Nowadays, SDN has swept through data centers of all sizes, and its influence is increasingly far-reaching, but it seems that we still can't accurately define what SDN is. In fact, SDN is not a technology or a protocol, but an architecture and design concept. Under the concept of SDN, the control plane and forwarding plane of network system must be separated. At the forwarding level, it expects to break away from the association with the protocol and let the administrator's will become the core element. Administrators use software to carry out their own will, thus controlling forwarding behavior and driving the whole network. In addition, in the concept of SDN, the interface between the controller and the forwarding plane is standardized, which is usually called southbound interface. This is to make software the absolute dominant forwarding behavior as much as possible, and to rely on specialized hardware as little as possible. In addition to controlling hardware devices, the controller should also be able to centrally control applications in the network, usually through programmable functions provided by hardware. The interface that controls the application is called the northbound interface.
Let's summarize the currently recognized SDN features:
The control plane is separated from the forwarding plane;
Open programmable interface;
Centralized network control;
Automatic application process of network business.
Incidentally, as the mainstream southbound interface protocol at present, OpenFlow is often mistaken for SDN itself or a technology in SDN, which is incorrect. OpenFlow is just a protocol to realize the concept of SDN framework. Limited to space, the introduction of SDN ends here. Detailed information and professional descriptions can be found in professional books, and there will be recommendations at the end of this article.
Topic regression network virtualization. Network virtualization is the product of the development of cloud computing and SDN at a certain stage, and it can also be understood as the new generation technology realization of SDN concept. As we all know, server virtualization technology developed earlier and is more mature. In this wave of virtualization, the main purpose points to three goals: abstraction, pooling and automation. The first development is server virtualization. Therefore, users do not have to pay attention to where the physical host virtualization is located. When this host fails, the virtual machine will automatically restart on other effective hosts, and can also be migrated to other hosts or even to other locations thousands of miles away without interrupting business. When the location of the virtual machine changes, it is still necessary to access the gateway, which makes the network need to provide the gateway in another location in coordination with the change of the virtual machine. This leads to the demand for network virtualization.
When the number of resource pools increases, it is beyond the scope of the traditional two-layer network, and it is necessary to build resource pools in a larger scope, which also requires the logical superposition of two layers on three layers to become a rigid requirement.
As a * * * resource, when some users need to make changes to the network, it will affect the use of other users, because there needs to be a way to only make changes to this user's network without affecting the rest of users. This is difficult to realize in the traditional network architecture, and the virtualized network meets this demand well.
When cloud computing is implemented, automated deployment becomes a key technology. Virtual network has the characteristics of software implementation, programmability and containerization, which is easy to be called by cloud management platform. Users can apply for virtual machines and network, security and other resources at the same time.
Therefore, in the actual construction and production, it is found that when server virtualization is in full swing, the network environment has not undergone revolutionary changes, which makes users still unable to fully meet the needs of building a rapidly deployed, flexible, stable and reliable data center. In order to solve this problem, the concept of server virtualization is used for reference, and the current network virtualization technology is born, based on Overlay (overlay plane).
Figure 1 overlay network model
Overlay runs on the underlying physical network in the form of a service, and device-to-device access does not need to care about the physical path. This has led to the establishment of extensive Layer 2 links in the data center. This working mechanism is realized by tunnel encapsulation completed by physical network devices.
After several years of development, network virtualization has developed from the overlay technology based on host virtualization to the current network virtualization platform (NVP). It gradually changed from a hardware-based or specific virtual switch to a TCP/IP protocol that eliminated five-tuple internally, and opened up the second layer network, and developed a new generation of SDN implementation technology that truly realized the separation of control and forwarding.
In the new generation of network virtualization technology, it is basically divided into pure software solutions and solutions combining software and hardware. The following first introduces the NSX solution proposed by VMware, the representative of software solutions.
Overview of NSX plan
The NSX solution is divided into three planes, namely data plane, control plane and management plane.
The data plane is mainly composed of NSX virtual switches. By installing kernel modules on the Hypervisor, services such as VxLAN, distributed routing and distributed firewall are realized, including border gateway devices, and external communication is handled by the virtual network.
The main component in the control plane is the NSX controller, which is installed in the form of a virtual machine and integrated with the NSX manager. Only signaling is issued to the data plane, and then the data plane works.
The main component of the management plane is NSX Manager, which provides a WEB interface to configure and manage all components of the entire NSX network virtualization environment. NSX Manager also provides a REST API, which provides an interface for VMware cloud management platforms or third-party cloud management platforms (such as OpenStack).
Through these components, NSX realizes switching, routing, firewall, logical load balancing, VPN service and physical network connection.
Overview of ACI scheme
ACI is an SDN and network virtualization solution proposed by Cisco. Its main components include application policy infrastructure controller (APIC) and ACI switching matrix.
In this solution, APIC is responsible for realizing the unified plane of switching matrix, policy implementation, health monitoring, automation and centralized management. APIC needs to be installed in the form of software on Cisco UCS server.
Cisco introduced Nexus 9000 series switches to realize the underlying physical network in ACI environment. The switch is a mixture of commercial chips and self-developed chips. Commercial chips handle ordinary traffic, while self-developed chips handle ACI traffic, that is, traffic in SDN and network virtualization. The APIC controller sends instructions directly to the independent chip of the switch, and then the chip processes data traffic in a distributed manner.
ACI introduces a completely independent IP policy model, which solves the network complexity problem in traditional SDN concentration.