Elastic, reliable network architecture
H3C AD-DC is designed for openness. It provides extensive support for standard protocols, including BGP EVPN, VXLAN, OVSDB, OpenFlow 1.3, NETCONF, INT, gRPC, and ERSPAN. Customers can integrate it with mainstream resource management platforms or cloud platforms to provide unified management or avoid the risk of vendor lock-in.
Dater center networks (DCNs)
● H3C offers a full portfolio of DC switches such as S12500 and S6800 to address diversified demands of customers for connection speeds within a data center, from GE, 10 GE, 25 GE, 40 GE, and 100 GE, to 400 GE. All these switches support state-of-the-art overlay technologies such as BGP EVPN and VXLAN for elastic expansion of data center networks.
● AD-DC offers multiple networking solutions including network-based overlay, hybrid overlay, host-based overlay, distributed gateway, and centralized gateway for you to choose as needed.
● An AD-DC overlay network is typically built on top of a spine-leaf physical network. The underlying hardware devices improve BGP EVPN and VXLAN protocol efficiency. Devices of each role are deployed in high availability by using technologies such as ECMP, IRF, or DRNI. Distributed gateways ensure optimal hardware forwarding paths. Severs can access leaf switches through DRNI.
● Friendly with small-scale networking scenarios, AD-DC allows leaf devices to access computing resources and security resources simultaneously to improve resource utilization and allows deployment of a single controller. As a best practice, configure a remote backup server in a single controller scenario. A single controller can provide secure incorporation and service chain services.
● Multiple borders can be used as fabric egresses on an AD-DC. Different tenants or VPCs can choose different borders as egress devices, and network traffic can be ECMP-balanced among multiple borders, which improves network egress reliability and scalability. AC-DC supports remote leaf, allowing deployment of a leaf node in a remote location.
● Multiple controllers form a cluster at the control layer of AD-DC. In the northbound direction, the controller provides a unique IP address for interaction with the upper layer applications. In the southbound direction, the cluster provides load sharing and redundant backup for the managed forwarding devices through intra-region backup and inter-region backup. A 3-master controller cluster can manage a minimum of 300 switches and the cluster can be scaled out as needed to keep pace with the growing network scale.
Dater center interconnect (DCI)
● The H3C AD-DC solution enables DCI on demand based on a full range of H3C WDM/OTN optical transmission products and provides connections as fast as 400 Gbps based on high-performance switching products.
● The H3C AD-DC solution deploys Ethernet Virtual Interconnect 2.0 (EVI 2.0) to support distributed service deployment across data centers. EVI 2.0 uses VXLAN in the data plane and MP-BGP EVPN in the control plane. This allows the solution to interconnect the virtual resources pools of data centers for unified resource management and allocation.
Multi-scenario, multi-DC orchestration capability
In a large-scale multi-DC scenario, this solution uses a super controller to implement hierarchical management. In the southbound direction, the super controller centrally manages SDN controllers in the DCs and enables unified management of network resources. In the northbound direction, the SDN controller interacts with the OpenStack cloud platform through a Neutron plugin. The super controller provides a unified management interface for the DCs and enables unified network resource orchestration across DCs from the perspective of tenants.
In a multiple-fabric single-DC scenario, the solution deploys an SDN controller to provide unified management and orchestration across the network fabrics. In the southbound direction, the SDN controller centrally manages network resources distributed across the network fabrics. In the northbound direction, the SDN controller interacts with the OpenStack cloud platform through a Neutron plugin, enabling unified service orchestration across fabrics from the perspective of tenants.
The controller allows you to choose a disaster recovery solution such as cold cluster backup and primary/secondary cluster backup as needed to improve management control plane availability.
End-to-end automation
Network fabric automation—The solution offers not only automated role-based underlay deployment but also automated overlay deployment.
Service automation—SeerEngine provides automated service-based network configuration deployment to help customers accelerate service provisioning. SeerEngine communicates with devices through standard southbound protocols such as NETCONF, OVSDB, and OpenFlow. When IT managers or tenants launch new services, the controller quickly delivers the abstracted logical network configuration to related physical devices, improving service deployment efficiency by more than 90%.
Integrated all-facet security protection
On-demand security resource scheduling—Security resources are pooled, service-oriented, and graphically orchestrated based on policy-driven security service chaining. Security policies can be deployed automatically to meet businesses' security requirements on demand, providing comprehensive protection of both internal and external traffic for tenants.
Unified network and security for coordinated defense—Through network-wide "network + security" collaboration and coordinated defense, and cooperation with the SeerEngine module, AD-DC provides a three-tier coordinated closed-loop defense system that encompasses analysis, control, and implementation capabilities. Through SeerEngine, AD-DC automates business-driven policy establishment and deployment and enables the transition from using manual approaches for network management and maintenance to AI-driven operations (AIOps), saving operations expenses by more than 80%.
Fine-grained isolation based on EPGs—Hardware entry-based EPGs allow you to group hosts by discrete IPs and configure flexible inter-group strategies to provide whitelists, blacklists, stateless firewalls, and service chains, and provide host-granularity network isolation for the data center network.
