H3C S1010V virtual switch

Virtual Machine Network Connection Based on Port Policy Group

The port policy group defined in H3C S1010V is a set of network policy attribute sets, such as VLAN, PVLAN, VEPA, link aggregation, etc. It allows defining the same network policy for virtual machines of the same type or level, and then applying the policy group to the virtual network card of the virtual machine through VMware vCenter. When the network policies in the policy group change, these changed network policies can take effect immediately without restarting the virtual machine, ensuring the continuity and high availability of the business system.

Virtual Machine Network Connection Based on Port Policy Group

Automated perception capability of network strategy with virtual machine migration

In virtualization environments, virtual machine failures, dynamic resource scheduling, server host failures, or planned downtime can all cause virtual machine migration actions to occur. In order to ensure the continuous operation of business before and after virtual machine migration, it is necessary to ensure:

The network policy corresponding to the virtual network card can be synchronously migrated.

The physical port network policy connecting the server host to the ToR access switch can be synchronously migrated.

The network policy of virtual network cards is generally saved on the local disk of the server, and can be synchronously copied to the target server during virtual machine migration. The network policy of the physical port connected to the ToR access switch of the server host is saved on the switch. When a virtual machine is migrated from one server to another, the ToR switch connected to the server may be different. At this time, how to synchronize the network policy of the source switch port to the target switch port becomes a difficult point in virtualization.

In order to solve the synchronization migration problem of switch port network policies, the IEEE 802.1 working group has started to develop a new standard: 802.1Qbg Edge Virtual Bridge (EVB), which is a set of technical standards for data center virtualization. It includes the format and forwarding requirements for data exchange between virtualization servers and networks, as well as a set of control and management protocols for virtual machines and virtual I/O channels to interface with networks.

This open standard technology not only solves the problem of the lack of correlation between computing resource scheduling and network automation perception, but also greatly reduces the consumption of CPU and memory resources by software virtual switches by pulling traffic to external physical switches for processing, enabling server hosts to provide more computing resources to business systems.

Network strategy automatically perceives with virtual machine migration

Clear boundaries for network and computing resource management

In a virtualized environment, virtual switches run within servers to control network traffic between virtual machines, but are managed by the host operations team, making configuration management of virtual switches extremely difficult.

Clear network and computing management boundaries

Due to its tight integration with VMware vCenter, H3C S1010V allows virtualization administrators to continue using VMware tools to manage the lifecycle of VMs. Meanwhile, network administrators can use the web configuration tool provided by H3C S1010V to manage VM networks just like configuring and operating physical networks. Although the two teams work independently using common tools, H3C S1010V is able to implement consistent configurations and policies in server virtualization environments. This integration not only effectively eliminates the operational challenges of current virtualization environments, but also simplifies and clarifies the relationship and boundaries between virtual computing and network control.

Standardization of data center networks

With the help of the IEEE 802.1Qbg (EVB) protocol standard, the S1010V virtual switch simplifies and standardizes the network part of the server. By handing over all the traffic of virtual machines (including traffic between virtual machines on the same server) to adjacent physical switches directly connected to the server for exchange and processing, it makes it possible to implement traffic supervision and network control policies. At the same time, EVB also defines the association standard protocol between VM and network, which enables VM to notify the network and network management system during changes and migrations, thus enabling the automation of network configuration changes across the entire data center network with the help of this standard, enabling the automation of large-scale virtual machine cloud computing service operation and deployment.

Standardization of virtualization environment

EVB not only simplifies the virtualization structure and enables the network to participate in virtualization computing, but also changes the previously tangled management boundaries and patterns, associating virtual machine changes (creation, migration, etc.) and network awareness, all of which are achieved through deterministic and simple protocols and technologies (such as VDP, CDCP, Multi Channel, etc.). These protocols and technologies will be recognized and supported by data center IT infrastructure, just like standard network protocols such as ARP and DHCP, becoming standards and foundational protocols in virtualization environments.

