H3C AD-DC Solution

    10-10-2022

Solution overview

H3C Application-Driven Data Center (AD-DC) is a unified next-generation data center solution designed to support accelerated service delivery. It helps customers build an intelligent data center network that can change quickly to accommodate exponentially growing traffic and accelerated service provisioning driven by cloud computing, big data, and mobile Internet.

H3C AD-DC solution is an intelligent, comprehensive solution that provides management, control, analysis, and AI for data center network scenarios. This solution delivers the following benefits:

Uses graphic, visualized orchestration to enable automated deployment. It provides one-stop, end-to-end intent assurance from architecture design, pre-factor simulation, network construction, to operation assurance.

Provide basic network management and automated device configuration provisioning from a controller component. Enables uniform network profile and security policy deployment across the network.

Uses an analyzer component to offer AI- and big data-assisted analytics, enabling administrators to gain a holistic view of the network and quickly identify and resolve network issues.

Implements AI ECN in high-performance computing and distributed/centralized storage scenarios to enable zero packet loss and full consolidation of high-performance computing, storage, and general-purpose computing over the Ethernet.

Provides the user an environmentally friendly, energy efficient data center with optimized network architecture, lossless Ethernet, and energy saving management.

Provides a management, control, and analysis integrated system to help customers build a new type of data center network that is simplified and unified, intent-based and intelligent, ultrabroad and lossless, and green and energy efficient, and enables rapid service delivery and high-performance operation, meeting the evolving requirements in this cloud computing era.

Features and benefits

Elastic, reliable network architecture

Extensive support for standards and protocols

H3C AD-DC is designed for openness. It provides extensive support for standards and protocols, including BGP EVPN, OVSDB, OpenFlow 1.3, NETCONF, INT, gRPC, and ERSPAN. Customers can integrate it with mainstream resource management platforms or cloud platforms to provide unified management or avoid the risk of vendor lock-in.

Multiple networking models

AD-DC supports automated underlay deployment by using spine-leaf, spine-aggregation-leaf, or spine-aggregation-leaf-access network model, as well as network-based overlay and hybrid overlay on-demand deployment.

Multi-egress flexibility

AD-DC supports GUI-based orchestration of multiple egresses and can use multiple borders as fabric egresses. Different tenants or VPCs can choose different borders as egress devices.

Flexible networking architecture options

AD-DC allows selection of networking architecture from single fabric, single DC, multi-fabric, multi-DC, to remote leaf as needed.

Flexible deployment modes

AD-DC supports deployment on a single node or VM to address requirements in a small-scale scenario and deployment in cluster mode for enhanced service availability.

End-to-end automation

Network fabric automation—The solution offers automated role-based underlay fabric deployment, which reduces initial deployment workload and improves deployment efficiency

Service deployment automation—This solution builds services-adaptive network models and enables automated configuration provisioning on the overlay logical networks, which greatly accelerates service provisioning and increase service deployment efficiency by more than 90%.

Multi-scenario, multi-DC orchestration capability

Tiered management

In the large-scale multi-DC scenario, each DC has its own controller component. To provide across-DC automated, unified network management, AD-DC introduces Super Controller for tiered management. In the southbound direction, Super Controller centrally manages controllers in the DCs and enables unified management of network resources. In the northbound direction, Super Controller provides a unified network management interface for the DCs and enables unified network resource orchestration across DCs from the perspective of tenants.

Unified management and orchestration of multiple fabrics from one controller component

In a multiple-fabric single-DC scenario, the solution deploys a controller to provide unified management and orchestration across the network fabrics. In the southbound direction, the controller centrally manages network resources distributed across the network fabrics. In the northbound direction, the SDN controller interacts with the OpenStack cloud platform through a Neutron plugin, enabling unified service orchestration across fabrics from the perspective of tenants.

Flexible, highly reliably deployment of the controller

The controller allows you to choose a disaster recovery solution such as cold cluster backup and primary/secondary cluster backup as needed to improve management control plane availability.

Integrated all-facet security protection

On-demand security resource scheduling—Security resources are pooled, service-oriented, and graphically orchestrated based on policy-driven security service chaining. Security policies can be deployed automatically to meet businesses' security requirements on demand, providing comprehensive protection of both internal and external traffic for tenants.

Unified network and security for coordinated defense—Through network-wide "network + security" collaboration and coordinated defense, AD-DC provides a three-tier coordinated closed-loop defense system that encompasses analysis, control, and implementation capabilities. AD-DC automates business-driven policy establishment and deployment and enables the transition from using manual approaches for network management and maintenance to AI-driven operations (AIOps), saving operations expenses by more than 80%.

Fine-grained isolation based on EPGs—Hardware entry-based EPGs allow you to group hosts by discrete IPs and configure flexible inter-group strategies to provide whitelists, blacklists, stateless firewalls, and service chains, and provide host-granularity network isolation for the data center network.

Compute resources collaboration

As the pipeline to transport data, the data center network requires seamless integration and compatibility with compute resources. Based on the standard OpenStack architecture and projects, AD-DC can automate provisioning of all types of compute resources including virtual, bare metal, and containerized, improving compute resource provisioning efficiency by 70%.

