Interconexión de alta disponibilidad y continuidad del servicio
Un centro de datos es un entorno de aplicación TI integral, en donde se concentra una gran cantidad de datos. Es un centro de cálculo de datos, transmisión de servicios y almacenamiento. La concentración de datos genera tanto ventajas como riesgos. El personal de desarrollo informático debe resolver los siguientes problemas.
A data center is an integrated IT application environment where a large amount of data is concentrated. The data center is the center of data calculation, service transmission, and storage. Data concentration brings both benefits and risks. IT construction personnel must solve the following problems:
- Prevent risks caused by data concentration.
- Ensure service continuity and security of data and services.
- Maintain competence.
- Improve user satisfaction.
Huawei, a world-leading information and communications technology (ICT) solutions provider, is dedicated to the research and development of the inter-data center connection and disaster recovery solution. This solution implements hierarchical connection and disaster recovery, building data centers with high availability (HA) interconnection and service continuity.
Huawei Inter-Data Center Connection and Disaster Recovery Solution
---HA Interconnection, Service Continuity
Three-layer Connections for Front-end and Back-end Services
Storage Network Interconnection for Data-level Disaster Recovery between the Primary and Backup Data Centers
Huawei SAN Connection Solution
Huawei SAN connection solution supports FC SAN and IP SAN disaster recovery systems. IP SAN integrates the traditional IP network and storage network and is compatible with traditional Ethernet devices, reducing investment on storage devices. FC SAN has advantages in efficiency, performance, and security. In metropolitan disaster recovery scenarios, use FC SAN to replicate data synchronously. In remote disaster recovery scenarios, use IP SAN to synchronize data periodically.
| SAN | Distance | Disaster Recovery Type | Data Replication Mode | Connection |
|---|---|---|---|---|
| FC SAN | <200 km | Hardware-based | Synchronous | WDM |
| >200 km | Hardware- or software-based | Asynchronous | IP WAN/Internet/WDM | |
| IP SAN | Software-based | Asynchronous | IP WAN/Internet |
Layer 2 Connection
The VLL/VPLS VPN technology is used to build a Layer 2 network between the primary and backup data centers. This Layer 2 network supports server clusters and dynamic virtual machine migration. Server clusters include high availability clusters, fault tolerance clusters, load balancing clusters, and high-performance calculation clusters.
Fat-Tree Architecture, Ensuring Non-blocking Large-scale Layer 2 Network
The flattened fat-tree architecture reduces network delay, facilitates service deployment, allows for flexible sharing of calculation resources, and supports virtualization and resource allocation.
VPLS Connection, Implementing Data Center Redundancy and Preventing Single-point Failures
- Mature and open network protocol: RFC 4761 and RFC 4762 were released in 2007. Most mainstream vendors, including Huawei, support VPLS and VPLS-enabled devices, enabling communication between devices of different vendors.
- No routing loops: Split horizon prevents routing loops, removing the need to deploy xSTP. Link bandwidth is not wasted.
- High efficiency: VPLS rapidly forwards packets because VPLS packet header contains only 22 bytes.
- Is easy to construct full mesh data center networks.
- Supports Option A, Option B, and Option C, extends MPLS VPN flexibility, and allows for scalable network deployment.
- Provides flexible L3VPN deployment and supports interconnection solutions of IP, MPLS, and SDH leased lines.
- Carries storage, OA, production, and web services and ensures secure service isolation.
- Supports IEEE 1588v2, xPON, and time synchronization in WDM and Ethernet scenarios. Compared with GPS phase synchronization, this solution reduces TCO by approximately 50%. Huawei 1588v2 is EANTC certified.
- Provides secure access for mobile services using IPSec VPN and SSL VPN.
- Resilient network: Access devices and aggregation devices in the data center rapidly respond and allocate resources based on service requirements. The network can be flexibly expanded to support services at low cost.
- Application-level and data-level disaster recovery systems are deployed based on service continuity requirements. Manual cold or warm backup is used. Based on load allocation calculation, the active-active mode uses DNS and HTTP redirection. The hot standby mode uses reachable route import.
- Comprehensive high-quality QoS
Layer 3 Front-end Connection
IP/MPLS VPN is used for the Layer 3 front-end connection; IPSec VPN and SSL VPN are used to ensure secure access. These techniques meet application service requirements and implement service-level disaster recovery.
IPSec VPN: implements secure high-speed interconnection, provides 10Gbit/s line-speed forwarding per slot, allows a maximum of 20,000 concurrent tunnels, and supports dual-system hot standby, load balancing, and NAT traversal.
SSL VPN: clientless VPN, which implements fine-grained authorized management and supports access of various device types.
Five-level HQoS scheduling is performed based on services, users, user groups, traffic classifiers, and ports. Five-level HQoS scheduling uses fine-grained parameters, ensures SLA based on service requirements, provides QoS guarantee at the user side, and enhances user experience.
MPLS VPN HQoS meets QoS requirements at the network side. It ensures that the bandwidth, delay, jitter, and packet loss ratio of high-priority services meet SLA requirements. Each VPN and each service in a VPN obtain a different QoS guarantee. Services in a VPN are scheduled based on service priorities, and each VPN obtains an SLA.
DS-TE meets QoS requirements on the backbone bearer network. CTs in a TE tunnel share the tunnel bandwidth. Huawei is the only vendor that provides routers supporting eight CTs and priority queues. DS-TE supports RDM and MAM, which can be configured flexibly.
