Traditional data center network architecture
Traditional data new network architecture is typically a three-layer structure (campus network are generally three-layer structure) referred to as the Cisco: hierarchical network model that contains three layers:
Core Core layer: providing a high-speed forwarding, provide connectivity for a plurality of aggregation layers
Aggregation aggregation layer: access switches connected to convergence, while other services (FW, SLB, etc.)
Access access layer: a physical connection to the server, usually in the cabinet top, also known ToR switch
A three-tier architecture is as follows:
Dividing point aggregation network, the aggregation switch network is L2, L3 upper network, each switch is a POD aggregation, according to the service module divisions. The pod is one or more VLAN network, a POD corresponds to a broadcast domain.
This architecture is simple to deploy, (vlan + xstp) technology is mature.
VLAN 、Xstp
Use vlan, xstp reasons:
1, BUM (broadcast, unknown unicast, multicast)
vlan technology to a large physical domain is divided into a plurality of small Layer logical Layer domain, this domain is referred to as Layer logical vlan, may be within the same vlan Layer communication between vlan isolation barrier, so that the broadcast range is limited to a vlan, does not spread to the entire physical field Layer
vlan also simplify management and improve security. .
2, broadcast storm loop and loop formed
如果是单设备单链路组成的3层架构,是不存在环路以及环路带来的广播,但是这种网络可靠性比较差,因为没有任何的备份设备和备份链路,一旦某个设备或者链路发生故障,故障点下的所有主机就无法连上网络。In order to improve network reliability, redundant devices typically employ redundant links and (above), so that the inevitable formation of a loop, a Layer 2 network is in the same broadcast domain, broadcast packets transmitted continuously repeated in a loop , wireless broadcast storm will form a loop, port blocking device will cause instant paralysis.
Prevent loops appear, but also to ensure the reliability of the network, you can only talk about redundancy and redundant link becomes the backup device and the backup link, redundant devices and links are blocked off under normal circumstances, does not participate data packet forwarding, only the current forwarding devices, ports, link failure causes the network barrier when redundant devices and links will be opened, so that the network returned to normal, to achieve automatic control of these protocols are called broken ring protocol, the most common is the STP (spanning Tree protocol) have RSTP, MSTP collectively XSTP agreement.
Server virtualization
Virtualization has changed the development needs of the data center network architecture, in which technology - Virtual machine live migration, virtual machine migration requires IP and MAC address of the virtual machine migration before and after the change, which the network is the same before and after a two required virtual machine migration layer within the domain, even across different regions, migration between different rooms, so that the range of data center layer 2 network is growing, there has been a large topic layer 2 network in this new field.
The large two-story traditional network architecture is not up
General traditional network infrastructure divisions, operational characteristics of the module, a region corresponding VLAN division, migration across the pod positive change IP addresses, which is not consistent with the virtual machine live migration without service interruption:
vlan problem
One of the core ideas VLAN, that is, by dividing the VLAN to narrow the scope and scale Layer 2 zones to control the size of broadcast storms.
The demand for large Layer 2 network, but also requested that all servers are included with a two-story field, that if all servers are integrated into a VLAN with them, if there is no other means of isolation, is not equivalent again broadcast domain expansion too big? This is contrary to the original intention of VLAN division.
The rise and popularity of public cloud IaaS model, "multi-tenant" environment has become a cloud network necessary basic skills. The traditional Layer 2 network, the number of tenants is the most support VLAN 4K, have been behind the rapid development of business.
