35
Мазитов Алмаз Ведущий менеджер по сетевым продуктам HUAWEI Roadshow DC + Agile Controller

Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

  • Upload
    others

  • View
    69

  • Download
    3

Embed Size (px)

Citation preview

Page 1: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Мазитов АлмазВедущий менеджер по сетевым продуктам HUAWEI

Roadshow DC + Agile Controller

Page 2: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudEngine Series Data Center Switch Portfolio

Core Switches Access Switches

CloudEngine 16800 (new)

CloudEngine 16816 CloudEngine 16808 CloudEngine 16804

CloudEngine 6881-48S6CQ

CloudEngine 6863-48S6CQ

10GE TOR switch (new)

25GE TOR switch (new)

Page 3: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudEngine 16800: Leading Hardware Architecture, Extensive Software Features, and Complete

Solution Mapping Capabilities

CloudEngine 16808 CloudEngine 16804CloudEngine 16816

36*100GE

36*40GE

24*40GE48*10GE

18*100GE

Complete Solution

Mapping CapabilitiesAgile Controller-DCN provides simplified

deployment capabilities throughout the life cycle.

FabricInsight analyzes TCP flows and network-

wide health.

Leading Hardware Architecture

Flexible NSH: Flexible and simplified VAS deployment

High security: Microsegmentation (VM-level security

isolation)

Telemetry technology, detecting the network quality in

real time

Edge intelligence and local processing of network behaviors

Orthogonal architecture, backplane-free cabling, strict

front-to-back airflow, cell switching

Mixed-flow fan, VC phase change heat dissipation

Smooth evolution to 400G

AI engine (V1R19C10)

Extensive Software Features

CloudEngine 16800: 400G platform supports 10GE, 40GE, and 100GE interfaces, and AI engine.

Page 4: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Orthogonal ArchitectureStrict Front-to-Back Airflow

DesignNon-blocking Switching

Mixed-flow Fan,VC Phase Change Heat

Dissipation

Line

card

Backplane-free cablingHigher chassis bandwidth

Independent front-to-back

airflowEven heat dissipation, basic

requirements for data centers

Cell switching, VoQBalanced traffic distribution, higher

bandwidth usage

Mixed-flow fan,

VC phase change heat

dissipation Air volume three times higher than

the industry average, greatly

reducing noise

Leading energy-saving design

Hardware Architecture: Industry-leading Architecture Design and Innovate Heat Dissipation

The CloudEngine16800 supports the network lifecycle of four generations of servers and smooth evolution to 400G.

1/31/3

1/3

1/3

1/3

1/3

1/3

1/3

1/

3

1/3

1/3

1/3

1/3 1/3

1/3

1/3

1/3

1/3

VC heat

dissipation

substrate

Heat

dissipation fin

Chip

Air intake Air exhaust

Page 5: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Introduction to CloudEngine 16800

Specification CE16804 CE16808 CE16816

Dimensions

(W x D x H, mm)482.6 x 990.3 x

437(10U)

482.6 x 990.3 x 703.6

(16U)

482.6 x 1149.2 x

1435.7(32U)

Switching capacity 43 Tbit/s 86 Tbit/s 173 Tbit/s

Packet forwarding

rate11,280 Mpps 22,560 Mpps 45,120 Mpps

LPU slots 4 8 16

MPU 1+1

SFUs 6 (scalable to 9 for future expansion)

Architecture Clos switching architecture, cell switching, VoQ

Number of fan trays 3 3 3

Number of power

supplies6 10 20

Power inputDC: 2200 W (-48 V/-60 V)

AC/HVDC: 3000 W (AC: 220 V, HVDC: 240 V/380 V)

Two MPUs: 1+1

redundancy

The CloudEngine 16808 has

10 power modules in total.

The CloudEngine 16808

has a total of eight slots.

The CloudEngine 16808

has three fan trays.

The CloudEngine 16808

has up to nine SFUs and

supports N+1 or N+M

redundancy.

Page 6: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudEngine 16800: 100G/40GE/10GE Line Cards

36*100GE QSFP28 36*40GE QSFP+

24*40GE QSFP+

48*10GE SFP+

18*100GE QSFP28

Item 100GE Line Card 40GE Line Card 10GE Line Card

Card name CEL36CQFD-G CEL18CQFD-G CEL36LQFD-G CEL24LQFD-G CEL48XSFD-G

Port36*100GE/36*40GE/

144*25GE/144*10GE

18*100GE/18*40GE/

72*25GE/72*10GE

36*40GE/

144*10GE24*40GE/96*10GE 48*10GE

MAC address

tableStandard mode: 96K Large routing mode: 32K Large MAC mode: 256K

FIB (IPv4/IPv6) Standard mode: 220K/80K Large routing mode: 256K/80K Large MAC mode: 128K/64K

ND Standard mode: 80K Large routing mode: 80K Large MAC mode: 64K

ARP

<Non-contiguous

and contiguous

MAC addresses>

Standard mode: 96K-220K Large routing mode: 96K-256K Large MAC mode: 96K-128K

ACL 6*7.5K 3*7.5K 3*7.5K 2*7.5K 1*7.5K

Page 7: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

MPUs of the CloudEngine 16800

Half-width MPU of the

CloudEngine

16804/CloudEngine 16808

Full-width MPU of the

CloudEngine 16816

• The CloudEngine 16804/CloudEngine 16808 uses half-width

MPUs, and active and standby MPUs are installed side by side.

