CloudFabric SDN全盒網(wǎng)絡(luò)設(shè)計(jì)方案

1、Huawei CloudFabric Easy SDN Solution HLDCloudFabric SDN全盒網(wǎng)絡(luò)設(shè)計(jì)方案2.3.1-圖12.3.2.1-圖1DCPoDFabricVPCM:NTenantLogical RouterLogical SwitchExternal NetworkLogical PortEnd Port1:11:11:N1:N1:N1:N1:NN:1N:1Logical Vas1:N物理網(wǎng)絡(luò)控制器 Interconnection Interface1:N2.3.2.1-圖2DC-1DC-4Fabric-1Fabric-2Fabric-3Fabric-4VPC1R

2、emote PoDRemote LeafDC-2DC-3Master PoDMaster PoDDC-5Master PoDDC-6Master PoDFabric-5DC-7Master PoDFabric-nDC-nMaster PoDSupports up to 4 fabrics per VPCMulti-PoD方案Current DCUp to 32 fabrics can be created on NCE-Fabric.NCE-Fabric2.3.2.2-圖1End Port控制器的邏輯模型Logic RouterLogic SwitchLogic PortLogic VASEx

3、ternal GatewaySecurity Group物理模型EVPNVRF1(DVR)TORVM/BMVRF1(DVR)BDBDBDIFBDIFVTEPVTEPVM/BMExternal NetworkExtenal VRFVTEPBorder LeafVRF1(DVR)FWServer leafServer leafVPCExternal-vsysvsys12.3.2.3-圖1TenantWeb-vpcApp-vpcDB-vpcLogic Router-1Logic Router-3Logic Router-3Logic Switch-1Logic Switch-2Logic Switc

4、h-3Logic Switch-4EPEPEPEPEGP控制器配置模型業(yè)務(wù)模型示例每個(gè)子網(wǎng)對(duì)應(yīng)一個(gè)Logic SwitchServiceSystemWebAppDBWeb-subnet-1App-subnet-1DB-Subnet-1DB-Subnet-2VMVMVMVMServiceSystemWeb-subnet-1App-subnet-1DB-Subnet-1DB-Subnet-2Logic Router-1Logic Router-3Logic Router-3Logic Switch-1Logic Switch-2Logic Switch-3Logic Switch-4LPLPLPL

5、P Server Leaf2.3.2.4.1-圖1 Border LeafextVRFDVRVRF1DVRVRF1DVRBD1extvsysvSys-1PEVM/BM典型的南北向流量模型靜態(tài)路由 Firewall靜態(tài)路由 Server Leaf2.3.2.4.2-圖1 Border LeafVRF1DVRVRF1DVRBD1vSys-2vSys-1VM/BMVPC互訪流量模型-雙邊墻VRF2DVRVRF2DVRBD2VM/BM Firewall192.168.1.1/24192.168.2.1/2412BGP EVPN3靜態(tài)路由靜態(tài)路由2.3.2.4.2-圖2 Server Leaf Bord

6、er LeafVRF1DVRVRF1DVRBD1vSys-1VM/BMVPC互訪流量模型-單邊墻VRF2DVRVRF2DVRBD2VM/BM FirewallCross VRFBGP EVPN1234192.168.1.1/24192.168.2.1/24靜態(tài)路由靜態(tài)路由靜態(tài)路由 Server Leaf2.3.2.4.2-圖3 Border LeafVRF1DVRVRF1DVRBD1VM/BMVPC互訪流量模型-無(wú)防火墻VRF2DVRVRF2DVRBD2靜態(tài)路由VM/BM12BGP EVPN32.3.3.1-圖1SpineServer leafBorder leaf(&Service leaf

7、)M-LAGVASPE RouterCE8850-64CQ-EICE6865CE6865/CE68562.4.1-圖1SpineServer LeafBorder Leaf(&ServiceLeaf)M-LAG（dual-active）PE RouterOSPF 100Area 0P2PP2PP2PP2PP2PP2PP2PP2PP2P2.4.2-圖1SpineServer leafBorder leaf(Service leaf)M-LAG (dual-active)PE (router)IBGPEVPNRRAS 650012.4.3-圖1和圖2Server-leaf M-LAG(recomm

8、end)Server-leaf Standalone LeafVTEP 1VTEP 2Two standalone ToR Active/Standby NIC(Bonding)Peer-linkLeafVTEPEth-TrunkM-LAGVTEPActive/Standby NIC(Bonding)Active/Active NIC(Bonding)2.4.4-圖1和圖2Border leaf(&Service leaf)M-LAG (dual-active)FirewallPE (router)LB靜態(tài)路由靜態(tài)路由M-LAG (dual-active)PE (router)Firewall

9、LB動(dòng)態(tài)路由鏈路保護(hù)靜態(tài)路由Border leaf(&Service leaf)2.4.5-圖1語(yǔ)音數(shù)據(jù)視頻WANVXLANRecommended levelFunctionSampleCOS 0User data serviceMail, etc.COS 1User video serviceVideo conferences, etc.COS 2User voice serviceVoice conferences, etc.COS 3User high priority service-COS 4Controller manages traffic, user high priority

10、 serviceSnmp，Netconf，Openflow, etc.COS 5Controller cluster node interactionRestful，DMQ，Kafka, etc.COS 6Switch control plane protocol interactionBGP，OSPF, etc.COS 7reservation-DataDSCPData8021pDSCPDataDSCPDSCPData8021pDSCPIP8021QvxlanDSCPQOS優(yōu)先級(jí)字段QOS Priority Mapping802.1p服務(wù)等級(jí)DSCP服務(wù)等級(jí)802.1p0BE0BE01AF1

