How to determine the design goals of financial data center network planning?

Fancy Wang 0317 2022

Financial data center network planning and design target

The ultimate goal of network planning and design is to support business development and meet the needs of flexible business supply, rapid application deployment, information exchange and sharing, system distribution expansion, and flexible load scheduling. To this end, the industry has put forward the design goal of financial data center network, which can be simply summarized as "ICs DCN", as shown in the figure:

In ICs DCN, "I" refers to intelligent network, including high-performance, low-latency, zero-packet-loss AI Fabric, as well as AIOps (intelligent operation and maintenance), intelligent security. "C" refers to Cloud-Based, which realizes automation, software, and resourceization through SDN docking with cloud platforms. At the same time, it is required to be compatible with non-cloud server access and docking with non-cloud networks. "S" refers to Service-Drive, which is application-oriented, focused on services, and serves as a service for network functions, which is a higher level of cloudification.

According to the goals of ICs DCN, the financial data center network design goals are specified as high availability, high security, high performance, flexibility and flexibility, automation and service, and operation and maintenance visualization and intelligence.

High availability means that the financial data center network achieves 99.999% availability. The network architecture must adopt a layered and distributed network architecture, requiring fault domains to be able to isolate faults and complete self-healing, while reducing the scope of fault domains and eliminating Layer 2 loops. road risk. At the same time, optimize the LAN Layer 2 broadcast to detect and block abnormal traffic. The Underlay network should preferably be designed as an IP network to ensure no loops.

High security refers to providing end-to-end, three-dimensional security precautions and refining security control methods. A highly secure financial data center network can be realized by the following methods.

1: Deploy security controls at the boundaries of the channel domain, service domain, and user domain to achieve security isolation of different partitions in the data center.

2: Deploy distributed, VM-level-based security configuration to make security control more refined.

3: Flexible control of network segment mutual access, security services can be flexibly inserted, and access control of different network segments of the data center can be realized.

4: The firewall provides refined ACL rules and policies, as well as unified management of security policies.

5: Prevent unknown security risks and block intelligently, such as the introduction of intelligent analysis systems such as IPS (Intrusion Prevention System) and CIS (Network Security Intelligent System) to block threats and attacks from outside the data center.

High performance refers to providing subtle-level low-latency network transmission capability and interconnection interfaces of multiple rates, supporting 10GE, 25GE access bandwidth and 40GE, 100GE uplink bandwidth.

Flexible and elastic scaling means that the network can support computing and large-scale pooling of storage resources. A single physical partition can host 5,000-10,000 servers. The physical partition supports module deployment across computer rooms, and server access and physical location are moderately decoupled. At the same time, the physical partitions in the data center are divided, and the physical partitions are merged appropriately to improve the resource pooling and sharing capabilities of computing and storage. Currently, most financial enterprises use EVPN-based VXLAN resource pools to meet the needs of flexible and flexible server deployment.

Automation and service-oriented means that the network can be connected to network management platforms such as cloud platforms or controllers to realize on-demand self-service, agile and automatic delivery of network services, and support rapid service rollout. The network management platform must be able to support network layer 2/3 configuration, load balancing policy configuration, automatic deployment and recovery of firewall policies, automatic deployment and recovery of IP address resource allocation, etc., to achieve dynamic binding in the supply process of computing nodes Internet service.

O&M visualization and intelligence means that the O&M functions provided by the network can realize topology visualization, resource visualization, traffic visualization, and forwarding path visualization. At the same time, the hardware failure in the network is predictable, which can realize the coordination of monitoring, analysis and control, analyze the collected data, and automatically feedback the analysis results to the network through the controller.

We are a 100G switch with Nos, 100G module/network card factory in Shenzhen, China. We can provide you with one-stop service on products, transportation, customs clearance, and tariffs.