Got it

HCS8.0.3 Captain Secret Scripts !Part 1 Understanding the Network Plane Highlighted

Latest reply: May 12, 2022 08:52:02 684 17 9 0 0

Welcome to the Star Ring Spacecraft. Follow Captain T to explore the secrets of Huawei Cloud Stack.Captain T is worth watching.


Now, the captain will lead you on today's exploration.


This trip preliminarily understands the HCS network plane.


Two concepts need to be explained first:

   This is the content of the network, but it is important for us to understand HCS.

    1. Virtual Routing and Forwarding (VRF):

     A VRF can be regarded as a VM that has its own ports, protocols, and routing tables. VRF and VRF are independent of each other. If routes need to be transmitted between VRFs, you need to use leaking or use other devices to connect the routing information of the two VRFs.

    2. Network plane: 

    network plane used in cloud computing. In essence, various functional components of the cloud platform are isolated using VRF.

    Note: Do not confuse the network plane with the VPC. Actually, the VPC function logic in cloud services is implemented on a physical     network plane (telnet).


Okay, let's get started.

1.First, obtain a HCS8.0.3 design guide and open the LLD template.

HUAWEI CLOUD Stack 8.0.3 Integration Design Suite 05- Huawei

get

Open document "02 HUAWEI CLOUD Stack 8.0.3 LLD Template (Region Type I) 04" observation

The following plan is displayed on the IP/VLAN tab page.

table

What does that mean? Don't worry.


Expansion:

Why are network planes divided? Why are VRFs used?

If we need to meet the requirements shown in the following figure, how to achieve this.

vrf

Access control, isn't that what flow control can do? Yes, that's perfectly fine.

However, if the server is constantly changing, users are distributed anywhere. Using flow control can become cumbersome.

For example, there are 10 types of videoconferencing and surveillance, and the number of users increases at any time. Using VRF in this case is very good.

We put service groups of the same type or permission into a VRF. The routing information is delivered to different user access points. then a very flexible, controllable connection will be formed.

See the following figure.

vrf2

Control from the network layer makes isolation clearer and more flexible.


The implementation of the HCS network plane is similar to the preceding logic. One type of function is VRF. Very flexible and secure controls can be achieved.

 

Now that we know that network planes are divided by function, let's look at some key planes.

DMZ_Service: Basic public services provided by the cloud platform for VMs, such as APIGW

External_OM: public services of basic functions of the cloud platform, such as NTP and FTP/Syslog servers.

Internal_Base: It allows PXE traffic.

External_Relay_Network:  It's the most mysterious of all network planes. It seems that all traffic can pass through it. Spoiler alert: The implementation is the simplest.

Tunnel_bearing: VM interworking traffic passes through this plane unless VMs are deployed on the same host. This plane is the most complex plane. Many cloud service networking solutions are thinking about how to convert or connect traffic on this plane.

    Note: For details about the functional components of each plane, see the LLD.


Okay, back to the whole thing.

    -The Network Plane column is the network plane in the HCS.

    -The VRF column describes the VRFs on the physical network, that is, the VRFs mentioned in the basic concepts in the preceding paragraph.

                Important: If you want to clearly plan the network model in designing cloud services, you better 

        understand the underlying isolation and control logic.



2. Let's sort it out.

By collating the information in the LLD, we can obtain the following relationships.

plan

It's clear that.


Based on the characteristics of VRF, the following basic conclusions can be drawn:

1)The External_OM, Internal_Base, Service_Storage_Data, and DC_VPC_GW planes can communicate with each other.

2DMZ_Service and DMZ_Service_Advance communicate with each other naturally.

3External_Relay_Network does not communicate with any plane.

Spoiler alert: The Tunnel_bearing plane does not try to think about how to communicate with other planes, because the Tunnel_bearing plane is completely uninteroperable from the physical bottom. The traffic on this plane is special, it is VXLAN traffic.


3.All right, now we see Captain T's three secrets

Captain T's Secret Book #1: How to Understand the HCS Network Plane?

1)  How it is implemented: The isolation mode of the cloud platform network plane is to enable VRF on the core switch. VRF can be regarded as a virtual machine (VM) that is completely isolated from each other. It has its own routing table, interface, and protocol. If VRFs need to communicate with each other, static routes need to be created in the same way as two physically isolated routers can communicate with each other. This route between two VRFs is called route leaking. Leakage is a protocol-independent method of routing control. Static routing ospf and IS-IS can be penetrated in their own way.

2)  The network planes on the cloud platform do not correspond to the VRFs of physical devices. For details about the mapping, see the IP/VLAN planning in the LLD.


Captain T's Secret Book #2: How to Understand Storage on the Management Plane?

From the perspective of a system foundation, storage and management are the most important. If the two accesses are faulty, the functions cannot be implemented and services cannot be implementedTherefore, these two planes are placed in the same VFR and they can naturally communicate with each other in the same VRF. It's like a router routing between different subnets.


Captain T's Secret Book #3:How to Understand the DMZ_Service Plane?

This plane places the functions that HA-Proxy, SDR, AS-Service, RTS-Service, PUB-DB, DMK, and SMN-Service which are all functional components that belong to the cloud platform and are to be provided both for the cloud platform and also for the user-plane VMs. This is like some server feature set.


The network planes on the cloud platform are not directly isolated. They are related to each other. This page describes that relationship.


Thinking:

1. Now we have seen the relationship between the planes in isolation. If you need to communicate between planes, what should you do? For example, how does ROMA communicate with NTP.


Lock Captain T.

 

Content preview:

How to communicate with cloud platform components;

How does the cloud platform component communicate with external systems?

How to understand the External_Relay_Network (internal network) and its functions.

How are many VPCs achieved with one VRF?

Where is VXLAN used? What is the use of EVPN?

How to understand Tunnel_bearing and its function?

EIP Implementation Principle

Differences between EIP, Direct Connect, and Enhanced Direct Connect

How Do I Plan HyperMetro Between Two Regions?

...... ……


  • x
  • convention:

little_fish
Admin Created Mar 10, 2022 01:21:44

Thanks dear.
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:18:24 (0) (0)
 
user_4453351
Created Mar 10, 2022 03:32:58

Excellent
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:19:38 (0) (0)
It's nice to have your approval.  
DienLg
Created Mar 10, 2022 05:12:24

Thanks for sharing
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:18:44 (0) (0)
It's nice to have your approval.  
Saqibaz
Created Mar 10, 2022 06:26:53

Thanks for sharing
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:19:28 (0) (0)
It's nice to have your approval.  
MahMush
Moderator Author Created Mar 20, 2022 04:30:24

great work
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:19:19 (0) (0)
Thank you.  
user_4358465
Created Mar 25, 2022 10:22:29

Excellent share on the topic of HCS network plane
View more
  • x
  • convention:

Captain,T
Captain,T Created Mar 26, 2022 03:19:04 (0) (0)
It's nice to have your approval.  
user_4354233
Created May 6, 2022 08:49:38

Perfect documentation

View more
  • x
  • convention:

Farinaahmed
Created May 6, 2022 09:37:37

Thanks for sharing.
View more
  • x
  • convention:

kita
Created May 6, 2022 10:59:33

Good share
View more
  • x
  • convention:

12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.