss and congestion detection 10s
behavior

Five-Layer Health Evaluation Model,

Intuitively Displaying Network Quality
Service Analysis on service connection setup No exception on the service
based on network flows forwarding plane
No exception on the virtual

BD, VNI, and VRF resources and network plane that carries
Overlay
running status services
No exception of protocols for

Protocol M-LAG status OSPF/BGP peer connection
network stability
Network interconnection Traffic and error Optical link Congestion and packet loss
Network Queue depth detection based on the network
port status packets on ports status
link load
Hardware status: board, fan, Capacity: ARP, FIB, MAC CPU and memory Whether physical components are
Device
power supply, etc. entries, etc. usage normal and whether resource
overflow occurs
Analyze 20+ types of monitoring objects and 70+ metrics to intuitively display network-wide experience quality

Overall Network Health Check, Providing

Comprehensive Network Quality Evaluation
Post-event manual Pre-event risk
inspection prevention
Step 1
Health overview
Display the overall network health
metrics and trend based on the five-
level model.
Step 2
Multi-dimensional
detailed analysis
Analyze the network health from
the following dimensions to
determine the network health
trend: device, network,
protocol, service, and overlay.
Step 3
Professional report
interpretation
Summarize issues from each dimension
and periodically push reports of
detection details, facilitating
identification of exceptions.

Real-Time or Periodic Push of Health Reports,

Providing References for Optimization
Network Overview Metric Details Report Details
Intuitively display the resource Identify network quality issues based on Display reports in multiple dimensions,
overview, load overview, and quality the five dimensions of the network health identify abnormal monitoring objects, and
overview across the entire network. evaluation system. provide troubleshooting and network
optimization suggestions.

"1-3-5" Troubleshooting — AI + Knowledge-based

Inference, Rapidly Locating Root Causes
Collect Analysis Decision
Intelligent analysis engine
BGP OSPF
flapping Interfac
Knowledge-based flapping e
flapping
O&M expert inference engine

Manual recovery
experience IS-IS
flapping
BFD
Router ID flapping
conflict
Exception detection
Continuous learning
Root cause analysis
and training based
Knowledge 1 Knowledge 2 Knowledge 3 Knowledge 4
on real site faults Risk prediction Intent-based
troubleshooting in a
Model application closed-loop manner
Multi-dimensional
data of DCs Data AI-based exception Network object
Service flow cleansing identification modeling
data/Telemetry data...
iMaster NCE-FabricInsight iMaster NCE-Fabric

CloudEngine Series DC Switches
Switches with 10GE large-buffer
10GE TOR switches
flexible cards TOR switches
CloudEngine 6820-48S6CQ
CloudEngine 8850-SAN
CloudEngine 6881-48S6CQ
CloudEngine 9860--4C-EI CloudEngine 6860-SAN
CloudEngine 6881-48T6CQ
100GE switches 25GE TOR switches GE TOR switches
CloudEngine 8850-64CQ-EI CloudEngine 6863-48S6CQ-EI CloudEngine 5882-48T4S
CloudEngine 16800

Quiz
1. (Single-answer question) Which of the following components belong to the CloudFabric solution?
A. CloudEngine
B. SecoManager
C. iMaster NCE-Fabric
D. All Above
2. (Single-answer question) Which statement about management and control interfaces between iMaster
NCE-Fabric and CloudEngine series physical switches is false?
A. NETCONF: is used by iMaster NCE-Fabric to deliver configurations to physical switches.
B. OVSDB: is used by iMaster NCE-Fabric to exchange dynamic configuration with physical
switches.
C. SNMP: is used by iMaster NCE-Fabric to discover and obtain device information and manages
NEs.
D. OpenFlow: is used by iMaster NCE-Fabric to implement path detection and connectivity
detection for physical switches.
Summary
 Huawei CloudFabric solution redefines O&M, deployment, and interconnection of
DCNs, helping customers build an intelligent, ultra-simplified, ultra-broadband,
open, and secure cloud DCN.
 This document provides an overview of the CloudFabric solution, describes four
automation scenarios of CloudFabric SDN, and introduces components including
CloudEngine series DC switches, iMaster NCE-Fabric, iMaster NCE-FabricInsight.

Recommendations
 CloudFabric solution bookshelf
https://e.huawei.com/en/material/materiallist?&id=%7B93C489B0-8074-4D34-BE88-
46A41F54458D%7D&permissions=PARTNER-MEDIUM

Thank You
www.huawei.com

HCPP-07 - Introduction To Components of The CloudFabric Solution-2022.01

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCPP-07 - Introduction To Components of The CloudFabric Solution-2022.01

Uploaded by

Copyright:

Available Formats

HCPP-IP Network

Introduction to Components of the CloudFabric Solution

Page 1 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Page 2 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

2. Architecture of the CloudFabric Solution

3. Components of the CloudFabric Solution

Page 3 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

320 apps go online on

Page 4 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

① Northbound: provides standard Neutron interfaces

vSwitch vSwitch 1800V 1800V

Page 5 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Border leaf network.

Spine network is built.

 This architecture supports scale-out, that is, the

 The number of spine or leaf nodes can be flexibly

WAN/Internet DCI gateway:

Page 7 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Page 8 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Logical network 1 Logical network 2 Overlay network definition:

• An overlay network is a software-defined virtual logical network

Physical • Decouples from the physical network (underlay network) to build

• Allows elastic scaling of the underlay network.

• Separates IP addresses from locations and allows services to be

• Achieves centralized management through iMaster NCE-Fabric and

Page 9 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

 Network overlay: Physical switches function as NVE nodes.

 Host overlay: vSwitches function as NVE nodes.

Page 10 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

vSwitch vSwitch vSwitch vSwitch vSwitch vSwitch

Page 11 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

vSwitch vSwitch  Centralized network overlay: Leaf nodes act as

Page 12 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

tunnels between vSwitches. Physical switches that

Spine are used as leaf and spine nodes only forward IP

packets at a high speed and do not process VXLAN

vSwitch Layer 2/ vSwitch

Page 13 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

VXLAN tunnel  On the hybrid overlay, endpoints of a VXLAN tunnel can

vSwitch  East-west traffic in DCs is forwarded through VXLAN

nodes); north-south traffic is forwarded through VXLAN

nodes) and spine nodes or border leaf nodes.

Page 14 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

 The distributed VXLAN gateway solution is used, and

 Physical switches function as NVE nodes.

 L3VNIs are used to isolate tenants at Layer 3.

 The forwarding path of Layer 2 and Layer 3 traffic

Page 15 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Page 16 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

• A tenant administrator of a DC creates administrator

• The tenant administrator creates multiple VPCs for

Page 17 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

vSwitch vSwitch vSwitch vSwitch

Page 18 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Logical Entity Name Description

Page 19 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Page 20 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

2. Architecture of the CloudFabric Solution

3. Components of the CloudFabric Solution

Page 21 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Gaming WeChat Video VPC Industry DCI leased

Multi-DC controller (MDC)

Fabric network layer