Compute resources collaboration with virtualization platforms—By coupling with OpenStack's VLAN model and VXLAN model, AD-DC provides support for most mainstream compute virtualization platforms in the industry including KVM, VMware, and CAS. The controller can interoperate with virtualization platforms such as VMware vCenter, Microsoft System Center, and Red Hat Virtualization Manager to achieve dynamic online association between computing and network resources and across-vCenter dynamic migration.

Compute resources collaboration with bare metal—Based on the OpenStack Ironic project, AD-DC seamlessly integrates with OpenStack to provide one-stop, full-lifecycle service for bare metal resources on tenant networks.

Compute resources collaboration with containers

Container network Layer 2 bridging solution—This solution applies to the scenario where a new data center is to be established. Based on the proprietary CNI plugins, AD-DC can cooperate with open-source container platforms developed based on Kubernetes and Openshift to automate container network deployment and enable interworking and isolation of container network multi-tenancy, containers and VMs, and bare metal at Layer 2 and Layer 3 on demand, so that network connections are available for container on demand.

Container network Layer 3 routing solution—This solution applies to the scenario where services have been deployed in containers on the Calico container network and the network needs a transformation to SDN. The AD-DC controller automates BGP peer relationship establishment between the Calico vRouter and switch side to enable route advertisement of Calico content devices across the SDN network and automated network connection between containers.

Intent-based networking

Automated intent-based service deployment

On traditional networks, administrators are required to configure devices from the CLI based on the business requirements for service deployment, which is expertise demanding, labor intensive, time consuming, and error prone. In contrast, with intent-based networking, users are not required to understand the configuration theories. The network controller will automatically translate business requirements to device configurations to be deployed.

Simulation before service deployment

Before deploying services on the production network, the system simulates service deployment on a twin network built 1: 1 of the real production networks and assesses the network change risks and impacts. Only when the assessment result meets the expectations, the configuration is deployed to the production environment.

Intent verification after service deployment

After the configuration is deployed on the network, the analyzer collects relevant data on the network periodically, including device configuration, device ARP entries, FIB entries, network topology, and network device status. The analyzer submits collected data to the intelligent analysis module which simulates the forwarding behavior of network devices with simulation verification algorithms, and finally provides the verification results for network-wide connectivity, route reachability, and configuration consistency.

Closed loop for faults

The analyzer can identify and predict device failures, network failures, protocol failures, overlay failures, and service failures based on various metric data collected over the network and uses means of notification, suggestion, and resolution deployment to help resolve issues quickly and close loop for faults.

Intelligent operations and maintenance

Multiple data collection methods, network health visibility

The analyzer can use gRPC, Telemetry, ERSPAN and in-band telemetry (INT) technologies to achieve millisecond-precision data capture, data analysis, and real-time fault detection, helping user to gain a holistic view of the network and visibility into tenant networks.

AI intelligent analysis, precise fault location, risk prediction, trend analysis, and closed-loop fault resolution

AC-DC provides AI-powered intelligent analysis. Precise fault location, risk prediction, trend analysis, and closed-loop business O&M that encompasses perception, pre-judgment, and execution, shortens fault resolution time from hours to minutes. AD-DC automates a closed-loop process for fault events from discovery, diagnosis, solution, to closure. When a fault occurs in the network, the analyzer will detect, locate, and identify the root cause in real time and triggers the controller to issue a solution to fix and resolve the fault.

Inter-DC traffic intelligent analysis from the analyzer

Analyzes the inter-DC traffic composition, link utilization and status between sites, and application distribution on the links from the data center perspective.

Analyzes and presents the inter-DC traffic and traffic proportion based on the application information combined with the inter-DC traffic composition.

Lossless network

The SeerFabric lossless network solution provides a "zero packet loss, low latency, high throughput" network environment for RoCEv2 distributed applications such as distributed storage, HPC high-performance computing, and AI, aligning with the requirements of distributed applications for high performance.

RoCE automation—Automates deployment of RoCE networks, simplifying onboarding deployment.

RoCE visibility—Provides visibility into topology, traffic path, latency, throughput, and congestion, displays network topologies intuitively, and demonstrates traffic related data comprehensively.

RoCE analytics—Allows tracing of anomalies such as PFC deadlock and storm alarm as well packet drop reasons, time, content for issue location and analytics.

RoCE tuning—Provides dynamic closed-loop tuning by using AI tuning algorithms and adjusting the ECN waterline to ensure zero packet loss and high throughput.

Openness and programmability

SDN-based

A software-defined data center network allows administrators to customize the data center more flexibly at the control plane. H3C SDN controller is the real performer and core of programmable data centers. With its high reliability, high performance, fully open interfaces, and programmable extensibility, SeerEngine is changing the deployment mode and operation mode of the network. The controller provides richer and more flexible functions to help enterprises adapt to changing network trends and build an intelligent, secure, and reliable information network.

Northbound openness

In the northbound direction, the controller adopts open, standard RESTful APIs, allowing users to develop programmable SDN apps of their own. The controller can interoperate with a standard OpenStack, Kubernetes, or OpenShift platform through Neutron/CNI APIs, which enables unified management and on-demand orchestration of network resources and deep cloud-network integration.

Southbound openness

In the southbound direction, the controller automates device configuration provisioning through OpenFlow, NETCONF, and OVSDB protocols.

Mature and stable

Since its release, the AD-DC solution has helped wide range of customers across industries accelerate their digital transformation.

新华三官网