FusionCompute Network Virtualization

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Foreword
⚫ This course describes the principles and features of Huawei
FusionCompute network virtualization. On completion of this course, you
will understand network virtualization principles, FusionCompute
distributed switch network solution architecture, and its features.

Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
⚫ On completion of this course, you will be able to:
 Describe the implementation principles and features of distributed virtual
switches (DVSs) and elastic virtual switches (EVSs).
 Describe the relationship between a port group and a virtual port.
 Describe the network traffic direction between VMs.

Page 3 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Virtualization Concepts and Technologies

2. Network Virtualization Features

Page 4 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Computing Virtualization Technology
Drives Network Virtualization Development
⚫ Computing virtualization technology drives the development of
network virtualization. In a traditional data center, a server runs an
operating system (OS), connects to a switch through physical
cables, and implements data exchange with different hosts, traffic
control, and security control using the switch. Upon completion of
virtualization, one server is converted into multiple virtual hosts,
and each virtual host has its own CPU, memory, and network
interface card (NIC). It is important for virtual hosts located on a
single server to maintain communication. The sharing of physical
equipment has revealed a greater need for new security isolation
VM VM VM VM VM VM
and traffic control. Therefore, requirements for the virtual switching
technology are heightened.
⚫ DVSs are introduced to unify and simplify the configuration and
management of virtual switches on hosts. DVSs can be used to
configure, manage, and monitor the virtual switches of multiple
servers in a unified manner, and ensure network configuration
consistency when VMs are migrated between servers.

Page 5 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Linux Bridge Introduction
⚫ A Linux bridge is a virtual network device that works at Layer 2 and functions as a physical switch.
⚫ A bridge can bind other Linux network devices as slave devices and virtualize these devices as ports.
When a slave device is bound to a bridge, a switch port on the real network is connected to a network
cable connected to a terminal.

Linux
VM0 VM1

tap0 tap1

br0

eth0

Hardware Switch

Page 6 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 OVS Overview
Controller
VM VM VM

VM VM VM VM VM VM
Open vSwitch

OpenFlow
Open vSwitch Open vSwitch

Security: VLAN, Monitoring:

isolation, traffic, NetFlow, sFlow,
filtering SPAN, RSPAN Hardware Switch
Automated Control:
QoS: traffic queuing
OpenFlow, OVSDB
and traffic shaping
mgmt., protocol Alice Peter

⚫ Open vSwitch (OVS) is a software-based open source virtual Ethernet switch.

⚫ The OVS supports multiple standard management interfaces and protocols and supports a distributed environment
across multiple physical servers.
⚫ The OVS provides support for the OpenFlow protocol and can be integrated with multiple open source virtualization
platforms.
⚫ It transmits traffic between VMs and allows VMs to communicate with external networks.

Page 7 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 DVS Overview
⚫ Each host connects to DVSs which function as physical switches. A DVS connects to VMs through
virtual ports and connects to physical Ethernet adapters on hosts where VMs reside. Therefore, the host
network can communicate with the VM network using DVSs. In addition, a DVS allows the network
configurations of VMs to remain unchanged when the VMs are migrated across hosts.

Host 1 Host 2

VM 1 VM 2 VM 3 VM 4

DVS 1

DVS 2

Hardware Switch

Page 9 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 EVS Overview
VM 1 VM 2
⚫ The user-mode EVS is running on the
host. The DPDK NIC management API
App App and huge-page memory are used to
Neutron User space improve the packet receiving and
API sockets
Kernel sending performance and processing
SDN vSwitch capability of the physical NIC.
controller controller ivshmem Virtio-net
⚫ Based on the vhost-user technology,
the vhost interacts with the EVS in
Host user mode and obtains the DPDK
vPort 3
Vhost-US huge page address through address
vxlan EVS Vring
vPort 2 offset. The performance is improved
port pPort0
by 30% to 40%.
User DPDK (NIC and memory
space management)
⚫ Batch processing and polling
DPDK NIC driver/memory mechanisms are used to improve the
management packet processing capability.
Kernel Huge page ⚫ In the future, the ivshmem
hnic0 technology will be used to
communicate with VMs using its
Hardware NIC Intel i350 Intel 82599 Mellanox shared memory function for even
better performance.

Page 10 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Distributed Switching Solution

DVSM Solution features:

⚫ Centralized management: Unified
portal and centralized management
simplify user management and
Virtual Switch Agent configuration.
⚫ Open-source Open vSwitch: The
OVS API OVS API
open-source Open vSwitch is
OVS OVS
integrated to fully utilize and
Security Security
integrate virtual switching
Switch Switch
capabilities developed by open
VLAN VLAN source communities.
Bonding Bonding ⚫ A range of virtual switching layer-2
Shaping Shaping
LACP LACP
features, including switching, QoS,
and security isolation, are provided.

Page 11 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 FusionCompute DVS
⚫ FusionCompute works with distributed virtual switches and provides independent network planes for
VMs. As is the case with physical switches, different network planes are isolated by VLANs.

