ݺߣ

ݺߣShare a Scribd company logo

Plnog15 paweł wachelka - sieć oraz bezpieczeństwo w chmurze

M
Marta Pacyga

The document discusses Huawei's Cluster Switch System 2 (CSS2) architecture and Super Virtual Fabric (SVF) networking concepts. CSS2 provides high performance and availability by clustering switches through CSS cards, with the lowest inter-chassis delay of 4 microseconds. The SVF creates a logical network by configuring service profiles on a parent device and binding them to access switch port groups. It supports both distributed and centralized packet forwarding. Key SVF features include template-based configuration, policy association, and service chain orchestration through tunnels between orchestration and service devices.

Convert to study guideBETA

Transform any presentation into a summarized study guide, highlighting the most important points and key insights.

1 of 17
Download to read offline
0 Paweł Wachelka Product Manager – Huawei Polska Sp. z o.o. Sieć oraz bezpieczeństwo w chmurze
1 Content SVFSVF CSSCSS Service Chain OrchestrationService Chain Orchestration 11 22 33
2 Introduction • A cluster switch system (CSS), is a logical switch consisting of two clustering-capable switches • Cluster Switch System 2 (CSS2) Architecture •High Performance •High Availability
3 Clustering through CSS cards on the MPUs
4 Service port connection mode
5 Clustering through CSS cards on the SFUs
6 CSS2 forwarding model Chassis 1 Chassis 2 Service card Service card Service card SFU Service card SFU Service port cluster forwarding model SFU Service card Service card Service card Data packets Cluster cable Chassis 1 Chassis 2 SFU Service card • Twice switching with service port cluster vs. once with CSS2 • 4 μs inter-chassis delay in CSS2 Data packets Cluster cable CSS2: Lowest Inter-Chassis Delay
7 Content SVFSVF CSSCSS Service Chain OrchestrationService Chain Orchestration 11 22 33
8 Super Virtual Fabric (SVF) - Concept • Parent A parent is an aggregation device that manages and configures an SVF system. • Client Client refers to all access devices, including wired access devices (ASs) and wireless access devices (AP) • Level-1 AS Directly connected to the parent or is connected to the parent across a Layer 2 network. • Level-2 AS Directly connected to a level-1 AS. • Access point (AP) When APs access an SVF system, the parent functions as an AC to control and manage all the APs in the SVF system.
10
12 Network Basics (Mandatory) VLAN assignment  LAN configuration  Specifying ports Partition a logical network. Network Security (Optional)  Edge security configuration such as IPSG, ARP rate limiting, storm control, and so on  QoS  Port isolation The logical network is secure and reliable. User Access (Optional)  AAA configuration including the authentication template, RADIUS server, and Portal Server  Authentication mode: 802.1x, MAC, and Portal authentication Terminal users can connect to the network and obtain network rights. Service Profiles Network basic profile (mandatory) Network security profile (optional) User access profile (optional) Configure service profiles on the parent.  Specify the AS port group on the parent.  Bind service profiles to the port group. Then services in the service profiles are delivered to all the members in the group. Profile-based Configuration
13 Policy Association  The SVF-Parent authenticates all users and delivers policies for dynamic authorization after users are successfully authenticated. User policies can be enforced on the SVF-Parent or delivered to access devices from the SVF-Parent and enforced on access devices. Advantages  Simplifies management to the maximum degree, allows flexible deployment of local and remote authentication, rejects unauthenticated users to ensure security. The SVF-Parent provides fine-granular access control. CAPWAP tunnel Core agile switch Agile campus network User policies (UCL/ACL, VLAN, QoS, and so on) Policy association delivery Access switch Authentication point Management point Enforcement pointEnforcement point Controller eSight Accounting server SVF Access switch Policy Association
14 CSS Distributed (Local) Forwarding SVF- Parent SVF- Client • Each device looks up outbound interfaces of packets in its local forwarding table and forwards packets from the outbound interfaces directly. • This mode makes full use of each device's bandwidth. Centralized Forwarding CSSSVF- Parent SVF- Client • Packets are sent to the SVF-Parent. • All user ports and AS downlink ports are isolated. Distributed and centralized forwarding can be configured using CLI  The CAPWAP tunnel between the AS and SVF-Parent transmits only control information but not wired data flows. An AP and the SVF-Parent providing native AC establishes a CAPWAP tunnel to transmit wireless data flows in a centralized manner. L3 routing L2 switching L3 routing L2 switching Packet Forwarding Rules in the SVF
15 SVF Networking Important Features Support S-Series (Campus) TRILL No FCoE No DCB (Data Center Bridging) No Virtualization awareness No Template Based Configuration Yes Cloud Engine - Series TRILL Yes FCoE Yes DCB (Data Center Bridging) Yes Virtualization awareness Yes Template Based Configuration No Supported Features on SVF
16 Content SVFSVF CSSCSS Service Chain OrchestrationService Chain Orchestration 11 22 33
17 Service Chain Orchestration Parent Switch AS Layer 1 AS Layer 2 1. Authentication (802.1x) 2. Communication between Orchestration Device and Service Device (GRE Tunnel) Orchestration device Service device 3. Service Chain resource 4. Service flow 5. Service Chain 6. Policy on Service Device
Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY

More Related Content

Plnog15 paweł wachelka - sieć oraz bezpieczeństwo w chmurze

  • 1. 0 Paweł Wachelka Product Manager – Huawei Polska Sp. z o.o. Sieć oraz bezpieczeństwo w chmurze
  • 3. 2 Introduction • A cluster switch system (CSS), is a logical switch consisting of two clustering-capable switches • Cluster Switch System 2 (CSS2) Architecture •High Performance •High Availability
  • 4. 3 Clustering through CSS cards on the MPUs
  • 6. 5 Clustering through CSS cards on the SFUs
  • 7. 6 CSS2 forwarding model Chassis 1 Chassis 2 Service card Service card Service card SFU Service card SFU Service port cluster forwarding model SFU Service card Service card Service card Data packets Cluster cable Chassis 1 Chassis 2 SFU Service card • Twice switching with service port cluster vs. once with CSS2 • 4 μs inter-chassis delay in CSS2 Data packets Cluster cable CSS2: Lowest Inter-Chassis Delay
  • 9. 8 Super Virtual Fabric (SVF) - Concept • Parent A parent is an aggregation device that manages and configures an SVF system. • Client Client refers to all access devices, including wired access devices (ASs) and wireless access devices (AP) • Level-1 AS Directly connected to the parent or is connected to the parent across a Layer 2 network. • Level-2 AS Directly connected to a level-1 AS. • Access point (AP) When APs access an SVF system, the parent functions as an AC to control and manage all the APs in the SVF system.
  • 10. 10
  • 11. 12 Network Basics (Mandatory) VLAN assignment  LAN configuration  Specifying ports Partition a logical network. Network Security (Optional)  Edge security configuration such as IPSG, ARP rate limiting, storm control, and so on  QoS  Port isolation The logical network is secure and reliable. User Access (Optional)  AAA configuration including the authentication template, RADIUS server, and Portal Server  Authentication mode: 802.1x, MAC, and Portal authentication Terminal users can connect to the network and obtain network rights. Service Profiles Network basic profile (mandatory) Network security profile (optional) User access profile (optional) Configure service profiles on the parent.  Specify the AS port group on the parent.  Bind service profiles to the port group. Then services in the service profiles are delivered to all the members in the group. Profile-based Configuration
  • 12. 13 Policy Association  The SVF-Parent authenticates all users and delivers policies for dynamic authorization after users are successfully authenticated. User policies can be enforced on the SVF-Parent or delivered to access devices from the SVF-Parent and enforced on access devices. Advantages  Simplifies management to the maximum degree, allows flexible deployment of local and remote authentication, rejects unauthenticated users to ensure security. The SVF-Parent provides fine-granular access control. CAPWAP tunnel Core agile switch Agile campus network User policies (UCL/ACL, VLAN, QoS, and so on) Policy association delivery Access switch Authentication point Management point Enforcement pointEnforcement point Controller eSight Accounting server SVF Access switch Policy Association
  • 13. 14 CSS Distributed (Local) Forwarding SVF- Parent SVF- Client • Each device looks up outbound interfaces of packets in its local forwarding table and forwards packets from the outbound interfaces directly. • This mode makes full use of each device's bandwidth. Centralized Forwarding CSSSVF- Parent SVF- Client • Packets are sent to the SVF-Parent. • All user ports and AS downlink ports are isolated. Distributed and centralized forwarding can be configured using CLI  The CAPWAP tunnel between the AS and SVF-Parent transmits only control information but not wired data flows. An AP and the SVF-Parent providing native AC establishes a CAPWAP tunnel to transmit wireless data flows in a centralized manner. L3 routing L2 switching L3 routing L2 switching Packet Forwarding Rules in the SVF
  • 14. 15 SVF Networking Important Features Support S-Series (Campus) TRILL No FCoE No DCB (Data Center Bridging) No Virtualization awareness No Template Based Configuration Yes Cloud Engine - Series TRILL Yes FCoE Yes DCB (Data Center Bridging) Yes Virtualization awareness Yes Template Based Configuration No Supported Features on SVF
  • 16. 17 Service Chain Orchestration Parent Switch AS Layer 1 AS Layer 2 1. Authentication (802.1x) 2. Communication between Orchestration Device and Service Device (GRE Tunnel) Orchestration device Service device 3. Service Chain resource 4. Service flow 5. Service Chain 6. Policy on Service Device
  • 17. Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY