China Unicom Upgrades Its Cloud‑Native Network Architecture to an OVN + OVS + Smart‑NIC Based SDN Platform

China Unicom focuses on five major responsibilities—large‑scale connectivity, computing, big data, applications, and security—and has fully upgraded its next‑generation cloud computing platform, "Unicom Cloud," offering security, reliability, cloud‑network integration, customized solutions, cost‑effectiveness, and multi‑cloud collaboration.

The first‑generation virtual network, built on Cisco’s open‑source CONTIV and launched at the end of 2019, spans four data centers (Xi’an, Guangzhou, Wuxi, and Hohhot) and supports more than 1,300 business applications. As the number, scale, and complexity of cloud‑native workloads grew, the legacy network suffered from functional, performance, capacity, stability, extensibility, and long fault‑recovery issues, making an upgrade urgent.

The upgrade, likened to changing an aircraft engine in flight, required a seamless online migration to minimize business impact. Over 30 design reviews, technical validations, and risk assessments produced a "dual‑network parallel → distributed hot‑cutover → old network decommission" solution, accompanied by resource provisioning, business verification, and emergency procedures. More than 100 version iterations were released, achieving high‑quality, zero‑fault deployment.

The new architecture adopts an SDN control plane built on "OVN + OVS + Smart‑NIC," delivering a more advanced, stable, and elastic network foundation.

Key innovations include full‑stack domestic chip and OS support (ARM, Power, SW64, HaiGuang, Kylin, Tongxin), a unified network access point compatible with CNM and CNI standards for containers, secure containers, VMs, and bare metal, and numerous product enhancements such as DVR distributed gateway, VPC interconnect, IPVLAN‑based direct‑pass network, Flannel/Calico‑compatible routing, policy routing, dual‑stack IPv4/6, multi‑layer load separation, cookie‑based session persistence, HTTP/HTTPS routing, and certificate encryption.

The platform now supports ultra‑large clusters with over 100,000 containers, can launch 2,000+ hot containers in seconds, and achieves line‑speed east‑west traffic forwarding via DVR. Distributed NAT gateways and cloud load balancers handle tens of millions of concurrent connections, providing linear performance scaling for massive user demand.

The cloud network operation platform integrates cluster management, resource management, configuration management, product instance management, routine inspection, version release, batch jobs, event handling, monitoring, and logging, delivering a complete automated operation suite that ensures stable and secure application runtime.

Looking ahead, the team plans to collaborate with Kube‑OVN to contribute to the open‑source community and continue advancing cloud‑native networking in areas of large‑scale deployment, high performance, and observability.

Figure 1: Cloud‑Native Network Logical Architecture Topology

Figure 2: Scale of Cloud‑Native Applications

Figure 3: Data Centers and Availability Zones Involved in This Evolution

Figure 4: Functional Architecture Evolution Diagram

Figure 5: Data Flow Between Virtual and Physical Networks

Figure 6: Cloud‑Native Network Intelligent Operation Platform