云计算的网络资源

1、1 虚拟化的基本概念，实现虚拟化的技术2021年7月了解网络虚拟化的基本概念、含义 了解云计算中的虚拟网络框架及主要模块 了解虚拟局域网VLAN和虚拟存储区域网络VSAN了解云计算中的虚拟网络管理主要关键技术网络虚拟化（讲）It is a process of logically segmenting or grouping physical network(s) and making them operate as single or multiple independent network(s) called “Virtual Network(s)”. Network Virtualiza

2、tionEnables virtual networks to share network resources（使虚拟网络共享网络资源）Allows communication between nodes in a virtual network without routing of frames（允许在虚拟网络中的节点之间进行通信，而不需要使用帧的路由）Enforces routing for communication between virtual networks（虚拟网络中的通信执行路由）Restricts management traffic, including Network

3、Broadcast, from propagating to other virtual network（限制管理业务，包含网络广播，传播到另一个虚拟网络）Enables functional grouping of nodes in a virtual network （使网络中节点的功能分组）Virtualized Data Center Networking3云计算中的虚拟网络（讲）Involves virtualizing physical and VM networksVirtualized Data Center Networking4PNIC Physical NICStorag

4、e ArrayPhysical NetworkClientPhysical ServerPNICPhysical ServerPNICHypervisorHypervisorConsists of following physical components:4Network adapters, switches, routers, bridges, repeaters, and hubsProvides connectivity 4Among physical servers running hypervisor4Between physical servers and clients4Bet

5、ween physical servers and storage systemsPhysical Network云计算中的虚拟网络(contd.)（讲）Virtualized Data Center Networking5PNIC Physical NICVNIC Virtual NICStorage ArrayPhysical NetworkClientVNICPhysical ServerPNICVNICVNICHypervisor KernelVM NetworkVNICPhysical ServerPNICVNICVNICHypervisor KernelVM NetworkResi

6、des inside physical server Consists of logical switches called “virtual switches”Provides connectivity among VMs inside a physical serverProvides connectivity to Hypervisor kernelConnects to physical networkVM Network云计算中的虚拟网络 (contd. 2)（讲）VM and physical networks are virtualized to create virtual n

7、etworks; for example: virtual LAN, virtual SANVirtualized Data Center Networking6PNICVirtual Network 2Virtual Network 1Physical SwitchVirtual SwitchVNICPNICPNICPNICVNICPhysical SwitchVNICVNIC VM3 VM4 VM1 VM2Virtual Switch网络虚拟化的主要工具（讲）Virtualized Data Center Networking7Physical switch Operating Syste

8、m (OS)OS must have network virtualization functionalityHypervisor虚拟机管理程序Uses built-in networking and network virtualization functionalitiesTo create virtual switch and configuring virtual networks on itOr, uses third-party software for providing networking and network virtualization functionalitiesT

9、hird-party software is installed onto the hypervisor Third-party software replaces the native networking functionality of the hypervisor网络虚拟化的优点（讲）Virtualized Data Center Networking8BenefitBenefitDescriptionDescriptionEnhances security提高安全性 Restricts access to nodes in a virtual network from another

10、 virtual network Isolates sensitive data from one virtual network to anotherEnhances performance Restricts network broadcast and improves virtual network performanceImproves manageability Allows configuring virtual networks from a centralized management workstation using management software Eases gr

11、ouping and regrouping of nodes Improves utilization and reduces CAPEX Enables multiple virtual networks to share the same physical network, which improves utilization of network resource Reduces the requirement to setup separate physical networks for different node groups云计算中的虚拟网络框架虚拟网络的组成（讲）VDC net

12、work infrastructure includes both virtual and physical network components4Components are connected to each other to enable network traffic flowVirtualized Data Center NetworkingComponentComponentDescriptionDescriptionVirtual NIC Connects VMs to the VM network Sends/receives VM traffic to/from VM net

13、workVirtual HBA Enables a VM to access FC RDM disk/LUN assigned to the VMVirtual switch Is an Ethernet switch that forms VM network Provides connection to virtual NICs and forwards VM traffic Provides connection to hypervisor kernel and directs hypervisor traffic: management, storage, VM migration P

