Network Basics in Cloud Computing

doi:10.1007/978-981-19-3026-3_4

Huawei Technologies Co., Ltd.

20k Accesses

Abstract

As mentioned earlier, all clouds must be connected to the network, which provides remote, anytime, anywhere access to IT resources. It can be said that network technology is the essential support of cloud computing. This chapter will introduce the basic network knowledge involved in cloud computing, including an overview of computer networks, the basic principles of computer networks, network interconnection equipment, network virtualization, and software-defined networks, so that readers can better understand some of the important aspects of computer networks, concepts, principles, equipment, and newer network technologies supporting cloud computing.

You have full access to this open access chapter, Download chapter PDF

As mentioned earlier, all clouds must be connected to the network, which provides remote, anytime, anywhere access to IT resources. It can be said that network technology is the essential support of cloud computing. This chapter will introduce the basic network knowledge involved in cloud computing, including an overview of computer networks, the basic principles of computer networks, network interconnection equipment, network virtualization, and software-defined networks, so that readers can better understand some of the important aspects of computer networks, concepts, principles, equipment, and newer network technologies supporting cloud computing.

4.1 Computer Network Overview

Computer network (referred to as network) was born in the 1960s and is a product of the combination of communication technology and computer technology. With the development of network technology, computer networks, a new thing that originally belonged to the field of high-end technology, has gradually penetrated and integrated into people’s daily life and profoundly changed people’s lifestyles, becoming an indispensable part of people’s lives. This section will give an overview of computer networks in terms of basic concepts, formation and development, definitions and functions, composition, classification, and topological structure.

4.1.1 Basic Concepts of Computer Networks

The word "net" in Chinese characters originally refers to a fishing and bird catching device made of ropes such as fishing nets, rope weaving, with small holes in the middle, which can be continuously expanded or connected to several nets according to needs to cover a larger area. The word "network" has a wide range of meanings. It usually refers to connecting all related things for a certain purpose, such as urban networks, transportation networks, interpersonal networks, and cable TV networks.

In the computer field, a network refers to the connection of multiple computers with independent functions and their peripheral devices in different geographical locations through communication lines. Under the management and coordination of network operating systems, network management software, and network communication protocols, a computer system realizes resource sharing and information transmission. We give this kind of network a proper name: computer network. The network mentioned in the following, unless otherwise specified, refers to a computer network.

Simply put, a computer network is a system that interconnects two or more computers through a connecting medium. The connection medium can be cable, twisted pair, optical fiber, microwave, carrier wave, and communication satellite.

Computer network has the function of sharing hardware, software, and data resources and can centrally process, manage, and maintain shared data. Figure 4.1 shows a simple computer network.

In the era of big data, information has become an essential resource for human survival. The socialization, networking, and integration of the global economy of information have all been greatly affected by computer network technology. The Internet has caused profound changes in people’s working methods, learning methods, and even thinking methods. In cloud computing, network technology is one of the core technologies that support cloud computing. All cloud services need to rely on the network, which provides remote access to IT resources anytime, anywhere. In fact, the idea of cloud computing has been around for a long time, but cloud computing has only significantly been developed and widely used in the past 10 years, which is largely due to the popularization of broadband networks. In the 1990s, when dial-up Internet access was used and the network bandwidth was only tens of kilobits per second, cloud services could not be used at all. Therefore, the network is the foundation of cloud computing.

4.1.2 The Formation and Development of Computer Networks

Before creating computer networks, communication mainly relied on the public telephone network, that is, the traditional telecommunications network. The technology used in traditional telecommunications networks is called circuit switching. Before making a call, you must dial the number first. If the dialing call is successful, a physical path is established from the calling end to the called end, and then the two parties can talk to each other. This physical channel is automatically released after the call is finished and hangs up. The traditional telecommunications network is very fragile. Once a switch or a line fails in the communication circuit, the entire communication line will be interrupted. In war situations, this defect can be catastrophic. Therefore, in the early 1960s, the United States proposed to develop a brand-new network that is highly survivable in a war environment. Later, a flexible packet-switched network was born. This type of network is the predecessor of modern computer networks.

Unlike traditional telecommunications networks that use circuit-switching technology, packet-switching networks use packet-switching technology, and its core technology is store-and-forward technology. Assuming that the sender wants to transmit a batch of data (called a message) to the receiver, he will first divide the message to be sent into data segments of equal length and add a header before each data segment. The header usually contains important information such as source address and destination address, also called “header.” This information can help packets independently select routes in the network. The data segment with the header added is called a packet, and the packet is the basic data unit transmitted in the computer network. Figure 4.2 shows the structure of the group.

The packet switching network comprises several computer equipment called node switches and the links connecting these node switches. Each node switch has a set of input ports and a set of output ports, which are, respectively, connected to different node switches. When the node switch receives a packet from an input port, it will temporarily store it in the memory of the node switch, and then look up the routing table pre-stored in the node switch (the routing table has information about which destination address should be forwarded from and which port), and then the packet is forwarded to the found port. The node switch here can be regarded as the predecessor of the modern router.

After the packet switching network divides the data into multiple packets, each packet is independently transmitted in the network according to the destination address stored in the header. The transmission path (i.e., route) of different packets may be different, and then the receiver sorts the received packets after reorganization into a complete message. There is no need to establish a link in advance in the communication process, and each group is independently routed. This is similar to sending a letter through the post office. Each letter contains the recipient’s address, and the post office will send it independently according to this address. Even if it is the same destination address, the route of delivery may be different.

A to E shown in Fig. 4.3 are node switches, which receive packets from the host, temporarily store them in the memory, and then look up the local routing table to find a suitable output link to send the packets. Different packets, even if the destination address is the same, may have different transmission paths. Because the routing table will be updated according to the current network conditions, the original route will be replaced with a new route if it fails or is congested.

The advantage of packet switching is that in the process of data communication, the communication line is occupied section by section, that is, only the section of the entire communication line that is currently transmitting packets is occupied, and the other sections are idle and can be used for the transmission of other packets. This is equivalent to dynamically allocating bandwidth in the packet transmission process, which is very suitable for transmitting computer data with bursty characteristics and can greatly increase communication lines’ utilization rate. Packet switching also improves the reliability of the network. Since packet switching networks often use mesh topology, there are generally multiple paths to the same destination address. Therefore, when network congestion occurs or a small number of nodes or links fail, the route can be flexibly changed without causing communication interruption. Or the paralysis of the entire network. The disadvantage of packet switching is that each node will always cause a certain delay due to queuing during storage and forwarding. When the network traffic is large, the delay may also be large. At the same time, the control information carried by each packet will also cause a certain amount of overhead. The entire packet-switched network also needs a special management and control mechanism.

In the 1960s, computer networks using packet switching technology appeared. In December 1969, an experimental network with four nodes was put into operation. This was the original form of ARPANET. With the development of technology, ARPANET has proliferated. By the 1980s, there were more than a thousand hosts. At the same time, the National Science Foundation (NSF) built the National Science Foundation Network (NSFnet) and merged with ARPANET, renamed the Internet, which is now called as the Internet. The Internet was mainly used for scientific research in the early days, and the users were mainly a small group of scientific researchers. However, the emergence of the World Wide Web technology in the 1990s caused the Internet to explode. The World Wide Web was developed by the European Organization for Nuclear Research (CERN) and is a combination of information discovery technology based on the client/server model and hypertext technology. The World Wide Web server organizes information into hypertext with both pictures and texts through HTML and uses links to jump from one site to another, which completely simplifies the way of information query and makes the Internet almost no barrier to use. A large number of users began to "embrace" the Internet, with more than 200 million Internet users in the late 1990s. In the twenty-first century, the Internet has developed into an ocean of information resources covering the world. Online content services cover all aspects of social life, and the Internet has become an indispensable part of people’s lives. According to statistics, by the end of 2018, the number of Internet users worldwide has reached 3.9 billion.

The success of the Internet has continuously "evolved" computer networks. The early terminal-oriented computer network was a star-shaped network centered on a single host. A large host connects to many terminal devices without processing capabilities. These terminal devices shared the hardware and software resources of the expensive central host through communication lines. The packet switching network is centered on the network. The node switches in the network are used to forward packets for data transmission. The host and terminal devices are located on the periphery of the network, forming a user’s resource subnet. Users can share many software/hardware resources of the user resource subnet through the packet-switched network. In order to compare with the user resource subnet, some documents refer to the packet switching network as the communication subnet.

4.1.3 Definition and Function of Computer Network

The previous article has defined computer networks when introducing the basic concepts. In brief, a computer network is a whole system in which multiple computer systems with independent functions are interconnected through communication lines, and network resource sharing and communication are realized under the management of network software. It can be said that a computer network is a product of the combination of computer technology and communication technology. The network mainly uses packet switching technology to realize data transmission, which is essentially a packet switching network.

There are two main purposes for building a computer network: sharing resources and realizing data communication. Perhaps the earliest purpose of establishing a computer network was to share expensive computer hardware equipment, but people soon discovered that communication and data transmission between networked computers can be very convenient. Therefore, data exchange and communication have also become essential functions of the network. Resource sharing can share not only hardware equipment but also software, data, etc. The Internet’s attractiveness to people is mainly due to the vast amount of information that can be shared on the Internet, which we call "content services." These content services are provided by hundreds of millions of Websites worldwide, covering all aspects of social life.

In addition to the two major functions of resource sharing and data communication, computer networks also bring some additional benefits. If a network interconnects multiple independent computer systems to form a cluster system, its reliability will also significantly increase. If a computer fails and cannot provide services to the outside world, other computers in the network can replace it and continue to provide services to the outside world. In a cloud computing system, cloud services’ reliability relies on multiple connected devices of the same type. At the same time, through networking, it is also convenient to balance the load among the computers to prevent certain computers from failing due to overload.

4.1.4 The Composition of a Computer Network

A typical computer network can be logically divided into two parts: resource subnet and communication subnet. The resource subnet is composed of hosts, terminals and peripherals, various software resources and information resources, and is mainly responsible for the entire network’s information processing, providing network services and resource sharing functions for network users. The communication subnet is the packet switching network mentioned above, which is composed of node switches, communication lines, and other communication equipment. It is mainly responsible for the data communication of the whole network, providing the network users with data transmission, transfer, processing and transformation and other communication processing work.

In the modern wide area network structure, as the number of users using mainframe systems decreases, resource subnets have also changed. The resource subnet can be regarded as composed of all the computers or devices connected to the Internet to provide resource services or resource sharing. The node switches in the communication subnet are replaced by network devices such as routers and switches.

