Introduction to traditional data center services to the cloud, how to transform the network configuration under the cloud based on the flexible changes of different business scenarios and device roles based on the unified service capabilities of the cloud on the network, users and their business architecture usually change Face many challenges. The [Open Network Service Platform] (ONSP) independently developed by the Alibaba Cloud Hybrid Cloud Network Technology Team and the Alibaba Cloud Network Product Team is built on the Alibaba Cloud Feitian Luoshen network system, which realizes the full integration of Feitian Luoshen network and the tripartite network ecosystem , Thereby optimizing the experience of corporate customer ecological services, and better helping customers move to the cloud.
At present, on a global scale, hybrid cloud has become the most desirable form of cloud for enterprises. According to Flexera's [2021 Cloud Computing Market Development State Report], 92% of the companies surveyed have adopted a multi-cloud strategy, and the proportion of companies that have adopted a hybrid cloud strategy has risen from 58% to 82%. According to Gartner statistics, the global cloud computing market penetration rate has increased year by year from 2015 to 2020, from 4.3% to 13.2%. By 2021, the global cloud computing penetration rate will rise to 15.3%.
At the 2021 Alibaba Cloud Summit that just closed not long ago, Zhang Jianfeng, President of Alibaba Cloud Intelligence, proposed the development direction of Alibaba Cloud in 2021, namely: deep foundation, thick mid-range, strong ecology, and good service. Committed to providing tailor-made hybrid cloud solutions for government and enterprises, the Aliyun Hybrid Cloud (Apsara Stack), which provides integrated cloud platform services from the perspective of customers from the three dimensions of building the cloud, managing the cloud, and using the cloud, is in While "doing a deep foundation" and "making a strong middle and Taiwan", recently submitted an answer sheet that satisfies government and enterprise customers on "strengthening the ecology" and "doing a good service".
Cloud Hybrid Cloud launched a new [Open Network Service Platform] (ONSP)
Customer pain points
In the process of migrating traditional data center services to the cloud, how to transform the network configuration that is flexibly changed under the cloud based on different business scenarios and device roles based on the unified service capabilities of the cloud on the network. Users and their business architecture usually face many challenges, and these challenges exist in many scenarios such as application migration and data migration. For example, during the cloud migration process, users usually encounter:
1) The network services provided by IaaS on the cloud cannot meet the individual needs of users in the short term. For example, in a traditional data center, user service application architecture relies on a certain feature provided by load balancing equipment. After the business is migrated to the cloud, users hope that the load balancing service in the cloud provides peer-to-peer capabilities to reduce the workload of application architecture transformation and the resulting stability risks;
2) For reasons such as heterogeneous deployment, usage habits, or user technology stack, users want to support three-party network services in the cloud.
Facing challenges
One way of solving the above-mentioned problems is to manually deploy the virtualized version of the corresponding network equipment. However, there are several problems with manual deployment:
1) The complexity of deployment requires users to have a deep cloud network foundation;
2) The lack of high reliability. Manually deployed virtualization equipment lacks necessary capability support in fault detection, fault isolation, etc., and cannot support use in a production environment;
3) The deployment cost, management and operation and maintenance challenges brought by the distributed deployment architecture. Under the manual deployment model, virtual network devices and applications are usually deployed in the same VPC, which not only increases deployment costs, but also poses challenges for management and operation and maintenance.
Cloud Response Plan
What is [Open Network Service Platform]? The [Open Network Service Platform] (ONSP) independently developed by the Alibaba Cloud Hybrid Cloud Network Technology Team and the Alibaba Cloud Network Product Team is built on the Alibaba Cloud Feitian Luoshen network system, realizing the full complement of the Feitian Luoshen network and the tripartite network ecosystem. Integration, thereby optimizing the ecological service experience of enterprise customers, and better helping customers move to the cloud.
