Rich REST APIs
H3C SeerEngine-DC controller provides rich REST APIs that offer the following advantages:
Streamline client-server interactions and ensure overall quality-of-service by using data caching.
Statelessness allows requests to be processed by different servers, so that you can scale REST APIs to more users by deploying them on multiple servers.
Using browsers as clients and communicating via HTTP requests without using additional resource discovery mechanism enables flexible and lightweight communications between applications and ensures good compatibility with evolving technologies.
High availability
You can deploy H3C SeerEngine-DC controllers in the following models to ensure high service availability:
Set up a team with a maximum of 32 controllers to prevent single point of failures and improve network availability. When one controller fails, another controller in the team takes over to keep service continuity on the SDN network. In addition, controllers can be managed and monitored in the team in a centralized manner.
Deploy four controllers in two data centers, two controllers in each. When the two controllers in one data center fail, controllers in the other data center can take over to ensure service continuity.
Deploy a three-controller cluster at both the primary and backup sites and an optional arbitrator.When the cluster at the primary site fails, the cluster at the backup site takes over the services. With an arbitrator, the switchover will take place automatically.
Simple, flexible, automated management
Provides a Web management interface and displays network devices and access hosts graphically.
Provides detailed log information, facilitating backtracking.
Assigns controller in a team to different regions for region-based management of devices, simplifying network management in a large-scale complex network environment.
Provides zero-touch provisioning (ZTP) and automated deployment of all devices without any human intervention, freeing network engineers from heavy workloads.
Overlay network management
H3C SeerEngine-DC controllers can manage a VXLAN-based overlay network and provide a networking model with an MP-BGP EVPN as the control plane of the VXLAN overlay network. The controllers can manage forwarding devices such as ToR devices and border devices, and provide APIs for upper-layer cloud computing systems to integrate the overlay network into the converged cloud network.
All features provided by H3C SeerEngine-DC controllers are IPv4/IPv6 dual-stack-capable. You can deploy the controllers at multiple data centers by using the multi-fabric solution to enable automated interconnections among the data centers.
The EVPN-based networking model implements complete separation of the management plane, control plane, and forwarding plane. It features easy management, high forwarding efficiency, and flexible scalability and is suitable for large-scale networks.
At the data center egress, you can deploy multiple egresses with their respective firewall settings to implement flexible network deployment and control.
The controllers provide APIs and OpenStack plug-ins for upper-layer cloud computing systems to integrate the overlay network into the cloud, allowing users to perform all tasks on the cloud. The controllers are compatible with H3C CloudOS, OpenStack, third-party cloud platforms, and container platforms including Kubernetes and OpenShift.
Service chain
With a service chain module, the H3C SeerEngine-DC controller can guide specific traffic to flow through a chain of security service nodes and provide users network services with enhanced security.
The controller can manage all physical and virtual security nodes, including FWs, vFWs, LB, and vLBs. It combines various security devices into a unified service chain resource pool to address security requirement of various applications in the data center. It provides flexible orchestration of service chains, and can deploy differentiated, fine-grained, and diversified service chains as needed. It supports also service chain deployment across data centers.
The service chain module provides northbound APIs for interacting with various cloud management systems and southbound interfaces for managing service nodes and deploying service chains.
Micro-segmentation
The micro-segmentation feature, also called group-based security segregation, controls traffic based on groups. For example, you can group servers in data centers based on specific criteria and apply group-based traffic control policies. A micro-segment, also called end point group (EPG), groups endpoints (such as servers) based on specific criteria. Each EPG has a globally unique ID. You can configure micro-segments on IP and VXLAN networks.
H3C SeerEngine-DC controller supports configuration of micro-segment allowlists and denylists on access switches to enable mutual access between members in an EPG group and traffic control between EPG groups. With micro-segment allowlists and denylists configured, the access switches function like stateless firewalls, eliminating the need of security devices.
Micro-segmentation can be used in combination with service chain. After assigning different hosts to EPGs and configuring micro-segment allowlists and denylists on the switch, you can redirect the traffic through service chain to security devices.
Standards compliance
H3C SeerEngine-DC controller supports the following standards and interfaces.
OpenFlow 1.3.
NETCONF (RFC 6241).
Open vSwitch Database (OVSDB) interface.
OpenStack Neutron interface.