From the perspective of the physical composition of a computer network and computers and communication lines, the network also contains a large number of network software/hardware. Computer network software mainly includes network protocol software, network communication software, network operating system, network management software, and network application software.

Network protocol software: to realize network protocol functions, such as TCP/IP, HTTP, and other protocol software.
Network communication software: software used to realize communication between various devices in the network, such as QQ, WeChat, and Douyin.
Network operating system: to realize the sharing of system resources and manage the access to different resources by user processes. Typical network operating systems include Windows, UNIX, Linux, NetWare, etc.
Network management software and network application software: network management software is used to manage network resources and maintain the network; network application software provides various services for network users, such as Internet cafe charging system and stock trading software.

4.1.5 Classification of Computer Networks

Based on the characteristics of computer networks, there are also many forms of division. For example, it can be classified according to geographic scope, scope of use, and transmission medium, and it can also be classified according to information exchange methods and topological structures.

1.
Classification by geographic region

Classified by geographic area, the network can be divided into three types: local area network, metropolitan area network (MAN), and wide area network.
1. (1)
  Local area network
  
  The local area network is usually installed in a building or campus (park), covering a geographic range of tens to thousands of meters. For example, a laboratory, a building, a campus, or a unit.
  
  A local area network comprises computers connected by high-speed lines, with a high transmission rate, up to 10 Mbit/s to 1000 Mbit/s. Through the local area network, various computers can share resources, such as sharing printers and databases.
2. (2)
  Metropolitan area network
  
  The metropolitan area network is confined to a city, covering a geographic range of tens of kilometers to hundreds of kilometers. The metropolitan area network is an extension of the local area network, used to connect the local area network, covering a wide range in terms of transmission media and wiring structure.
3. (3)
  Wide area network
  
  The WAN’s geographic range is hundreds of kilometers to thousands of kilometers, or even tens of thousands of kilometers. This range can be a region or a country, or even the whole world, so it is called a wide area network.
  
  The wide area network is different from the local area network and the metropolitan area network in terms of technology, application scope, and protocol standards. In the wide area network, the backbone network or various public switching networks provided by the telecommunications department are usually used to interconnect computer systems distributed in different regions to achieve resource sharing. The Internet is a typical wide area network.
  
  The main technology used in WAN is store and forward technology.
2.
Classification by scope of use

Classified by the scope of use, the network can be divided into public and private networks.
1. (1)
  Public network
  
  The public network is usually set up, managed, and controlled by the telecommunications department. The transmission and switching devices in the network can be provided (such as leased) for use by any department and unit, such as the Public Switched Telephone Network (PSTN), Digital Data Network (DDN), and Integrated Services Digital Network (ISDN).
2. (2)
  Private network
  
  A specific unit or department establishes the private network, and other units or departments are not allowed to use it. For example, industries such as finance, petroleum, and railways have their own private networks. When setting up a private network, you can lease the transmission lines of the telecommunications department, or you can lay the lines yourself, but the cost of the latter is very high.
3.
Classified by Transmission Medium

According to the classification of transmission media, the network can be divided into the following two categories:
1. (1)
  Wired network
  
  Wired network refers to a network that uses wired physical media such as coaxial cables, twisted pairs, and optical fibers to transmit data.
2. (2)
  Wireless network
  
  Wireless network refers to a network that uses wireless forms such as radio waves, satellites, microwaves, and lasers to transmit data.
4.
Classified by Application Type

Classified by application type, the network can be divided into Intranet, Extranet, and Internet.
1. (1)
  Intranet
  
  Intranet refers to the intranet of an enterprise, which is composed of internal computers and equipment, network environment, software platform, etc., for security reasons, usually only allows access to the internal data center or internal shared resources of the enterprise and does not allow access to extranets and the Internet. It is generally isolated from the extranet by a firewall.
  
  The intranet uses the same technology as the Internet, uses TCP/IP as the communication protocol, Web services as the core, and uses a firewall to isolate the internal network from the external network. Intranet is usually established within an enterprise or organization and provides its members with services such as information sharing and exchange, such as the World Wide Web, which provides file transfer and e-mail.
  
  Since the intranet adopts the mature Internet protocol represented by TCP/IP, it retains compatibility with the Internet. A large number of readymade software/hardware are available, and the construction cost is greatly reduced, which enables the rapid development of the intranet. Compared with the Internet, enterprises have more autonomy in the construction, organization, and management of the intranet, which effectively avoids the inherent shortcomings of the Internet such as poor reliability, no overall design, unclear network structure, lack of unified management and maintenance. The security of the network firewall also protects the secret or sensitive information inside. Therefore, the intranet is vividly referred to as the Internet built within the corporate firewall.
  
  What the intranet provides is a relatively closed network environment. This network is hierarchical and open within the enterprise, and internal personnel can generally access it directly, but access by external personnel requires strict authorization. Therefore, the network can be planned and entirely controlled according to the needs of the enterprise, and the security of the network and data can be ensured by implementing classified management of all information and personnel and setting access control permissions.
2. (2)
  Extranet
  
  Extranet is a cooperative network that uses information technology to interconnect the networks of companies with their customers or assist companies to accomplish their common goals. Users can access it through different technologies, such as using IP tunnels, VPNs, or dedicated dial-up networks.
  
  The openness of the extranet lies between the public Internet and the private intranet. It is neither like the Internet providing public communication services for the public nor is it like an intranet only serving the enterprise’s internal services and not open to the public, but it is open to selected partners or provides selective services to the public. Access to the Internet is semi-private, users are groups formed by affiliated companies and customers, and information is shared within trusted groups. Extranet is very suitable for time-sensitive information sharing and activities between enterprises to accomplish common goals.
  
  Figure 4.4 shows the intranet and extranet.
3. (3)
  Internet
  
  This part has been included in Sect. 4.1.2

4.1.6 Topology Structure of Computer Network

Topological structure refers to the geometric arrangement between the network’s communication lines and each site (computer or network communication equipment, hereinafter referred to as nodes). Classified by topology, the network can be divided into bus network, star network, tree network, ring network, mesh network, hybrid network, etc.

1.
Bus-type structure and bus-type network

A bus-type structure is formed by connecting several nodes by a bus, and its network is called a bus-type network. The bus network uses broadcast communication, that is, multiple nodes can receive the information sent by one node on the network. The bus network’s communication lines can be twisted pairs, coaxial cables, fiber-optic cables, etc.

Bus-type structure is widely used, and its characteristics are as follows:
1. (1)
  Simple structure, expandable, good performance.
2. (2)
  The reliability of the network is high, the response speed between nodes is fast, and the ability to share resources is strong.
3. (3)
  The cost of the network is low, the amount of equipment input is small, the installation is convenient.
4. (4)
  The performance and reliability of the bus have a great impact on the network.
2.
Star structure and star network

The structure that takes the central node as the center and connects several peripheral nodes is called a star structure, and its network is called a star network. The central node centrally controls and manages the communication and information exchange between peripheral nodes in the star structure.

The features of the star structure are as follows:
1. (1)
  It is easy to build a network, with good scalability and convenient management.
2. (2)
  The central node is the bottleneck of the entire system. If the central node fails, the entire network will be paralyzed.
  
  The star structure is widely used in local area networks. The central node of the star structure is usually a hub, switch, or router. Take a hub as an example. It connects multiple computer devices through twisted pair cables, presenting a star-shaped topology on the physical structure (although the logical structure is not necessarily a star).
3.
Tree structure and tree network

In a tree network composed of a tree structure, each node (usually a computer) forms a tree-shaped hierarchical structure.

The functions of the low-level computers in the tree are related to the application and generally have well-defined and highly specialized tasks, such as data collection and transformation; while the high-level computers have management functions to coordinate the work of the system, such as data processing, command execution, and comprehensive processing.

Generally speaking, the level of the tree structure should not be too many to avoid the management load of the high-level nodes is too heavy.
4.
Ring structure and ring network

In a ring network composed of a ring structure, nodes are connected into a closed loop through point-to-point communication lines. Data will be transmitted station by station along one direction in the ring.

The structure of the ring network is simple, and the transmission delay is determined. However, the communication line between each node in the ring and the connecting node will become a risk point of network reliability. Once a failure occurs, it will affect the normal operation of the entire network. For a ring network, the joining and exiting of network nodes, the maintenance and management of the ring are more complicated.
5.
The Mesh Structure and Mesh Network

In a mesh structure, nodes are connected to each other through transmission lines, and any node is connected to at least two other nodes. Therefore, the mesh network made up of mesh structure has high reliability, but its realization is expensive, complex structure, not easy to manage and maintain.

The wide area network basically uses a mesh structure.
6.
Hybrid Topology and Hybrid Networks

As you can see from the introduction above, each topology has its own advantages and disadvantages. Some large networks are usually not a single topology, but are a mixture of multiple topology structures, giving full play to various topology strengths, which is called a hybrid topology. The corresponding network is a hybrid network. The Internet is actually a hybrid network.

Figure 4.5 shows the topology of the computer network.

4.2 Network Layering and Encapsulation

Computer network is a very complex system. Take, for example, the simplest two computers that transmit data over the network: first, there must be a path for data transfer between the two computers; if it is not consistent, the format conversion needs to be completed, and if the sender sends the data too quickly and the receiver is too late to receive it, the sender must also be notified to slow it down. In addition, errors or accidents may occur during data transmission, and both parties should have reliable measures in place to deal with anomalies and ensure that the recipient receives the data correctly. All this requires a high degree of coordination between the two parties to the communication, strict compliance with the pre-agreed rules, which are network protocols.

4.2.1 Network Layering and Encapsulation

A network protocol is a rule, standard, or convention established for data exchange in a network. General network protocols are complex. To simplify the design of a network, the practice of "layering" the network is often adopted. "Layering" transforms large and complex global problems into smaller, relatively simple local problems that are easy to study and deal with.

Once the network is layered, the layers are independent, and each layer does not need to know how its next layer is implemented, only what services the next layer can provide for the layer, which is provided through an interface between the layers. Since each layer implements only one relatively independent function, the complexity is greatly reduced. Layering also brings benefits such as flexibility, ease of implementation, and maintenance.

When a network is layered, the layers of a computer network and a collection of its protocols, called the network architecture, can be seen as an accurate definition of the functionality that the computer network and its components should accomplish. There are currently two main computer network architectures: the Open System Interconnection (OSI) model developed by the International Organization for Standardization (ISO) in the 1980s, and the TCP/IP model adopted by the Internet. OSI model has seven levels, the concept is clear, but because it is complex and not practical, did not get echo in the industry, and no corresponding physical products appear, and TCP/IP model although simple structure, but from practice, easy to use, the successful application on the Internet has also made it widely used in the market, become a de facto industrial standard. At present, the vast majority of network devices are compatible with the TCP/IP model.