Servers Servers

Management Virtual Management Virtual

interface switch port interface switch port

Port group Port group Port group Port group Port group Port group
VLAN 200 VLAN 200 VLAN 100 VLAN 100 VLAN 200 VLAN 300
Uplink DVS Uplink

NIC NIC

Page 12 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Virtual Switching Model
VM VM VM DVSM

QoS vNIC vNIC vNIC

Mgmt. ISCSI

Port
System System Priority Port Group
Group
Interface Interface

Uplink Port Aggr Uplink Port Aggr IP-MAC VSP VSP VSP
Virtual Switch

eth0 eth1 eth2 eth3

Uplink Port Aggr Uplink Port Aggr

eth0 eth1 eth2 eth3

Page 13 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Communication Between VMs in
FusionCompute
VLAN 1
VLAN 2
App App App App App App App

VM 1 VM 2 VM 3 VM 4 VM 5 VM 6 VM 7

DVS 1

DVS 2
CNA01 Uplink Uplink CNA02

Page 14 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
⚫ What are differences between OVS, DVS, and EVS?

Page 15 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Section Summary
⚫ In this section we covered the implementation principles of network
virtualization. We learnt about bridge and OVS, and then DVS and EVS. We
also covered the implementation principles and concepts of Huawei
FusionCompute DVS, and the traffic direction between VMs in
FusionCompute.

Page 16 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Virtualization Concepts and Technologies

2. Network Virtualization Features

Page 17 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Virtual Switching Mode
⚫ Huawei virtual switches provide the following virtual switching modes: common mode,
Single Root I/O Virtualization (SR-IOV) mode, and user mode.
VM 1 VM 2
VM App App
VM User space
eth0 Guest Driver API sockets
Kernel
ivshmem Virtio-net
tap0
br1 Host vPort3
PCI mgmt. VMM vPort2 Vhost-US
vxlan EVS Vring
port pPort0
User space DPDK (NIC and memory management)
br-eth1/br-bond DPDK NIC driver/memory
management
Huge
PF VF VF iNIC Physical page
hardware hnic0 memory
eth/bond
Hardware NIC Intel i350 Intel 82599 Mellanox

Common mode SR-IOV User mode

Page 18 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Security Policies: Layer 2 Network
Security Policies
⚫ Layer 2 network security policies are in place to prevent IP or MAC address spoofing and
DHCP server spoofing for user VMs.

VM VM VM Layer 2 network security

policies:
vNIC vNIC vNIC
⚫ IP and MAC address binding
⚫ DHCP quarantine
Port Group Port Group

VSP VSP VSP

vSwitch (EVS) Physical NIC eSwitch (iNIC)

Page 19 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Security Policies: Broadcast
Packet Suppression
⚫ In server consolidation and desktop cloud scenarios, if broadcast packet attacks
occur as part of network attacks or virus attacks, network communication may be
impacted. If this occurs, broadcast packet suppression can be enabled for virtual
switches.
⚫ Virtual switches support suppression of broadcast packets sent from VM ports and
the suppression threshold can be configured. You can enable the broadcast packet
suppression switch of the port group where VM NICs locate and set thresholds to
reduce Layer 2 bandwidth consumption of broadcast packets.
⚫ The administrator can configure the broadcast packet suppression switch and
packet suppression bandwidth threshold based on port groups of virtual switches.

Page 20 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Security Policies: Security Groups
⚫ Users can create security groups based on VM security requirements. Each security group
provides a set of access rules. VMs that are added to a security group are subject to the
access rules of the security group. When creating VMs, users can add VMs to security
groups for security isolation and access control.

Host 1 Host 2
Data Center
Security Group A Security Group C
VM VM VM VM VM VM VM VM VM VM

Security Group B
VM VM VM VM VM VM VM VM VM VM

VM VM VM VM VM VM VM VM VM VM
Default SG

Page 21 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Trunk Port
RX direction VLAN 10

PVID 10 VLAN 20
Without
VLAN

TX direction
VLAN 10 and VLAN 20 are allowed to pass.

Description

⚫ A vNIC communicates with a virtual switch through virtual ports.

⚫ vNIC ports can be configured as virtual trunk ports to carry traffic tagged with specified VLAN IDs.

Page 22 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network QoS

QoS
Users can set a network QoS policy for bandwidth configuration control.

⚫ Bandwidth control based on the sending direction and receiving direction of a port group member
⚫ Traffic shaping and bandwidth priority configured for each member port in a port group

Page 23 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Network Port Binding

Aggregate
port

Physical Physical
network network
port 1 port 2

Host network port binding

⚫ Administrators can bind network ports of CNA hosts on FusionCompute to improve network reliability.
⚫ Port binding can be configured for common NICs and DPDK-driven NICs.

Page 24 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
⚫ What are the possible causes of network disconnection between two VMs?

⚫ What are the differences between a common port group and a trunk port
group?

Page 25 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Section Summary
⚫ In this section we covered FusionCompute network virtualization features,
including three DVS modes, Layer 2 network security policies, broadcast
packet suppression, security groups, network port binding, and network QoS.

Page 26 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. In FusionCompute, which of the following ports on a DVS is used by VMs to
communicate with external networks? ( )
A. Management port

B. Storage port

C. Uplink port

D. Port group

2. Which of the following modes does a FusionCompute DVS support? ( )

A. Common mode

B. SR-IOV mode

C. User mode

D. Standard mode
Page 27 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
⚫ In this course we covered the implementation principles and advanced
functions of Huawei FusionCompute network virtualization. The key points
are as follows:
 Background of network virtualization
 DVS and EVS implementation principles
 Concepts and network trend of Huawei distributed switches
 Advanced FusionCompute network functions

Page 28 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com