How UCloud’s SDN Architecture Tackles Heterogeneous Cloud Networks

On October 23, 2020, the UCloud User Conference and TIC 2020 were held in Shanghai, where the author interviewed Zhou Jian, head of UCloud’s virtual network, to learn about the company’s SDN innovations across heterogeneous networks.

UCloud, the first cloud computing company listed on China’s STAR Market, accelerated digital transformation during the pandemic, positioning cloud infrastructure as the foundation for 5G, industrial internet, big data, and AI.

01 Heterogeneous Network Connectivity: Core Cloud Demand

Enterprises face complex connectivity issues when linking public, private, and hosted clouds, leading to challenges in security isolation, performance guarantees, and consistent user experience.

Key difficulties include security isolation, performance assurance, and uniform user experience across domains.

Security is paramount, requiring independent gateways for physical and hosted clouds and tenant‑level isolation.

Performance demands flexible, elastic gateways capable of handling massive and heterogeneous data forwarding.

Users expect a unified management plane and effortless network operation to focus on business.

UCloud addresses these needs with an SDN‑based programmable approach, offering VPC and K8S CNI for public cloud, hybrid cloud gateway (HCGW), physical cloud gateway (VPCGW), cross‑domain connectivity (UDPN), and cloud interconnect (UGN) covering all heterogeneous scenarios.

02 Tenant Isolation: Evolution of VPC

Since 2013, UCloud has used SDN for tenant isolation (VPC 1.0). Recognizing bare‑metal needs, it introduced SDN switches for physical cloud integration. By 2015, hardware limitations led to a DPDK‑based server cluster replacing hardware switches, enhancing virtual network speed.

From 2017, with 25 Gbps networks, UCloud pursued programmable switches and smart NICs, launching VPC 2.0 with features like custom IP planning, cross‑zone disaster recovery, VIP high‑availability, and seamless hybrid‑public cloud connection. VPC 3.0 added BGW gateways and IPv6 support.

03 Security: Multi‑Dimensional Protection

UCloud emphasizes layered security: deeper, broader protection at lower layers, and efficient, user‑proximate safeguards at higher layers. A “barrel principle” applies—security gaps dictate overall defense capability.

The company provides global traffic cleaning via eight edge nodes with 500 Gb capacity, filtering attacks before routing clean traffic to the nearest service node.

04 SDN: Integrated into Architecture

UCloud identifies current SDN challenges: forwarding stability and performance, control‑plane scalability, data consistency, and the tension between steady‑state and rapid‑change requirements.

To address these, UCloud built detection, diagnosis, and gray‑release systems, enabling fine‑grained, protocol‑level network changes with pre‑change validation and post‑change testing.

SDN also enhances diagnostic capabilities, allowing granular traffic inspection, while architectural optimizations mitigate management complexity.

For performance, UCloud leverages P4 for high‑throughput forwarding and DPDK for complex business processing, assigning each to suitable scenarios.

05 User‑First Global Connectivity

Enterprises demand hybrid‑cloud solutions with global reach. UCloud operates 31 data centers worldwide, offering private‑cloud, public‑cloud, and inter‑cloud high‑speed links, enabling seamless multi‑cloud migration, elastic scaling, and consistent user experience.

UCloud’s global backbone dynamically schedules traffic and multiplexes bandwidth via SDN.

Additional overseas facilities, network acceleration, security products, and localized services allow enterprises to “move in ready‑to‑use” and focus on business growth.

Domestically, UCloud expands its own data centers, such as the Ulanqab center (6,000 cabinets, phased completion) and the Qingpu center (3,000 cabinets, PUE < 1.3, green design).

Looking ahead, UCloud will continue to prioritize user‑driven network reliability and build faster global interconnects for lower‑cost, high‑quality cross‑domain traffic.