Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Data center network architecture

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Traditional data center network architecture

In traditional data, the new network architecture is usually a three-tier structure. (campus network is also a three-tier structure) Cisco calls it a hierarchical internetwork model, which consists of three layers:

Core core layer: provides high-speed forwarding and connectivity for multiple aggregation layers

Aggregation aggregation layer: aggregates to connect access switches while providing other services (FW, SLB, etc.)

Access access layer: physically connects the server, which is usually placed at the top of the cabinet, also known as the ToR switch

A three-tier architecture is shown below:

Aggregation is the demarcation point of the network. Below the aggregation switch is the L2 network, and above is the L3 network. Each group of aggregation switch is a pod, which is divided into modules according to the business partition. Within the pod is one or more VLAN networks, and each POD corresponds to a broadcast domain.

This architecture is easy to deploy and the (vlan+xstp) technology is mature.

VLAN 、 Xstp

Reasons for using vlan and xstp:

1. BUM (broadcast, unknown unicast, multicast)

Vlan technology divides a large physical layer 2 domain into several small logical layer 2 domains. The logical layer 2 domain is called vlan. Layer 2 communication can be achieved in the same vlan without isolation between vlan, so the broadcast range is limited to one vlan and will not spread to the whole physical layer 2 domain.

Vlan also simplifies management and improves security.

2. Broadcast storms formed by loops and loops

If it is a three-layer architecture composed of single device and single link, there are no loops and broadcasts caused by loops, but the reliability of this network is poor because there are no backup devices and backup links. Once a device or link fails, all the hosts under the fault point will not be able to connect to the network.

In order to improve the reliability of the network, redundant devices and redundant links (such as the figure above) are usually used, which inevitably forms a loop. The layer 2 network is in the same broadcast domain, and broadcast messages are transmitted repeatedly and continuously in the loop. A broadcast storm will be formed under the wireless loop, which will instantly cause port blocking equipment to be paralyzed.

To prevent loops and ensure the reliability of the network, we can only say that redundant devices and links become backup devices and backup links. Redundant devices and links are blocked under normal circumstances and do not participate in the forwarding of data packets. Only when the network is blocked due to the failure of the current forwarded devices, ports and links, the redundant devices and links will be opened to make the network return to normal. The protocols that implement these automatic controls are called broken protocols, and the most commonly used is STP (spanning Tree Protocol), which is collectively referred to as XSTP (RSTP and MSTP).

Server virtualization

The development of virtualization has changed the requirements of data center network architecture, in which technology-virtual machine dynamic migration, virtual machine migration requires that the IP and MAC addresses before and after virtual machine migration remain unchanged, which requires that the network before and after virtual machine migration is in the same layer 2 domain, even across different regions and different computer rooms, so that the scope of data center layer 2 network becomes larger and larger. The topic of the new field of large layer 2 network has emerged.

The second layer of the traditional network architecture is not big.

Generally speaking, according to the business characteristics of partition and sub-module in traditional network architecture, regions are divided corresponding to VLAN, and IP addresses are definitely changed when migrating across pod, which is not in line with the dynamic migration of virtual machines without interruption:

Vlan problem

One of the core ideas of VLAN is to control the scale of broadcast storm by dividing VLAN to reduce the scope and scale of layer 2 domain.

As for the demand of layer 2 network, all servers are required to be included in the same layer 2 domain, so if all servers are included in the same VLAN, and if there is no other isolation means, isn't that tantamount to expanding the broadcast domain? This runs counter to the original intention of dividing VLAN.

With the rise of the public cloud and the popularity of the IaaS model, a "multi-tenant" environment has become a necessary basic capability for cloud networks. In the traditional layer 2 network, the maximum number of tenants supported by VLAN is 4K, which can not keep up with the rapid development of business.

Xstp problem

Due to the slow convergence of loop technology, xSTP needs to block redundant devices and links, which reduces the bandwidth utilization of network resources, and the networking scale of layer 2 is greatly limited.

Realize the sophomore layer

The traditional layer 2 technology can not realize the real layer 2 network, so we have to think of another way, and then the technology bulls show their talents and come up with a lot of solutions:

1. Virtual switch technology

Since the core of the layer 2 network is the loop problem, and the loop problem occurs with redundant devices and links, the loop can be eliminated by merging multiple devices and links into one. That is network equipment virtualization technology.

The so-called network device virtualization technology is to combine two or more redundant physical network devices together and virtualize them into a logical network device, which is presented as only one node in the whole network.

With the combination of network equipment virtualization and link aggregation technology, the original multi-device multi-link structure can be changed into a logical single-device single-link architecture, which eliminates the emergence of loops, so it is no longer limited by the broken-down protocol. In order to achieve a large layer 2 network.

The main technologies of network equipment virtualization can be divided into three categories: the stacking technology of frame devices, the stacking technology of box devices, and the mixing technology between box boxes and boxes. There are Huawei's CSS, iStack, SVF,CISCO 's VSS, FEX,H3C 's IRF and so on.

The network device virtualization scheme also has some disadvantages:

1) these protocols are proprietary to the manufacturer, so only devices from the same manufacturer can be used to build the network.

2) due to the limitation of the scale of the stacking system, the largest stack / cluster can support access to 10,000 to 20,000 hosts, which is sometimes inadequate for very large data centers. But for ordinary data centers, it still seems to be easy.

East-west L3 traffic, whether under an access layer switch or not, needs to go to the core switch with L3 function. If the east-west traffic is large, valuable core switching resources are wasted, and multi-layer forwarding also increases the network transmission delay.

Secondly, the BUM (Broadcast, Unknown Unicast,Multicast) storm brought by the shared L2 broadcast domain increases obviously with the increase of the network size, which will eventually affect the normal network traffic.

2. Tunnel technology

Tunnel technology also solves the loop problem of layer 2 network, but the focus is not to put an end to or block the loop, but how to avoid the loop problem of logical forwarding path when there is a physical loop.

The core idea introduces the routing and forwarding mode of the layer 3 network into the layer 2 network. By inserting an additional frame header in front of the layer 2 message and using the routing calculation method to control the forwarding of the data of the whole network, it can not only prevent broadcast storm under redundant links, but also act as ECMP. In this way, the size of the layer 2 network can be extended to the entire network without being limited by the number of core switches. Of course, this requires the switch to change the traditional layer 2 forwarding behavior based on MAC and adopt a new protocol mechanism to forward layer 2 packets.

The new protocols include TRILL, FabricPath, SPB and so on.

The TRILL protocol encapsulates a TRILL header outside the original Ethernet frame, and then encapsulates a new outer Ethernet frame to realize the transparent transmission of the original Ethernet frame. The TRILL switch can be forwarded through the Nickname logo in the TRILL frame header, while Nickname, like routing, can be collected, synchronized and updated through the IS-IS routing protocol.

TRILL and SPB are the large layer 2 network technology solutions promoted by CT manufacturers.

3. Overlay network

Overlay network is a virtual network based on the existing network (Underlay network). The so-called existing network is the network where the previous switch is located, as long as it is an IP network. The newly constructed Overlay network is used as a network for server communication. Overlay network is an L2 network over L3. In other words, as long as the L3 network can cover, then Overlay's L2 network can also cover.

Through the way of tunnel encapsulation, the original layer 2 message sent by the source host is encapsulated and transparently transmitted in the existing network. After arriving at the destination, the original message is unencapsulated and forwarded to the target host, thus the layer 2 communication between hosts is realized.

Through encapsulation and unencapsulation, it is equivalent to a large layer 2 network superimposed on the existing basic network, so it is called Overlay, also known as NVo3.

The core of the Overlay scheme is to completely ignore the structure and details of the intermediate network through the point-to-multipoint tunnel encapsulation protocol, and virtualize the whole intermediate network into a "huge layer 2 switch". Each host is directly connected to a port of this "huge switch". How to forward within the basic network is an internal matter of this "huge switch", and the host does not need to care at all.

Overly technology does not depend on the bearer network, and can make full use of the existing basic network to realize the layer 2 network, and has advantages in supporting SDN and multi-tenant. it is the hottest technology in the layer 2 network at present, which can realize the layer 2 network of the whole data center or even cross the data center, but there are two control layers in Overly technology: the Overly network and the Underlay bearer network. The management and maintenance and fault location are relatively complex, and the operation and maintenance work is also relatively large.

Vxlan works with Spine/Leaf architecture:

The Spine/Leaf network expands the access and aggregation layer. A host can communicate with a host on another leaf switch through a leaf branch switch (leaf), and it is an independent channel. This kind of network can greatly improve the efficiency of the network, especially high-performance computing clusters or high-frequency traffic communication devices.

East-west traffic does not need to pass through the core

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 261

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report