Campus Network - New Campus Network Solution

Principles

Reliability: Through multi-level redundant connection and redundant support of the device, the entire architecture can meet the uninterrupted connection demands of the service system.

Advancement: New technologies are incorporated, and network upgrade can be carried out by considering technological advancement and maturity.

Scalability: The network has a scalable network architecture and smooth evolution capabilities. The network architecture is scalable in terms of function, capacity, and coverage capability to meet the requirements of rapid service development on the basic carrier network.

Ease of maintenance: The network management system enables the management of network devices, the rapid deployment and adjustment of routing policies and service access policy configuration, and the rapid location and processing of the network failures.

Solution

Logical architecture:

SeerNetwork Architecture (SNA) is the next-generation intelligent network architecture launched by H3C, which consists of the following components.

As a core component of SNA, SNA Center provides unified management, control, intelligent analytics, and service orchestration capabilities for the entire network. Boasting a global perspective, SNA Center can coordinate resources across management domains to simplify O&M and reduce operating expenses. SNA Center provides real-time network monitoring and intent- or status-based analytics to enable automated service deployment and risk prediction, helping the network to serve critical businesses more concisely, intelligently, and efficiently.

As the key of the entire network, SeerEngine is a component of the campus controller. SeerEngine performs automatic deployment of network devices, user access management, user group/policy management, service configuration management, and network O&M management through an intuitive graphical interface. SeerEngine converts administrator operations into specific commands for network devices in the background and delivers them to the devices for execution.

SeerAnalyzer is the latest smart analysis system introduced to the AD-Campus solution. SeerAnalyzer provides visibility to the network operating status with Telemetry, and enables trend prediction and fast fault location through big data and machine learning algorithms. It improves O&M efficiency so that network administrators can work less on O&M workload and focus more on businesses.

The network architecture consists of devices in the core layer, aggregation layer, and access layer (access devices can be deployed in multiple layers), and the SeerEngine campus controller is deployed in the network. The features are shown as follows:

An overlay network is built between the aggregation devices and core devices to provide a stateless network, while distributed L3 gateways are used and broadcast storms are effectively suppressed through reliable mechanisms. Devices in the access layer use different VLANs to identify access locations and connect to the aggregation layer through trunk ports. The aggregation layer realizes VLAN to VXLAN mapping.

Policy management adopts a user-oriented grouping model, which divides users with similar attributes or access permissions into a user group and also divides the resources on the server into corresponding user groups for unified management. Defining policies based on a matrix table is simple and intuitive. The definition of specific policies can be simple or complex to achieve advanced and complex policy control functions.

The flexible access mechanism of user authentication can meet the needs of various access scenarios based on the 5W1H questions: who, whose, what, when, where, and how. Users can flexibly customize the scenarios to meet their needs.

Throughout the life cycle of the user terminal, the one-to-one correspondence of the user and IP is supported. For example, the architecture can be bound with the port based on security needs. As a result, no matter where the terminal locates, it always has the same fixed IP to simplify future O&M.

Typical networking solution

Providing users with the deep convergence solution of wired and wireless devices is typically in demand in a wide range of industries, including government, education, enterprise, and health care. Deep convergence is required in both the control plane and the forwarding plane, and the wired devices must have the same flexibility as wireless devices. Based on the feature of SDN architecture, this networking solution has excellent programmable features, providing a solid foundation for overall solution flexibility and scalability. The typical networking model of AD-Campus is as follows:

1. Standard network model

It is suitable for the headquarters+multi-branch access scenarios of large enterprises, or access scenarios of multiple main campuses. In this model, the controller, analyzer, and DHCP server are centrally deployed in one main campus.

ACs can be centrally deployed in one main campus, and all APs are registered to the AC, or they can be distributed in each campus or branch, and APs in each campus or branch are registered to the respective ACs.

The solution highlights various features such as stateless network, free mobility of policies, fixed IP address, the integration of wired and wireless devices, virtual network isolation, on-demand service delivery, automatic device deployment, and one-click start in the campus.

2. Single-Leaf networking model

Compared with the VXLAN model solution, the single-leaf networking is usually applied in the following scenario:

It is applicable to small- and medium-sized networks. It only supports single-campus scenario, core layer (IRF2) + access layer architecture, and the user gateway at the core layer. This solution can realize all the highlights of the solution in a single campus such as stateless network, ubiquitous policy, network adapts to users, unified wired and wireless network, virtual network isolation, on-demand service delivery, automatic device deployment, and one-click startup.