Acceleration engine SmartFlow helps Inspur Yunhai super-integrated 2021H1 China’s market growth rate first

Recently, the International Data Corporation (IDC) released the “2021 H1 Software Defined Storage and Hyper-Converged System Market Report”, showing that Inspur Yunhai’s hyper-converged products increased by 135.6 percent year-on-year in the first half of 2021, which is the industry average growth rate (49%) of 2.7 times. First. As soon as the report was released, it attracted strong attention in the industry. Why is the growth rate of Inspur Yunhai hyper-convergence so fast? Behind it is inseparable from its strong product technology innovation. Inspur cloud-sea hyper-convergence is to form a unified resource pool through software definition, and provide an integrated infrastructure service platform for computing, storage, network, operation and maintenance, etc. It is the best solution product for users to finally realize a cloud data center. It is mainly composed of three components: computing virtualization InCloud Sphere, a new generation of intelligent cloud acceleration engine InCloud SmartFlow, and an enterprise-level distributed storage system InCloud Storage.

Among them, in addition to the self-developed extreme performance of InCloud Sphere’s efficient resource scheduling and resource balancing, its self-developed new generation of intelligent cloud acceleration engine InCloud SmartFlow also provides the world’s leading hyper-converged performance and the fastest growth rate in the Chinese market to provide faster and stronger , Higher network competitiveness.

Inspur Yunhai’s new generation of intelligent cloud acceleration engine — InCloud SmartFlow, a network virtualization system, offloads dedicated computing power loads, such as I/O intensive loads such as networks and storage, to smart acceleration cards for processing, accelerating computing resources such as virtual machines, containers, and bare metals , By building a distributed SDN system on top of an intelligent accelerator card, it provides users with high-performance and highly reliable network solutions.

1. Unlock distributed routing, network forwarding speed is faster

The traditional network architecture is rigid and the programmability is weak. Traffic forwarding needs to go around a physical switch, resulting in card issuance curved traffic (also known as Hairpin traffic), resulting in low resource utilization and poor performance. In response to this series of problems, Inspur Yunhai super-integrated independent research and development, deeply unlocks distributed routing, and provides users with a better fully distributed network forwarding experience.

Specifically, it mainly uses SmartFlow to build distributed networks, distributed routers, distributed gateways and other functions. With SmartFlow, network resources can be directly allocated locally, and network traffic can be directly forwarded locally, effectively reducing network delays, traffic concentration and other bottlenecks. In addition, through distributed routing and forwarding, multiple guarantees such as high availability (HA), scalability, and high performance can also be obtained:

From the perspective of virtual machine HA, its gateway points to the address of the distributed logical router interface. When the virtual machine fails and performs HA switching, the virtual machine gateway will not change; also in the migration scenario, due to the existence of the distributed gateway , No matter which host the virtual machine is migrated to, the MAC and IP addresses of the three-layer gateway will not have any changes, which greatly guarantees the continuity of the business;

In terms of system scalability, the Arp proxy function can be enabled to reduce the flooding of broadcast messages in the network. The fully distributed network topology and no centralized traffic bottleneck enable the system to have good scalability;

In terms of network performance, forwarding traffic is distributed among various computing nodes, and network traffic can be directly forwarded locally. In addition, SmartFlow can perform real-time BFD detection on virtual network devices, intelligently sense, real-time schedule and allocate network resources.

2. Reinforced security protection and higher network control granularity

After the network traffic is fully guaranteed, security has become the most worrying thing for users. Since east-west traffic is generally completed directly at the access switch, and does not pass through aggregation or core switching equipment, it is difficult to achieve fine-grained security and fine-grained control of forwarding traffic within the data center using traditional network architecture. Furthermore, in the traditional network architecture, firewall policy adjustments need to be configured on dedicated equipment, which is complicated to operate and does not have a unified management platform. Aiming at the current pain points such as insufficient security control granularity and security risks, Inspur Yunhai Super Fusion independently develops a new method of safe drainage.

Inspur Yunhai hyper-converged platform provides four-layer security protection function based on SmartFlow, and manages east-west traffic through a distributed firewall. Based on the virtual firewall of the flow table, each virtual machine can be equipped with a firewall. At the same time, all virtual firewalls can be managed through a unified visual interface to achieve centralized configuration of firewall security rules.


East-west flow, north-south flow control

The fine-grained security protection of virtual machine resources implemented through virtual firewalls. When a virtual machine is migrated, related security policies will also follow the virtual machine for migration. In addition, for projects with higher peer-to-peer security requirements, InCloud SmartFlow also provides support for Layer 2 or Layer 3 drainage through the virtualization platform, docking with third-party security resource pools, and introducing security network elements such as IPS/IDS, DDOS, WAF, etc., making it easy Realize intrusion detection and flow cleaning, and provide a more secure support strategy.

Third, the smart network card accelerates, the performance array is stronger

In addition to unlocking traffic and strengthening security management and control, Inspur Yunhai Super Convergence has also introduced smart accelerator cards to complete data path reconstruction and data packet reorganization through the SmartFlow smart core, realizing end-to-end direct data transmission.

Specifically, the traditional OpenvSwitch performs traffic forwarding in the kernel. The performance of this method depends on the computing power of the CPU. After the introduction of the smart accelerator card, a network card hardware fast forward path is added under the kernel forwarding, and the smart accelerator kernel provides the following acceleration capabilities :

Support the processing of network data packet headers (such as Push/Pop VLAN Tag, VXLAN Encap/Decap), especially to accelerate the encapsulation and unpacking of Overlay tunnel packets that consume a lot of CPU;

Supporting the Connection Tracking offload feature can accelerate the L4 firewall function of the hyper-converged platform;

HeaderRe-write Offload can perform set/copy/add operations on packet headers, which can accelerate functions such as distributed routing and NAT gateways.

The OpenvSwitch user mode process is sent to the first packet to look up the flow table, and then the Netlink channel is converted to the forwarding flow table of the network card hardware through the TC Flower interface, so that subsequent messages are directly modified on the network card hardware when they are forwarded. , Without the need to send the message to the system kernel for processing, which can offload most of the network traffic.


Yunhai hyper-converged flow table accelerated unloading architecture

In summary, Smartflow provides customers with key capabilities such as distributed routing, security management and control granularity reinforcement, and smart network card acceleration. It has obvious advantages in network forwarding, network acceleration, security protection, etc., helping the Inspur cloud-sea hyper-converged market to have a high growth rate .

For a long time, Inspur Yunhai Super Convergence has insisted on user-centered, focused on business scenarios, and is committed to creating an open ecological product with “convergence to simplicity and extraordinary performance”, helping multiple industries to move to the cloud at a high speed, providing services for government, education, medical care, transportation, finance, The digital transformation of multiple industries, such as the Internet, is escorted. In the future, Inspur Yunhai will continue to optimize and create, and continue to contribute to the innovation and upgrading of enterprise business, digital transformation and intelligent development of the industry.

