Constructing a Next-Generation Network Device O&M Platform Powered by AOC
[Abstract] In the Bank 4.0 era, intelligent financial services penetrate every corner of our life. To deliver financial services that are available anytime and anywhere, stable and reliable networks have become essential. As financial Internet services develop rapidly, financial institutions have higher requirements on the stability and speed of their data center infrastructure networks. Furthermore, the ever-increasing scale and complexity of networks poses major challenges to network O&M. In response to the increasing workload and difficulty of network O&M, data center networks urgently need to transform toward automated network O&M — this is becoming an inevitable trend.
In the Bank 4.0 era, intelligent financial services penetrate every corner of our life. To deliver financial services that are available anytime and anywhere, stable and reliable networks have become essential. As financial Internet services develop rapidly, financial institutions have higher requirements on the stability and speed of their data center infrastructure networks. Furthermore, the ever-increasing scale and complexity of networks poses major challenges to network O&M. In response to the increasing workload and difficulty of network O&M, data center networks urgently need to transform toward automated network O&M — this is becoming an inevitable trend.
On the way toward automation, the financial services sector faces two major pain points:
- No unified management: A diverse range of network devices from various vendors exist on data center networks, requiring different management modes and commands.
- Lack of agile response: Network O&M services are constantly updated due to changes in the network architecture and upper-layer applications. However, developing new service capabilities using the conventional coding mode takes a time.
To address the preceding pain points, China UnionPay and Huawei Financial Network Lab have built a next-generation network device O&M platform that leverages Agile Open Container (AOC). This platform is deployed in the production testing area of China UnionPay and is the first application of AOC technology in the financial services sector. The platform focuses on building and verifying the following key capabilities:
Two-layer YANG model for devices and services, implementing unified management of devices from different vendors from the service perspective
Currently, O&M operations on data center networks still rely heavily on scripts. However, because command lines lack any unified standards or specifications, both command lines and error messages vary significantly according to vendors. Even for a given vendor, command lines in different software versions may vary. As such, O&M personnel must be familiar with each vendor's commands and maintain scripts for each vendor, device model, and software version, making O&M both inefficient and prone to errors.
To address these issues, the next-generation network device O&M platform decouples the device layer from the service layer. Powered by the YANG model-driven mechanism and programmability engine of the AOC, this platform implements unified management of different vendor devices from the service perspective. The key capabilities include:
- Network and service separation: Decoupling the device layer from the service layer and using a model- and vendor-agnostic service model, the next-generation network device O&M platform enables service automation across devices from different vendors. This platform allows O&M personnel to focus on services and define service models by shielding technical details of vendors' devices and enabling network development & operations (DevOps).
- Model-driven mechanism: Both the network service functions and device management functions of the next-generation network device O&M platform support the YANG model-driven mechanism. With this mechanism, specific NE driver (SND) packages, UIs, and NBIs can be automatically generated, significantly improving efficiency.
- Co-existence of NETCONF and CLI: In the southbound direction, NETCONF/YANG is supported to shield the differences between command lines of vendors and simplifying O&M.
Open programmability, quickly adapting to devices from various vendors and building new services
Currently, the financial data center network is heavily dependent on vendors. Requirements for device adaptation, new service functions, and new features must be submitted to the vendor, who then schedules and develops new versions to meet the requirements. Typically, the whole process takes 6 to 9 months, meaning that services cannot be rolled out quickly.
Currently, the financial data center network is heavily dependent on vendors. Requirements for device adaptation, new service functions, and new features must be submitted to the vendor, who then schedules and develops new versions to meet the requirements. Typically, the whole process takes 6 to 9 months, meaning that services cannot be rolled out quickly.
- Fast adaptation to devices through open programmability at the NE layer: Based on the open programmability of the O&M platform, device drivers are quickly developed to implement fast adaptation to Huawei CE6850 and USG9520, as well as H3C S6800. It takes about only one week to develop an SND package for a device model.
- Programmable network services and fast service rollout: Specific service plugin (SSP) packages are quickly developed based on firewall service provisioning scenarios in financial data centers, implementing automated service deployment. It takes about only one week to develop an SSP package.
Open programmability eliminates vendor lock-in and minimizes dependency on vendors. This gives customers more options, as in addition to integrators and vendors, they can complete new network services and device adaptation, better meeting the requirements for fast service rollout.
Transaction rollback mechanism, enabling reliable network O&M
The conventional CLI configuration mode does not provide key capabilities such as transaction, consistency comparison, and rollback. If a configuration error occurs, customers have to manually check configuration logs and restore services, which is time-consuming. To address this issue, the next-generation network device O&M platform provides comprehensive assurance, ranging from review before configuration and rollback upon failures during configuration to auditing after configuration.
- Before configuration: The platform provides the dry run capability, which facilitates the review of configuration scripts.
- During configuration: The platform monitors the configuration delivery process in real time. If an exception occurs, the platform automatically rolls back the service configuration to restore the network and minimize the impact on the system.
- After configuration: The platform records historical configurations and provides consistency verification. O&M engineers can perform checks, configuration audits, and service rollback as required.
The AOC-based next-generation network device O&M platform transforms CLI-based network O&M into O&M powered by the YANG-driven mechanism and open programmability. It offers the following key capabilities:
- Unified management of devices from multiple vendors, enabling fast adaptation
- Network and service separation and shielding of differences between vendors and devices, enabling customers to focus on services
- Pre-event review and quick rollback capabilities for service configurations
These capabilities help build networks that are more open, flexible, and reliable for intelligent financial services.
In the future, China UnionPay and Huawei will deepen and further promote the open programmability of financial network O&M, and work with more partners to cultivate the open programmability ecosystem for financial networks.