Cross-DC VM Migration

For data application systems carried by VMs, services are directly accessed through VMs. Therefore, the IP address of a VM is the access IP address of a service.

After servers are virtualized, they become dynamic and their resources can be reused. VMs provide services for applications, so Server Load Balancing (SLB) cannot be used to allocate resources, and VMs can be only migrated to idle PMs. Application administrators can flexibly schedule and adjust VM running locations and online or offline status based on requirements for application resources, such as CPU and memory requirements.

When a VM resource pool is expanded to two DCs, physical server resources in the backup DC can be fully utilized and virtual resources can be flexibly scheduled across DCs, greatly improving the utilization of resources.

The high availability (HA) mechanism of VMs is used to handle faults. A faulty VM in the primary DC (A) can be dynamically migrated to another primary DC (B) without interrupting services.

Figure 7.29 shows the process of migrating VMs across DCs. Network requirements for live migration of VMs across DCs are as follows:

  • • Layer 2 interconnection: IP or MAC addresses and the TCP session status remain unchanged.
  • • Low latency: VM status synchronization requires low latency.
  • • High bandwidth: High bandwidth is required for VM migration to ensure rapid migration of status and storage data.

Network-Level Active/Standby DR

When the server cluster is deployed across DCs, the cluster provides a unified VIP for external access. This IP address needs to be configured on the gateway. Taking cross-DC deployment and DR into account, the service gateway needs to be created in multiple DCs and the DR relationship such as the active/standby relationship needs to be set up. Similarly, in a scenario in which a VM is migrated across DCs, a gateway of the VM also needs to be deployed across DCs, and a DR relationship needs to be established. This is because an IP address of the migrated VM remains unchanged. If north-south traffic of the service needs to be protected by a firewall, the firewall needs to be deployed across DCs, and security policies need to be synchronized.

When the DC is faulty, the active gateway is faulty, in which case traffic will be switched to the standby gateway for security protection, ensuring the north-south traffic remains uninterrupted and services can be provided externally.

Figure 7.30 shows the DR networking.

Network-level active/standby DR has the following requirements on a network:

  • • Active and standby egresses: Two DC egresses can work in active/ standby mode. One egress is used as the external gateway, and the other is on standby. If the active egress is faulty, services are automatically switched to the standby egress.
  • • Active and standby firewalls: Firewall security policies are synchronized. When the active egress is faulty, services are switched to the firewall bound to the standby egress automatically.
 
Source
< Prev   CONTENTS   Source   Next >