There are many protocols in the TCP/IP model, and TCP and IP are typical of them, so all protocols in the model are collectively referred to as TCP/IP protocol sets, or TCP/IP for short. The protocol set has the following characteristics: protocol standards are open (independent of hardware, operating system), independent of specific network hardware, unified network addressing (network address uniqueness), and standardized high-level protocols provide a variety of services. These characteristics have also contributed to the wide application of the protocol set in industry.

The TCP/IP model actually has only three layers: the application layer, the transport layer, and the network interface layer, which is almost empty. For the sake of the integrity and systematization of the knowledge system, we moved the bottom two layers of the OSI model (physical layer and data link layer) into the network interface layer, forming a five-tier model (see Fig. 4.6).

In this hierarchy, application data is passed between the layers: assuming that the application AP1 of computer 1 transmits data to the application AP2 of computer 2, AP1 first hands over its data to the application layer (Layer 5), the application layer adds the necessary control information H5 and then passes it to the transport layer (Layer 4), and the transport layer adds its own control information H4 and then hands over to the network layer (Layer 3), and the network layer adds its own control information H3 and then transmits it down in turn. The physical layer (Layer 1) is bitstream transmission, so do not add control information. The transfer of data between layers of the network is shown in Fig. 4.7.

4.2.2 Physical Layer

The physical layer specifications are characteristic standards for transport media, and they often refer to standards developed by other organizations. The physical layer’s task is to transparently transmit the bit stream, i.e., the unit of data passed on the physical layer is the bit of the binary. Some of the physical media used to transmit information, such as twisted pairs, coaxial cables, and fiber-optic cables, do not belong to the physical layer, but are below the physical layer and are not included in the network architecture.

The physical layer considers how much voltage is used to represent "1" or "0" and how the receiving end can tell whether this level is high or low when the sending end emits a high or low voltage. The physical layer also needs to determine how many pins the plugs connecting the cables should have and how they are defined and connected. The physical layer often uses multiple specifications to complete the definition of all details.

4.2.3 Data Link Layer

The data link layer first divides the bitstream transmitted by the physical layer into frames, each containing data and the necessary control information. The primary task of the data link layer is to transfer frame-based data without error between two adjacent computer nodes. When transferring data, if the receiving node detects an error in the received data, notify the sender to resend the frame until it is received correctly by the receiver. Also avoid situations in which the sender sends too fast to receive the receiver. In this way, the data link layer transforms an actual link that can go wrong into an error-free data link for use by the network layer above. In order to do this, the frame needs to contain the corresponding control information, including synchronization information, address information, error control information, traffic control information, and so on.

A local area network is a network that contains two levels of data link layer and physical layer. There are several protocol standards for local area networks, such as the IEEE 802 series. There is more content in the LAN data link layer, which is usually divided into two sub-layers: the Logical Link Control (LOGIC Link Control, LLC) sub-layer and the Media Access Control (MAC) sub-layer. The MAC sub-layer’s well-known protocol is the IEEE 802.3 standard, commonly known as the Ethernet standard. Ethernet is a broadcast link in which all computer nodes are connected to a shared transmission channel called a "bus" and messages are sent using carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol. The CSMA/CD protocol principle is that each connected computer site detects whether there are other computers on the bus that are sending data before sending it, and if so, temporarily does not send it to avoid collisions. As soon as the channel is detected to be idle, data frames are sent. However, it is still possible that multiple sites are sending data at the same time, causing a conflict. So the sending station needs to continue listening to the channel after sending the data frame, and if a listening conflict occurs, discard the sending of the data frame immediately, and then the parties to the conflict wait a random period of time to send it again. The computer site’s behavior in this protocol can be summed up as: "listen first, then send, conflict stop, listen while sending, random reseeding."

Frames transmitted on MAC sub-layers, we call MAC frames. Mac frames for Ethernet, which typically contain fields such as destination address, source address, type field, frame data, and validation fields. The destination address and the source address each account for 6B, called MAC address, also known as physical address. This address usually corresponds to the address of the network card; network equipment manufacturers in the production of network cards will give this network card a unique MAC address. The structure of the MAC frame is shown in Fig. 4.8.

4.2.4 Network Layer

The network layer in the TCP/IP model is often referred to as the Internet Layer or IP layer. The network layer is responsible for providing communication services to different computers on the Internet. These computers may not be directly connected, and communication between the two computers may pass through multiple intermediate nodes and links or pass through multiple communication subnets connected through a router.

At the network layer, the transmission units of data are grouped. Grouping is the addition of a network layer control information, called the first grouping (or header), before a frame at the data link layer. The network layer’s primary task is to select the appropriate route so that the packet sent by the sender is transmitted along the appropriate path to the receiver. At the same time, it is also the network layer’s task to determine a unique address for both parties to the communication in the network. For example, TCP/IP identifies the host’s address throughout the Internet through an IP address. In addition, sometimes limited by the maximum transmission unit length of the lower transmission medium (e.g., the maximum transmission unit of Ethernet (Maximum Transmission Unit, MTU) is limited to 1500B), the grouping of the network layer needs to be subdivided into smaller packets, and the segmentation method is also defined at this layer.

4.2.5 Transmission Layer

The primary job of the transport layer is to be responsible for end-to-end communication. The "end" here refers to the computer process on which the communication is made. A process, which means a running application. Today’s computers are generally multitasking operating systems, a computer may run multiple applications simultaneously, such as making PPT to report to the leadership, while using QQ chat listening to music. We can think of an application as a process (some applications correspond to multiple processes), such as QQ chat, the sender’s process is an "end," the receiver’s process is another "end," and the transport layer is responsible for the data transfer between the two "ends." There are two main ways to transfer data. A connection needs to be established before transmission is made and then transmitted over the connection, and error recovery is required if errors are found and mechanisms such as traffic control. This approach is a connection-oriented service that provides reliable data delivery at an inflexible and inefficient price. This approach corresponds to TCP. The other way is similar to the postal system express delivery, each group brings its destination address, before transmission does not need to establish a connection in advance, and according to the network conditions at that time to choose their own transmission path. Data in this way is transmitted on the principle of "best-effort delivery" and does not guarantee reliable data delivery but is flexible and efficient. This corresponds to the User Datagram Protocol, UDP.

The transmission layer exists only in the computer host outside the communication subnet, and there is no transmission layer for switching nodes and network devices such as routers within the communication subnet. The transmission layer solves the problem of information transmission, and the above level, such as the application layer, no longer has to consider the matter related to data transmission.

4.2.6 Application Layer

The application layer is the highest level in the network architecture, which provides communication services directly to the user’s processes, such as support for the user’s Web access (HTTP), e-mail transmission (SMTP, POP, etc.), file transfer (FTP), and remote login (Telnet protocol). Application-layer protocols typically use services provided by lower level protocols, such as TCP of the transport layer to establish data paths when accessing webpages with HTTP.

4.3 Network Interconnection Equipment

Different computer networks can be connected by internet-connected devices to form a larger network and realize data communication and resource sharing between networks. There are many kinds of Internet-connected devices that work at different levels of network protocols. Common network-connected devices include repeaters, hubs, bridges, switches, and routers.

4.3.1 Repeaters and Hubs

Network-connected devices that work at the physical layer are primarily repeaters and hubs.

1.
Repeater

Repeaters are used to connect the same two types of networks, and their primary function is to extend the network transmission distance of the signal by resending or forwarding the data signal.

Computer data is generally modulation and transmission using electrical signals, such as high, low, or flat jumps commonly used in computers to represent the "0" or "1" of the binary number. General electrical signals are transmitted on the communication medium, and the greater the distance loss. If the signal is transmitted on a normal twisted pair line, the maximum distance that can be transmitted directly generally does not exceed 100 m, and the signal attenuation is obvious if the distance is further away, and the receiver may not be able to distinguish the contents of the original signal after receiving the signal. Assuming a high level of "1" and a low level of "0", if the signal is attenuated by transmission, the original "1" electrical signal, once the amplitude attenuation is lowered below the set threshold level, it is impossible to determine whether the signal represents "1" or "0". Repeaters are designed to solve this problem. It completes the physical line’s connection, amplifies and shapes the attenuated signal, makes the waveform and strength of the signal reach the required indicator, and then forwards it. Therefore, the use of repeaters can extend the length of the network, often used to connect the same LAN segment.
2.
Hubs

Hubs are highly reliable internet-connected devices commonly used in star networks. Using the IEEE 802.3 (Ethernet) standard, local area networks are heavily built using twisted pairs and hubs.

Each hub has multiple ports, each connected to the network card of the computer connecting to the network through transmission media such as twisted pairs or fiber-optic cables, forming a star-shaped physical topology. Each port can send and receive data, i.e., when the hub receives data from a port, it regenerates it, shapes it, and forwards it to all other ports. If both ports have data input simultaneously, a conflict occurs and all ports do not receive the correct data.

The hub functions very much like a repeater, so the device also works on the physical layer. For Ethernet, which is widely used today, although it is physically a star structure, the hub uses electronic devices to simulate the actual cable work. It receives data from a port and forwards it to all ports, similar to the Ethernet protocol in which the computer sending data is broadcast on the bus as a public transmission channel, so it is still a bus structure, and the computer nodes connected to the network use Ethernet protocol sharing or competing logic bus.

Multiple hubs can be stacked together to form a stacked group of hubs. Modular smart hubs have a high degree of reliability, all of their network functions are implemented in the form of modules, each module can be hot-swappable, in the event of a failure can be replaced or added new modules. Modern hubs generally have a small amount of fault tolerance and network management capabilities, the panel indicators can also show and locate the network failure situation, to network management brings great convenience, is one of the most commonly used network interconnection devices in lanyons.

4.3.2 Bridges and Switches

Network-connected devices that work at the data link layer are primarily bridges and switches.

1.
Bridges

A bridge, also known as a bridge, was an early storage/forwarding device that connected several LAN segments, usually with two or more ports, each connected to a segment. The main function of the bridge is to forward the frames of the received data link layer by destination address, so the bridge has the function of filtering frames. When a frame is received, the bridge does not forward to all ports like a hub, but instead checks the destination address contained in the frame and decides which port the frame is forwarded from based on the destination address.

