軟體定義數據中心(SDDC)是指數據中心的所有基礎設施都是虛擬化的,並且能夠以一種所要即所得的服務方式來提供。數據中心的控制是完全由軟體自動化來完成,同時所有的硬體配置維護都是通過智能軟體來完成。一般來說軟體定義的數據中心主要包括分成四個部分,計算、存儲、網路、管理。
其核心是讓客戶以更小的代價來獲得更靈活的、快速的業務部署、管理及實現。
三大優勢:
1.敏捷性(agility): 更快、更靈活的業務支撐與實現(以及軟體開發模式的優化與變更);
2.彈性(Elasticity):隨業務需求的資源的動態可伸縮性(水平+垂直);
3.省錢(Cost-efficiency):軟體實現避免了重復硬體投資和資源浪費。
基於超融合搭建的數據中心作為近年來軟體定義數據中心熱門方案被廣泛運用於教育,醫療,金融,大型製造業等。
B. 什麼是軟體定義網路
話說最近網路虛擬化(Networking Virtualization,NV)和SDN真實熱得發燙,先談一下我個人的理解和看法。由於沒有實際玩過相應的產品,所以也只是停留在理論階段,而且尚在學習中,有些地方難以理解甚至理解錯誤,因此,特地來和大家交流一下。
早在2009年就出現了SDN(Software Defined Networking)的概念,但最近才開始被眾人所關注,主要還是因為Google跳出來表態其內部數據中心所有網路都開始採用OpenFlow進行控制,將OpenFlow從原本僅是學術性的東西瞬間推到了商用領域。第二個勁爆的消息就是VMWare大手筆12.6個億$收掉了網路虛擬化公司Nicira。
SDN只是一個理念,歸根結底,她是要實現可編程網路,將原本封閉的網路設備控制面(Control Plane)完全拿到「盒子」外邊,由集中的控制器來管理,而該控制器是完全開放的,因此你可以定義任何想實現的機制和協議。比如你不喜歡交換機/路由器自身所內置的TCP協議,希望通過編程的方式對其進行修改,甚至去掉它,完全由另一個控制協議取代也是可以的。正是因為這種開放性,使得網路的發展空間變為無限可能,換句話說,只有你想不到,沒有你做不到。
那SDN為什麼會和NV扯上關系呢?其實他們之間並沒有因果關系,SDN不是為實現網路虛擬化而設計的,但正式因為SDN架構的先進性,使得網路虛擬化的任務也得以實現。很多人(包括我自己)在最初接觸SDN的時候,甚至認為她就是NV,但實際上SDN的目光要遠大得多,用句數學術語來說就是「NV包含於SDN,SDN包含NV」。
再來看看NV,為什麼NV會如此火爆,歸根結底還是因為雲計算的崛起。伺服器/存儲虛擬化為雲計算提供了基礎架構支撐,也已經有成熟的產品和解決方案,但你會發現一個問題,即便如此,虛擬機的遷移依然不夠靈活,例如VMWare vMotion可以做到VM在線遷移,EMC VPLEX可以做到雙活站點,但虛擬機的網路(地址、策略、安全、VLAN、ACL等等)依然死死地與物理設備耦合在一起,即便虛擬機從一個子網成功地遷移到另一個子網,但你依然需要改變其IP地址,而這一過程,必然會有停機。另外,很多策略通常也是基於地址的,地址改了,策略有得改,所以依然是手動活,繁雜且易出錯。所以說,要實現Full VM Migration,即不需要更改任何現有配置,把邏輯對象(比如IP地址)與物理網路設備去耦(decouple)才行。這是一個舉例,總而言之,目的就是實現VM Migration Anywhere within the DataCenter non-disruptively,尤其是在雲這樣的多租戶(Multi-tanency)環境里,為每一個租戶提供完整的網路視圖,實現真正的敏捷商務模型,才能吸引更多人投身於雲計算。
SDN不是網路虛擬化的唯一做法,Network overly(mac in mac, ip in ip)的方式也是現在很多公司實際在使用的,比如Microsoft NVGRE、Cisco/VMWare VXLAN、Cisco OTV、Nicira STT等。事實上overly network似乎已經成為NV實現的標准做法,SDN模型下的NV實現目前更多的是在學術、研究領域。新技術總是伴隨大量的競爭者,都想在此分一杯羹,甚至最後成為標准。好戲才剛剛上演,相信會越發精彩。
個人覺得這是一個非常有意思的話題,希望和大家交流心得,互相學習.
NV的目標就是如何呈現一個完全的網路給雲環境中的每一個租戶,租戶可能會要求使用任何其希望使用的IP地址段,任何拓撲,當然更不希望在遷移至公共雲的情況下需要更改其原本的IP地址,因為這意味著停機。所以,客戶希望有一個安全且完全隔離的網路環境,保證不會與其他租戶產生沖突。既然vMotion之類的功能能夠讓虛擬機在雲中自由在線漂移,那網路是否也能隨之漂移呢?這里簡單介紹下微軟的Hyper-v networking virtualization,到不是因為技術有多先進,只不過他的實現細節比較公開,而其它公司的具體做法相對封閉,難以舉例。
其實微軟的思路很簡單,就是將原本虛擬機的二層Frame通過NVGRE再次封裝到 IP packet中進行傳輸,使得交換機能夠通過識別NVGRE的Key欄位來判斷數據包的最終目的地。這其實就是一個Network Overlay的做法,它將虛擬網路與物理網路進行了分離。試想,公司A和公司B都遷移到公有雲且就那麼巧,他們的一些虛擬機連接到了同一個物理交換機上,現在的問題是,他們各自的虛擬機原本使用的私有IP段是一樣的,如果沒有VLAN就會導致IP沖突。但現在看來,這已經不是問題,因為虛擬機之間的通信都要通過NVGRE的封裝,而新的IP包在物理網路上傳輸時是走物理地址空間的,而物理地址空間是由雲服務提供者所獨占的,因此不存在IP沖突的情況。
總結一下就是,這里的網路虛擬化可以認為是IP地址虛擬化,將虛擬網路的IP與物理網路完全分離,這樣做就可以避免IP沖突,跨子網在線遷移虛擬機的問題,微軟的要求是:虛擬機可以在數據中心中任意移動,而客戶不會有任何感覺,這種移動能力帶來了極大的靈活性。
Software-defined networking (SDN) is an approach to computer networking which evolved from work done at UC Berkeley and Stanford University around 2008.[1] SDN allows network administrators to manage network services throughabstraction of lower level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forwards traffic to the selected destination (the data plane). The inventors and vendors of these systems claim that this simplifies networking.[2]
SDN requires some method for the control plane to communicate with the data plane. One such mechanism, OpenFlow, is often misunderstood to be equivalent to SDN, but other mechanisms could also fit into the concept. The Open Networking Foundation was founded to promote SDN and OpenFlow, marketing the use of the term cloud computing before it became popular.
This section does not cite any references or sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged andremoved. (February 2013)
One application of SDN is the infrastructure as a service (IaaS).
This extension means that SDN virtual networking combined with virtual compute (VMs) and virtual storage can emulate elastic resource allocation as if each such enterprise application was written like a Google or Facebook application. In the vast majority of these applications resource allocation is statically mapped in inter process communication (IPC). However if such mapping can be expanded or reced to large (many cores) or small VMs the behavior would be much like one of the purpose built large Internet applications.
Other uses in the consolidated data-center include consolidation of spare capacity stranded in static partition of racks to pods. Pooling these spare capacities results in significant rection of computing resources. Pooling the active resources increases average utilization.
The use of SDN distributed and global edge control also includes the ability to balance load on lots of links leading from the racks to the switching spine of the data-center. Without SDN this task is done using traditional link-state updates that update all locations upon change in any location. Distributed global SDN measurements may extend the cap on the scale of physical clusters. Other data-center uses being listed are distributed application load balancing, distributed fire-walls, and similar adaptations to original networking functions that arise from dynamic, any location or rack allocation of compute resources.
Other uses of SDN in enterprise or carrier managed network services (MNS) address the traditional and geo-distributed campus network. These environments were always challenged by the complexities of moves-adds-changes, mergers & acquisitions, and movement of users. Based on SDN principles, it expected that these identity and policy management challenges could be addressed using global definitions and decoupled from the physical interfaces of the network infrastructure. In place infrastructure on the other hand of potentially thousands of switches and routers can remain intact.
