Huawei Next-Generation Network Operating System VRP V8
The radical changes in network traffic are forcing the advancement in new technologies and innovations. Bourgeoning use of smart devices has resulted in an explosive increase in mobile Internet traffic. The cloud computing model originated by Google and Amazon is having a huge impact on the traditional usage of computing, storage, and network resources. And, perhaps most notably, the growth of new businesses via mobile Internet, and new business models — like cloud computing — are driving the underlying physical device architecture to change to meet service requirements. The Network Operating System (NOS), which is at the core of the network devices that transmit the services to help determine end users’ experience of today’s networks, needs to change to support these new trends and demands.
The NOS requires in-depth changes in its architecture that go far beyond simple modifications or upgrades that add new protocols or features. Only a true next-generation network OS will meet these growing needs.
Huawei’s VRP V8 is just such a next-generation NOS. Developed based on Huawei’s 15 years of experience in developing NOS’s — during which time Huawei has attained more than 500 patents in this field — VRP V8 incorporates many future-oriented innovations in NOS technology.
IP’s Origin and the Development of NOS’
IP technology originated from U.S. military research and applications in the 1960s. A military network must be highly fault-tolerant, and IP was therefore quite resilient. It was also very open and simple, so IP technology was quickly adopted by civilian users and communications standards boards, and IP networks became the infrastructure of communications networks. In the last 20 years, innovations in IP technology, the expanding scale of IP networks, and the widespread use of IP network devices, have all promoted the development and improvement of network OS’s, which have now progressed through three generations of development.
Today, IP networks support various multimedia applications, such as voice, data, video, eCommerce, and online gaming. IP network devices — the basic elements required to build the Internet — include routers and switches. Now that people’s lives have been permanently changed by new Internet capabilities, most consumers are now more dependent upon these components than ever before, so changes to improve networking must not only make these capabilities better; they must be made smoothly and in a way that is invisible to users.
First Generation: Single-Process IP Device OS
The early IP devices used first-generation IP device OS’s. They were single-process OS’s and provided low reliability due to hardware limitations. Such OS’s could hardly ensure real-time service provisioning. They had limited capacity to provide services, and were not easy to maintain. Furthermore, they were designed with closely coupled modules and single-process architectures, and were therefore difficult to modify and expand. Any modification or expansion to such an OS required a large amount of labor and had to be verified by testing. In addition, it was common for a single bug in the system to cause the system to restart, interrupting services, because the single-process architecture could not easily isolate such faults.
Second Generation: Multi-Process IP Device OS
The second generation of IP device OS’s had multiple processes and partially distributed architectures, improving reliability and real-time processing capability. These OS’s used a data-sharing model. Although the second-generation IP device OS’s made many improvements compared with the first generation, they had their own problems. Because multiple processes in an OS share data while handling real-time service provisioning, exclusive operations are often performed in the OS, causing deadlocks. In addition, the second-generation IP device OS’s cannot provide carrier-grade reliability or non-stop routing service. These problems are critical in data centers and cloud networks. Customers expect long-term stable operation of IP network devices and want to minimize — or even eliminate — the impact of network upgrades to network services. Second-generation IP device OS’s failed to meet these requirements.
Third Generation: Virtualized IP Device OS
Third-generation IP device OS’s use a multi-process, distributed, virtualized architecture. They have the following characteristics:
- The ability to adapt to development from single-core to multi-core CPUs. Multi-core CPUs have higher computing capabilities than single-core CPUs and, to make full use of these greater computing capabilities for increasing real-time services, OS’s must support fine-grained, multi-process mechanisms.
- Completely modular design. OS modules are isolated from each other so that failure of a single module does not affect other modules, improving system reliability.
- They provide uninterrupted services without assistance from other devices.
- They come with excellent operation and maintenance capabilities to reduce maintenance costs.
Huawei VRP V8 is an outstanding representative of third-generation IP device OS’s. It achieves high performance levels and implements advanced virtualization technologies, abundant features, and carrier-grade reliability, meeting the requirements of data centers and cloud networks.