Bridges do this through internal port management software and bridge protocol entities. It works at the data link layer, allowing LAN segments to connect and isolate conflicts (i.e., computers on both segments send information at the same time without causing conflicts), thereby reducing the load on the extended LAN, which is equivalent to filtering traffic for each segment. Simultaneously, the use of bridges can connect different types and different rates of local area networks, expand the physical scope of the network, and improve the reliability of the network. If one segment fails, other segments will not be affected due to the filtering of the bridge. However, because the bridge needs to store and forward the received frames, the transmission delay of the frames is increased.
2.
Switches

There are many types of switches, such as traditional telephone networks, which also use switches, but this is mainly an Ethernet switch that can be seen as an upgrade to a bridge.

The switch is also a network-connected device that works at the data link layer and is characterized by an exclusive electrical signal path for any two network nodes connected to the switch, which is also a significant difference from the hub. The hub forwards the information it receives to all ports, and the switch views the destination address of the information frame and forwards it only to the segment where the destination address is located.

The switch has multiple ports, each with a bridle function that acts as a multi-port bridge. The switch decides which port to forward to based on the destination address contained in each frame, a forwarding decision that generally does not take into account other information hidden deeper in the frame. The forwarding latency of the switch is small and the forwarding performance is better than that of the bridge. Modern switches often also have physical addressing, error checking, traffic control, and other functions. Some of today’s premium switches also have VLAN and link aggregation capabilities, and even routing and firewall capabilities.

All ports of the switch are logically exclusive to bandwidth, i.e., enjoy the same theoretical bandwidth as the switch, with efficient data transfer and no waste of network resources. On the one hand, the switch only forwards data frames to the network segment where the destination address of the data frame is located, which is generally not easy to generate network congestion, on the other hand, the switch provides a separate channel for each networked computer, and it is difficult for computers other than the destination address to listen to the sent messages when sending data, which also improves the security of data transmission.

Switches are popular in the industry because they are cost-effective, highly flexible, relatively simple, and easy to implement.

4.3.3 Router

Network-connected devices that work at the network layer mainly have routers.

A router is a network-connected device, also known as a gateway, that connects multiple networks or segments. It works on a network layer that transmits data units that are grouped. The primary function of a router is to choose a suitable route for the grouping to be transmitted. It reads the destination address in each received packet, then looks up the routing table stored inside the router, and decides which path to choose based on the routing table to transmit the packet out. Routers can understand different protocols, which can analyze and interpret the destination addresses of groupings from different types of networks, and then transmit the groupings to the destination computer in the best path according to the selected routing protocol.

Because the primary function of a router is to find the best transport path for the grouping that passes through the router and pass that packet to the destination node error-free, the strategy for choosing the best route, the routing protocol, is the key to the router. Common routing protocols used on the Internet include Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).

To implement the routing capabilities of a router, the router typically holds a data structure called a routing table. How is this routing table formed? This depends on what routing protocol is used.

For example, in the case of the OSPF protocol, all routers in the network maintain a link-state database that can be seen as a topology diagram of the entire Internet. The router’s link state is which networks or routers the router is adjacent to and the "cost" of sending these groups to those networks or routers. The "cost" here is not necessarily the money spent, but also distance, delay, bandwidth. According to certain rules, each router calculates its routing table based on the link-state database data, such as Dijkstra’s shortest path routing algorithm. Each routing table contains many entries, each of which typically contains the network number of the destination node, the next router, and the current router’s cost to the next router. After the router receives a grouping, by looking up the routing table, you can know which routers the next station will group to, and then find the least expensive one from the entries corresponding to those routers, which is the "next router" that the group will transmit. An entry called "default routing" is often added to the routing table, and once the network where the grouping destination node is located is not found in the routing table, the grouping is sent along the default route. The OSPF protocol relies on frequent exchanges of information between routers to establish a link-state database and maintain database-wide consistency. Whenever there is any change in the network topology, the link state database can be updated quickly, enabling individual routers to recalculate the new routing tables. Table 4.1 gives an example of a routing table structure.

Table 4.1 Example of routing table structure

Full size table

The subnet mask in Table 4.1 is used to extract the IP address’s network address. Each of the 4 bytes in the subnet mask is converted into a binary number (e.g., 255 corresponds to 8 number of 1), corresponding to the "1" bit, that is, the network address, corresponding to the "0" bit, is the host address. If the IP address of a destination node is 202.120.87.236, the corresponding subnet mask is 255.255.255.224 because the binary number of the last byte 224 is 1110 00000, the first 3 bits of the binary number in the bytes are 1, plus the first 3 bytes are 255 to indicate that the first 24 bits of binary numbers are 1, so this subnet mask indicates that the IP address of the first 27 bits is the network address, the last 5 bits are the host address. So the IP address 202.120.87.236 network address is the first 27 bits of the address binary number (the IP address and subnet mask can be bit by bit), to get the network address 202.120.87.224. When the router wants to forward a grouping with the destination address of 202.120.87.236, it looks up the destination network with address 202.120.87.224 from the routing table, which finds two items. However, the first item costs the least (the least jump). So the next router selects 202.120.87.1.

If the network size is large, then there will be many entries in the routing table, each packet transmission needs to be routed to find, there will be a large delay, affecting the efficiency of network communication. The default gateway is used. The default gateway is a computer or network node in the computer network that is responsible for forwarding packets to other networks, and it functions like the default route and is the last choice when the route is forwarded, using the default gateway if there are no other appropriate routing entries.

Routers are more powerful than bridges and switches. It can connect different types of networks, resolve the control information corresponding to the grouping network layer (including the source and destination addresses), and select the optimal route for the grouping. Some routers also have administrative capabilities to monitor data transfers, report statistics to the management repository, diagnose internal or other connectivity issues, and trigger alarm signals. Modern routers also provide support for features such as VPNs, firewalls, virtual servers, dynamic DNS, and more. However, the router’s data processing speed is much slower than the switch, in order to meet some high-speed networking requirements, some high-end switches fuse some routing functions, can work in the third layer of the network high-speed switching equipment.

Although some high-end switches also have some routing capabilities, they still have many differences.

First, switches and routers do different things. The switch is responsible for high-speed data exchange via a dedicated integrated circuit (Application Specific Integrated Circuit, ASIC) chip, while the router maintains routing between segments of the router, which is inherently isolated from the broadcast domain. But even if routers have switching capabilities, or switches have routing capabilities, their primary functionality remains unchanged, and the new additions are just an add-on that cannot be used as a primary feature.

Secondly, the switch is mainly applicable to LAN, routers are generally applicable to wide area network. Lannet is characterized by frequent data exchange, a single network interface, a large number of switches can provide fast data forwarding, generally provide network cable interface (RJ45) and fiber-optic interface two, and each switch generally has more interfaces, can fully meet the needs of lanyard network. There are many types of networks and interfaces for wide area networks, and router routing is often very powerful, not only between lanyons with the same protocol, but also between local area networks and wide area networks with different protocols. The advantage of routers is that they have the functions of optimal routing, load balancing, link backup, routing information exchange, etc.

Finally, routers and three-tier switches perform differently. Technically, there is a clear difference between routers and three-tier switches in packet switching. Routers typically perform packet exchange by microprocessor-based software routing engines, while three-tier switches perform packet switching through hardware. After routing the first traffic, the three-tier switch produces a map of MAC address and IP address, according to which the same data stream passes directly from the second layer without rerouting, thus avoiding the network delay caused by router routing selection and improving the efficiency of packet forwarding.

At the same time, the three-tier switch routing is for the data flow, it uses ASIC technology caching mechanism, can easily achieve fast forwarding, greatly save costs, while router forwarding using the longest matching method, usually using software to achieve, the implementation of complex, low forwarding efficiency. Therefore, from the overall performance comparison, the performance of the three-tier switch is much better than the router, very suitable for the local area network with frequent data exchange, and the router although the routing function is very powerful, but its packet forwarding efficiency is much lower than the three-tier switch, more suitable for different network types, but the data exchange is not very frequent interconnection, such as the local area network and the Internet interconnection. If the router, especially the high-end router used in the LAN, can be said to be a waste (in terms of its powerful routing function), but also cannot meet the needs of LAN communication performance, affecting the normal communication between subnets.

4.4 Network Virtualization

Network virtualization is one of the basic core technologies supporting cloud computing and plays a vital role in the cloud computing system. Starting from the concept of network virtualization, this section introduces traditional network virtualization and virtual switch-based virtual networks and also the network characteristics of virtualization products using Huawei’s virtualized network devices as an example.

4.4.1 Overview of Network Virtualization

Cloud computing is a new computing model based on the principle of distributed computing. Although cloud computing has more flexible service capabilities for multiple users than previous grid computing and service computing, distributed computing is still the foundation of cloud computing. Therefore, computer networks play an important role in all aspects of cloud computing: cloud service providers need to coordinate the management and scheduling of resources through the network and integrate different types of resources for users to access in the form of services. In contrast, users of cloud computing need to access cloud services over the network. These requirements present significant challenges to the network architecture of cloud computing systems. In order to meet these challenges, modern cloud computing network architecture explores a series of effective solutions from infrastructure construction, network behavior control, virtualization of network resources, and management of network functions.

Traditional network equipment is a real visible physical equipment, such as a switch has a specific physical, can touch, can manually plug in the port network cable. In addition to traditional physical network devices, there are many network devices are virtualized in cloud computing. These virtualized network devices may be applications running inside the server and connecting these virtual network devices is often no longer a real network cable but may be a routing message in the routing table, and this new way of virtualizing devices also brings new challenges to network management.

4.4.2 Traditional Network Virtualization

Network virtualization simulates multiple logical networks on a physical network.

Traditional network virtualization content generally refers to VPN, VLAN, and virtual network devices. VPNs abstract the concept of network connectivity, allowing remote users to access an enterprise or organization’s internal network as if they were physically connected to that network. VLANs are a logical set of devices and users based on physical local area networks that are not limited by physical location and can be organized according to factors such as functionality, department, and application, communicating with each other as if they were in the same network segment, hinge VLAN.

Network virtualization can help protect IT environments from threats from external networks such as the Internet, while enabling users to access applications and data quickly and securely. Let’s cover VPN and VLAN, respectively.

1.
VPN

A VPN is a temporary, secure connection over a public network, usually the Internet, a secure, stable tunnel through a chaotic public network. The tunnel allows data to be encrypted to use the Internet safely. Simply put, VPNs are private networks that take advantage of public networks, including authentication, encryption, tunneling, and firewall capabilities.

VPN is a remote access technology that is an extension of the enterprise intranet. VPNs can help remote users, corporate affiliates, business partners, and suppliers establish trusted secure connections to the company’s Intranet, enabling them to access the resources of the company’s Intranet using a VPN, whether they are traveling abroad or working from home, as long as they have Internet access. VPN can be realized by server, hardware, software, and many other ways, mainly using tunneling technology, addition/decryption technology, key management technology, user, and device authentication technology.