It has been noted that this "overlay" approach raises a high likelihood of inefficiency and low performance by ignoring the characteristics of the underlying infrastructure. Hence, carriers have identified the gaps in overlays and asked for them to be filled by SDN solutions that take traffic, topology, and equipment into account.[7]
SDN deployment models[edit]
This section does not cite any references or sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged andremoved. (February 2013)
Symmetric vs asymmetric
In an asymmetric model, SDN global information is centralized as much as possible, and edge driving is distributed as much as possible. The considerations behind such an approach are clear, centralization makes global consolidation a lot easier, and distribution lowers SDN traffic aggregation-encapsulation pressures. This model however raises questions regarding the exact relationships between these very different types of SDN elements as far as coherency, scale-out simplicity, and multi-location high-availability, questions which do not come up when using traditional AS based networking models. In a Symmetrically distributed SDN model an effort is applied to increase global information distribution ability, and SDN aggregation performance ability so that the SDN elements are basically one type of component. A group of such elements can form an SDN overlay as long as there is network reachability among any subset.
Floodless vs flood-based
In a flood-based model, a significant amount of the global information sharing is achieved using well known broadcast and multicast mechanisms. This can help make SDN models more Symmetric and it leverages existing transparent bridging principles encapsulated dynamically in order to achieve global awareness and identity learning. One of the downsides of this approach is that as more locations are added, the load per location increases, which degrades scalability. In a FloodLess model, all forwarding is based on global exact match, which is typically achieved using Distributed Hashing and Distributed Caching of SDN lookup tables.
Host-based vs Network-centric
In a host-based model an assumption is made regarding use of SDN in data-centers with lots of virtual machines moving to enable elasticity. Under this assumption the SDN encapsulation processing is already done at the host HyperVisor on behalf of the local virtual machines. This design reces SDN edge traffic pressures and uses "free" processing based on each host spare core capacity. In a NetworkCentric design a clearer demarcation is made between network edge and end points. Such an SDN edge is associated with the access of Top of Rack device and outside the host endpoints. This is a more traditional approach to networking that does not count on end-points to perform any routing function.
Some of the lines between these design models may not be completely sharp. For example in data-centers using compute fabrics "Big" hosts with lots of CPU cards perform also some of the TopOfRack access functions and can concentrate SDN Edge functions on behalf of all the CPU cards in a chassis. This would be both HostBased and NetworkCentric design. There may also be dependency between these design variants, for example a HostBased implementation will typically mandate an Asymmetric centralized Lookup or Orchestration service to help organize a large distribution. Symmetric and FloodLess implementation model would typically mandate in-network SDN aggregation to enable lookup distribution to a reasonable amount of Edge points. Such concentration relies on local OpenFlow interfaces in order to sustain traffic encapsulation pressures.[5] [6]
C. 各省市、各個地區應該如何發展工業互聯網,有哪些主要任務
自2017年國務院印發《關於深化「互聯網+先進製造業」 發展工業互聯網的指導意見》之後,各地紛紛加快工業互聯網的建設與發展步伐。發展工業互聯網,網路體系是基礎,平台體系是關鍵,安全體系是保障。各省市、各地區應緊緊系統構建網路、平台、安全三大體系,打造人、機、物全面互聯的新型網路基礎設施,全力推進七大任務:
1.夯實網路基礎
夯實工業互聯網的網路基礎,應圍繞網路改造升級、提速降費、標識解析,推進三方面的工作:
第一,以IPv6、工業無源光網路(PON)、工業無線、時間敏感網路(TSN)等技術,改造工業企業內網;
第二,以IPv6、軟體定義網路(SDN)以及新型蜂窩移動通信技術(即5G技術),實現工業企業外網的升級改造;
第三,推進標識解析體系建設,圍繞工業互聯網標識解析國家頂級節點,推動行業性二級接機點的建設與連接。
2.打造平台體系
第一,培育工業互聯網平台,以企業為主導,構建跨行業、跨領域平台,實現多平台互聯互通。
第二,開展工業互聯網平台試驗驗證。支持產業聯盟、企業與科研機構合作共建測試驗證平台,開展技術驗證與測試評估。
第三,推動、吸引企業上雲。鼓勵工業互聯網平台在產業集聚區落地,通過財稅支持、政府購買服務等方式,鼓勵中小企業的業務系統向雲端遷移。
第四,培育工業APP,支持軟體企業、工業企業、科研院所等開展合作,培育一批面向特定行業、特定場景的工業APP。
3.加強產業支撐
要加強產業支撐,必須加大關鍵共性技術攻關力度,提升產品與解決方案供給能力:
第一,關鍵共性技術支撐。鼓勵企業和科研院所合作,圍繞工業互聯網核心關鍵技術、網路技術、融合應用技術開展聯合攻關,促進邊緣計算、人工智慧、增強現實、虛擬現實、區塊鏈等技術在工業互聯網應用。
第二,系統解決方案支撐。圍繞智能感測器、工業軟體、工業網路設備、工業安全設備、標識解析等領域,推廣一批經濟實用的微服務化系統解決方案。
4.促進融合應用
融合創新工作應圍繞大型企業和中小型企業兩大主體開展:
針對大型企業,加快工業互聯網在工業現場的應用;開展用於個性需求與產品設計,生產製造精準對接的規模化定製;
針對中小企業,實現業務系統向雲端遷移;開展供需對接、集成供應鏈、產業電商、眾包眾籌等創新型應用。
5.完善生態體系
第一,構建創新體系:有效整合高校、科研院所、企業等創新資源,圍繞重大共性需求與行業需要,面向關鍵技術與平台需求,開展產學研協同創新。
第二,構建應用生態,鼓勵工業互聯網服務商面向製造業企業提供咨詢診斷、展示展覽、行業資訊、人才培訓、園企對接等增值服務。
第三,構建企業協同發展體系,以需求為導向,基於工業互聯網平台,構建中介型共享製造、眾創型共享製造、服務型需求共享製造、協同型共享製造等新型生產組織方式。
第四,構建區域協同發展體系,建設工業互聯網創新中心、工業互聯網產業示範基地。
6.強化安全保障
安全保障是發展工業互聯網的底線,必須切實提升安全防護能力,建立數據安全保護體系,推動安全技術手段建設。此外,各地區還應大力發展信息安全產業,推動標識解析系統安全、工業互聯網平台安全、工業控制系統安全、工業大數據安全等相關技術和產業發展,開展安全咨詢、評估和認證等服務,提升整體安全保障服務能力。
7.堅持開放合作
第一,加強地區乃至國際的企業協作,形成跨領域、全產業鏈緊密協作的關系。
第二,建立政府、產業聯盟、企業等多層次溝通對話機制。
第三,積極參與國際組織的協同與合作,參與工業互聯網標准規范與國際規則的研討與制定。
D. 什麼是軟體定義
軟體定義的本質就是控制面和基礎能力面的分離。這個理念對於一個搞通信的「老人」其實就不是什麼新東西,程式控制交換很早就將信令和語音分離,信令控制語音電路接續等,信令和語音是二個通道。計算、網路和存儲的基礎能力分別是計算、轉發和數據存取能力,這些能力是分布部署的,部署在物理或虛擬機上。配置、管理、控制都是由集中的控制單元完成。原來我們需要對每個設備進行配置和管理,現在只要在集中的能力管理控制平台上完成,再通過分權分域讓租戶自己完成。相關控制信息由管理平台推送到相應的能力平台上。在這種新的模式下,只要基礎能力綁定配置信息就是一台虛擬設備,比如虛擬機、虛擬路由器、虛擬存儲。而且基礎能力都是透明的,配置信息可能綁定任何的物理設備(載體),並在載體中按需移動,這就是遷移。其實我們一直在談虛擬機有遷移能力,實際上軟體定義後的網路、存儲也有一樣的遷移能力,也具備熱遷移和冷遷移的能力。這也是軟體定義帶來的又一個優點。但是現在的控制面往往獨立存在的,比如虛擬機有獨立的控制面,虛擬交換機有獨立的控制面、虛擬防火牆有獨立的控制面板、虛擬負載均衡有獨立控制面、存儲更是。這些控制面相互之間缺乏融合,他們之間的關系就是設備和設備之間的關系,這種關系和普通物理設備之間的關系完全一樣,需要靠復雜的配置來確定。