• The CloudEngine 16816 uses full-width MPUs, and the active

and standby MPUs are arranged vertically.

• HiSilicon CPU

16-core, single-core 1.8 GHz

• Memory: 8 GB

• CMU

• Integrated AI chip (GA in February 2020)

• 1588v2 (GA in February 2020)

MPU Description

CE-MPUD-HALFHalf-width MPU, adapting to the CloudEngine

16804/CloudEngine 16808

CE-MPUD-FULL Full-width MPU, adapting to the CloudEngine 16816

Page 8: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

SFUs of the CloudEngine 16800

SFU04

SFU08

SFU16

SFU Performance

CE-SFU04G-G 8.4 Tbit/s

CE-SFU04F-G4.2 Tbit/s

CE-SFU08G-G 16.8 Tbit/s

CE-SFU08F-G8.4 Tbit/s

CE-SFU16G-G 28.8 Tbit/s

CE-SFU16F-G 16.8 Tbit/s

Page 9: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Mapping Between Cards and SFUs of the CloudEngine 16800

Device Model Card SFU

Number of SFUs

Required for Line-

rate Forwarding

CE 16804/

CE16808/

CE16816

36*100GE CE-SFU04G-G/ CE-SFU08G-G/CE-SFU16G-G 5

36*40GECE-SFU04F-G/ CE-SFU08F-G/CE-SFU16F-G 4

CE-SFU04G-G/ CE-SFU08G-G/CE-SFU16G-G 4

48*10GECE-SFU04F-G/ CE-SFU08F-G/CE-SFU16F-G 4

CE-SFU04G-G/ CE-SFU08G-G/CE-SFU16G-G 4

18*100GE CE-SFU04F-G/ CE-SFU08F-G/CE-SFU16F-G 5

CE-SFU04G-G/ CE-SFU08G-G/CE-SFU16G-G 5

24*40GE CE-SFU04F-G/ CE-SFU08F-G/CE-SFU16F-G 4

CE-SFU04G-G/ CE-SFU08G-G/CE-SFU16G-G 4

Remarks: The CloudEngine 16800 uses the 6-plane SFU design.

Page 10: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Recommended CE Series Switch Model — CloudEngine 6881& CloudEngine 6863

Diversified DC features: M-LAG, iStack, VXLAN, and BGP EVPN

Hardware-based BFD

Telemetry and ERSPAN enhancement

Microsegmentation and NSH

1+1 power redundancyFour fan trays (one fan

module in each tray)

Parameter CloudEngine 6881-48S6CQ

Port model48*10GE SFP+ and 6*100GE QSFP28 (Each QSFP28 port can be used as

one 40GE QSFP+ port)

Switching capacity 2.16 Tbit/s

Forwarding performance 940 Mpps

Maximum number of

stacked switches16

Buffer capacity 42 MB

Performance

specificationsFIB (v4/v6): 256K/80K, MAC: 256K, ARP: 256K

Diversified DC features: M-LAG, iStack, VXLAN, and BGP EVPN

Hardware-based BFD

Telemetry and ERSPAN enhancement

Microsegmentation and NSH

1+1 redundancyFour fan trays (one fan

module in each tray)

Parameter CloudEngine 6863-48S6CQ

Port model48*25GE SFP28 and 6*100GE QSFP28 (Each QSFP28 port can be used as

one 40GE QSFP+ port)

Switching capacity 3.6 Tbit/s

Forwarding performance 940 Mpps

Maximum number of

stacked switches16

Buffer capacity 42 MB

Performance

specificationsFIB (v4/v6): 256K/80K, MAC: 256K, ARP: 256K

Page 11: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Recommended Mapping Version for CloudFabric Solution V1R19C00

Device Series Device Model Software Version

Cloud computing FusionCloud

(1) Network overlay: FusionCloud 6.5 (private cloud based on

Mitaka, supporting IPv6)

(2) Network overlay: FusionCloud 6.3.1 (based on Mitaka, and

integrating some features of Ocata)

CE16800 series CE16800 series: CE16804, CE12808, and CE16816V200R005C20

CE6800 series CE6863-48S6CQ and CE6881-48S6CQ

vSwitch

CE1800V (OpenStack Mitaka + KVM CentOS7.2, OpenStack

Ocata + KVM CentOS7.3, OpenStack Queens + KVM

CentOS7.5)

(1) V100R019C00 (2) V100R002C10 (3) V100R002C00

SdSec solution V100R019C00

SdSec solution

Old hardware firewall:

USG6660/Eudemon1000E-N6, USG6670/Eudemon1000E-

N7, USG6680/Eudemon1000E-N7E,

USG9520/Eudemon8000E-X3, USG9560/Eudemon8000E-

X8, USG9580/Eudemon8000E-X16

Old hardware firewall: V500R005C20 (for both carriers and

enterprise networks)

New hardware firewall:

SG6650E/Eudemon1000E-G5, USG6680E/Eudemon1000E-

G8, USG6712E/Eudemon1000E-G12,

USG6716E/Eudemon1000E-G16

New hardware firewall: V600R007C00 (for both carriers and

enterprise networks)

Forward compatibility: V600R006C00

vNGFW:

USG6000V8/Eudemon1000E-V8

V500R005C20 (for both carriers and enterprise networks)

SecoManager V500R019C00

CIS V100R007C00

Agile Controller Agile Controller-DCN V300R019C00

eSight eSight-Solution V300R010C10

FabricInsight FabricInsight V100R019C00

Page 12: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

. . .

