Professional Documents
Culture Documents
5G Core Microservices and Containers ISSUE 1.7
5G Core Microservices and Containers ISSUE 1.7
www.huawei.com
+ =
Industry model
Service architecture (component) + Software
architecture = Software system
5GC service
5GC software architecture?
architecture/component?
Microservice governance
Microservice
framework
Container-based deployment
What is a microservice?
Resource
UI through microservice-based
efficienc
specific environment can
UI instantiation and scaling.
y
maximize efficiency. If the
• Excessive splitting increases the
Catalog environment changes, huge
basic overhead and cross-service
Service resource waste may occur.
Business Logic communication overhead.
Recommendation Customer
Data Access Layer Account Service
Service Service • Independent maintenance of
Maintenance
Development and maintenance microservices by a full-function
efficiency
become complicated with the team improves development and
increment of software volume. O&M efficiency.
Appropriate design can • Presenting too many details to
DB DB DB DB
simplify end users' operations. users increases the management
and maintenance costs.
Microservice definition
Microservice architecture characteristics Microservice architecture core
principles
Agilit
Too weak to support agile Excellent. Good decoupling
y
• Service autonomy, self-containing, • Function independence • Independent lifecycle
and self-management powered by further • Independent resource release. significantly improves agility.
• Independent service development decoupling of software logic. scaling
states, and separated platform and • Independent optional
Performance
language selection components Medium. Excessive splitting
• Independent service running states Excellent increases latency and deteriorates
and independent upgrades performance.
• Contractual interfaces between
services
Term:
UAM: Unify Access Management
AM SM USM: Unify Session Management
shared globally)
T 6. Distinguish between process and atomic services: Protocol
function changes are separated. In the future, only a single atomic
Platform basic service set, such as SDR, CSR, etc. or process service needs to be replaced, eliminating E2E coupling
in the 3GPP process.
er
Technical perspective
tom
2. Separation of distributed basic capabilities: Simplify the
u s association between services and microservices (service mesh)
m er
o
t for main
usOM
Controller
Controller Active/standby f orc control Active/standby
Controller Executor for main control sli de OM for main
NLS for main control
e t hi s control
o t us
. Don
on ly ng.
l u se traini
r na
Executor r i nt e NLS
o
is f
Executor
sl i de N-way mode NLS N-way mode
T hi s
Executor Service execution logic NLS Service execution logic
Executor NLS
Note: The newly-developed 5GC microservices are all GO microservices. C Note: Large-granularity microservices directly reuse CE NLS, but container-
microservices are reconstructed from CE NLS. based reconstruction is performed during deployment.
us to
f orc
s e d
Executor
is u
l i de
Executor
s s N-way mode
Executor Thi Service execution logic
Executor
Middleware
O&M UAM USM XXX
CHR ALM LI
Inter-microservice
MCS1 MCS3 MCSa MCSc xxx xxx
communication
MCS2 ... MCSb ... xxx ...
VNFM Log Perf LB/IP Load balancing of
(VNF LCM)
microservices
Framework
SCF MCSG SMSH HAF DCF
Microservice reliability
Micro-Service
mechanism
Microservice O&M
CaaS (FusionStage) Middleware and support
components of microservices
Executor processfro
b
› Topic, key, and token are addressing objects for SDR c
ed
Executor process
onl
message type) provided by the microservice.
Key is the label of a data object.
l u se 2 SDR agent SDR agent 5
n t e rna
Tokens are decoupled from physical IP addresses,
fo r iand elastic
supporting fault-triggered migration 3 SDR exec SDR exec 4
scaling. Apps are unawareeofistokens for other MAC PAE SDR Payload
id
services. s sl
T hi The following uses the Executor message sent from service A to
[3] SDR executor routes the message.
• Locate the receiver's address based on the specified topic and
› The app's receiver delivers a receiving policy, service service B as an example:
key.
a-d: communication policy issuing process
binding policy, and intra-service routing policy to the • Determine the mapping about receiver's key and the root token.
1-6: message forwarding process
• Forward the root token to the destination Executor instance.
SDR. [1] The Executor sends a message. • Locate the mapping between the Executor instance and the
› The app's sender specifies the topic and key when • The topic and key are specified. destination address (for example, vFabric is TB/TP)
[2] The SDR agent routes the message. [4] The SDR executor on the receiver end transparently transmits the
sending a message. The SDR routes messages based on • If the key is the root token for affinity communication and located in message.
the receiver's policies. the current process, the message is routed within the process. [5] The DS actor in Executor routes the message to the actor.
• In other cases, the message is forwarded to the SDR executor. The exec DS actor routes the message to the actor.