Highlights of Huawei’s Next-Generation Network OS
Future-oriented High Performance and Scalability
As enterprises increasingly deploy services and large networks, especially huge data center networks, IP network devices face great challenges to their service processing capabilities and performance. Although second-generation OS’s support multiple processes and allow protocols to run independently, they do not support the distributed operation of a single protocol. These OS’s therefore cannot fully use computing capabilities of multi-core CPUs to improve system performance and capacity.
Huawei’s next-generation OS VRP V8 uses a fine-grained, fully distributed architecture. It can use multiple instances to process protocols and services that require high performance and large capacity. This multi-instance distributed processing mode fully uses available CPU resources to maximize system-processing capabilities, improving system performance and capacity. VRP V8 uses flexible distributed processing policies to process different protocols. For example, it processes BGP based on peers, LDP based on sessions, L2VPN based on instances, and TE based on port group. These flexible distributed processing policies ensure the Huawei VRP V8 can process different protocols and services concurrently with high efficiency.
Figure 1: Development of OS’s
This fine-grained fully distributed architecture makes Huawei VRP V8 the best choice for building an extremely scalable, reliable, high-performance network.
Real-Time Response Architecture
VRP V8 can also respond to a change in network, as well as changes of user requirements, providing better user experiences.
For example, a network usually carries multiple real-time services, such as voice and video, which require short convergence time. Services and applications in data centers are sensitive to convergence time and latency; therefore, fast service convergence and low latency are the most important requirements of data centers and cloud networks. Huawei VRP V8 uses fast detection technologies, such as Bi-directional Forwarding Detection (BFD), to ensure millisecond-level convergence, greatly reducing service interruption time. When the network uses Fast Re-Routing (FRR), services are not affected during convergence. To end-users, the experience is seamless, and they are unaware of any delays or interruptions.
Flexible Virtualization Technologies
The third-generation OS’s introduced technologies that can virtualize network resources based on service scenarios and requirements. Network virtualization technologies are classified into two types:
- N:1 virtualization technologies, such as stacking and cluster technologies, virtualize multiple physical resources into one logical resource.
- 1:N virtualization technologies virtualize one physical resource into multiple logical resources.
Many-to-one virtualization combines multiple physical devices into one logical device to reduce the number of logical devices on a network and simplify the network topology. In addition, this type of virtualization improves scalability of network devices and protects customer investments. Typical N:1 virtualization technologies include Huawei’s Cluster Switch System (CSS) and Cisco’s Virtual Switching System (VSS).
1:N virtualization divides a physical network facility into multiple isolated networks, to reduce the number of physical devices on a network and improve device usage efficiency. Huawei VRP V8’s Virtual System (VS) feature can virtualize a single physical device into multiple virtual systems. Each VS can be configured, managed, and maintained as an independent device. The VS’s on a physical device are isolated from one another and can process services independently. In a data center, VS’s on a physical device can carry different services or serve different user groups to improve network reliability and security. VS technology also improves the efficiency of network devices and reduces network construction costs. Because user groups are isolated and managed separately, user management becomes easier.
Figure 2: Huawei CloudEngine series switches
Highly Reliable NSX Architecture
On an enterprise IT network or cloud network, network reliability is critical. Once services are interrupted because of software/hardware failures, software upgrades, or troubleshooting, the network may face considerable losses. A traditional method to improve device reliability is to add redundant hardware components, but most problems that affect reliability occur in the software system. Improving software system reliability therefore becomes a major concern.
The new Huawei next-generation OS takes the following measures to improve software reliability:
Unbreakable Security Architecture
- Uses a modular design to isolate faults in software modules, so that failure of one module does not affect the operation of the others.
- Provides Non-Stop Routing (NSR) technology to quickly trigger an active/standby switchover once a software/hardware failure occurs. Neighboring devices are unaware of the switchover so routing services are not interrupted.
- Provides In-Service Software Upgrade (ISSU) technology to ensure uninterrupted service provisioning during a software upgrade.
- Supports Non-Stop Patching (NSP) technology to prevent service interruption due to bug fixing.
- Provides Non-Stop Managing (NSM) technology to ensure that network problems can be quickly reported to the network management system during active/standby switchovers. The non-stop technologies used in VRP V8 are designed to ensure service continuity and network robustness.