[Open Network Service Platform] is a network service based on three-party virtualized network equipment, through which users can easily deploy the virtual network equipment of Ali ecological partners on the cloud. At the same time, the [Open Network Service Platform] supports the highly available deployment of virtual network equipment clusters, allowing users to continue to use the traditional IDC management model to achieve centralized deployment of virtual network equipment, which simplifies operation, maintenance and management while reducing deployment costs. Complexity, to provide users with a better experience.
ONSP core function
[Open Network Service Platform] The core components mainly include virtual network device management and network function virtualization orchestration. The architecture is shown in the following figure:
In terms of virtual network device management, the [Open Network Service Platform] (ONSP) provides basic lifecycle management of virtual network devices in a standardized and modelized manner, supporting virtual network device creation, destruction, capacity expansion, cluster initialization, etc. Follow the ETSI MANO standard in the information model and interaction with VNFM components, and at the same time built-in general VNFM components, supporting a wide range of partners to virtualize network equipment. In the definition of VNF metadata, TOSCA data modeling description language is used to explain. By abstracting and modeling VNF, it can support different types of virtual network equipment of different ecological partners without changing the version.
In terms of network function virtualization orchestration, ONSP has a built-in open network service endpoint (Open Network Service Endpoint, referred to as ONSe) that is transparent to users, through which business traffic is directed to the virtual network device cluster for processing. The user only needs to update the VPC routing table to point to the endpoint to complete the above-mentioned flow diversion process. Business traffic enters the virtual network device cluster in the form of original data packets, and is rerouted to the target device after performing business processing on the virtual network device.
At the same time, ONSP realizes the integration and integration of orchestration components with ecological partners through a set of universal, open, and interoperable northbound REST interfaces on the northbound interface, and provides users with a better service experience.
In terms of reliability, ONSP supports multiple types of virtual network equipment cluster deployment models, such as active-standby model, master-master model, etc. ONSP supports real-time and periodic monitoring of the health status of cluster business units, and customizes failover measures according to the business nature of the cluster, including isolating or restarting failed business units. After the faulty business unit is isolated, business traffic will no longer be sent to the unit until the user completes the repair of the faulty business unit.
product advantages
Through [Open Network Service Platform], it will bring users:
1) Automatic deployment
Efficient and automated deployment of virtual network equipment of ecological partners in the cloud; users can realize the peer migration of the original load balancing and other network configuration to the cloud environment through the [open network service platform] during the business migration to the cloud, without needing to pay attention Complex deployment logic and compatibility issues of virtual network devices.
2) Safe and reliable
[Open Network Service Platform] Supports cluster models of virtual network devices such as active-standby, multi-master, etc., cluster node failures automatically perform fault isolation or recovery, combined with the operation and maintenance capabilities provided by the platform, can provide business continuity for changes in user plans, It also provides an elegant recovery experience for unplanned failures.
3) Centralized management
Through the [Open Network Service Platform], users can centrally deploy virtual network equipment to provide network services for businesses distributed in multiple VPCs, avoiding the increase in deployment costs and operation and maintenance complexity caused by distributed deployment, while maintaining The original management boundary is eliminated.
4) Highly open
On the [Open Network Service Platform], the virtual network equipment of ecological partners can achieve non-intrusive access under the premise of meeting the basic requirements of cloudized network equipment, technically solving the access barriers of virtual network equipment, and providing users with More options. At the same time, the network service orchestration system developed by ecological partners or customers can be deeply integrated with the platform through the open northbound REST interface of the platform, providing an integrated management operation and maintenance experience while meeting more customized needs.
Ecological partner
Currently, the virtual network devices of ecological partners that have passed the [Open Network Service Platform] certification include:
[Open Network Service Platform] Through standards and open technology, the determination to "strengthen the ecosystem" will continue to create a network service ecological environment, and more virtual network equipment certified by ecological partners will be launched one after another.
Typical application scenario
Case 1: Business relies on advanced load balancing 
Figure 1 Business relies on advanced load balancing
In this case, the user's needs are twofold: one is that the application architecture relies on a certain feature of load balancing when the application architecture runs offline, and the user wants to maintain the original application architecture when migrating to the cloud; the other is the need to implement user-developed applications Or the service is shared to multiple service consumers.