Service flow
or
Center) Link microservice Session DB instance 3
is f instance 1
s lide Service Mesh Executor
Th is
Service Governance Link microservice
(MCSG) instance 2
Service Mesh Executor
Link microservice
SCF instance 3
Service Mesh Executor
Th i B
Link microservice Session DB instance 3
instance 1
Service Mesh Executor
Link microservice
instance 2
Service governance Service Mesh Executor
Service governance
ServiceMesh
Link microservice
instance 3
Service Mesh Executor
u sto m
rc
3. Redistribution notification
Service governance
Token
Service Mgmt.
governance
User microservice
d
C
e foA
sli D
instance 2
Session DB instance 1
(DCF) Service Mesh Executor
th is A
se
t umicroservice
6. Session retrieval
4. Token A registration n oUser E
o B A
ly. D
instance 3 B Session DB instance 1
se on
Service Mesh Executor F
Service governance
Service governance
n a lu B
ServiceMesh (Policy
n te r Link microservice
or i
Center) Session DB instance 3
is f instance 1
h iss
Service Governance T 5. Policy Link microservice
(MCSG) synchronization instance 2
Service Mesh Executor
Link microservice
SCF Msg instance 3
Service Mesh Executor
Topic, Key (token A)
ed f User microservice E A
us
B
e i s instance 3 B Session DB instance 1
slid
Service Mesh Executor F
is
Th Link microservice
B
Session DB instance 3
4. Token A registration
instance 1
Service Mesh Executor
Service governance
Service governance
ServiceMesh
Link microservice
instance 2
5. Policy synchronization Service Mesh Executor
Link microservice
Msg instance 3
Service Mesh Executor
Topic, Key (token A)
4 Complete the design and restore the new 3 Adjust microservices in the NF. Customized microservices:
template to the directory.
1) Replace normal access
AMF AMF
with FMC access.
IoT slice for tenant A PCF (deleted) 3) Delete the whole PCF.
Microservice is a design mode of application software architecture, which advocates the principles of single responsibility,
service autonomy, lightweight communication, and clear interfaces. Based on these principles, containers can facilitate
microservice development, maintenance, and on-demand scaling.
(1) If containers are used as the infrastructure, microservices can be rapidly deployed and iterated according to the concept
of microservice.
(2) In this cloud computing era, "container as the infrastructure" attracts more attention than "VM as the infrastructure.“
(3) As the default container platform standard, Kubernetes (K8s) integrates the configuration center and registration center,
so there is no need to develop a new configuration center or registration center for the microservice architecture.
This is how microservices and containers are closely related. In most cases, they are mentioned in the same breath.
Implementation OS-level virtualization technology, providing an application running Device-level virtualization technology, providing a system
technology environment running environment
Using the hardware resource (I/O) directly Virtualized hardware resources, affecting the performance
Adapting to any CPU architecture, such as x86, ARM, and PPC, due to its Relying on hardware to facilitate high-performance virtualization.
Resource dependency high performance KVM has a complete ecosystem only on x86 servers.
Security Shared kernel space. Security isolation needs to be improved. Complete system isolation
Companies Docker and independent contributors , such as Contribution to the community : CoreOS and Contribution to the community : Contribution to the community :
IBM 、 Huawei 、 Red Hat 、 Google 、 and Endocode Vmware employees and Facebook Canonical
Microsoft(contributing a little) ranking the second(less than 5%)
Technical √Powerful and comprehensive functions with √Appc Spec standard, componentization,and √Similar to Docker,without the image √Similar to Docker,without the image
characteristics image packaging, container runtime, and image runtime repository repository
repository integrated √Deamon restart not affecting containers √Deamon restart not affecting √Deamon restart not affecting
√Deamon restart causing container restart √Not requiring the root permission containers containers
√Requiring the root permission √Distributed image repository √Requiring the root permission √Not requiring the root permission
√Centralized image repository Docker hub √Centralized image repostiory √No image repostiory
Popularity Prosperous : There are 35,000Docker projects on The CoreOS component is used to build a Currently,the container is ued only Canonical’s Openstack version is
Github. container platform. with the CF and will be promted by integrated.
Vmware in the future.
Community Led by Docker Led by CoreOS Operated by the Cloud Foundry Led by Canonical
exposure Foundation
Development The current container implementation standards Multiple large companies support Rocket, and its Containers of Garden are not Containers of LCD may grow only in
analysis have become the foundation of the Docker container technology many develop. independently developed and depend the segmented OpenStack market.
Foundation. on Cloud Foundry.
Cloud connector
Troubleshooting Multi-cloud synergy
Kube-apiserver
kubelet kubelet kubelet
Service
etcd Kube-proxy Kube-proxy Kube-proxy discovery
Load
balancing
Kube-sched
Kubernetes Minions
Tips: The K8s ecosystem integrates
Resource scheduling Plug-in mechanism Network, storage, and acceleration resources (compute, storage, and
network) and is used in the service
(CNI/CNM/CSI) integration solutions running framework.
PaaS cloud management system Legacy apps Virtual apps Cloud-based apps
Mixed
orchestration/d ERP e-Bank... CRM e-Commerce... Web Email…
eployment Service
Monitoring & integration/
Application
self-healing mgmt. Cloud middleware services
scheduling & Microservice running and
resource mgmt.
framework App resource governance framework
Auto scaling scheduling
Cross-cloud Service route Service discovery ELB Distributed cache service
adaptation
IaaS
Some microservice components are open source.