There are three main types of tunneling protocols commonly used for VPNs: IP Security (IPSec), Point to Point Tunneling Protocol (PPTP), and layer 2 Tunneling Protocol (L2TP). Among them, IPsec protocol is the standard to protect IP secure communication, it mainly encrypts and authenticates IP packets and is the tunnel protocol that works on the third layer of the network. PPTP is a protocol for establishing IP VPN tunnels on the Internet and a tunneling protocol that works on the second layer of the network. L2TP is a virtual tunneling protocol that works on the second layer of the network and is typically used for VPNs. L2TP itself does not provide encryption and reliability verification capabilities and can be used in combination with security protocols such as IPsec to enable encrypted data transfer. Figure 4.9 gives an example of an IPsec VPN.
2.
VLAN

VLAN is a virtual LAN that network administrators can logically divide into different broadcast areas according to the actual application needs of different users in the same physical LAN. Each VLAN is equivalent to a separate local area network. The same VLAN computer users can be interconnected. The computer users between different VLANs cannot communicate directly, the need for routing configuration to achieve the interconnection of computers between different VLANs.

In a computer network, a two-tier network (a network that contains only the data link layer and the physical layer, such as a local area network) can be divided into several different broadcast domains, one for a specific group of users, which by default are isolated from each other. To communicate between different broadcast domains, you need to forward it over a router.

The concept of broadcast domains is involved here. A broadcast domain, usually corresponding to a local area network with Ethernet technology. Ethernet is characterized by all computers connected to a common bus, data is sent using CSMA/CD protocol, networked computers if there is data to be sent, the data will be broadcast directly on the public bus, but only the destination computer will receive data. There is a problem with this type of broadcasting, which can create conflicts when two networked computers send data at the same time. The solution to Ethernet is to have both parties to the conflict wait a random period of time before resending. But if the broadcast domain is large and there are many computers in it, conflicts can easily occur. So how do you make the broadcast domain small? The technology you use frequently is VLAN.

VLAN is a communication technology that logically divides a physical LAN into broadcast domains. Hosts within the same VLAN can communicate directly with each other, while hosts within different VLANs cannot communicate directly, limiting broadcast frames to one VLAN, as shown in Fig. 4.10.

In Fig. 4.10, if you have a two-tier switch with no VLAN set, any broadcast frame is forwarded to all ports except the send port, but if you have two VLANs in dark and light colors on the switch, ports 1 and 2 are dark VLANs, and ports 3 and 4 are light VLANs, the broadcast frames are forwarded only to other ports that belong to the same VLAN. This isolates the broadcast domain.
Fig. 4.9
An example of IPsec VPN
Full size image
Fig. 4.10
VLAN plays a role in separating broadcast domains
Full size image

With VLAN, you can benefit from the following.

limit broadcast domains: Broadcast domains are limited to one VLAN, saving bandwidth and increasing network processing power.
enhances the security of local area networks: messages within different VLANs are isolated from each other at the time of transmission, i.e., users within a VLAN cannot communicate directly with users within other VLANs.
improves the robustness of the network: failures are limited to one VLAN, and failures within one VLAN do not affect the normal operation of other VLANs.
Build virtual workgroups flexibly: VLAN allows you to divide different users into different teams. Users in the same team don’t have to be limited to a fixed physical scope. Networks are easier and more flexible to build and maintain.

So how does VLAN work? In fact, VLAN is a 4B VLAN-specific identity that is added to a traditional Ethernet data frame, called the 802.1Q Tag. This name is taken because the implementation of VLAN is defined by a protocol standard called IEEE 802.1Q. The 802.1Q label contains a 12-bit VLAN identifier (VLAN ID), which distinguishes between different VLANs. Figure 4.11 shows the VLAN label structure of the Ethernet frame. Among them, the TP ID is called Label Protocol Identifier, which represents the type of data frame. PRI is Priority, which represents the 802.1Q priority of the data frame. CFI, which means that the MAC address is encapsulated in a standard format in different transmission media for compatibility with Ethernet and token ring networks. VLAN ID field represents the number of the VLAN to which the data frame belongs.

Packets sent by each switch that supports the IEEE 802.1Q protocol contain a VLAN ID to indicate which VLAN the switch belongs to. Therefore, in a VLAN switching network, Ethernet frames come in two forms.

Tagged frame: A frame with a 4B 802.1Q label added.
Untagged frame: The original frame that is not labeled with a 4B 802.1Q.
The ports of the operating system or switch can label data frames, and in general, the addition and removal of this label is done by the switch, so there are two link types in the VLAN.
Access link: A link used to connect a user host to a switch. Typically, hosts don’t need to know which VLAN they belong to, and host hardware often doesn’t recognize frames with VLAN tags. Therefore, the frames sent and received by the host are unmarked frames.
Trunk link: Used for connections between switches or between switches and routers. The trunk link can carry data from multiple different VLANs, and when the data frame is transmitted over the trunk link, the devices at both ends of the trunk link need to recognize which VLAN the data frame belongs to, so the frames transmitted on the trunk link are marked frames.

When the IEEE 802.1Q protocol defines vLAN frames, some device interfaces recognize VLAN frames, while others do not. According to the interface’s recognition of VLAN frames, the interface can be divided into the following two categories:

Access interface: The access interface is the interface on the switch that connects to the user’s host and can only access the link. Only a unique VLAN ID is allowed to pass through this interface, which is the same as the interface’s default VLAN ID. Ethernet frames sent by the access interface to the receiving device are always unmarked frames.
Trunk interface: The trunk interface is an interface on the switch that is used to connect to other switches and can only connect trunk links, allowing data frames (marked) from multiple VLANs to pass through.

Each type of interface can be configured with a default VLAN and a port with a default VLAN ID, typically 1.

In summary, VLAN increases the flexibility, security, and reliability of a network by logically dividing a physical LAN into broadcast domains. VLAN works on layer 2 and layer 3 of the network hierarchy, a VLAN is a broadcast domain, and communication between VLANs is done through layer 3 routers.

Technologies such as VLAN can also be used to build so-2 networks. A computer network like Ethernet that contains only the physical and data link layers is called a Layer 2 (L2) network. Multiple L2 networks can be connected over bridges or switches to form larger L2 networks, called the so-called so-2 networks. The Layer 3 (L3) network also contains a network layer, and multiple L3 networks form the Internet over a router connection. A data center may have multiple L2/L3 networks, and multiple data centers can be interconnected through L2/L3 switches. Another reason for introducing a so-2 network is the scale scalability requirement. Because support for the number of devices of individual data center is capped in the design of modern data center network architectures. As a result, even without the need for geographical distribution, equipment management and service provision have to be made available by building new data centers as the enterprise’s equipment grows. In other words, enterprises have an ever-expanding need for the size of their internal networks.

The so-2 network is common in the infrastructure construction of modern cloud computing network. Because a single data center has limited resources and it is difficult to provide the same quality network services to users in different geographic locations, multiple data centers need to be connected over the Internet over a so-2 network. Virtual network technologies such as VLAN are often used to build so-2 layer coverage networks.

In a cloud computing environment, it is primarily virtual machines that are hosted as a business. In the TCP/IP of the Internet, the IP address identifies a host on the Internet and determines its location. That is, the IP address is both a system identifier and a locator. When a virtual machine moves from one subnet to another, its IP address must change, complicating the route. Despite mobile IP support, moving a system within a subnet (within an L2 domain) is much simpler than moving a system between subnets. This is because the LAN address used in the L2 network, such as the MAC address of Ethernet, is only a system identifier and not a locator and does not change as it moves through the L2 network. Therefore, it is easier to manage and control if multiple L2 networks from different data centers are connected through switches (or virtual switches) to form a large virtual L2 network.

Large IT companies (such as Microsoft, Google, Amazon, Baidu, Alibaba, Tencent) need to set up data centers in different geographic locations worldwide to manage their computing devices. To facilitate the management and scheduling of traffic across the enterprise network, these geographically distributed data centers often need to be under the same two-tier network to ensure that their traffic can be routed over multiple paths below the network layer, as well as controls such as load balancing. This has also contributed to the popularity of so-2 networks.

4.4.3 Virtual Network Based on Virtual Switch

1.
From a Physical Switch to a Virtual Switch

The VLAN technology described above is mainly used in switches and routers. The mainstream application is still in the switch, but only for those VLAN protocol-supporting Layer 2 switches. These switches are physical switches.

In recent years, with the development of computer technology, especially cloud computing technology, more and more scholars began to study network virtualization, virtual switch has become the trend of communication development. At present, many network servers already have the function of supporting virtual machines, and the virtualization of servers promotes the virtualization of the network. Virtualization technology uses real physical network devices to form virtualized network devices such as virtual switches through the corresponding software to provide virtual machines’ corresponding network services. Compared with traditional physical switches, virtual switches have many advantages in providing network services, and virtual switches are likely to be the core of building virtual network platforms in the future.

The principle of virtual switch technology is simpler, in essence, the technology is logically integrated with multiple physically connected switches. Compared with traditional physical switches, virtual switches improve the reliability and productivity of communication by consolidating multiple physical switch resources, reducing the number of network devices and simplifying the network structure.
2.
North–south traffic and east–west traffic

In a data center service architecture similar to a cloud computing environment, we often hear north–south traffic and east–west traffic. North–south traffic and east–west traffic are network traffic patterns in data center environments. Let’s illustrate this with an example.

Suppose we try to access a Web application through a browser, and the Web application is deployed in an application server located in a data center. In a multi-tiered architecture, a typical data center includes application servers and other servers, such as load balancers, databases, and network components such as routers and switches. Suppose the application server is the front end of the load balancer. When we access a Web application, we generate two types of network traffic.

• traffic between the client (browser on the side of the data center) and the load balancer (located in the data center).

• traffic between load balancers, application servers, databases, and so on, all located in data centers.

In this example, the first type of network traffic, the network traffic between the client and the load balancer, is called north–south traffic. In short, north–south traffic is Server-Client traffic. The second type of network traffic, which is traffic between different servers or between data centers and different data centers, is called east–west traffic. In short, east–west traffic is Server-Server traffic.

Today, east–west traffic far exceeds north–south traffic, especially in today’s big data ecosystem. For example, the Hadoop ecosystem (where a large number of servers reside in data centers and are processed with Map/Reduce) has far more east–west traffic than north–south traffic.

The use of names such as north and south, east and west may stem from the habit of drawing typical network charts. In a chart, the core network components are usually drawn at the top (north), clients are drawn at the bottom (south), and different servers in the data center are drawn at the same horizontal location (east–west).

In practice, to judge whether a flow is north–south or east–west, a certain reference is needed. In general, north–south traffic and east–west traffic to the router as the demarcation point, through the router traffic for north-south traffic, not through the router traffic for east–west traffic. In the case of a physical router, as shown in Fig. 4.12, the router is deployed at the boundary of the Internet Data Center (IDC) room, connected up to the extranet (which can be the Internet, or the enterprise’s own defined extranet) and down to the business network of the IDC room (e.g., mail system, office system), when the computer in the IDC room accesses the Internet, the traffic is north–south traffic, when the computer in the IDC room accesses the business inside the computer room or communicates with other computers in the room, there is no need to go through the router, the traffic is east–west traffic.

With the development of cloud computing, more and more computing is concentrated in the IDC rooms cluster. Sometimes the customer sends only one instruction, and a lot of operations are performed between IDC’s different businesses. If you use the desktop cloud, the client even runs in the IDC room. Simultaneously, the high availability of virtualization allows virtual machines to move freely across different physical servers in the data center, resulting in an increasing share of east–west traffic, from about 20 percent previously to about 70 percent today. This situation has also brought about changes in the network structure, the traditional three-tier network architecture has developed into the so-called second-tier architecture, the so-called second-tier architecture can better meet the requirements of large east–west traffic.
3.
Two Types of Access to the Server

Virtual machines, which are the core components of a cloud computing environment, are also part of the network, which was previously almost always accessed over a bridge, but now use virtual switches extensively to network virtual machines for ease of management and configuration. A virtual machine can be connected to a virtual switch, multiple virtual network cards can be connected, and other virtual machines can be connected through a virtual network card.

In a virtualized environment, the hosting business is a virtual machine, and the virtual machine is running inside the physical server, in order to make the virtual machine access to the network, we must first solve the network access problem of the physical server, which involves two types of access methods of the server.

In the data center room, servers are placed in separate cabinets, and for better cooling, cabinets are arranged in columns, so the two current mainstream server access networks are Top of Rack, ToR, and End of Row, EoR. As the name implies, ToR is the switch that connects the server to the network on top of the cabinet. ToR switches can be selected to consider the use of Gigabit or 10 Gigabit devices according to the actual situation. The ToR switch connects the physical server to the network by connecting the server network port, the federation aggregation, or the core switch. The way the ToR is routed is shown in Fig. 4.13.

EoR is a separate switch in a cabinet that connects the server to the network, also known as the EoR switch. EoR switches are typically placed in the middle of a column of cabinets to reduce the length of server-to-switch wiring. EoR is routed as shown in Fig. 4.14.

Both ToR and EoR have their own usage scenarios and limitations. ToR is more scalable than EoR.

After the server is connected to the network, we can classify it according to network traffic, which is generally divided into business traffic, storage traffic, and management traffic. Users access the required business through business traffic, and if the business data is not placed locally on the server, but on a professional storage device, the server generates storage traffic when it accesses the storage device. Management traffic is primarily the amount of traffic that users generate when they manage servers, virtual machines, and storage devices. Each physical device now has a separate management port, called Out-of-Band if the management traffic is separated from the business traffic, using different physical lines and interfaces, and In-Band if the management traffic and business traffic use the same physical channel.

In a cloud computing data center, a network is designed with a high-end three-tier switch at the heart of the entire network, and the default gateway for all traffic segments is set on top, which means that all traffic that crosses the broadcast domain passes through the switch. There are several reasons for this.
- High-end three-tier switch has a good forwarding performance, can meet the full network traffic forwarding requirements.
- High-end three-tier switches are modular in design to ensure their high fault tolerance and scalability. In addition to power supply, fans, and other necessary modules, high-end three-layer switch core components such as engine board using a 1-1 thermal backup method greatly improve the availability of equipment.
- High-end three-tier switches can support boards with different bandwidth interfaces, such as 10GB, 40GB, and 100GB, and can support high-capacity, high-tight server access, and ToR uplink aggregation to meet the requirements of high-performance, the ultra-large capacity of data center networks.
- High-end three-tier switches have basic routing switching capabilities, they also have features that meet cloud computing requirements, such as soda architecture, support stacking, and virtualization.
  
  Before accessing the core switch, all traffic generally access the second-tier switch, access in the way we talked about earlier—EoR or ToR. Depending on the type of access traffic, access switches can be divided into management switches, storage switches, and business switches. In the case of a data center with very large traffic, it is recommended that the access layer use different physical switches to host different traffic when designing the network fabric. That is, each traffic uses a separate switch, as shown in Fig. 4.15. In the case of a data center with general traffic, you can use the same physical switch and use VLAN to isolate different traffic logically.
4.
Link Aggregation Technology

The physical server connects to the network through its physical network card, and all virtual machine traffic enters the network through various types of network cards. Typically, a physical network card corresponds to a physical link, but a port (link) aggregation increases link bandwidth by bundling multiple Ethernet physical links together to become a logical link. At the same time, these bundled links can effectively improve the reliability of the links by dynamically backing them up with each other.

Link aggregation technology can increase link bandwidth by bundling multiple physical interfaces into one logical interface without a hardware upgrade. Compared with increasing bandwidth by replacing high-speed devices, this method is flexible and more cost-effective, and at the same time, the link aggregation technology adopts the backup link mechanism, which can effectively improve the reliability of the inter-device link and meet the user’s QoS requirements for the backbone link.
5.
Normal Virtual Switches and Distributed Virtual Switches

With the popularity of cloud computing and virtualization, virtual machines are replacing physical servers as the carriers of business. Originally the physical server will have at least one network cable connected to the switch, running on this server’s business exclusive network cable, and now a physical server running multiple virtual machines, they will share this network cable, so that the network cable will carry a variety of traffic. How do I manage these traffics, and how do I see the status of these traffics? These have become new problems.

Figure 4.16 shows a virtual network architecture in which multiple virtual machines running on the same physical server connect to the physical network through a virtual switch.

In addition, according to the structure, the virtual switch can be divided into two types: a normal virtual switch and the other is a distributed virtual switch. A normal virtual switch runs on only one separate physical host, and all network-related configurations apply only to virtual machines on this physical server; one of the conditions for a virtual machine to be able to perform a thermal migration is to have a distributed virtual switch.
6.
Examples of Common Virtual Switch Products

Currently, virtualization vendors have their virtual switch products, such as VMware’s vSwitch, Cisco’s Nexus 1000V, Huawei’s DVS, and open source products such as Open vSwitch (OVS). Here we take open source OVS as an example to introduce virtual switches.

OVS is an open source, high-quality virtual switch that supports multi-layer protocols and is designed to support distribution across multiple physical servers (i.e., with distributed virtual switch capabilities), using an open source Apache 2.0 license agreement, developed by Nicira Networks, with the main implementation of portable C code. Its purpose is to support large-scale software-based network automation extensions, as well as standard management interfaces and protocols such as NetFlow. In addition, OVS supports a variety of Linux virtualization technologies, such as Xen and KVM.

OVS has the following characteristics:
1. (1)
  The status can be migrated
  
  When a virtual machine runs on a different host, all network states associated with it should be easily identified and migrated. OVS supports cross-instance configuration and migration of network state, such as when a virtual machine is migrated, migrating the network configuration associated with it, and migrating the network state of the virtual machine at this time. In addition, the state of the OVS can be output and backed up using the developer’s data model.
2. (2)
  Respond to dynamic networks
  
  The dynamic and high-frequency change of network environment is one of the characteristics of virtualization. It is common for multiple virtual machines to migrate at the same time, and each migration changes the logical network environment. When the network changes, OVS supports the independent monitoring and management of the network through network management tools such as NetFlow, IPFIX, and SFlow and can respond promptly if there is a change. OVS also supports remote access to traffic control via the OpenFlow protocol.
3. (3)
  Support for logical label maintenance
  
  Distributed virtual switches typically uniquely identify virtual machines by attaching appropriate labels to network packets. The main problem in building distributed virtual switches is how to manage these tags efficiently and correctly. OVS contains a variety of methods for specifying and maintaining label rules, all of which are accessible to remote processes of the business process.
4. (4)
  Support and hardware integration
  
  Many vendors are currently working to port OVS to hardware chipsets. These include multiple commercial chipsets (Broadcom and Marvell) and platforms for many specific vendors. The advantage of hardware integration is speed, which improves performance in virtualized environments.

4.4.4 The Network Characteristics of Huawei’s Virtualization Products

The virtual switch used by Huawei’s virtualization products is a distributed virtual switch, and we use Huawei FusionCompute as an example to introduce Huawei DVS.

1.
The Structure and Characteristics of Huawei DVS

Huawei DVS provides centralized virtual switching and management capabilities. Centralized management simplifies user management by providing a unified portal for configuration management.

Figure 4.17 shows Huawei DVS. Through virtual switches distributed across physical servers, Huawei DVS provides the ability to communicate, isolate, and guarantee QoS between virtual machines.

Huawei DVS supports software-only virtual switching based on open source OVS, which has the following basic features:
- Virtualization administrators can configure multiple distributed switches, each covering multiple physical server nodes in the cluster with FusionCompute installed, known as computing node agents (Computing Node Agent, CNA).
- Each distributed switch has multiple distributed virtual ports (Virtual Switch Port, VSP), each with its properties, and the same port group belongs to the same VLAN to manage a set of convenient ports for using port groups to manage the same attributes.
- Virtualization administrators or business systems can choose different physical interfaces for management/storage/business use, and each distributed switch can be configured with a cascading port (UpLink Port) or a cascading port aggregation group for external communication of virtual machines. Cascading port aggregation groups can contain multiple physical ports and can configure load balancing policies.
- Each virtual machine can have multiple virtual network card interfaces, which can be connected to the switch’s distributed virtual ports.
- Virtualization administrator or business system can create a virtual two-tier network in a cluster that allows two-tier migration and set up the VLAN information used by that network, depending on business needs.
  
  Virtualization administrators can simplify the setting of virtual machine port properties by defining port group properties, such as security, QoS. The port group here is a collection of ports with the same set of network properties. Setting port group properties does not affect the normal operation of the virtual machine.
  