14、hysical adapter: NIC, HBA, CNA Connects physical servers to physical network Forwards VM and hypervisor traffic to/from physical networkPhysical switch, router Forms physical network that supports Ethernet/FC/iSCSI/FCoE Provides connections among physical servers, between physical servers and storag

15、e systems, and between physical servers and clients10典型的网络互联和数据流 场景1（讲）Physical serverVirtual Switch(Ethernet)PNICNAS/iSCSI Storage ArrayHypervisor KernelVM1VM2VM3VNICVNICVNICPhysical Switch(Ethernet)Traffic type: VM Management IP storage VM migrationTraffic type: Management IP storage VM migrationT

16、raffic type: VMClientsPhysical ServersVirtualized Data Center Networking11典型的网络互联和数据流 场景2（讲）Virtualized Data Center NetworkingPhysical serverVirtual Switch(Ethernet)FC/iSCSI Storage ArrayVM1VM3VNICVNICFC / iSCSI HBAPhysical Switch(FC/Ethernet)PNICVM2VNICHypervisor KernelPhysical Switch(Ethernet)Traf

17、fic type: VM Management VM migrationTraffic type: FC or iSCSI storageTraffic type: Management VM migrationTraffic type: VMClientsPhysical Servers12典型的网络互联和数据流 场景3Virtualized Data Center NetworkingPhysical serverVirtual Switch(Ethernet)CNANAS/FC/iSCSI Storage ArrayVM1VM3VNICVNICHypervisor KernelVM2VN

18、ICPhysical Switch(FCoE)Traffic type: VM Management FC/IP storage VM migrationTraffic type: VMTraffic type: IP storage Management VM migrationTraffic type: FC storageClientsPhysical Servers13虚拟网络构成 虚拟网卡（Virtual NIC）（讲）Connects VMs to virtual switchForwards Ethernet frames to virtual switch Has unique

19、 MAC and IP addressesSupports Ethernet standards similar to physical NICVirtualized Data Center Networking14虚拟网络构成 虚拟HBA卡（Virtual HBA）（讲）Enables a VM to access FC RDM disk/LUN assigned to the VMConfigured using N_Port ID Virtualization (NPIV) technology Single physical FC HBA or CNA port (N_port) to

20、 function as multiple virtual N_ports, each with its own WWNA virtual N_port acts as a virtual HBA port Hypervisor kernel leverages NPIV to instantiate virtual N_ports Assigns the virtual N_ports to the VMsEnables zoning and LUN masking at VM levelVirtualized Data Center Networking15Physical ServerS

21、torage ArrayPhysical HBAFabric SwitchVirtual HBAVirtual HBAVirtual HBA虚拟网络构成 虚拟交换机（Virtual Switch）（讲）Is a logical OSI layer 2 switch that supports Ethernet protocolResides inside a physical server Is created and configured using hypervisorMaintains MAC address table for frame forwardingDirects netwo

22、rk traffic to/from VMs and hypervisor kernelVM to VM within physical serverVM to physical network Hypervisor kernel: IP storage, VM migration, and managementVirtualized Data Center Networking16虚拟交换机 (Virtual Switch): Ports and Port Group（讲）Types of portsHypervisor kernel port: Provides connectivity

23、to hypervisor kernel VM port: Provides connectivity to virtual NICsUplink port: Provides connectivity to physical NICVM port group: Mechanism for applying uniform network policy settings to a group of VM portsPolicy example: Security, load balancing, and failover across PNICsVMs connected to a VM po

24、rt group share common configurationEliminates configuring policies to VM ports individuallyVirtualized Data Center Networking17VM port groupsUplink portsHypervisor kernel portVirtual SwitchPG 1PG 2PG 3VM portDistributed Virtual Switch（讲）Aggregation of multiple virtual switches distributed across mul

25、tiple physical serversVirtualized Data Center Networking18ABCDEABCDEABDEGF I JCHVirtual SwitchDistributed Virtual SwitchPNICPNICPNICPNICPNICPNICPNICPNICVNICVNICVNICVNICVNICsVNICVNICPhysical networkPhysical networkVirtual SwitchVNICVNICVNICs+Centralizes VM network managementMaintains network policies

26、 during VM migration Benefit虚拟局域网VLAN和虚拟存储区域网络VSANVirtual Local Area Network (VLAN)（讲）Virtualized Data Center Networking20A logical network, created on a LAN or across LANs consisting of physical and virtual switches, enabling communication among a group of nodes, regardless of their location in the

27、 network.VLANControls broadcast activity and improves network performanceSimplifies management Increases security levelsProvides higher utilization of switch and reduces CAPEXBenefitVLAN Trunking（讲）Single connection (Trunk link) carries multiple VLAN traffic Single port (Trunk port) to send/receive

28、multiple VLAN traffic over trunk link Trunk port is included to all VLANsVLAN trunking is enabled by tagging Ethernet frames21Virtualized Data Center NetworkingIt is a technology that allows traffic from multiple VLANs to traverse a single network connectionVLAN TrunkingVLAN 10VLAN 20 VLAN 30Without

29、 TrunkingVLAN 10,20,30VLAN 10,20,30Trunk link With TrunkingVLAN 10,20,30VLAN 10,20,30Benefits of VLAN Trunking（讲）Eliminates the need for dedicated network link(s) for each VLANReduces inter-device links when the devices have more than one VLANReduces the number of virtual NICs, storage ports, and sw

30、itch ports Reduces management complexity22Virtualized Data Center NetworkingVLAN Trunking Scenario（讲）23VLAN 10VLAN 20VLAN 30Trunk linkTrunk linkVM1VM2VM3VM5VM4VLAN 20VLAN 10VLAN 10, 20, 30Trunk linkSales group: Includes VM1, VM4, and VM5Finance group: Includes VM2 and VM5Marketing group: Includes VM

31、3 and VM5 Physical ServerPhysical ServerVirtualized Data Center NetworkingFrame虚拟网络流量管理的主要需求（讲）Load balancingDistributes workload across multiple IT resources Prevents over/under utilization of resources, and optimizes performancePolicy-based managementAllows using a policy for distribution of traff

32、ic across VMs and network linksAllows using a policy for traffic failover across network linksResource sharing without contentionEnables guaranteed service levels when traffic from multiple virtual networks share physical network resourcesSets priority for bandwidth allocation to different types of

33、traffic 24虚拟网络流量管理主要技术（讲）1.Balancing client workload: Hardware based2.Balancing client workload: Software based3.Storm control4.NIC teaming5.Limit and share6.Traffic shaping7.MultipathingVirtualized Data Center Networking 25Technique 1 Balancing Client Workload: Hardware Based（讲）A device (physical s

34、witch/router) distributes client traffic across multiple servers physical or virtual machinesClients use IP address (virtual) of the load balancing device to send requestsLoad balancing device decides where to forward request Decision making is typically governed by load balancing policy, for exampl

35、e: Round robin, Weighted round robin, Least connections26Virtualized Data Center NetworkingTechnique 4 NIC Teaming（讲）Logically groups physical NICs connected to a virtual switch Creates NIC teams whose members can be active and standbyBalances traffic load across active NIC team members Provides fai

36、lover in the event of an NIC/link failureAllows associating policies for load balancing and failover at a virtual switch or a port group27Virtualized Data Center NetworkingTechnique 6 Traffic Shaping（讲）Controls network bandwidth at virtual/distributed virtual switch or port groupPrevents impact on b

37、usiness-critical application traffic by non-critical traffic flow 28ParameterParameterDescriptionDescriptionAverage BandwidthData transfer rate allowed over timeWorkload at a switch port can intermittently exceed av. Bandwidth Burst: When the workload exceeds the average bandwidth, it is called burstPeak BandwidthMax data transfer rate without queuing/dropping frames Burst SizeMax amount of data allowed to transfer in a burstBurst size = bandwidth timeBandwidth in a burst can go up to peak bandwidthWorkloadAverage bandwidthBandwidthPeak