Two-level Disaster Recovery, Implementing Coordination of Data-level and Service-level Disaster Recovery Systems
Key Performance Indexes for Disaster Recovery Services
Recovery point objective (RPO): is the maximum tolerable period in which data might be lost from an IT service due to a major incident.
Recovery time objective (RTO): is the duration of time and a service level within which a business process must be restored after a disaster, for example, the time taken from service or database restart time to application running time.
Disaster Recovery Levels and Network Requirements
Storage networks require low delay, and high bandwidth and reliability.
Service networks require link backup and fast route convergence.
| Item | Level 6 | Level 5 | Level 3-4 | Level 2 | Level 1 |
|---|---|---|---|---|---|
| RPO and RTO | RTO = 0 | RTO ≤ 2H | RTO ≤ 4H | RTO > 4H | RTO > 48H |
| RPO = 0 | RPO ≤15m | RPO ≤ 4H | RPO > 4H | RPO > 24H | |
| Data backup system | Highest | Higher | Medium | Low | Low |
| Backup infrastructure | Highest | Highest | Highest/Medium | Low | |
| Backup network system | Highest | Highest | Highest/Medium | Low | |
| Backup data processing system | Highest | Highest | Highest/Lower | Low | |
| Technical support | Highest | Higher | Higher/Medium | Low | |
| Operation, maintenance, and management | Highest | Higher | Higher | Medium | Low |
| Disaster recovery plan | Highest | Highest | Highest | Highest | Highest |
| Network requirements | Application-level disaster recovery | Data-level disaster recovery | |||
| Construction of the disaster recovery center and data center Backup of all services or key services Remote disaster recovery with the distance of over 1000 km SAN connection, bandwidth, and delay High reliability and routing performance |
The disaster recovery center only provides the storage system. Service data backup Metropolitan or remote disaster recovery | ||||
| Service requirements | Remote real-time backup No data loss Seamless switching |
Real-time transmission Data integrity |
Core data backup Metropolitan or remote backup | ||
Data Replication Modes
Data can be replicated synchronously or asynchronously.
- Synchronous data replication copies data in the production center to the disaster recovery center in real time. It ensures data consistency between the production center and disaster recovery center. Because the production center must wait for the disaster recovery center to complete operations and send responses, synchronous data replication is only suitable for short-distance scenarios.
- Asynchronous data replication copies data in the production center to the disaster recovery center through background synchronization. Compared to synchronous data replication, it does not impact performance as much and requires less network bandwidth, but may cause data inconsistency. Asynchronous data replication can operate at distances of over 1000 km.
Disaster Recovery Types
Hardware-based disaster recovery (array-level) is the most mature disaster recovery technique. Data is transmitted between storage devices through a storage array controller. This technique ensures system stability and high performance, and is widely used in FC SAN disaster recovery systems. It is applicable to key services and high-end applications, and operates cross-platform.
Software-based disaster recovery uses servers located in the production center and disaster recovery center to implement remote replication. Servers are equipped with dedicated replication software, which allows the production center and disaster recovery center to use different types of storage devices and servers, saving investment on extra hardware. This technique is generally used in IP SAN disaster recovery systems.
Huawei IP&Optical Disaster Recovery Solution
This solution uses optical transmission devices and routers to implement data-level and service-level disaster recovery. Huawei NE40E routers implement flexible interconnection and IP SAN backup between data centers. These routers support hardware-based BFD and OAM, which shortens the network convergence time.
IP Route Disaster Recovery
Backup traffic on an IP SAN and service traffic transmitted between data centers are both transmitted through egress routers, reducing device investment. Service traffic and backup traffic are separated by VPN instances on egress routers.
Huawei NE series routers adopt an industry-leading 400G platform, providing up to 400Gbit/s bandwidth for each slot. These routers isolate backup traffic from service traffic using VPNs, and ensure service quality with their QoS capabilities. In addition, Huawei NE series routers implement protection switching within 200 ms to ensure reliability on the IP WAN.
Huawei is a world-leading router supplier. The NE40E series routers are in wide commercial use on carrier and industry networks throughout the world.
Optical Transmission Disaster Recovery
Huawei OSN series OTN devices have industry-leading WAN transmission capabilities, and are applicable to disaster recovery systems that require large capacity and low transmission latency. These devices can constitute a WDM optical network to implement high-speed real-time transmission. Each OSN device has a capacity of 40/100Gbit/s x 80 channels (3.2Tbit/s or 8Tbit/s) and are capable of mass data transmission. In addition, they provide carrier-class 50 ms protection switching and super-long-distance disaster recovery, establishing a SAN of an industry-leading 3000 km. The OSN series devices support 14 types of SAN interfaces (such as FC, FICON, and ESCON) and have gained compatibility certificates from 7 mainstream storage device vendors.
Various Fault Detection Mechanisms, Ensuring End-to-End Service Reliability
- Data center interior: EFM OAM detects faults on links between directly connected devices.
- Data center protocol layer: MPLS OAM checks LSP connectivity and rapidly detects faults on VPLS large Layer 2 data center interconnection.
- Data center link: ASON provides rapid end-to-end service setup, query, and deletion, and attribute modification.
- End-to-end link fault detection: BFD provides low-overhead and short-duration of faults on interfaces or data links, and triggers protocol association.
- End-to-end link detection: Y.1731 provides fast end-to-end fault detection and performance monitoring, and measures the delay, jitter, and packet loss ratio. 802.1ag provides path discovery, fault detection, fault verification and location, fault notification, and fault recovery detection.