Rapid response to service requirements

Hardware BFD Microsegmentation NSH-based SFC VXLAN over IPv6

CPU

Forwarding chip

Intra-card CPU chip

Quad-core CPU: Protocol packet

processing

FIB entry delivery

. . .

Co-processor Hardware BFD

High-performance

sFlow

. . .

Forwarding chip

Adjustable

processes

New service

processes

Adjustable entry

resources

Enhanced service

processes

VRP

NETCONF CLI

Linux container

gRPCOpenFlowSSH

FuncEdit

NETCONF

SNMP

Linux and driver

Fragmentation

and reassembly

Programmable Key Components, Flexible Customization of Service Functions

Page 13: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Simplified DeploymentThe SDN controller defines

SFC in drag-and-drop mode.

Efficient Forwarding

Traffic diversion for one time,

saving ACL resources and

providing simple configuration

Flexible OrchestrationDecouple VAS functions from

fabrics, providing flexible

orchestration.

WEBApp

A

FW IDS LB NAT

VAS

resource

pool

Switch Switch Switch

NSH-based SFC Provides Easy VAS Orchestration

Page 14: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

VM 1 VM 2 VM 3

1.1.1.1 1.1.1.2 1.1.1.3

VM 4 VM 5 VM 6

2.2.2.1 2.2.2.2 2.2.2.3

As Is: Subnet-based isolation To Be: VM-level

isolation

Fine-grained DefenseDefine applications based on VM

names and discrete IP

addresses, with fine granularity.

Flexible DeploymentDefine services based on

application groups and decouple

them from subnets to achieve

flexible deployment.

Distributed SecurityTraffic of access switches is

filtered nearby and east-west

isolation is implemented

without using firewalls.

Microsegmentation Achieves Fine-grained Isolation and Service Security

Page 15: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

• SNMP/NETCONF query/response mechanism, and

minute-level reporting

• Microburst detection is not supported, and traffic details

cannot be detected.

• The traditional network device reports only logs and

alarms, but cannot collect packet characteristic

information such as the delay and packet loss.

• gRPC subscription/active reporting mechanism, and millisecond-

level reporting

• The CloudEngine 16800 monitors the microburst status, detects

traffic details, and predicts congestion in real time.

• The CloudEngine 16800 uses the intelligent analysis algorithm to

detect packet characteristic information such as the delay,

packet loss, and packet loss location in real time.

As-Is: Network Device Used as Black Boxes To-Be: Visualized Network Management and Control

Industry-leading Telemetry Technology Achieves Visualized and Controllable Networks or Services in

Real Time

Collector Analyzer

CPUForwarding

chipNP

SNMP

NETCONFNetStream ERSPAN

Flow table

Protobuf

over UDP

gRPCERSPAN+

CPUForwarding

chip

Traditional NMS

AI

Chip

Page 16: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudEngine fixed switches: Diversified Models in All Scenarios and Sustainable Supply

CE5855GE

10G

CE6810

CE6870

CE6880

Low-end

(Layer 2)

Mid-range (VXLAN)

CE8860-4C-EI

Four subcards

CE8850-32Q-EI

High-end (large

buffer)

25G

40G CE7855

100G

CE6860-48S8CQ-EI

Extensible

Fixed

Medium

CE5855-48T4S2Q-EI

CE5855-24T4S2Q-EI

CE6870-48T6CQ-EI

CE6870-48S6CQ-EI

CE6870-24S6CQ-EI

CE6855-48S6Q-HI

CE6855-48T6Q-HI

CE6810-48S4Q-LI

CE6810-32T16S4Q-LI

CE7855-32Q-EI

CE6875

CE8861-4C-EI

CE6865-48S8CQ-EI

Large buffer,

MACsec

CE8850-64CQ-EI

CE6881-48S6CQ

CE6856-48T6Q-HI

CE6856-48S6Q-HI

The model in red can be

supplied continuously.

CE6875-48S4CQ-EI

CE6851-48S6Q-HI CE6855

4 GB large buffer,

100GE uplink

AI Fabric, 1588,

microsegmentation

Evolution stopped

Four subcards

Fixed

AI Fabric, microsegmentation

AI Fabric and 1588

100GE uplink

CE6863-48S6CQ

Note:

(1) CloudEngine 6881, CloudEngine 6863, and CloudEngine 6820: GA in September 30, 2019 GA.

(2) The models planned for V3R20C00 may change at any time. For the latest models, contact DCN product management personnel.