  The characteristics of Huawei DVS can be summed up in the following points:
- centralized management: unified portal and centralized management, simplifying user management and configuration.
- open source OVS: integrate open source OVS to take advantage of and inherit open source community virtual switching capabilities.
- provides a wealth of virtual switching two-tier features, including switching, QoS, security isolation, and more.
2.
How Huawei DVS Works

Let’s look at how Huawei DVS works under different network architectures.
1. (1)
  Virtual machines run on the same host and have different port groups (see Fig. 4.18)
  
  As we said earlier, virtual switches are essentially a two-tier switch, and a critical parameter in a port group is called VLAN ID, which, if two virtual machines are not in the same port group, represents that they are not in the same VLAN, so they cannot be found over the radio. In general, a virtual machine that belongs to a different VLAN, we will give it an IP address for a different segment. Therefore, if they need to communicate with each other, they need to use devices that work on the third layer of the network, such as a three-tier switch or router. In Huawei’s virtualization product FusionCompute architecture, three-tier functionality can only be provided by physical three-tier devices. Therefore, these two virtual machines’ access traffic needs to be transmitted from inside the source host to the physical three-tier access switch, where it is forwarded and routed to the address before entering the destination host to complete communication.
2. (2)
  The virtual machine runs on the same host and the port group is the same (see Fig. 4.19)
  
  If it belongs to the same port group, the virtual machine belongs to the same broadcast domain, and the virtual switch supports broadcasting. Therefore, if the same host, the same port group of virtual machines between the communication, can be done directly through the virtual switch, the traffic does not need to be passed to the physical network.
3. (3)
  Virtual machines run on different hosts but the port groups are the same (see Fig. 4.20)
  
  Although virtual machines belong to the same port group and can be found on the broadcast, different physical servers require a physical switch to access the network (unless the two physical servers are directly interconnected, which is a special case, not considered). Therefore, if the virtual machine uses the same port group but runs on different physical servers, traffic needs to be passed through the physical server’s network port to the physical switch before communication can be completed. But this physical switch does not have to be a three-tier switch.
3.
Huawei DVS Security Group

In Chap. 2 of this book, we cover the security group. Users create security groups based on the security needs of virtual machines, each of which can set a set of access rules. When a virtual machine joins a security group, it is protected by the access rule group. Users securely isolate and access virtual machines by selecting the security groups to join when they are created. A security group is a logical grouping consisting of virtual machines within the same geography that have the same security requirements and trust each other. All virtual machine network cards located in the same security group will use this security group rule for network communication. Only one security group can be added to each virtual machine network card. Huawei DVS provides support for security groups. Figure 4.21 shows the security group for Huawei DVS.

Security groups function like firewalls, and they all use packet filtering mechanisms for security control.

4.5 Software-Defined Network

Relying on the data center network’s cloud computing infrastructure, dynamic adjustments to the structure or behavior of the network are often required to provide efficient services to cloud users without interruption. Network management here should be automated because large data centers’ workload would be unimaginable if they were manually managed.

The core devices that make up the network include switches, routers, and many network products. Most of these equipment manufacturing practices come from Cisco, Broadcom, and other communication manufacturers and are not open and extensive. Therefore, for a long time, the hardware specification and software specification of network equipment are very closed. Especially for the support of standards such as routing protocols, users do not have the lead. Although the automated management of the network, there are simple network management protocols (SNMP) and other standardized protocols to define the management of IP network nodes, but these network management protocols cannot directly control the behavior of network devices, especially routing and forwarding policies. The idea of a software-defined network (SDN) was born to make it easier and more efficient to manage the network and use network resources.

4.5.1 Introduction to SDN

SDN is a new network innovation architecture that can define and control the network through software programming. Its characteristics of control plane and forwarding plane separation and open programmability are considered a revolution in the field of network, which provides a new experimental way for the research of new Internet architecture and greatly promotes the next generation of Internet.

After decades of rapid development, the Internet has evolved from a network that initially met the Best-Effort model of simple network services such as e-mail and file transfer to a converged network capable of providing multimedia data such as text, voice, and video. The expansion and complexity of network functions make the traditional SIMPLE IP-based network architecture increasingly bloated and unable to meet efficient and flexible business hosting needs.

From an abstract system structure, traditional networks are standard and open horizontally, and each network node, such as a computer, can be perfectly interconnected using standard protocols such as TCP/IP and surrounding network nodes. However, in the vertical direction, the network is "relatively closed" and "no architecture," in the vertical direction to create applications, deployment of business is relatively difficult. The vertical direction here refers to the level of computer applications, such as hardware, drivers, operating systems, programming platforms, applications, and other levels, the next layer is usually built on the basis of the next layer, using the services provided by the next layer. The innovation of SDN is to make the vertical orientation of the entire network system (not just network nodes) open, standardized, and programmable, making it easier and more efficient for people to use network resources. Specifically, SDN achieves flexible control of network equipment by separating data plane and control plane in the network and can effectively reduce equipment load, help network operators better control infrastructure, and reduce overall operating costs.

Compared with traditional networks, SDN has the following advantages: First, the decoupling of data and control makes application upgrades and device updates independent of each other, speeding up the rapid deployment of new applications. These advantages make SDN widely concerned in academia and industry.

4.5.2 Development of SDN

Speaking of SDN’s birth and development, it is closely related to the emergence of virtualization and cloud computing technology. In the early days, storage, computing, and network resources were physically and operationally separate, and even the systems used to manage them were physically separate. Applications that interact with resources, such as operations monitoring systems, generally have complex access policies and rules to meet security and other requirements. But as the concept of cloud services becomes more and more popular, enterprises are increasingly inclined to migrate servers and storage devices that were previously dispersed across departments to a unified data center for management, both for administrative convenience and for resource sharing among enterprise users, while reducing the unit energy consumption of devices.

In data centers, a large number of IT devices come together, and how to operate and manage these resources effectively becomes a challenge. A prominent contribution to solving this problem is virtualization technology. VMware first introduced VMware Workstation in 1999, allowing one or more customer operating systems, such as Windows, to run on operating systems such as UNIX/Linux. This is the first commercial virtualization product for personal computers. Several server-based virtualization products followed this. VMware’s virtualization software creates a virtual environment that integrates real computing environments, running isolated virtual machines, each running in its environment, with a separate customer operating system that can operate virtualized hardware and perform all kinds of computing and processing tasks that are performed by ordinary physical functions. In fact, a virtual machine is created by a virtual machine image stored on disk, and a virtual machine image is a normal file. So the migration and replication of virtual machines become very easy because they correspond to replicating files. The migration ability of virtual machines and computing tasks makes elastic computing a reality.

In an elastic computing environment, operations can migrate virtual machines to any physical location in the data center by simply pausing them and copying files. They can even create a new virtual machine by copying the same hypervisor image file and letting the hypervisor run it as a new instance. The flexibility of virtualization technology makes it easy for network administrators to configure and optimize data center resources. A network administrator might optimize the cooling load on the data center by consolidating all running virtual machines and hibernating or idling servers in other parts of the data center from an energy-saving perspective.

With the rise of cloud computing technology and the growing size of data centers that provide cloud services, computing, storage, and network resources within data centers often need to be serviced in separate or isolated pieces, which are needed to serve multiple tenants. In this environment, the migration of virtual machines often spans different segments and requires three layers of routing devices. Although virtual network technologies such as VPN or VLAN are supported, network configuration and management are still complex. This is because commercial network devices such as routers and switches are configured with management ports and support network administrators to configure and manage these devices using command-line interfaces, XML/Netconf, SNMP. But in general these devices typically hide the lowest details from network administrators, who can only take advantage of the interfaces and features already provided by the devices and cannot customize or develop the functionality they need.

Because of these aspects’ needs, after many explorations, trial and error, network innovation has finally made a breakthrough, the representative of a new generation of information technology—SDN was born.

SDN originated in 2006 at Stanford University’s Clean State research project. In 2009, Professor Nick McKeown formally introduced the concept of SDN. Early advocates of SDN found that network equipment vendors could not meet their needs, especially in the space for innovation in feature development and offer, but they also found a rapid decline in computing costs. This made them realize that they could use this computing power to run a centralized control plane that controls and manages existing network devices. Several engineers at Stanford University created the OpenFlow protocol, which uses a (logically) centralized controller to control and manage all network devices in the current network, all on a data plane. This centralized controller is responsible for maintaining all network paths and programming the network devices it controls. It also becomes the only control plane in the network. Figure 4.22 shows OpenFlow’s architecture.

After the SDN concept was proposed, in addition to researchers from universities and research institutes, technicians from companies such as Cisco Juniper, Level3, and other manufacturers and operators contributed to network programmability. The Open Network Foundation (ONF) also provides commercial support for SDN and remains an authority on SDN standards and market promotion. In recent years, SDN research continues to be active, some advanced academic conferences include a large number of SDN-related articles, and even SDN as a topic for discussion, so that SDN-related research into a new stage of development.

4.5.3 SDN Architecture

The SDN architecture proposed by the SDN Foundation for Open Networking consists of three levels: the infrastructure layer of the SDN (data plane), the controller layer of the SDN (control plane), the application layer of the SDN (application plane), the interface level of the south-way interface (the controller communicates with the network equipment at the infrastructure layer), and the north-bound interface (the NBI) (the controller communicates with the application services at the upper level) as shown in Fig. 4.23.

Since all the control logic of the network device has been concentrated in the central controller of the SDN, the flexibility and controllability of the network are significantly enhanced, the programmer can write policies on the controller, such as load balancing, firewall, network address conversion, VPN and other functions, and thus control the lower level devices. It can be said that SDN is essentially through virtualization technology and API to make direct control of the hardware possible, to achieve on-demand hardware management, so that network management programmable. The introduction of north-to-north interfaces in SDN architecture has brought a wealth of applications to SDN. The north-speaking interface mainly refers to the interface between the controller and the network application in the SDN, which is generally represented as the controller’s API for the application. North–south interfaces expose information within the controller to applications and management systems in the SDN to be used for various operations, such as requesting the status of devices in the network, requesting network views, and manipulating down-level network devices, and so on. Using the network resources provided by the north-to-north interface, programmers can customize their network strategy and interact with the network, taking full advantage of the network programmability benefits of SDN.

SDN’s core idea is to break the shackles of the abstract layering of network system by the original network hardware system. From the perspective of system construction rather than data transmission, the network system is abstracted from the bottom up into three planes, i.e., the data plane, control plane, and application plan.

However, in the traditional network system design, the control plane is not very controllable. Because the network hardware determines the logic that determines network data forwarding control on its ASIC chip. Unless the device manufacturer updates the firmware or replaces the chip, these control logic can only be modified with a few configuration parameters. Even if network devices support modification of control logic, there is another challenge to implement fast and flexible control logic switching: the control plane located on a single network device cannot obtain information for the entire network, and information can only be exchanged through distributed protocols and adjacent network devices, making it difficult to make fast and accurate decisions.

Therefore, to overcome these shortcomings, SDN has made the following improvements to the existing architecture.

