H3C SeerEngine-DC Controller03-03-2020
Software-defined networking (SDN) is a new networking architecture that separates the control plane from the data plane of network devices. It is service-oriented, provides network programmability, and enables quick, automated service deployment and simple, flexible network management. It has seen wide adoption across networks.
H3C SeerEngine-DC controller is a core control component in MP-BGP EVPN-based AD-DC solutions. It is an open platform and provides the following benefits:
It can run on devices of different vendors, enabling multi-vendor interoperability and it fits various networking environments including data centers, public clouds, private clouds, and campus edges with different network features.
It uses programmable southbound APIs, such as OpenFlow, NETCONF, and OVSDB interfaces, to provide efficient management of physical networks.
Similar to a network operating system on which users can develop and run SDN applications, it controls resources on the overlay network and provides northbound APIs to control network forwarding intelligently.
Features and benefits
Rich REST APIs
H3C SeerEngine-DC controller provides rich REST APIs that offer the following advantages:
Streamline client-server interactions and ensure overall quality-of-service by using data caching.
Statelessness allows requests to be processed by different servers, so that you can scale REST APIs to more users by deploying them on multiple servers.
Using browsers as clients and communicating via HTTP requests without using additional resource discovery mechanism enables flexible and lightweight communications between applications and ensures good compatibility with evolving technologies.
You can deploy H3C SeerEngine-DC controllers in the following models to ensure high service availability:
Set up a team with a maximum of 32 controllers to prevent single point of failures and improve network availability. When one controller fails, another controller in the team takes over to keep service continuity on the SDN network. In addition, controllers can be managed and monitored in the team in a centralized manner.
Deploy four controllers in two data centers, two controllers in each. When the two controllers in one data center fail, controllers in the other data center can take over to ensure service continuity.
Deploy a three-controller cluster at both the primary and backup sites and an optional arbitrator. When the cluster at the primary site fails, the cluster at the backup site takes over the services. With an arbitrator, the switchover will take place automatically.
Simple, flexible, automated management
Provides a Web management interface and displays network devices and access hosts graphically.
Provides detailed log information, facilitating backtracking.
Assigns controller in a team to different regions for region-based management of devices, simplifying network management in a large-scale complex network environment.
Provides zero-touch provisioning (ZTP) and automated deployment of all devices without any human intervention, freeing network engineers from heavy workloads.
Overlay network management
H3C SeerEngine-DC controllers can manage a VXLAN-based overlay network and provide a networking model with an MP-BGP EVPN as the control plane of the VXLAN overlay network. The controllers can manage forwarding devices such as ToR devices and border devices, and provide APIs for upper-layer cloud computing systems to integrate the overlay network into the converged cloud network.
All features provided by H3C SeerEngine-DC controllers are IPv4/IPv6 dual-stack-capable. You can deploy the controllers at multiple data centers by using the multi-fabric solution to enable automated interconnections among the data centers.
The EVPN-based networking model implements complete separation of the management plane, control plane, and forwarding plane. It features easy management, high forwarding efficiency, and flexible scalability and is suitable for large-scale networks.
At the data center egress, you can deploy multiple egresses with their respective firewall settings to implement flexible network deployment and control.
The controllers provide APIs and OpenStack plug-ins for upper-layer cloud computing systems to integrate the overlay network into the cloud, allowing users to perform all tasks on the cloud. The controllers are compatible with H3C CloudOS, OpenStack, third-party cloud platforms, and container platforms including Kubernetes and OpenShift.
With a service chain module, the H3C SeerEngine-DC controller can guide specific traffic to flow through a chain of security service nodes and provide users network services with enhanced security.
The controller can manage all physical and virtual security nodes, including FWs, vFWs, LB, and vLBs. It combines various security devices into a unified service chain resource pool to address security requirement of various applications in the data center. It provides flexible orchestration of service chains, and can deploy differentiated, fine-grained, and diversified service chains as needed. It supports also service chain deployment across data centers.
The service chain module provides northbound APIs for interacting with various cloud management systems and southbound interfaces for managing service nodes and deploying service chains.
The micro-segmentation feature, also called group-based security segregation, controls traffic based on groups. For example, you can group servers in data centers based on specific criteria and apply group-based traffic control policies. A micro-segment, also called end point group (EPG), groups endpoints (such as servers) based on specific criteria. Each EPG has a globally unique ID. You can configure micro-segments on IP and VXLAN networks.
H3C SeerEngine-DC controller supports configuration of micro-segment allowlists and denylists on access switches to enable mutual access between members in an EPG group and traffic control between EPG groups. With micro-segment allowlists and denylists configured, the access switches function like stateless firewalls, eliminating the need of security devices.
Micro-segmentation can be used in combination with service chain. After assigning different hosts to EPGs and configuring micro-segment allowlists and denylists on the switch, you can redirect the traffic through service chain to security devices.
H3C SeerEngine-DC controller supports the following standards and interfaces.
NETCONF (RFC 6241).
Open vSwitch Database (OVSDB) interface.
OpenStack Neutron interface.
16 cores, 2.0 GHz or above.
128 GB or above.
The drives must be configured in RAID 1, 5 or 10.
· Drive configuration option 1:
· System drive: SSDs configured in RAID, with a capacity of 1920 GB or above
· etcd drive: SSDs configured in RAID, with a capacity of 50 GB or above. (Installation path: /var/lib/etcd.)
· Drive configuration option 2:
· System drive: 7.2K RPM SATA/SAS HDDs configured in RAID, with a capacity of 1920 GB or above.
· etcd drive: 7.2K RPM SATA/SAS HDDs configured in RAID, with a capacity of 50 GB or above. (Installation path: /var/lib/etcd.)
· Storage controller: 1 GB cache. You must install a power fail safeguard module with a supercapacitor for the controller.
· Non-bonding mode: 1 × 10 Gbps Ethernet interface.
To deploy primary/backup three-controller clusters for disaster recovery, add an Ethernet interface.
· Bonding mode: 2 × 10 Gbps Linux bonding interfaces.
To deploy primary/backup three-controller clusters for disaster recovery, add two Ethernet interfaces for redundancy.
Display statistics of overall network performance, status, and alarms.
Single-fabric and multi-fabric management.
Visual mapping between the physical network topology, tenant network topology, and application topology.
Automate network device incorporation and service provisioning, and enable network adaptive to cloud.
Multi-fabric and multi-DC orchestration capability in various scenarios.
Compute resource collaboration
Collaborate with compute virtualization platform including KVM, VMware, and CAS.
Cooperate with container platforms based on Kubernetes and Openshift to automate container network resource provisioning.
Provide one-stop, full-lifecycle service for bare metal resources based on the OpenStack Ironic project.
Provide comprehensive security protection for inter-subnet and intra-subnet communication within a VPC, communication between VPCs, and communication between VPC and the external network.
Support firewall-based security policies, security service orchestration by service chain, host-granularity network isolation by micro-segmentation capability.
Support QoS policies for traffic with specific characteristics.
Support layer 2 and layer 3 multicast services for both intra and inter DCs.
Supports RDMA and InfiniBand low-latency lossless networking.
Display syslogs, alarms, events and statistics of the entire network.
DHCP and IP resources management.
Support managing operator authorities, controller cluster and configuration, etc.
Interoperable with OpenStack, VMWare, and Kubernetes platforms.
Support interoperation with third party security devices such as F5.
H3C SeerEngine DC software additional 1 server node license
H3C SeerEngine DC software additional 1 Physical NE license
H3C SeerEngine DC software additional 1 virtual service node license
H3C vDHCP1000 License(Comware 9,STANDARD Edition,Permanent)