CE6820-48S6CQ

CE6856

Loopback on

interface cardMemory: 2

GB -> 4 GB 10GE optical downlink,100GE uplink

Medium (non-VXLAN)

Layer 3 functions

1U:CE8851-32CQ8DQ-P

CE6866-48S8CQ-P

CE6866-48S8CQ-PH

New Model in

V2R5C20Planning in V3R20C00

2 U: CE8852-96CQ-P

CE6880-24S4Q2C-EI10GE optical downlink

Page 17: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

GE 100GE 400GE40GE10GE

F series cardsCE-48XS-FD/FDA

FDA: Built-in 2*40GE,

2*100GE

CE-36LQ-FD

CE-24LQ-FDCE-12CQ-FD

CE-36CQ-FD

16

16

08

0404S

08S

CloudEngine12800/12800S

CloudEngine16800

CEL48XSFD-G

CEL24LQFD-G

CEL36LQFD-G

FD-G series cards

36-port SFU with N+1

redundancy

08

04

CEL18CQFD-G

CEL36CQFD-G

Note:

(1) CloudEngine 16804/CloudEngine 16808/CloudEngine 16816 and all its cards reach GA on September 30, 2019.

(2) The models planned for V3R20C00 may change at any time. For the latest models, contact DCN product management personnel.

CEL72XSHGA-P

CEL48XSHGA-P

48*25/10G+4*100G

72*25/10G+4*100G

CEL48CQHG-P

48*100G CEL36DQHG-P

36*400G

The model in red can be supplied continuously.New Model

in V2R5C20

Planning in

V3R20C00

-P series cards

Panorama of CloudEngine Modular Switches: Continuous Expansion in Installed Base Markets and

Steady Switching in New Markets

CEL48DQHG-P

48*400G

CE-L24XS-EC

CE-L48XS-EA/EC/ED/EF

CE-L04CF-EF

CE-L24LQ-EC1

CE-L48GS-EA

CE-L48GT-EACE-L48XT-ECE series cards

Page 18: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

SDN Baseline Networking of Category C Cards: Layer 3 Architecture Scenario

DC2

Spine

Server Leaf

Border leaf

Service leaf

Fabric gateway

M-LAG

Multi-active M-LAG

2. VAS device in

bypass mode

1. VAS device in

service mode

10/100GE servers are connected to uplink 100GE ports.

Device Role Device Model Selection Basis

Server leaf

10G server access

CloudEngine 6863-48S6CQ 25G server access

CloudEngine 16800

100G card recommended: CEL36CQFD-G and CEL18CQFD-G

40G card recommended: CEL36LQFD-G and CEL24LQFD-G

10G card recommended: CEL48XSFD-G

Spine CloudEngine 16800100G card recommended: CEL36CQED1-E and CEL18CQED1-E

40G card recommended: CEL36LQED1-E and CEL24LQED1-E

Border leafCloudEngine 16800

100G card recommended: CEL36CQED1-E and CEL18CQED1-E

40G card recommended: CEL36LQED1-E and CEL24LQED1-E

10G card recommended: CEL48XSED1-E

CloudEngine 6881-48S6CQ

Service leaf

(when there are

a large number

of NFV NEs or

VAS devices)

CloudEngine 6881-48S6CQ 10G VAS device access

CloudEngine 16800

VAS device access

100G card recommended: CEL36CQED1-E and CEL18CQED1-E

40G card recommended: CEL36LQED1-E and CEL24LQED1-E

10G card recommended: CEL48XSED1-E

Fabric gatewayCloudEngine 16800

100G card recommended: CEL36CQED1-E and CEL18CQED1-E

40G card recommended: CEL36LQED1-E and CEL24LQED1-E

10G card recommended: CEL48XSED1-E

CloudEngine 6881-48S6CQ

Combination of the border leaf node and

service leaf node

North-south gateways and VAS devices do not need to be

expanded.

In Layer 3 networking, border leaf nodes and spine nodes

are independently configured.

If the number of physical servers on the entire network exceeds

200 or the number of VMs exceeds 6000, you are advised to use

the three-layer architecture where border leaf nodes and spine

nodes are independently deployed.

Design principle:

The solution does not support automatic loop acknowledgment in loop detection, suspected loop reporting, or path detection based on ICMP packets. The solution

supports path detection based on TCP/UDP packets.

The solution in which FabricInsight is used supports IPv4 and does not support IPv6. The solution does not support overlay multicast or traffic statistics collection on

Layer 2 sub-interfaces.

Page 19: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudFabric N1 Software Package Covers All Scenarios, Hardware, and Features

Add-on software packageAI Fabric package

Security package (MACsec)

Intelligent network analysis value-added package (traffic analysis)

Telco cloud DC gateway package (NEs managed by Agile Controller-DCN)

N1 premier software packageAll functions of the Advanced software package

Intent assurance package...

CloudEngine hardware switch

CE switch hardware

N1 Advanced software packageAll functions of the Foundation software package

MPLS/SR and NSH-based SFC

V1R19C10: multi-DC automation (MDO)...

N1 Foundation software packageAll functions of the Management software package

Telemetry, VS, PTP (1588v2), and number of CE switches managed by Agile Controller-DCN

FabricInsight intelligent network analysis basic package (V1R19C00, only for the

CE16800&CE6800)

Value-added scenario function

Enterprise edition (future)

Agile Controller-DCN

Purchase or prepare the hardware platform

and operating system as required.

N1 Management software packageBasic software (Layer 2 or Layer 3 basic functions) + VXLAN + IPv6

NCE network device management license (V1R19C10)

Non-SDN scenario

Single-DC SDN scenario

SDN enhancement scenario (single-

DC enhancement and multi-DC)

FabricInsight

FabricInsight big data analytics platformAgile Controller-DCN software platform free

of charge

Purchase or prepare the hardware platform

and operating system as required.

CloudEngine 1800V

Software switch

N1 Advanced

software package (A)All functions of the

Foundation software

package

LB, NAT, DHCP, container

N1 Foundation

software packageBasic software,

CE1800V managed by Agile

Controller-DCN

+

+

+

+

CloudEngine

1800V

Sales of fixed devices: underlay and third-party

controller interconnection scenario

Add-on

software

package(AI Fabric,

MACsec, etc.)

Management

software package(The default value of

SnS is 0, excluding

new functions of the

software package.)

Hicaremaintenance

service

unchanged

Solution sales: Agile Controller-DCN + FusionInsight

Promotes Sales of Hardware Switches in Virtualization

and Cloud-Network Integration Scenarios

Advanced

software

package

(single-DC

enhancement

and multi-DC)

Foundation

software

package

(Single DC,

basic functions

of Agile

Controller-DCN

+ FusionInsight)

Package

(single-DC

enhancement

and multi-DC)

CE1800V Advanced software

package(One for each server, with 10 Gbit/s

traffic as the measurement principle)

Hicare

maintenance

service

unchanged

Hicaremaintenance

service

unchanged

Solution sales: CE1800V and Agile Controller-DCN Are

Sold as a Bundle in Container Interconnection Scenarios

Page 20: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Compared with the Traditional Model, the N1 Model Is Cost-Effective and Has More Flexible Functions

Commercial Comparison of Solution Sales Scenarios: Simplified Quotation, Low Price, and Flexible License Transfer (SnS)

Commercial Comparison of Pure Hardware Device Sales Scenario: New Hardware, More Functions, and Lower Price

CE6865 (22500) < CE6881 (20000 + Management software package 4500)

Bundle (36000) + software is the same as the old hardware, and the microsegmentation capability is stronger.

Model Description

Unit List

Price Quantity Total List Price

AC-DCN-SW PlatformAgile Controller-DCN software

platform 10,000 3 30,000

AC-DCN-SW Platform-

SnS-3Y

Three-year SnS of Agile Controller-

DCN software platform5,100 3 15,300

AC-DCN-FixedManagement of each fixed device

by Agile Controller-DCN11,800 50 590,000

AC-DCN-Fixed-SnS-3Y

Three-year SnS of management of

each fixed device by Agile

Controller-DCN

6,018 50 300,900

CE68-LIC-VXLANCloudEngine 6800 VXLAN

Function8,000 50 400,000

CE68-LIC-TLM CE6800 Telemetry Function 6,000 50 300,000

Total 1,636,200

Model DescriptionUnit

PriceQuantity

Total List

Price

N1-CE68LIC-CFFDN1-CloudFabric Foundation SW License for

CloudEngine 68009,900 50 495,000

N1-CE68CFFD-SnS1YN1-CloudFabric Foundation SW License for

CloudEngine 6800-SnS-1 Year1,980 150 297,000

Total 792,000

Cost-effective price and simple quotation: The controller platform is free of charge, which reduces the

threshold for using the solution. The total list price of a single TOR N1 software package is reduced by

40% compared with the traditional model. For example, in the case of 50 TOR switches, the total list price of

the N1 model is reduced by 50% compared with that of the traditional model, which is the same as that of CE

switches. The order placement process is simpler.

Flexible license transfer to protect customers' investment. The license is more flexible. The software

used on the old hardware can be switched to the new hardware that is upgraded based on the old

hardware, building customer loyalty. The customer does not need to purchase the software again,

which protects the customer's software investment.

Traditional Model N1 Model

Model Description List Price

CE6857-EI-B-B0B

CE6857-48S6CQ-EI switch(48*10GE SFP+,6*100GE

QSFP28,2*AC power modules,4*fan modules,port-side

intake)

18900

CE68-LIC-VXLAN CloudEngine 6800 VXLAN Function 8000

Model Description List Price

CE6881-48S6CQ-BCE6881-48S6CQ-B switch (48*10G SFP+, 6*100G QSFP28, 2*AC

power modules, 4*fan modules, port-side intake)14400

N1-CE68LIC-CFMMN1-CE68LIC-CFMM,N1-CloudFabric Management SW License for

CloudEngine 168004500

Traditional Model N1 Model

The hardware price of new models is gradually shifted to software. In the project, try to persuade customers to configure VXLAN on uplink 100G ports. The CE6820 is recommended in non-

VXLAN scenarios. The CE6820 has a lower price than the CE6881.

The N1 Foundation software package is recommended if required functions are not included in the Management software package.

Commercial Comparison: N1 Management software package ($4,500) + Telemetry ($6,000) > N1 Foundation software package ($9,900)

Page 21: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

100GE 400GE40GE10GE

48*10GE 36*40GE 36*100GE

18*100GE24*40GE

48*100GE 36*400GE

16

CE16800

08

04

GA on September 30, 2019

72*25/10+6*100GE

48*25/10+4*100GE

GA on July 30, 2019

48x10G

48*10G FD

FD1:Support 25G;

IEEE 1588V2

FG:4M FIB

Uplink 2*40GE+2*100GE

36*40G FD

24*40G FD

12*100G FD 36*100G FD

24 GB buffer8 GB buffer

16*100G FD

8*100G FG

36*100G FG

16 GB buffer,

2 MB FIB

16 GB buffer, MACsec

IEEE 1588v2

4 GB buffer,

MACsec, 2 MB FIB

16

08

0404S

08S

CE12800/CE12800S

36*100G SD

64 MB buffer,

Cost-effective

18*40G+18*100G

V2R5C20

V3R20C00

CloudEngine 16800 Roadmap

48*400GE POC

V3R20C00 has not passed the PDCP, and the roadmap planning may change. Therefore,

V3R20C00 cannot be used as a formal commitment to customers.

Page 22: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

CloudEngine TOR Switch Roadmap

~2018

10G

25G

40G

100G

400G

GE CE5855

CE6851

CE6856

CE6880

High

(Large buffer)CE6870 CE6875

ENP

CE6860

CE7855

CE8850-32

CE8860

CE6865

CE8861

CE8850-64

CE5880

CE6857

25G, AI Fabric, 1588,

microsegmentation

GE VXLAN

Low (Layer 2)

Middle

V2R5C20

2019 2020

CE6810

CE6881

CE6863

CE6820

GA on September 30, 2019

2020.7.30GA

CE8851: 32*100+8*400GE

CE8852: 96*100GE

V3R20C00

CE6866 HI: 48*25+8*100GE

CE6866: 48*25+8*100GE

V3R20C00 has not passed the PDCP, and the roadmap planning may change. Therefore,

V3R20C00 cannot be used as a formal commitment to customers.

Page 23: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

RDMA Effectively Improves Throughput and Reduces Latency, but Current Network Bearer Solutions Have Disadvantages

Challenges: Packet loss: The packet loss rate of 1% decreases the RoCE throughput from

100% to 0. However, packet loss on traditional Ethernet networks in best-effort (BE) mode is inevitable.

Introduction to RDMA/RoCE

Technical description: RDMA technology implements kernel bypass and zero copy of the buffer,

provides RDMA read/write access between remote nodes, and implements the control plane protocol in the NIC hardware.

RDMA technology is used in HPC, distributed storage, and AI scenarios to reduce the CPU load and latency, greatly improving the application performance.

RoCEv2 migrates RDMA traffic to the ETH/IP network. In this way, the ETH/IP network supports HPC, distributed storage, and AI application deployment, and is required to provide the same network performance as memory access.

vs.

RDMA over InfiniBand

Advantage: Zero packet loss, low latency, and high throughputDisadvantage: Manual O&M performed by dedicated personnel, high cost

Proprietary Technology, Dedicated Network

RDMA over CEE (current)

Advantage: SDN automation, low priceDisadvantage: High latency and low throughput

Open Ethernet, Converged Network

Current RDMA Network Bearer Solutions (IB vs. CEE)

IB CEE

Performance High Low

O&M Difficult Easy

Price High Low

Scale Small Ultra-large

OthersDedicated

network

Cloud-

network

synergy

Page 24: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Dynamic ECN: Local device-level intelligence (implemented by the intelligent chip)

Question:Statically configured thresholdStatic queue type

• Set priorities through multiple queues• Prevent packet loss through PFC

backpressure• Use ECN to notify the transmit end to

avoid congestion

ECN thresholdPFC threshold

Basic Flow Control Model

Queue

AI ECN: Global network-level intelligence (optimal application experience)

The CPU sensitivity is a key indicator.

Set the optimal threshold based on the current traffic model.

The queue type and threshold are the key.

Application-based priority queues are generated based on application requirements.

AI chip

Application-oriented optimal queue on the entire network

Local optimal threshold based on intelligent chip detection

Set the optimal threshold based on the current traffic model.

Local optimal threshold based on CPU’s dynamic ECN

CPU

LSW chip

Static ECN: Local device-level intelligence (implemented by the CPU)

November 2019

The threshold is setted by CPUStatic ECN performance: 50% higher than that

of other vendorsStatic ECN performance: 30% higher than that

of other vendors

AI Fabric Implements Zero Packet Loss, Low Latency, and High Throughput Based on the Ethernet to Meet Service Requirements in the AI Era

CloudEngine 6865/8850/8861 CloudEngine 16800Mainstream solutions in the industry

CPU

LSW chip

Intelligent chip

Page 25: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Five Scenarios of CloudFabric Solution: Based on Whether the Controller

and Cloud Platform Are Available

FusionSphere Third-party OpenStack

Scenario 3: computing and hosting with the controller but no cloud platform

Scenario 4: Cloud platform, third-party controller, and OpenStack interconnection

Network administrator

Computing administrator

Network administrator

Service administrator

Remarks: The network overlay supports centralized and distributed deployment. The distributed solution is recommended. The centralized mode does not continue to evolve. The hybrid overlay supports only the distributed mode.