(1)
The data plane is separated from the control plane

One of the key innovations of SDN is the separation of the control plane from the data plane. The data plane consists of packets in the control plane forwarding table. The control logic is separated and implemented in the controller that is ready for release. These mechanisms greatly simplify the data plane and reduce the cost of hardware implementation.
(2)
Build a centralized control plane

As for network control, centralized control has always been regarded as unreasonable design, and distributed control mode is one of the pillars of Internet design. Now, however, there are good reasons to support centralized control of the network. Because centralized control enables network systems to perceive network state more quickly than distributed protocols and dynamically adjust the network based on state changes.

Of course, there is a problem with scale expansion in a centralized style compared to distributed design. In this case, one solution is to divide the network into subnets small enough to have a common control strategy for centralized control. With centralized control, network state changes or policy changes propagate much faster than fully distributed systems. In addition, if the primary controller fails, the standby controller can be used to take over. But the data plane is still completely distributed.

4.5.4 SDN Key Technology

1.
Key Technologies for Data Planes

In SDN, data forwarding is separated from rule control, and the switch places control of the forwarding rule with the controller, which forwards packets only according to the controller’s rules. To avoid frequent interaction between the switch and the controller, the rules agreed upon by both parties are flow-based and not per-packet. SDN data plane key technologies are mainly reflected in switch and forwarding rules.

The data forwarding method of SDN switch is two kinds of hardware and software. The hardware approach is faster than the software approach, but the flexibility is reduced. New research and improvement methods have been proposed to make the hardware more flexible in data forwarding.

Unlike hardware, software processing is slower than hardware, but software can increase forwarding rule processing flexibility. Using the switch’s CPU or Network Processor (NP) to execute software control logic to handle forwarding rules avoids poor hardware flexibility. Because NP is designed to handle network tasks, it is slightly stronger than CPU in network processing.
2.
Control Plane Key Technology

Controller is the key component of control plane, and it is also the logic center of SDN architecture. The SDN controller realizes the control function corresponding to the distributed control plane and can realize the management of the network’s instantaneous state. At present, SDN controllers are not standardized. Manufacturers such as VMware and Juniper have their commercial products, and the others are open source controllers. Most open source SDN controllers are based on the OpenFlow protocol. Figure 4.24 shows the working architecture of the OpenFlow controller.

With the expansion of the SDN network scale, the SDN network’s processing capacity with a single-controller structure is limited, and performance bottlenecks are encountered, so the controller needs to be expanded. There are currently two-controller expansion methods: one is to improve its own controller’s processing capability, and the other is to adopt a multi-controller method.

However, in most cases, it is far from enough for large-scale networks to rely on single-controller parallel processing to solve performance problems. It is more to use multi-controller expansion to optimize SDN. Controllers can generally be expanded in two ways: one is flat control; the other is hierarchical control.

In the flat control mode, the controllers are placed in different areas and are in charge of different network devices. The status of each controller is equal, and logically they have the information of the whole network. They rely on the east–west interface to communicate. When the network topology changes, all controllers will be updated synchronously, and the switch only needs to adjust the address mapping with the controller. Therefore, the flat control mode has little effect on the data plane. In the hierarchical control mode, the controller is divided into a local controller and a global controller. The local controllers manage the network devices in their respective regions and only control the network status of the region; while the global controller manages the local controllers and controls the entire network state, the interaction between local controllers is also done through the global controller.

4.5.5 The Advantage of SDN

The hierarchical network structure is one of the key factors for the great success of the Internet. However, after the network’s traditional architecture is deployed on service requirements, since the equipment manufacturer controls the firmware of the network equipment, its parameters or configuration is locked. If the service requirements change, it is challenging to remodify the configuration on the corresponding network equipment. Simultaneously, with the continuous expansion of network scale, too many complex protocols are built into closed network equipment, which increases the difficulty for operators to customize and optimize the network. In the rapidly changing business environment of the Internet, compared to the network’s high stability and high performance, sometimes flexibility and agility can become the key to meeting business needs. Therefore, SDN hopes to separate network control from the physical network to eliminate the limitations of hardware on the network architecture.

What SDN does is to separate the control rights on the network equipment and manage it by a centralized controller without relying on the underlying network equipment, thereby shielding the differences in the underlying network equipment. The control right is completely open, and the network routing and transmission strategy can be defined by the user, which makes the device more flexible and intelligent. After the SDN transformation, you only need to define simple network rules when you use it to complete the configuration of the configuration without configuring the routing nodes in the network one by one. Not only that, if the built-in protocol of the routing node does not meet the needs of users, it can also be modified programmatically to achieve better data exchange performance. In this way, network equipment can be upgraded or modified just like ordinary software to meet the needs of users for adjustment and expansion of the entire network architecture. The underlying switches, routers, and other hardware devices do not need to be replaced. While saving a lot of costs, the iterative cycle of the network architecture will also be significantly shortened.

As a new network paradigm, SDN adopts an architecture that separates the control plane and the data plane, which not only allows the control plane and the data plane to evolve independently, helps to solve the problem of network rigidity but also brings things that are not available in the traditional network architecture. Advantages: For example, programmability helps network innovation; centralized control facilitates and simplifies network management; global network view makes network fine-grained control possible; virtualization supports optimized scheduling and efficient use of network resources. All of this makes SDN one of the most popular network technologies at present. Its application frees manual operation, reduces network configuration errors, and makes the network easy to be deployed in a unified and rapid manner. It has been successfully applied to various fields such as enterprise networks and data centers. The Massachusetts Institute of Technology listed it as "one of the top ten innovative technologies that changed the world."

4.6 Exercise

(1)
Multiple choices
1. 1.
  The topology of the Internet is.
  1. A.
    Bus type
  2. B.
    Star
  3. C.
    Ring
  4. D.
    Mesh
2. 2.
  The network devices that work at the network layer are ( ).
  1. A.
    Hub
  2. B.
    Router
  3. C.
    Bridge
  4. D.
    Switchboard
3. 3.
  The false saying about packet switching networks is ( ).
  1. A.
    Packet switching networks are segment-by-segment occupied by communication lines during data communication.
  2. B.
    Packet switching networks use storage and forwarding technology.
  3. C.
    Grouping selects routes independently in a packet switching network.
  4. D.
    The packet switching network needs to establish a source-to-destination communication line before transmitting the packet.
4. 4.
  The protocol that runs in the network layer in the TCP/IP model is ( ).
  1. A.
    TCP
  2. B.
    UDP
  3. C.
    IP
  4. D.
    HTTP
5. 5.
  The technique for logically dividing a physical LAN into broadcast domains is ( ).
  1. A.
    VPN
  2. B.
    VLAN
  3. C.
    Ipsec
  4. D.
    SNMP
6. 6.
  The effect that VLAN technology can’t achieve is ( ).
  1. A.
    Restrict the broadcast domain
  2. B.
    Enhance the security of your local area network
  3. C.
    Improve the robustness of your network
  4. D.
    Flexible control of network equipment is achieved through software programming
7. 7.
  The routing protocols commonly used on the Internet do not include ( ).
  1. A.
    CSMA/CD
  2. B.
    OSPF
  3. C.
    BGP
  4. D.
    RIP
8. 8.
  The misconception about the virtual switch is ( ).
  1. A.
    Virtual switches leverage virtualization technology to logically integrate multiple physically connected switches.
  2. B.
    Using virtual switches can reduce the number of network devices and simplify the network fabric.
  3. C.
    The virtual switch can only run on a single physical host.
  4. D.
    One of the conditions for a virtual machine to be able to perform a thermal migration is to have a distributed virtual switch.
9. 9.
  If multiple virtual machines on a physical server are connected via Huawei DVS, the correct statement is ( ) about the traffic direction of traffic between two virtual machines belonging to different port groups.
  1. A.
    Communication is done directly through DVS inside the source host, and traffic does not need to be passed to the external network.
  2. B.
    Access traffic needs to be passed from inside the source host to an external three-tier switch and forwarded to complete the communication.
  3. C.
    Access traffic needs to come out from inside the source host, but externally it can be forwarded using a two-tier switch.
  4. D.
    Different port groups cannot communicate.
10. 10.
  The misconception about SDN is ( ).
  1. A.
    Distributed control mode is the core concept of SDN
  2. B.
    The SDN separates the data plane from the control plane in the network
  3. C.
    SDN provides flexible control over network devices and effectively reduces device load
  4. D.
    D.The SDN concentrates all the control logic of the network device in the central controller
(2)
Fill in the blanks
1. 1.
  The main purpose of the computer network is to provide _____ and implement data communication.
2. 2.
  The network is divided by geographic coverage_______________、_______________and_______________.
3. 3.
  Computer networks can be divided into three categories: _______, _______, and the Internet by application type.
4. 4.
  Computer network is the product of the close combination of _____ and _____.
5. 5.
  To communicate between computers and exchange information, you need certain conventions and rules, which are _______________.
6. 6.
  Mac frames for Ethernet, which typically contain fields such as destination address, _____, type field, frame data, and validation fields.
7. 7.
  7._______________ is a network device that works at the data link layer and is characterized by an exclusive electrical signal path to any two network nodes connected to the device, which is also a significant difference from a hub.
8. 8.
  If a host has an IP address of 192.168.1.11 and a subnet mask of 255.255.255.248, the network address of the subnet where the host is located is _______________.
9. 9.
  9.______________ are private networks that are secured by using public networks, and their functions include authentication, encryption, tunneling, and firewall functions.
10. 10.
  10._______________ is a new network innovation architecture, which can define and control the network in the form of software programming.
(3)
Answer the following questions
1. 1.
  The main work of communication subnet and resource subnet is briefly described.
2. 2.
  Briefly describe the advantages and disadvantages of bus, star, and ring topology.
3. 3.
  Briefly describe the main functions of the data link layer.
4. 4.
  Briefly describe the main principles of VLAN.
5. 5.
  What is the difference between north–south traffic and east–west traffic?
6. 6.
  What is a soda network?
7. 7.
  What are the advantages of SDN over traditional networks?

Author information

Authors and Affiliations

Consortia

Huawei Technologies Co., Ltd.

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits any noncommercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if you modified the licensed material. You do not have permission under this license to share adapted material derived from this chapter or parts of it.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Huawei Technologies Co., Ltd.. (2023). Network Basics in Cloud Computing. In: Cloud Computing Technology. Springer, Singapore. https://doi.org/10.1007/978-981-19-3026-3_4

Download citation

DOI: https://doi.org/10.1007/978-981-19-3026-3_4
Published: 05 October 2022
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-3025-6
Online ISBN: 978-981-19-3026-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics