As technologies mature and new applications emerge, many enterprise IT systems have begun using virtual machines, signifying the first step toward cloud computing. By virtualizing multiple servers on a physical server, IT systems can gain many benefits and enterprises do not need to purchase large numbers of servers. The virtual machine adds the high availability (HA) feature for data centers, reducing service interruptions and associated complaints. Virtualization technology effectively utilizes powerful hardware and can reduce hardware capability waste by more than 10%.

　　As shown in IDC’s 2011 report, 51% of all installed workloads were virtualized in 2010.

　　IDC forecasts that in 2013, 69% of all installed workloads will be virtualized.

　　As virtual machine technologies rapidly develop, the development of virtual machines is inhibited by current networks having insufficient capability to manage these virtual machines. Virtual machines communicate with each other through virtual switches. In order to manage virtual machines, server administrators must have in-depth network knowledge and network administrators must fully understand server software and hardware. If administrators do not have sufficient knowledge, when a fault occurs on the virtual machine network it is difficult to identify whether the fault occurred on the physical network or virtual switches. With the wide use of virtual machine migration and resource pool scheduling technologies, destination networks must be ready for virtual machine migration. For example, the configurations and dynamic entries on the destination network must be prepared.

　　This is analogous to an airport: before aircraft can land, the airport must be prepared. A control tower instructs aircraft whether to land or wait. Like at an airport, virtualized data center networks also require a "control tower" to instruct the "landing and takeoff"—the migration—of virtual machines.

　　Virtual Machine Network Environment Analysis
 

　　The IEEE 802.1Qbg standard has defined virtual machine implementation.

　　The software solution is the original one and is easy to implement. Virtual machine platforms such as VMware ESX and Microsoft Hyper-V support this solution. The smart NIC solution is a hardware accelerating solution promoted by NIC vendors, and more and more virtual machine platforms can support this solution.

　　These two solutions have difficulty in controlling traffic. For example, to sample traffic, a virtual machine must be created in the physical server to provide the probe function. The access switch solution provides the highest performance and traffic control capability. However, the access switches must support virtual machine migration. Therefore, this solution is applicable to newly constructed data centers.

　　The "control tower" must support all these solutions.

　　"Control Tower" Must Have an Overall Picture of the Network
 

　　The "control tower" must be aware of the virtual switches and their relationships with virtual machines and physical switches. This is the prerequisite for the scheduling on the virtual machine network.

　　In this article, Huawei nCenter, the network management system, is used as an example to describe the technologies and implementation of the "control tower" and vCenter is the VM manager.

　　Virtual machine network management includes virtual resource management and virtual machine migration management. Virtual resource management includes collecting information about physical and virtual resources and managing the topologies. The resources include virtual machines, virtual switches, physical servers, and physical switches.

　　nCenter uses standard network management protocols to discover TORs, and it obtains virtual machine information (including the relationships between virtual machines and virtual switches) through the open interfaces on vCenter.

　　TOR uses LLDP or CDP to discover virtual switches and the relationships between virtual switches and TORs.

　　nCenter can create an overall picture for all physical and virtual resources and network topology. The following shows a virtual machine network topology created by nCenter.

　　Devices 38 and 40 indicate TORs, and the two panes below devices 38 and 40 indicate two physical servers, which contain several virtual switches and virtual machines. The figure clearly shows the physical nodes, virtual nodes, relationships, and topology. This figure is significant for fault location, improved network management efficiency, and reduced operation and management costs.

　　The searching function allows administrators to quickly find virtual machines from a large-sized network.

　　Virtual Machine Migration Scheduling
 

　　In addition to topology management, the "control tower" must be able to manage virtual machine migration. Before and after virtual machines are migrated, the network must be ready.

　　Each virtual machine should plan network configurations such as QoS and ACL based on the deployed services. A policy template needs to be created on nCenter to help a virtual machine plan the configurations. The policy template manages all parameters used for virtual machine migration.

　　Support on Virtual Machine Migration
 

　　The IEEE 802.1Qbg standard provides two solutions for virtual machine migration: in-band and out-of-band.

In-band management:

　　The VSI manager is the policy template that manages the virtual station interface configurations. The channel associated signaling (CAS) is defined in 802.1Qbg. CAS includes the Edge Control Protocol (ECP) used to encapsulate VDP, ECP-based VSI Discovery and Configuration Protocol (VDP) used to discover and configure VSI, and optional S-Channel Discovery and Configuration Protocol (CDCP) used to configure, create, and delete S-channels.

　　The virtual machine creation and deletion messages are sent to TORs using VDP, and TORs obtain network policies from the VSI manager to configure network attributes. The VDP protocol is transmitted over the same link with the virtual machine network, so this mode is called in-band management.

Out-of-band management:

　　vCenter controls the creation, deletion and migration of virtual machines. vCenter notifies the creation, deletion, and migration messages to nCenter through the open interfaces, and the nCenter issues network policies to network devices.

　　The in-band management protocols have not yet been released, and virtual machine platform vendors have not yet launched products that support this solution. Protocols do not define the interfaces connected to vCenter. The VSI manager provides interfaces based on the virtual machine platforms. Therefore, the in-band management mode is difficult to implement.

　　In out-of-band management mode, all virtual machine platforms provide open interfaces. nCenter adapts to the virtual machine platforms based on the open interfaces. This mode is open and collaborative.

　　The out-of-band mode does not require that the virtual platforms support 802.11Qbg VDP. Instead, nCenter can use the open interfaces provided by the virtual machine platforms to discover virtual machines.

　　Huawei nCenter uses the out-of-band mode. It supports virtual machine platforms such as VMware, Citrix Xen, and Microsoft Hyper-V.

　　Efficient Scheduling
 

　　nCenter can use commands, SNMP, or NetConf to issue policies to network devices. In prototype tests, only 10-20 virtual machines can go online every second. When RADIUS protocol is used, 200 virtual machines can go online every second. How many virtual machines can be supported?

　　Assume that there are N physical servers, among which 50% are busy. Each server needs to migrate four (tested data, limited by bandwidth and CPU capability) virtual machines to other servers, and migration of each virtual machine requires 180 seconds. The number of virtual machines migrated every second is N/2 x 4/180.

　　If there are 10,000 physical servers, the number of virtual machines migrated every second is 111 (10000/2 x 4/180).

　　The processing performance of 200 virtual machines can support cloud computing for 18,000 (200 x 180/4 x 2) physical servers.

When nCenter uses the RADIUS protocol, 20,000 physical servers can carry out virtual machine migration concurrently.
 

　　Migration Process
 

　　During virtual machine migration, nCenter is responsible for migrating network policies. It works with vCenter to ensure that the migration process is on schedule, accurate, and automated.

　　The following figure shows the virtual machine migration process.

　　Before the migration: The virtual machine Purple needs to be migrated to server 10.137.59.52.

　　(1)     vCenter initiates the virtual machine migration.

　　(2)     The virtual machine migration starts.

　　(3)     vCenter notifies nCenter that the migration starts through the open interface.

　　(4)     nCenter notifies the destination TOR that the virtual machine has gone online. The online information includes the virtual machine ID, MAC address, VLAN, and policy template ID.

　　(5)     The destination TOR uses the RADIUS protocol to request policies (such as ACL, QoS, DHCP, and snooping binding table) from nCenter.

　　(6)     The internal RADIUS server on nCenter responds to the TOR's request and issues the policy to the TOR. The TOR then resolves the policy and configures data forwarding.

　　(7)     vCenter notifies nCenter that the migration is complete through the open interface.

　　(8)     nCenter notifies the source TOR that the virtual machine has gone offline.

　　(9)     The source TOR deletes the local policy and requests the RADIUS server to update user status through the RADIUS notification interface.

　　After the migration: The virtual machine Purple has been migrated to server 10.137.59.52.

　　Huawei Virtual Awareness Solution Summary
 

　　nCenter is the core of the solution. It is compatible with various vCenters and issues static configurations and dynamic entries to access switches, thus fully supporting the virtual network environment. The open and highly efficient nCenter supports virtual machine migration on the cloud.

　　Let's review the cooperation between network and virtual machines mentioned above.

　　Management interface: The system administrator only needs to manage servers and virtual machines, and the network administrator only needs to manage the network attributes of virtual switches, physical switches, and virtual machines. The management interface is clear.

　　Visual operation and management: nCenter provides a topology map for all virtual machines, virtual switches, physical servers, and physical switches, facilitating fault location.

　　Virtual awareness: nCenter can be aware of the creation and migration of virtual machines and take appropriate actions. It allows fast service launching and is compatible with virtual machine platforms and servers.

　　Conclusion
 

　　The Huawei virtual awareness solution escorts virtual machine application, promotes virtual machine application in data centers, reduces IT system costs, and improves IT system efficiency. In the future, Huawei will establish a completely virtual, automated, and highly efficient cloud computing system, and will support various large-capacity service application systems in IaaS mode to meet service operation and innovation requirements.