H3C S1010V follows the OpenFlow standard architecture in its design, implementing programmable network technology that separates the control plane from the forwarding plane. The entire product includes three parts: VCE, VFE, and Plugin.

H3C S1010V Product System Architecture

among which

VFE (Virtual Forwarding Engine)

Installing and running on an SQLite server is part of the VMware SQLite kernel and can completely replace the functionality of VMware virtual switches.

From a positioning perspective, it is equivalent to the OpenFlow switch in the OpenFlow standard, playing the role of a data forwarding plane to achieve traffic control and forwarding of virtual network ports. After receiving the packet, VFE first searches for the forwarding destination port in the local OpenFlow flow table. If there is no match, the packet is forwarded to the VCE module, and the forwarding strategy and port are determined by the control layer.

A distributed software virtual switch is composed of VFEs deployed on multiple SQLites across physical hosts. When a virtual machine is migrated, the network policies on the virtual network card can be synchronized across different servers.

VCE (Virtual Controller Engine)

Delivered in the standard OVF (Open Virtualization Format) virtual machine format and installed on a separate virtual machine using the OVF template deployment feature provided by VMware vCenter.

From a positioning perspective, it is equivalent to the Controller in the OpenFlow standard, which achieves centralized management and configuration of VFE through a web GUI interface.

Plugin

A plugin running on VMware vCenter Server, which is a third-party management interface customized and developed for VMware by H3C S1010V, mainly providing a configuration interface for port policy groups.

For large and medium-sized enterprises, industries, and telecom data centers that have already deployed VMware iPadOS Enterprise Enhanced, the H3C S1010V is an ideal choice for fine-grained control and management of network traffic in virtualized environments. By utilizing the VEPA forwarding and traffic monitoring functions provided by H3C S1010V, customers can achieve virtual machine based perception and control, automate the deployment of virtual machine networks, simplify the management challenges of current virtualization environments, and streamline the relationship between virtual computing and network control.

Network topology

H3C S1010V Virtual Switch Typical Networking Topology

Networking instructions

Install EVB standard access switches (such as H3C S5820V2 series) on the top of the standard 42U server cabinet.

Rack or blade servers that support hardware assisted virtualization (Intel VT or AMD-V) technology are connected to the switches on the upper part of the cabinet through standard Ethernet, and then connected to the aggregation or core switches of the network cabinet through copper or fiber optic cables.

Each virtualization server is equipped with virtualization software version 5.0 or above, managed in a clustered manner, and shared with backend SCSI or FC storage.

The virtualization management platform VMware vCenter Server, distributed virtual switch controller H3C S1010V VCE, and network management platform iMC VCM are all deployed in the management center.

Business Description

The system administrator logs into the VMware vCenter Server virtualization management platform (network must be reachable) to manage and monitor the data center infrastructure, including cluster high reliability management, VM creation and deletion, startup and shutdown, cloning and migration, as well as virtual switching network policy groups.

The network administrator creates VSI categories and network policy resources on iMC VCM, and saves the network resource configuration in the VTDB database.

When creating, starting, and migrating VMs, H3C S5820V2 and H3C S1010V VCE negotiate through the VDP protocol, obtain network policy information corresponding to the VM VSI interface from the iMC VCM component through the HTTP protocol, and apply these policies to the interface of S5820V2.

The VFE module integrated into VMware HANA completes the forwarding function of virtual machine business flows. For data flows that cannot be matched to the destination port, they are uploaded to the H3C S1010V VCE module for VCE to decide on the processing method of the data flow.

The H3C S5820V2 switch implements network control on the business traffic of virtual machines, such as ACL, VLAN, DHCP Snooping, ARP detection, etc., and then forwards the data flow to the real destination.

&Notice:

H3C company will make every effort to check for errors in text, images, and printing, but for possible omissions, please confirm with H3C company before placing an order. Product supply and technical specifications are subject to change without prior notice.