Security of network devices is important to carrier and enterprise networks. It is also the prerequisite for data security. Huawei VRP V8 uses High Level Access (HLA), multi-layer filtering, and security logs to enhance device security. With this security architecture, VRP V8 can quickly detect security risks and isolate faults, safeguarding the network.
1. HLA Technology
High-Level Access (HLA) technology provides an elevated level of password security. When a device is powered on for the first time, a user can only log onto the device locally and must change the password immediately after logging in. The password strength must comply with the security specification defined in the system. In addition, the password storage process is irreversible, so that no one can decipher the encrypted password.
2. Multi-Layer Filtering Technology
Denial-of-Service (DoS) attacks are the biggest threat to the security of network devices. Attackers initiate these attacks by sending a large number of invalid packets to occupy CPU resources. When a device is undergoing a DoS attack, it cannot process services for authorized users.
Port scanning is another common type of attack. Attackers scan to detect open ports on network devices and then use them to establish many connections with network devices, exhausting system resources on those devices.
Huawei VRP V8 uses unique multi-layer filtering technology to defend against both DoS and port-scanning attacks:
- Layer 1: The forwarding plane identifies and drops attack packets so that these packets cannot reach the CPU.
- Layer 2: The forwarding plane restricts the rate of packets sent to the CPU. Even when a high-traffic attack occurs, the CPU is not too busy, because traffic has been filtered before being sent to the CPU.
- Layer 3: The system maintains a session table, which records all five-tuple information required for establishing sessions. The system checks packets against the session table before sending them to the CPU and drops packets that do not match the session table.
- Layer 4: By default, protocol ports are disabled on all devices. Therefore, the system rejects all illegal connection requests.
This multi-layer filtering technology is designed to ensure high device security.
3. Security Logs
VRP V8 maintains security logs to record information about blacklist/whitelist, user log in, and other operations performed in the system. System administrators can use the security logs to obtain IP addresses that attackers use to log in to the system, all the content that attackers input when they attempted to log in, and all the operations that attackers performed after log in. System administrators can then easily identify attackers. Only system administrators with the highest level of authorization can view and delete security logs.
Simple and Efficient O&M
VRP V8 provides the following features to facilitate network operations and management:
1. Alarm correlation function to identify root causes of network faults
Alarms can help users discover and solve network problems in a timely manner. However, helpful alarm messages usually remain hidden in the thousands of useless alarm messages routinely generated every day. It takes a great deal of time and effort for network administrators to filter these alarm messages. VRP V8 provides the alarm correlation function to free administrators of this difficult, time-sensitive task. The alarm correlation function filters, combines, and converts alarm messages to integrate multiple alarm messages into one message with more detailed information. Administrators can easily find root causes of network faults based on the integrated alarm messages.
2. Configuration rollback function to correct configuration errors quickly
VRP V8 provides the configuration rollback mechanism to minimize impact of incorrect configuration and improve system security and maintainability. An operator can set time labels before performing operations that could affect system operation. Each label records a time and the system status at that time. When incorrect configuration causes a system failure, the operator can select any labeled time to restore the system to the status at that time. This makes it easy to correct the configuration.
3. Excellent trial run technology
Trial run technology reduces risks of configuration errors. Before applying any configuration that has great impact on system operation or may put the system at risk, an operator can submit the configuration for a trial run. If the trial run verifies that the configuration is valid and has no negative effect on network services, the operator can confirm the configuration and make it “effective,” making it “go live.” Otherwise, the operator can cancel the trial run. Then the configuration for the trial run is deleted, and the system rolls back to the previous configuration. Trial run technology helps verify service-provisioning capabilities without affecting current network services, and minimizes the impact of service-provisioning failures.
Huawei next-generation Network OS VRP V8 improves system performance, scalability, reliability, virtualization capabilities, and maintainability. It is the perfect choice for cloud networks because it significantly increases network performance and capacity, enhances the flexibility and scalability of network architecture, guarantees stable network operation, and simplifies network O&M. These VRP V8 innovations can help customers reduce network construction and maintenance costs, maximizing their return on investment today and providing a way to accommodate the phenomenal growth in network demand anticipated in the future.