11、10AF112AF218AF22Data8021pDSCP缺省優(yōu)先級(jí)映射關(guān)系123452.4.5-圖2語(yǔ)音數(shù)據(jù)視頻WANVXLANRecommended levelFunctionSampleBEUser data serviceMail, etc.AF1User video serviceVideo conferences, etc.AF2User voice serviceVoice conferences, etc.AF3User high priority service-AF4Controller manages traffic, user high priority service

12、Snmp，Netconf，Openflow, etc.EFController cluster node interactionRestful，DMQ，Kafka, etc.CS6Switch control plane protocol interactionBGP，OSPF, etc.CS7reservation-DataDSCPData8021pDSCPDataDSCPDSCPData8021pDSCPIP8021QvxlanDSCPQOS優(yōu)先級(jí)字段QOS Priority Mapping802.1p服務(wù)等級(jí)DSCP服務(wù)等級(jí)802.1p0BE0BE00AF110AF110AF218AF2

13、2Data8021pDSCP缺省優(yōu)先級(jí)映射關(guān)系123452.4.6-圖1SpineServer leafBorder leaf(Service leaf)M-LAG (dual-active)VASPE (router)12345Spine2.5.2-圖1、圖2和圖3DC1DC2 Multi PodE2E VXLANSlave EgressMaster EgressMaster ClusterSlave ClusterDC1DC2 Remote LeafE2E VXLANRemote LeafEgressDC1DC2 Remote PodE2E VXLANEgressEgressRemote

14、PoD端到端VXLANFabric 1Fabric 2SpineLeafSpineLeaf控制器控制器(Active)(Standby)IP互聯(lián)網(wǎng)絡(luò)Border LeafBorder LeafFabric-GWFabric-GW主出口備出口業(yè)務(wù)VPC2.5.3-圖12.5.3-圖2SpineiMaster NCE-Fabric cluster(active)Egress DC1SpineEgressSpineiMaster NCE-Fabric cluster(standby)Egress DC3 DC2E2E EVPN VXLAN Border Leaf Border Leaf Border

15、 Leaf2.5.4-圖1SpineController Cluster(Active)Egress DC1 Border LeafSpine Border LeafWANMaster PoDRemote PoDRemote LeafRoute reachableRoute reachableVXLANVXLAN DC2 DC3EgressVXLANAS 65101AS 65102AS 65003AS 65002AS 65001SpineEgressSpineEgressSpineEgressOSPF 100Area 0OSPF 100Area 0OSPF 100Area 0EBGP2.5.5

16、-圖1、圖2和圖3SpineEgressSpineEgressSpineEgressOSPF 100Area 1OSPF 100Area 2OSPF 100Area 3OSPF 100Area 0SpineEgressSpineEgressSpineEgressOSPF 100Area 02.5.6-圖1和圖2SpineEgress DC1SpineEgress DC2RRRRAS65001SpineEgress DC1SpineEgress DC2RRRRiBGP EVPNAS65001iBGP EVPNAS65002eBGP EVPNSolution 1Solution 2eBGPeBGP

17、2.5.6-圖3WANEgressEgressOSPFOSPFVXLANMPLSVXLANVXLANDataDataVXLANDataMPLSVXLANDataDataDC1DC212345RRBGP EVPNRR2.5.7-圖1SpineiMaster NCE-Fabric cluster(active)Egress DC1SpineEgressSpineiMaster NCE-Fabric cluster(standby)Egress DC3 DC2E2E EVPN VXLANVPC BVPC CVPC A2.5.7-圖2 Server Leaf Border LeafextVRFDVRV

18、RF1DVRVRF1DVRBD1extvsysvSys-1PEVM/BMFabric-1靜態(tài)路由靜態(tài)路由 Firewall Server Leaf Border LeafextVRFDVRVRF1DVRVRF1DVRBD1extvsysvSys-1PEVM/BMFabric-2靜態(tài)路由靜態(tài)路由Firewall主出口備出口靜態(tài)路由優(yōu)先級(jí)高于BGP路由優(yōu)先級(jí)靜態(tài)路由優(yōu)先級(jí)低于BGP路由優(yōu)先級(jí)主出口正常情況下流量主出口故障，切換備出口情況下流量2.6.1-圖1VMVTEPBMVMVTEPVTEPVXLANSpineServer leafBorder leafVTEPNCE-FabricPE南向業(yè)務(wù)管

19、理網(wǎng)絡(luò) Internal communicationSouthbound serviceNorthbound management管理員北向訪問(wèn)內(nèi)部通信2.6.1-圖2Two-plane networking:Each physical server has four physical NICs, two of which are bound into two logical NICs, which carry the data of the internal communication and the northbound management network plane and the s

20、outhbound business network plane, respectively, to achieve two plane isolation.123456789123456789TOR Switch-1TOR Switch-2041504150415Bond0Bond1North Management & Internal CommunicationSouth ServiceBond0Bond1Bond0Bond1NCE-Fabric Server-1 NCE-Fabric Server-2 NCE-Fabric Server-3 2.6.1-圖31234TOR Switch-1TOR Switch-21234The NCE-Fabric networking plan uses two planes of isolation, and each plane uses a group (two physical network ports are bound into a group) of network ports.It is recommended that the two physical network ports to be bound are distr