Got it

HCIP-Cloud Computing | Network Virtualization Features

Latest reply: Aug 9, 2022 13:57:01 298 24 11 0 0

Hello, everyone!

In this post, I will cover FusionCompute network virtualization features, including three DVS modes, Layer 2 network security policies, broadcast packet suppression, security groups, network port binding, and network QoS.

Huawei Virtual Switching Mode

Huawei virtual switches provide the following virtual switching modes: Common mode, Single Root I/O Virtualization (SR-IOV) mode, and user mode.


virtual switch mode


Common mode: In this mode, a VM has two vNICs, frontend vNIC and backend vNIC. The frontend vNIC connects to a virtual port of the virtual switch. VM network packets are transmitted between the frontend and backend vNICs through an annular buffer and event channel, and forwarded by the virtual switch 

connected to the backend vNIC.

SR-IOV: SR-IOV is a network I/O virtualization technology proposed by Intel in 2007 and is now a PCI-SIG standard. A physical NIC that supports SR-IOV can be virtualized into multiple NICs for VMs and it seems that the VMs enjoy an independent physical NIC. This improves network I/O performance compared with 

software virtualization and requires fewer hardware NICs compared with PCI Passthrough.

User mode: DPDK, a collection of databases and drivers, is used to quickly process data packets on the x86 platform. It uses multiple technologies, including the bypass kernel protocol stack at the abstraction layer, uninterrupted packet sending and receiving in polling mode, memory/buffer area/queue management optimization, and load balancing among multiple NIC queues and data flows, achieving a high packet forwarding rate in the x86 processor framework and improving VM network performance.

The user-mode switching mode supports Intel 82599ES, Intel XL710, and Mellanox MT27712A0 NICs.

Network Security Policies

1. Layer 2 Network Security Policies

Layer 2 network security policies are in place to prevent IP or MAC address spoofing and DHCP server spoofing for user VMs.


port group


IP-MAC address binding prevents IP address or MAC address spoofing initiated by changing the IP address or MAC address of a VM NIC, and thereby enhances the network security of user VMs. Packets from unknown sources are filtered through the IP Source Guard and dynamic ARP inspection (DAI) based on IP-MAC address binding.

DHCP quarantine blocks users from unintentionally or maliciously enabling the DHCP server service for a VM, ensuring common VM IP address assignment.

2. Broadcast Packet Suppression

In server consolidation and desktop cloud scenarios, if broadcast packet attacks occur as part of network attacks or virus attacks, network communication may be impacted. If this occurs, broadcast packet suppression can be enabled for virtual switches.

Virtual switches support suppression of broadcast packets sent from VM ports and the suppression threshold can be configured. You can enable the broadcast packet suppression switch of the port group where VM NICs locate and set thresholds to reduce Layer 2 bandwidth consumption of broadcast packets

The administrator can configure the broadcast packet suppression switch and packet suppression bandwidth threshold based on port groups of virtual switches.

3. Security Group

Users can create security groups based on VM security requirements. Each security group provides a set of access rules. VMs that are added to a security group are subject to the access rules of the security group. When creating VMs, users can add VMs to security groups for security isolation and access control.


Security Group


Trunk Port


trunk port


  • A vNIC communicates with a virtual switch through virtual ports.

  • vNIC ports can be configured as virtual trunk ports to carry traffic tagged with specified VLAN IDs.

Network QoS


network qos


Users can set a network QoS policy for bandwidth configuration control.

  • Bandwidth control based on the sending direction and receiving direction of a port group member.

  • Traffic shaping and bandwidth priority configured for each member port in a port group.


Network Port Binding


network port binding


Host network port binding:

  • Administrators can bind network ports of CNA hosts on FusionCompute to improve network reliability.

  • Port binding can be configured for common NICs and DPDK-driven NICs.


The following binding modes are available for common NICs:

  • Active/standby.

  • Polling.

  • Load balancing based on source and destination IP addresses and ports.

  • Load sharing based on source and destination MAC addresses.

  • MAC address-based LACP.

  • IP address-based LACP.

The following binding modes are available for DPDK-driven NICs: 

  • DPDK-driven active/standby.

  • DPDK-driven LACP mode based on source and destination MAC addresses.

  • DPDK-driven LACP mode based on source and destination IP addresses and ports.


For more details, see HCIP-Cloud Computing.


The post is synchronized to: HCIP - Cloud Computing

  • x
  • convention:

xianxian
Created Jul 26, 2022 10:50:11

Thanks for your sharing!
View more
  • x
  • convention:

olive.zhao
olive.zhao Created Jul 28, 2022 01:07:38 (0) (0)
 
user_4794745
Created Jul 26, 2022 19:35:35

helpful
View more
  • x
  • convention:

olive.zhao
olive.zhao Created Jul 28, 2022 01:07:45 (0) (0)
Thanks!  
MahMush
Moderator Author Created Jul 28, 2022 10:23:28

let me tell you the Seven Properties of Network Virtualization...

1. Independence from network hardware. 

2. Faithful reproduction of the physical network service model. 

3. Follow the operational model of compute virtualization. 

4. Compatible with any hypervisor platform. 

5. Secure isolation between virtual networks, the physical network, and the control plane.

6.  Cloud performance and scale

7. Programmatic network provisioning and control



View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
Thanks for your sharing!  
thisu
Created Jul 28, 2022 11:08:51

Good share
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
Thanks!  
wissal
MVE Created 6 days ago

Very interesting to know, learned
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
Thanks!  
user_4751675
Created 6 days ago

Very educative i will learn more than i expected.
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
We study together.  
NTan33
Created 6 days ago

A good overview article.
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
Thanks!  
hanhcao
Created 6 days ago

Good one
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
Thanks!  
vladislavzh
HCIE Created 6 days ago

HCIP-Cloud Computing | Network Virtualization Features-5168461-1
View more
  • x
  • convention:

olive.zhao
olive.zhao Created 5 days ago (0) (0)
 
12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.