xstp problem
Loop technology convergence slow, xSTP need to block off the device and link redundancy, reducing bandwidth utilization of network resources, network size of the second floor are extremely limited
Achieve great story
Traditional two-story art can not realize the true sense of large Layer 2 network, so we must think of ways in addition, technical and Daniel have done their best to come up with many solutions:
1, the virtual switch technology
既然二层网络的核心是环路问题,而环路问题是随着冗余设备和链路产生的,那么把多台设备、多条链路合并成一台、一条就可以消除环路。那就是网络设备虚拟化技术。
所谓网络设备虚拟化技术,就是将相互冗余的两台或多台物理网络设备组合在一起,虚拟化成一台逻辑网络设备,在整个网络中只呈现为一个节点。
网络设备虚拟化再结合链路聚合技术,就能够将原来的多设备多链路的结构变成逻辑上的单设备单链路的架构,杜绝了环路的出现,因此不再受破环协议的限制,从而实现大二层网络。
网络设备虚拟化的主要技术大致可以分为三类:框式设备的堆叠技术、盒式设备的堆叠技术、框盒/盒盒之间的混堆技术。有华为的CSS、iStack、SVF,CISCO的VSS、FEX,H3C的IRF等。
网络设备虚拟化方案也有一定的缺点:
1)这些协议都是厂家私有的,因此只能使用同一厂家的设备来组网。
2)受限于堆叠系统本身的规模限制,目前最大规模的堆叠/集群大概可以支持接入1~2万主机,对于超大型的数据中心来说,有时候就显得力不从心了。但是对于一般的数据中心来说,还是显得游刃有余的
东西向L3流量,不论是不是在一个接入层交换机下,都需要走到具有L3功能的核心交换机,如果东西流量大的话,浪费宝贵核心交换资源,多层转发也增加了网络传输延时
其次共享的L2广播域带来的BUM(Broadcast·,Unknown Unicast,Multicast)风暴随着网络规模的增加而明显增加,最终将影响正常的网络流量。
2、隧道技术
隧道技术解决的也是二层网络的环路问题,但是着眼点不是杜绝或者阻塞环路,而是在有物理环路的情况下,怎样避免逻辑转发路径的环路问题。
核心思想把三层网络的路由转发方式引入到二层网络中,通过在二层报文前插入额外的帧头,并且采用路由计算方式控制整网数据的转发,不仅可以在冗余链路下防止广播风暴,而且可以做ECMP。这样可以将二层网络的规模扩展到整张网络,而不会受核心交换机数量的限制。当然这需要交换机改变传统的基于MAC的二层转发行为,而采用新的协议机制来进行二层报文的转发。
新的协议包括TRILL、FabricPath、SPB等。
TRILL协议在原始以太帧外封装一个TRILL帧头,再封装一个新的外层以太帧来实现对原始以太帧的透明传输,TRILL交换机可通过TRILL帧头里的Nickname标识来进行转发,而Nickname就像路由一样,可通过IS-IS路由协议进行收集、同步和更新
TRILL和SPB这些技术是CT厂商主推的大二层网络技术方案。
3、Overlay网络
Overlay网络是在现有的网络(Underlay网络)基础上构建的一个虚拟网络。所谓的现有网络,就是之前的交换机所在的网络,只要是IP网络就行。而新构建的Overlay网络,用来作为服务器通讯的网络。Overlay网络是一个在L3之上的L2网络。也就是说,只要L3网络能覆盖的地方,那Overlay的L2网络也能覆盖。
通过用隧道封装的方式,将源主机发出的原始二层报文封装后在现有网络中进行透明传输,到达目的地之后再解封装得到原始报文,转发给目标主机,从而实现主机之间的二层通信。
通过封装和解封装,相当于一个大二层网络叠加在现有的基础网络之上,所以称为Overlay,也叫NVo3。
Overlay方案的核心就是通过点到多点的隧道封装协议,完全忽略中间网络的结构和细节,把整个中间网络虚拟成一台“巨大无比的二层交换机”, 每一台主机都是直接连在这台“巨大交换机”的一个端口上。而基础网络之内如何转发都是这台“巨大交换机”内部的事情,主机完全无需关心。
Overly technology is not dependent on the carrier network, it can make full use of the existing infrastructure network to achieve large Layer 2 network, and there are advantages to support multi-tenancy aspects of the SDN and is currently the most popular large Layer 2 network technology that enables entire data center the large Layer 2 network, even across large two-story data center networking, but Overly technology carries two control plane network of Overly network and Underlay, management, maintenance and fault location is relatively complex, operation and maintenance work is also relatively Big.
vxlan with Spine / Leaf architecture:
Spine / Leaf expand network access and aggregation layer. A host can communicate through a branched leaf switch (Leaf) and a host on another leaf branch switches, and independent channels. Such a network may dramatically increase the efficiency of the network, especially HPC cluster or high-frequency flow communication device
Things flow without going through the core