Compute resource collaboration
As the pipeline to transport data, the data center network requires seamless integration and compatibility with compute resources. Based on the standard OpenStack architecture and projects, AD-DC can automate provisioning of all types of compute resources including virtual, bare metal, and containerized, improving compute resource provisioning efficiency by 70%.
Virtual resource provisioning—By coupling with OpenStack's VLAN model and hierarchical port binding feature, AD-DC provides support for most mainstream compute virtualization platforms in the industry including KVM, VMware, and CAS. SeerEngine can interoperate with virtualization platforms such as VMware vCenter to achieve dynamic online association between computing and network resources.
Bare metal resource provisioning—Based on the OpenStack Ironic project, AD-DC seamlessly integrates with OpenStack to provide one-stop, full-lifecycle service for bare metal resources on tenant networks.
Container network resource provisioning—AD-DC can cooperate with open-source container platforms developed based on Kubernetes and Openshift to automate container network resource provisioning on demand.
Intelligent operations and maintenance
Powered by SeerAnalyzer and technologies such as gRPC, Telemetry, ERSPAN and in-band telemetry (INT), AD-DC can achieve millisecond-precision data capture, megascale VM data analysis, and real-time fault detection. Based on global network monitoring, visual tenant network presentation, and business model deduction capabilities, AD-DC allows customers to perform accurate fault location, risk prediction, and trend analysis. AD-DC provides closed-loop business O&M that encompasses perception, pre-judgment, and execution, shortening fault resolution time from hours to minutes.
With pre-defined solutions for emergencies and support for multi-level rollback for the entire network and tenants, AD-DC can recover the network in case of a failure within minutes. It provides analysis for replacement of a component or module. AD-DC provides underlay, overlay, and application topologies and their correlations. It provides one-key network-wide health inspection capabilities to give administrators a holistic view of the entire network. For each performance metric such as physical resources usage, virtual resources usage, and entry resource usage, it provides AI-based alarm mechanism. In addition, it can use auxiliary troubleshooting methods such as radar detection to get the real application traffic forwarding path based on VTEP and host detection and achieve accurate positioning from logical network to physical network. Radar detection supports not only single-path detection, but also multi-path detection, helping users to timely and accurately locate where failures or bottlenecks might occur. This solution can proactively perform path connectivity detection, route black hole detection, loop detection, and underlay OSPF parameter verification across the underlay network, which improves operation and maintenance efficiency for the underlay network.
By collecting and comparing device configurations and logical items across the network, SeerAnalyzer can track the changes in the network configuration and logical items in real time, provide visibility and a holistic view into network changes, and help locate and fix issues in the event of a failure.
With SeerAnalyzer and SeerEngine, AD-DC automates a closed-loop process for fault events from discovery, diagnosis, solution, to closure.
When a fault occurs in the network, SeerAnalyzer will detect, locate, and diagnose the fault event in real time.
The SeerEngine controller then issues a solution for the fault event and continues to monitor whether the fault is resolved. When the fault is resolved, the fault event process is closed.
AD-DC supports pre-factor network simulation. It can build a simulated network based on NFV to fully simulate a real network. Before making a network change, you can perform pre-factor simulation on the simulated network to compare the changes in device configuration, in VSI, VRF, routing entry capacities, and in network connectivity before and after the change. The simulation and verification of the entire network can be completed in minutes. This feature helps avoid configuration errors and improves service deployment efficiency.
AD-DC supports post-factor intent verification. This solution collects network data after the network configuration changes and builds a model to verify whether the actual forwarding behavior of the network is consistent with the user's intent. The verification results can help users to confirm whether the change meets expectations and whether issues have been introduced. For an intent failed to be met, this solution helps track and locate the cause, thereby greatly improving the operation and maintenance efficiency.
Ultrabroad and lossless
RoCE automation—Automates deployment of RoCE networks, simplifying onboarding deployment.
RoCE visibility—Provides visibility into topology, traffic path, latency, throughput, and congestion, displays network topologies intuitively, and demonstrates traffic related data comprehensively.
RoCE analytics—Allows tracing of anomalies such as PFC deadlock and storm alarm as well packet drop reasons, time, content for issue location and analytics.
RoCE tuning—Provides dynamic closed-loop tuning by using AI tuning algorithms and adjusting the ECN waterline to ensure zero packet loss and high throughput.
Openness and programmability
A software-defined data center network allows administrators to customize the data center more flexibly at the control plane. As an SDN-based controller, H3C SeerEngine is the real performer and core of programmable data centers. With its high reliability, high performance, fully open interfaces, and programmable extensibility, SeerEngine is changing the deployment mode and operation mode of the network. SeerEngine provides richer and more flexible functions to help enterprises adapt to changing network trends and build an intelligent, secure, and reliable information network.
In the northbound direction, SeerEngine adopts open, standard RESTful APIs or Java embedded APIs, allowing users to develop programmable SDN apps of their own. SeerEngine can be orchestrated from a standard OpenStack platform through Neutron APIs, which enables unified management and on-demand orchestration of network resources and deep cloud-network integration. In the southbound direction, SeerEngine adopts standard southbound interfaces defined by the OpenDayLight organization, including OpenFlow, NETCONF, and OVSDB interfaces.
Mature and stable
Since its release, the AD-DC solution has helped more than 1400 customers across industries accelerate their digital transformation.