Through the [Open Network Service Platform], users centrally deploy a virtualized version of load balancing in a three-party virtual device VPC, and provide load balancing services for multiple service users through multiple instances, and multiple load balancing instances can be shared or exclusive vLB network service cluster. After the application is migrated to the cloud, there is no need to modify the application for the original dependencies.
When there is no [open network service platform], in order to realize the sharing of services, it is usually necessary to realize intercommunication between service users and service providers through high-speed channels, which brings complexity to management and increases security risks. Through the [Open Network Service Platform], service provider VPC and service user VPC can achieve network closure.
Case 2: Border protection and NAT service 
Chart 2 Border Protection and NAT Service
In this case, the user can provide NAT services from VPC to IDC by centrally deploying the vFW network service cluster, and at the same time realize the boundary security protection from VPC to VPC or VPC to IDC.
Take the NAT requirement from VPC to IDC as an example. Since user IDC is usually constructed before private cloud, its address planning is already a fact and cannot be changed. In the context of the gradual migration of user business to the cloud, there will be a long-term need for IDC and cloud VPC intercommunication. Generally speaking, to open up the address space between IDC and VPC in the cloud through a dedicated line, the premise is that the address space of IDC and VPC in the cloud does not conflict. In order to solve the problem of address conflicts between IDC and VPC in the cloud, a vFW network service cluster can be deployed through the [Open Network Service Platform] to achieve the intercommunication between VPC and IDC in the cloud while maintaining the independence of the network address space.
Case 3: Tenant traffic mirroring and analysis 
Figure 3 Tenant traffic mirroring and analysis
In this case, the user deploys the NPM virtual device of the ecological partner through the [Open Network Service Platform], collects and analyzes customer business ECS traffic, realizes tenant-side ECS traffic visualization, accelerates network fault location, and improves business availability.
In this solution, the NPM virtual device of the ecological partner includes a controller node and a data node. The controller node adopts the active and standby deployment model; the data node cluster is deployed in the Active/Active model, and the number of nodes is deployed as needed. A controller cluster can manage multiple data node clusters.
How to evolve in the future
Alibaba Cloud Hybrid Cloud [Open Network Service Platform] will be officially launched in the near future as a new important product feature of the enterprise version v3.14.0. In the future, the [Open Network Service Platform] will continue to iterate and innovate in openness. While supporting access to a wider range of ecological partners, it will communicate with ecological partners or customers through an open and interoperable northbound REST interface. The self-developed network service orchestration system is integrated to provide users with a better experience in terms of ease of use.
At the same time, Alibaba Cloud Hybrid Cloud [Open Network Service Platform] will continue to build platform capabilities, and will support centralized monitoring of the operating status of virtual network equipment of ecological partners in operation and maintenance monitoring; in terms of reliability, it will further enhance the virtual network through data plane technology. Network equipment fault perception capabilities, and link perception with business traffic scheduling to improve the effectiveness of fault isolation and recovery; in business scenarios, it will support more flexible deployment forms to meet the demands of richer business scenarios.
As users' key businesses continue to go to the cloud, the development trend of cloud computing will become more and more open, and closed technologies cannot meet the diverse and differentiated needs of users. Alibaba Cloud Hybrid Cloud will adhere to the concept of “strengthening the ecology” and “doing a good service” on the basis of “building a deep foundation” and “building a thick middle-tier”, and will continue to build a good network through open and standard interoperability To serve this traditional and new field of ecology, we will work with leading manufacturers in the industry to serve customers well.
Alibaba Cloud Hybrid Cloud provides customized hybrid cloud solutions for government and enterprises
Provide an integrated cloud platform service from the perspective of customers from the three dimensions of building the cloud, managing the cloud, and using the cloud
For more product information, welcome to 【Hybrid Cloud Official Website】
Copyright Notice: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users, and the copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。