Network overlay Network overlayHybrid overlay

System Center/vCenter

Network overlay Network overlay

Scenario 2: Cloud platform and third-party controller

Scenario 1: Underlay, without the cloud platform or controller

Network administrator

Underlay

CloudEngine Layer 2 VTEP

VMware NSX controller

Third-party configuration toolssuch as Ansible or Microsoft Azure

Service administrator

Network overlay extensionCloudEngine 1800V

ComputingHosting

Cloud platform and network association

Container platform and network association

Scenario 5: Cloud platform, third-party controller, and container cloud interconnection

Kubernetes

Agile Controller-DCNSecoManager

Agile Controller-DCNSecoManager

Agile Controller-DCNSecoManager

New

ContainerOverall Intent SummarySFC Microsegmentation

Page 26: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Features of the CloudFabric Solution in Five Scenarios

Item Functional Unit Network Virtualization Cloud-Network Integration Container Cloud

Cloud

management

platform

Cloud management

platform

Hosting

(No cloud platform)

Microsoft

System Center

VMware

vCenterFusionSphere

Third-party

OpenStackKubernetes

Controller

Active/Standby controller

clusterSupported Supported Supported

Supported SupportedNot supported

RTT of remote controller

cluster < 50 ms (less

than 250 km)

Supported Supported Supported Supported Supported Supported

L2-L3 network

Overlay mode Network overlay Network overlay Network overlay Network overlayNetwork overlay

Hybrid overlay

Network overlay

Extend

ZTP User-defined, wizard-based, and one-click ZTP

Intent Pre-event simulation, resource and connection verification, and device fault impact analysis

IPv6 Supported Supported Supported Supported Supported Not supported

L4-L7 security

IPv4 microsegmentation

(new models) Supported Supported Supported Supported Supported Not supported

IPv4 SFC Supported Supported Supported Supported SupportedNot supported

Server access Type N/A Microsoft Hyper-V VMware ESXiFusionCompute

BMSKVM Container

DCI Interconnection type IPv4 L2&L3 IPv4 L2&L3 IPv4 L2&L3 IPv4 L2&L3 IPv4 L2&L3 IPv4 L2&L3

The texts in red refer to new functions in V1R19C00.

ContainerOverall Intent SummarySFC Microsegmentation

Page 27: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Inline deployment causes complex configuration of the control plane.

Diversified policies are deployed, and ACLs become the bottleneck.

NSH: NSH Copes with Challenges Brought by Diversified DC Security to the Network

• The switch needs to eliminate the ACL bottleneck.

• Security policies need to be configured on the GUI.

• Security devices are pooled, implementing scaling on demand.

The security service is coupled with the physical topology, leading to low scalability.

App 1 App 2 App n……

QoS, routing, O&M, and security policies

Static traffic diversion depends on the physical topology

ContainerOverall Intent SummarySFC Microsegmentation

Page 28: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

NSH-based SFC in the CloudFabric Solution Solves the ACL Bottleneck of Switches

VMWAN

SFP 1

VAS resource pool

VM resource pool

External network

PBR-based forwarding3 ACL rules3 policy-based routes

ACL entry bottleneck

NSH VAS resource pool supported

VM resource pool

External network

NSH-based forwarding

One ACL ruleOne policy-based route

PBR depends heavily on ACL entries. NSH overcomes entry restrictions.

Add the NSH

Solution 1

NSH added

Original packet

Solution 2

Case 1: At a bank, PBR and antivirus preempt ACLs. As a result, ACLs are insufficient and services fail to be provisioned (due to conflicts with security policies).

Case 2: A financial institution deploys microsegmentation and traditional PBR. As a result, the ACL overflow function fails (due to conflicts with microsegmentation).

Solution benefits: Traffic is forwarded based on the SPI in the NSH, which does

not consume ACLs. Compatibility with the live network: The solution supports

two modes: NSH aware and unware (proxy). The number of ACLs is reduced by more than half.

VMVMVM

OVS

VMVMVM

OVS

NSH VAS resource pool not supported

ContainerOverall Intent SummarySFC Microsegmentation

Page 29: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

NSH-based SFC in the CloudFabric Solution Provides Standard Interconnection

and Delivers Simplified and Efficient VAS Orchestration

Note: The proprietary SFC solution of some vendors in the industry uses the VXLAN extended field to identify the SPI and cannot interconnect with third parties, forming closed ecosystem.

Service leaf

VM8Internet

SFP 2

VM5VM2

SFP 1

VAS resource pool

Simplified deployment

Defining SFC in drag-and-drop

mode

Flexible orchestration

Full decoupling from the fabric

Efficient forwarding

The ACL consumption is reduced

by more than half.

Solution implementation:

The RFC-compliant NSH solution replaces the traditional PBR solution.

Agile Controller-DCN globally configures the NSH to identify the service path.

Traffic is forwarded based on the NSH at each hop. NSH-based SFC uses an

independent forwarding table, which does not consume ACLs.

Product selection:

CloudEngine CE5880, CloudEngine 6880CloudEngine 6881, CloudEngine

6863, CloudEngine 12800E, CloudEngine 16800

Highlights:

Standard SFC: complies with RFC, provides good interoperability, and

maintains compatibility with third-party NSH devices.

Large specifications: The chip supports 20K SFC entries, which is two times

higher than commercial chip.VMVMVM

OVS

Resource pooling deployment

ContainerOverall Intent SummarySFC Microsegmentation

Page 30: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Traditional isolation brings traffic bypassing.

Traditional security depends on different service partitions.

Microsegmentation Copes with Challenges Caused by Diversified DC Security

• Cloud sharing and security isolation create a conflict.

• Access switches support security isolation. • Switches need to eliminate the ACL bottleneck.

Due to diversified isolation policies, ACLs become scarce resources.

Web App Database

Externalnetwork Untrusted

Source: Forrester Research

Zero-trust security model was proposed in

2012.

Internalnetwork

Segmentation

Subnet

Microsegmentation

VM name/Container

Discrete IP address

Spine

VTEP

VMVMVM

OVS

Server leaf

VTEP

VMVMVM

OVS

Server leaf

ContainerOverall Intent SummarySFC Microsegmentation

Page 31: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

VM name = Web*

Microsegmentation solves the problem of the zero-trust security model. Compared with the zero-trust security model, microsegmentation provides security isolation in a more fine-grained manner. It covers physical machines and addresses east-west security issues.

Microsegmentation Provides Fine-grained Security Isolation

SegmentationMicro

Microsegmentation

SubnetVM name/Container

Discrete IP address

OS typeOrganization

name

Web 1 Web 2

Web 3 Web 4

Security group = App

App 1 App 2

App 3 App 4

Operating system = Linux

Linux Linux

Linux Linux

IP

IP1=10.0.0.1

IP2=10.0.0.2

MAC

MAC1=11-

11-11

MAC1=22-

22-22

VLAN=10

DB1 DB2

DB3 DB4

ContainerOverall Intent SummarySFC Microsegmentation

Page 32: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Microsegmentation Solves the ACL Bottleneck of Switches

VM

Microsegmentation

VAS resource pool

VM resource pool

External network

Divert traffic to the firewall3 ACL rules3 policy-based routes

ACL entry bottleneck

VM resource pool

External network

Microsegmentation-based isolation0 ACL rule0 microsegmentation policy

PBR depends heavily on ACL entries. Microsegmentation overcomes entry

restrictions.

Solution 1 Solution 2

Case 1: At a bank, PBR and antivirus preempt

ACLs. As a result, ACLs are insufficient and

services fail to be provisioned (due to conflicts

with security policies).

Solution benefits:

Microsegmentation used to isolate east-west

traffic on switches instead of firewalls

VMVMVM

OVS

VMVMVM

OVS

VM resource pool

VMVMVM

OVS

VM

ContainerOverall Intent SummarySFC Microsegmentation

Page 33: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

OpenStack

Microsegmentation Provides East-West Security Isolation in a Fine-grained Manner

Server leaf

VTEP

Server leaf

Spine

Server leaf

VMVMVM

OVS

Border leaf

VTEP

VMVMVM

OVS

Server leaf

VTEP

BM

FusionSphere

Interconnection with FusionSphere

Interconnection with OpenStack

Product selection:

Microsegmentation-supported models: CloudEngine 6880, CloudEngine 6881, CloudEngine

5880 (sold only outside China), CloudEngine 6857, CloudEngine 6865, CloudEngine 8861, and

CloudEngine 8868.

VTEP

VMVMVM

OVS

①North-south isolation

②East-west isolation

Unified isolation

Microsegmentation implements the zero-trust security model. It provides security

isolation based on discrete IP addresses and VM names, and covers PMs. It can

uniformly isolate traffic of VMs and BMs.

Large specifications

The mask length of the EPG member is not limited. Each EPG of the commercial chip

supports a maximum of three mask lengths.

Efficient forwarding

Microsegmentation has a unique value in mutual access control scenarios that have

high forwarding efficiency and low security requirements. There is no traffic bypassing

problem, and the forwarding performance is not a bottleneck.

(Secondary orchestration)

ContainerOverall Intent SummarySFC Microsegmentation

Page 34: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

Intelligent O&M: FabricInsight Provides Specified Flow Analysis, Edge Intelligence + Cloud Training, and 100% Traffic Visualization

Switch-based load balancing

Collector

Collector

SNMP: device managementERSPAN: full flowsgRPC: performance indicatorsNetStream v9: specified flows

Big Data

Query

Filter

Aggregation

TCPVisualized

FabricInsight

UDP RoCE

1

2

Distributed intelligenceSwitches provide edge intelligence, and analyze flows and send them to the cloud for processing. The analyzer configuration is reduced by five times.Device Type(V1R19C10): CloudEngine 6881, CloudEngine 6863, CloudEngine 16800。Device Type(V1R19C00):CloudEngine 6865, CloudEngine 8850-64CQ, CloudEngine 6857,CloudEngine 12800。

TCP Fine-grained capabilityFabricInsight analyzes all packets of a specified flow and displays the network quality on the GUI.CloudEngine 6800, CloudEngine 7800, CloudEngine8800,CloudEngine 12800, CloudEngine 16800

Multi-protocol processing capabilityDistributed flow awareness based on Telemetry and multi-protocol full-data packet analysis (TCP/UDP/RoCE)

Co-processor, edge intelligence

Cloud training

Page 35: Roadshow DC + Agile Controller · VM 1 VM 2 VM 3 1.1.1.1 1.1.1.2 1.1.1.3 VM 4 VM 5 VM 6 2.2.2.1 2.2.2.2 2.2.2.3 As Is: Subnet-based isolation To Be: VM-level isolation Fine-grained

СПАСИБО!