The development pipeline is open source, which is
The FST 2.0 microservice framework provides POC
included in Huawei products and free for customers.
capabilities, and has been commercially used since 2018
Qualified suppliers provide customized services. Q1.
Use VM-based containers because bare-metal containers do not support multi-vendor integration before they are
standardized.
Copyright © Huawei Technologies Co., Ltd. All rights reserved. Page 31
Impact of the VM + Container on the NFV Model
MANO
Management and
Orchestration
Virtual Machines
Service model The items highlighted in yellow are the main objects managed by
the container-based VNF LCM.
NFVO
NS Software model
Resource model
1:N
1:N
N:1 1:1 VNFM
VNF VDU
N:1
1:N
N:1
1:1 1:N N:1
VNFC (Micro)Service Pod VM Host
1:N
CaaS
EMS Container
Constraints: • Heterogeneous resource models are not supported for the same service or pod. For
• Each VDU is divided into one or more groups, and each group has a main label. example, an AM pod cannot use 4-core and 2-core resources at the same time.
• VMs become universal. Different VMs have different pod types and instance • If CSE-ETCD is deployed on IPUs, at least three IPUs are required.
quantity. • If hostPath is used, the number of instances must be the same as that of Label-VDU
• VNF instances cannot share pooled VDU resources. instances. The use of hostPath pods must be under restrict control.
Vercfg.xml.crl
…… ……
Pod 1 software image Pod 2 software image From the internal technology
package package AOS template perspective, the software and
templates between pods are
Microservice
Microservice
Microservice
Microservice
FusionStage installation package
process
can be delivered independently in
data
data
the development phase.
Pod 1 Pod 2
TOSCA TOSCA In the early phase of 5G version,
template template the A/B test and ongoing version
Docker basic image Docker basic image delivery processes are not ready,
and pod images are combined
into a product image package. All
the images use the same template.
The software package quantity
and operation mode are the same
Guest OS image package VNFD template as those for CloudEdge.
uploaded template, the user can select the CaaS to which the Parse the VNFD()
template is to be synchronized. The CSM can connect to
multiple CaaSs. Store the VM template()
Upload the container
2. The CSM parses the VNFD and saves the VM template. template (API Call)
namespace.
6. When the VNFM northbound or portal receives the uploaded
image, the user can select the CaaS to which the image is to be Upload the container image
synchronized. The CSM can connect to multiple CaaSs. compression package
(containing VNFs)() Create a namespace (optional)
7. The CSM invokes the CaaS interface to create an image
namespace and an image repository.
8. The CSM cyclically uploads all images in the image package to Create an image repository (optional)
the CaaS.
9. When the VNFM northbound or portal receives the uploaded
Upload the image()
image, the user can select the VIM to which the image is to be
synchronized. The CSM can connect to multiple VIMs.
10. The CSM invokes the VIM interface to synchronize the VM Query the image()
VM scale-out
be added, ensure that required VM resources are
available.
[VM scale-out]
Method 1: Reserve VM resources during VNF
deployment.
Method 2: Manually perform VM scale-out on the
MANO in advance. For details, see the figure of VM
scale-out.
Method 3: The load is automatically detected based on a
policy. If the VM load exceeds the threshold, VM scale-
out is performed in advance. For details, see the figure
of VM scale-out.
Container scale-
[Container scale-out]
Method 1: A user performs container scale-out on the
VNFM. For details, see the figure of container scale-
out
out.
Method 2: The container load is automatically detected
based on a policy. If the container load exceeds the
threshold, the system starts to add more containers. For
details, see the figure of container scale-out.
3. The VNFM invokes the CaaS interface to set the VM to The VNFM selects a VM with low load.()
VM scale-in
be unschedulable. The VNFM sets the VM to be unschedulable.()
4. The VNFM deletes the pod on the VM. After detecting a
Ack()
pod fault, the CaaS automatically migrates services and
rebuilds a pod. Delete Pods()
5. The VNFM invokes the VIM interface to delete the VM. Ack()
[Container scale-in]
Method 1: A user performs container scale-in on the VNFM. The CaaS reschedules Pods
Delete VMs() To other VM nodes.()
For details, see the figure of container scale-in.
6. A user initiates a container scale-in operation on the Ack()
VNFM.
7. The VNFM invokes the CaaS execution stack lifecycle
management interface to perform scale-in.
8. The VNFM invokes the CaaS query stack interface to
check whether scale-in has been complete.
Method 2: The container load is automatically detected based
on a policy. If the container load is lower than the threshold,
Container scale-
container scale-in is initiated. For details, see the figure of in
container scale-in. The procedure is the same as that described
in method 1.
Network planes
PaaS Management, OM, Base, Fabric, and External
VM IP VLAN
network
The Linux traffic distribution policy is configured for pod ports so that
NIC 1 NIC 2 traffic received over vNICs is distributed to different pods based on the
configured policy. Therefore, only a small number of vNICs are required.
40GE 40GE 40GE 40GE
Direct connection/SR-IOV
ILOGIC_BASE1 ILOGIC_BASE2 Each port of pod occupies one vNIC. When there are a large number of
IPHY1 IPHY2
pods, the vNICs will be insufficient.