2. AIDC Controller System Architecture
The AIDC Controller is built on the OpenWiFi Cloud SDK and adopts a microservices architecture. System functions are divided into multiple independent services and deployed in a containerized manner. Each service communicates through standard interfaces, enabling functional decoupling and elastic scalability.
2.1 Overall Architecture
The following figure shows the overall architecture of the AIDC Controller. The system consists of three layers: the northbound interface layer, the controller core layer, and the southbound device access layer.
The northbound interface provides a unified management entry through the Web UI and RESTful APIs, supporting both visualized operations and external system integration. The controller core layer is built on a microservices architecture and decouples functional modules such as device configuration and firmware management.
Inter-service coordination is implemented through a unified east-west communication bus. Synchronous communication uses OpenAPI-based interfaces, while asynchronous messaging is handled through the Kafka message bus using a publish-and-subscribe model. This architecture improves system scalability and processing capability.
At the data layer, the controller uses PostgreSQL for centralized storage and management of configuration and status data. On the southbound side, the controller establishes persistent connections with switches through the uCentral over WebSocket protocol. This enables automatic device onboarding, telemetry reporting, and configuration deployment.
The overall architecture provides a complete closed-loop workflow from user operations to control logic and device execution. It offers strong scalability and high-concurrency processing capability, making it suitable for centralized management and automated operations in large-scale data center networks.
2.2 Controller Components
The controller consists of several core service modules, including device management, configuration management, topology management, and status monitoring. The Web UI also runs as an independent microservice and provides a unified visualized management interface.
Table 2-1 describes the functions and roles of each service. Figure 2-2 shows the operational status of the microservices running in the controller.
| Service Name | Function Description |
|---|---|
| owanalytics | Provides collection and analysis of device operational data to support performance monitoring and troubleshooting |
| owfms | Provides centralized firmware and patch management and upgrade capabilities |
| owgw | Provides southbound access capabilities and enables communication between the controller and network devices through the uCentral protocol |
| owmgmt | Provides configuration data import, export, and migration functions |
| owom | Provides alarm and event management capabilities |
| owprov | Provides centralized device configuration and management, including device grouping and batch configuration |
| owsec | Provides user authentication and access control to ensure system security |
| owupgrade | Provides software upgrade and maintenance capabilities for the controller itself |
2.3 Communication Mechanisms
The controller uses several communication methods for both internal service interaction and external connectivity.
- Asynchronous Communication: Kafka-Based Message Bus
The controller uses a Kafka message bus for asynchronous communication between services. This mechanism is mainly used for event distribution and state synchronization. It reduces inter-service coupling and improves system scalability and processing efficiency.
- Synchronous Communication: REST API-Based Service Calls
When real-time data exchange or operation triggering is required between services, the controller uses REST API-based synchronous communication to implement request-and-response interactions.
- Northbound and Southbound Communication
The controller also provides communication interfaces for interaction with external systems.
-
- Northbound Interface:
Provides standardized REST APIs for upper-layer management systems and the Web UI. This enables centralized network management and operations. - Southbound Interface:
The owgw gateway service establishes WebSocket connections with network devices. Device configuration deployment and operational status reporting are implemented through the uCentral protocol.
- Northbound Interface:
- Container Network Communication
At the deployment layer, microservice containers typically run within the same Docker custom bridge network, such as the OpenWiFi bridge. This allows containers to communicate directly through IP addresses or container aliases.
3. Core Functions and Features
3.1 Rapid Service Deployment and Day-0 Provisioning
In AI data center environments, networks are built at large scale with a high number of devices. Traditional deployment methods that rely on manual per-device configuration can no longer meet the requirements for rapid delivery and configuration consistency. When cluster size reaches hundreds or even thousands of switches, manual provisioning becomes inefficient and introduces configuration inconsistencies and human errors, which can affect deployment timelines and network stability.
The Asterfusion AIDC Controller simplifies the entire deployment workflow through automated provisioning and template-based orchestration. This includes device onboarding, topology planning, and configuration deployment, significantly improving Day-0 deployment efficiency.
The main capabilities include:
- Automatic device onboarding and centralized management through ZTP
- Automatic topology generation based on deployment templates
- Automatic validation between planned topology and physical topology
- Staged configuration deployment and rapid service provisioning
With these capabilities, the controller can support rapid deployment and centralized management of large-scale Leaf-Spine networks. It enables fast provisioning for networks with hundreds of nodes, reduces manual operational overhead, and delivers standardized and repeatable network deployment workflows.
3.1.1 Automatic Device Onboarding and Centralized Management
After the device is physically installed and configured with the controller address, it automatically establishes a WebSocket connection with the controller. Once the connection is established, the device is automatically onboarded into the controller management domain and added to the default resource pool (organization).
Based on deployment requirements, administrators can batch-assign devices to specific sites or service domains for subsequent topology planning and service deployment.
3.1.2 Typical AI Service Scenario Deployment
To support common AI data center network architectures, the controller provides multiple built-in deployment templates, including AI training, AI inference, and traditional data center network scenarios. Each template is pre-integrated with the corresponding network architecture and key features, allowing users to quickly complete network planning and deployment based on predefined scenarios.
The main deployment scenarios include:
- AIDC Backend Network (GPU Training Fabric)
Uses a Layer 3 Spine-Leaf architecture and supports large-scale node connectivity. The fabric integrates RoCE, intelligent path selection, and ARS (Adaptive Routing Switching) to meet the requirements for high bandwidth, low latency, and lossless transport. - AIDC Frontend Network (Service Access Network)
Uses EVPN MC-LAG technology to provide link redundancy and service isolation, ensuring high reliability for service access. - AIDC Storage Network
Combines distributed gateway, MC-LAG, and RoCE technologies to improve storage access performance and reliability. - DC Converged Network
Supports typical deployment models based on EVPN MC-LAG or EVPN Multihoming, making it suitable for traditional data center service environments.
Administrators can select device models and quantities based on the actual network scale. The controller can then automatically generate the corresponding planned topology with a single click. Users can also customize the generated topology based on deployment requirements. Figure 3-3 shows an example of a one-click topology template generation for an AIDC backend network scenario.
After devices come online, the controller automatically discovers the physical link relationships between devices and generates the actual network topology. It then performs consistency validation against the planned topology, as shown in Figure 3-4. Once the validation is passed, the system proceeds to the configuration deployment phase.
As shown in Figure 3-5 and Figure 3-6, configuration deployment is carried out in two phases:
- Basic network configuration: Establishes basic connectivity between devices, such as Spine-Leaf underlay connectivity.
- Service configuration: Enables required services based on business requirements. The configuration is then pushed to devices to complete service activation.
Through staged configuration and template-based provisioning, users can quickly complete the full process from network construction to service go-live.
Through automation and template-based capabilities, the AIDC Controller transforms the traditional “per-device configuration” deployment model into an “intent-based one-click orchestration” approach, significantly improving the delivery efficiency of AI data center networks.
3.2 AI-Oriented Optimization
In AI data center networks, the configuration of RoCE-related parameters such as PFC and ECN has a significant impact on network performance. Different service scenarios have varying requirements for latency, throughput, and congestion control. Relying on manual per-parameter configuration increases complexity and makes it difficult to ensure optimal parameter combinations.
The Asterfusion AIDC Controller adopts a “template-based configuration + parameter fine-tuning” approach to enable efficient deployment and fine-grained optimization of RoCE networks:
- Scenario-based RoCE configuration templates
As shown in Figure 3-7, the controller provides built-in RoCE parameter templates for typical AI workloads. These templates predefine key parameter sets, including PFC priorities and ECN marking policies. Users can select an appropriate template based on the service type to quickly complete baseline network configuration and reduce configuration complexity.
- Parameter fine-tuning capability
As shown in Figure 3-8, the controller allows flexible adjustment of key parameters such as PFC and ECN on top of the templates. This includes ECN marking thresholds and queue watermarks, enabling optimization based on specific workload characteristics and further improving network performance.
3.3 Centralized Control and Automated Operations
The Asterfusion AIDC Controller is designed for large-scale data center networks. It provides unified device management and operational capabilities. Through centralized control and an observability framework, it improves operational efficiency and reduces the complexity of manual operations.
3.3.1 Centralized Device Management
As shown in Figure 3-9, the controller provides unified onboarding and management for all switches in the network, along with batch-oriented and automated device management capabilities, including:
- Batch configuration deployment and modification
- Unified configuration file management (view, import, export)
- Remote command execution and automated script delivery
- Device maintenance operations (reboot, upgrade, etc.)
Through centralized management, the system eliminates inefficiencies and configuration inconsistencies caused by per-device operations, enabling unified, network-wide operational management.
3.3.2 Network Observability Capabilities
As shown in Figures 3-10 to 3-15, the controller collects and analyzes device operational status and network traffic in a unified manner, and presents the overall network state through visualization.
- Device status visualization
Includes metrics such as CPU utilization, memory usage, interface status, and hardware information. A comprehensive health score is used to provide a global view of device conditions. - Service status monitoring
Provides detailed status information for critical services, enabling rapid fault detection and troubleshooting. - Traffic and queue monitoring
Supports visibility into interface traffic, queue buffer utilization, and RoCE-related statistical metrics. This helps administrators understand network load and traffic trends over time.
3.3.3 Operational Assurance: Real-Time Alerts and Intelligent Inspection
As shown in Figures 3-16 to 3-19, the controller provides alerting and inspection mechanisms based on monitoring data, improving network stability and maintainability.
- Alerting mechanism
Supports customizable alert thresholds and notification policies. It enables real-time monitoring and alerting for device status, resource utilization, and hardware health conditions. - Inspection capability
Supports on-demand one-click inspection and scheduled periodic inspections. The system automatically checks key device metrics, including CPU, memory, process status, and logs, and generates inspection reports.
Through integrated alerting and inspection mechanisms, the controller helps administrators identify potential issues in a timely manner and take corrective actions.
3.3.4 Multi-Tenant Organization and Access Control
As shown in Figures 3-20 and 3-21, the controller supports a multi-tenant organizational structure. Devices and resources can be hierarchically managed based on regions, departments, or business units, enabling fine-grained segmentation of devices and access permissions.
Through a hierarchical role-based access control (RBAC) mechanism, different administrators are restricted to operations within their respective permission domains, meeting the operational requirements of large-scale organizational environments.
3.4 System Migration and Configuration Reuse
As shown in Figure 3-22, the Asterfusion AIDC Controller supports full export and import of system configurations, enabling fast migration between controllers and reuse of existing configurations.
When deploying a new controller or performing system migration, administrators can export the current controller configuration with a single operation and import it into the target controller. This enables rapid restoration of the network management environment and reduces repetitive configuration work.
This capability is applicable to scenarios such as system scaling, migration deployment, and disaster recovery. It improves deployment efficiency and increases operational flexibility.
