В fitowar da ta gabata Na bayyana tsarin tsarin sadarwa ta atomatik. A cewar wasu, hatta wannan hanya ta farko ta matsalar ta riga ta warware wasu tambayoyi. Kuma wannan yana sa ni farin ciki sosai, domin manufarmu a cikin sake zagayowar ba shine mu rufe abubuwan da suka dace da rubutun Python ba, amma don gina tsari.

Tsarin guda ɗaya ya tsara tsarin da za mu magance tambayar.
Kuma fasahar sadarwa ta hanyar sadarwa, wacce aka keɓe wannan batu, bai dace da batun ADSM ba, inda muke nazarin sarrafa kansa.

Amma bari mu kalle shi ta wani bangare na daban.

Yawancin ayyuka sun daɗe suna amfani da hanyar sadarwa iri ɗaya. A wajen ma’aikacin sadarwa, wannan shine 2G, 3G, LTE, broadband da B2B, misali. A cikin yanayin DC: haɗin kai don abokan ciniki daban-daban, Intanet, toshe ajiya, ajiyar abu.

Kuma duk ayyuka suna buƙatar keɓancewa da juna. Wannan shine yadda hanyoyin sadarwa masu rufi suka bayyana.

Kuma duk ayyuka ba sa son jira mutum ya daidaita su da hannu. Wannan shine yadda makada da SDN suka bayyana.

Hanyar farko ga tsarin aiki da kai na hanyar sadarwa, ko kuma wani ɓangare na shi, an daɗe ana ɗauka kuma ana aiwatar da shi a wurare da yawa: VMWare, OpenStack, Google Compute Cloud, AWS, Facebook.

Abin da za mu yi ke nan ke nan.

Abubuwa

• dalilai
• Terminology
• Underlay - cibiyar sadarwa ta jiki
• Mai rufi - cibiyar sadarwar kama-da-wane
  • Mai rufi tare da ToR
  • Mai rufi daga mai masaukin baki
  • Yin amfani da Tungsten Fabric a matsayin misali
    • Sadarwa a cikin injin jiki guda ɗaya
    • Sadarwa tsakanin VMs da ke kan injina daban-daban
    • Fita zuwa duniyar waje

• FAQ
• ƙarshe
• hanyoyi masu amfani

dalilai

Kuma tun da muna magana ne game da wannan, yana da kyau a ambaci abubuwan da ake buƙata don haɓakar sadarwa ta hanyar sadarwa. Hasali ma ba jiya aka fara wannan tsari ba.

Wataƙila kun ji fiye da sau ɗaya cewa hanyar sadarwa koyaushe ta kasance mafi ƙarancin tsarin kowane tsari. Kuma wannan gaskiya ne ta kowace fuska. Cibiyar sadarwa ita ce tushen abin da komai ya dogara, kuma yin canje-canje a kai yana da wuyar gaske - ayyuka ba sa jurewa lokacin da cibiyar sadarwa ta ƙare. Sau da yawa, ƙaddamar da kumburi guda ɗaya na iya ɗaukar babban ɓangare na aikace-aikace kuma yana tasiri abokan ciniki da yawa. Wannan shi ne wani ɓangare dalilin da ya sa ƙungiyar sadarwar zata iya tsayayya da kowane canji - saboda yanzu ko ta yaya yana aiki (watakila ma ba mu san yadda ba), amma a nan kana buƙatar saita wani sabon abu, kuma ba a san yadda zai shafi hanyar sadarwa ba.

Domin kada a jira masu amfani da hanyar sadarwa su saka VLANs kuma kada su yi rajistar kowane sabis akan kowane kullin cibiyar sadarwa, mutane sun zo da ra'ayin yin amfani da overlays - cibiyoyin sadarwa masu rufi - wanda akwai nau'i mai yawa: GRE, IPinIP, MPLS, MPLS L2/L3VPN, VXLAN, GENEVE, MPLSoverUDP, MPLSoverGRE, da dai sauransu.

Rokon su ya ta'allaka ne da abubuwa guda biyu masu sauki:

• Ƙunƙarar ƙarewa kawai aka saita - nodes na wucewa baya buƙatar taɓawa. Wannan yana ƙara saurin aiwatarwa, kuma wani lokacin yana ba ku damar cire sashin samar da ababen more rayuwa gaba ɗaya daga tsarin ƙaddamar da sabbin ayyuka.
• Load ɗin yana ɓoye a cikin manyan kantunan - nodes ɗin wucewa ba sa buƙatar sanin wani abu game da shi, game da magana akan runduna, ko kuma game da hanyoyin hanyar sadarwa mai rufi. Wannan yana nufin cewa kuna buƙatar adana ƙarancin bayanai a cikin tebur, wanda ke nufin amfani da na'ura mafi sauƙi/arha.

A cikin wannan batu ba cikakke cikakke ba, ban shirya yin nazarin duk fasahar da za ta yiwu ba, sai dai in kwatanta tsarin aiki na cibiyoyin sadarwa masu rufi a cikin DCs.

Gabaɗayan jerin za su bayyana cibiyar bayanai da ta ƙunshi layuka iri ɗaya waɗanda aka shigar da kayan aikin sabar iri ɗaya.

Wannan kayan aiki yana gudanar da injuna / kwantena / uwar garken da ke aiwatar da ayyuka.

Terminology

A cikin madauki uwar garken Zan sanya sunan shirin da ke aiwatar da bangaren uwar garken sadarwar abokin ciniki-uwar garken.

Injin jiki a cikin racks ana kiran su sabobin ba za mu yi.

Injin jiki - x86 kwamfutar da aka shigar a cikin rak. Kalmar da aka fi yawan amfani da ita mai gida. Abin da za mu kira shi ke nan "машина"Ko mai gida.

Hypervisor - aikace-aikacen da ke gudana akan na'ura ta jiki wanda ke yin koyi da kayan aikin jiki wanda Injin Virtual ke gudana akansa. Wani lokaci a cikin wallafe-wallafe da Intanet ana amfani da kalmar "hypervisor" a matsayin ma'anar "mai masauki".

Na'ura mai ban mamaki - tsarin aiki da ke gudana akan na'ura ta jiki a saman hypervisor. A gare mu a cikin wannan zagayowar, ba kome ba ne da gaske ko na'ura ce mai kama da gaske ko kuma akwati kawai. Mu kira shi"VM«

Mai haya babban ra'ayi ne wanda zan ayyana a cikin wannan labarin azaman sabis na daban ko abokin ciniki daban.

Mahalli da yawa ko multitenancy - amfani da aikace-aikace iri ɗaya ta abokan ciniki / ayyuka daban-daban. A lokaci guda, keɓance abokan ciniki daga juna ana samun godiya ga tsarin gine-ginen aikace-aikacen, kuma ba ta hanyoyi daban-daban ba.

ToR - saman Maɓallin Rack - wani maɓalli da aka shigar a cikin rak ɗin wanda aka haɗa dukkan injina na zahiri.

Baya ga ToR topology, masu samarwa daban-daban suna yin aikin Ƙarshen Layi (EoR) ko Tsakiyar Layi (ko da yake ƙarshen raƙumi ne kuma ban ga taƙaitaccen MoR ba).

Ƙarƙashin hanyar sadarwa ko cibiyar sadarwar da ke ƙasa ko ƙasa ita ce kayan aikin cibiyar sadarwa ta zahiri: masu sauyawa, masu tuƙi, igiyoyi.

Cibiyar sadarwa mai rufi ko cibiyar sadarwa mai rufi ko mai rufi - cibiyar sadarwa mai kama-da-wane na tunnels da ke gudana a saman na zahiri.

L3 masana'anta ko IP masana'anta - wani abin ban mamaki na ɗan adam wanda ke ba ku damar guje wa maimaita STP da koyon TRILL don tambayoyi. Wani ra'ayi wanda duk hanyar sadarwa har zuwa matakin samun damar shine keɓaɓɓen L3, ba tare da VLANs ba kuma, saboda haka, manyan wuraren watsa shirye-shirye. Za mu duba inda kalmar "masana'antu" ta fito a kashi na gaba.

SDN - Cibiyar Sadarwar Sadarwar Software. Da kyar yake buƙatar gabatarwa. Hanyar gudanar da cibiyar sadarwa inda canje-canje ga hanyar sadarwar ba mutum ne ke yin ba, amma ta hanyar shirin. Yawancin lokaci yana nufin matsar da Jirgin Kulawa fiye da na'urorin cibiyar sadarwa na ƙarshe zuwa mai sarrafawa.

NFV - Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwaƙwalwa tọn na Ƙwaƙwalwa na Ƙwaƙwalwa na Ƙadda ) na Ƙarfafawa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaƙwalwa na Ƙaddamarwa , yana nuna cewa za a iya gudanar da wasu ayyuka na cibiyar sadarwa a cikin nau'i na inji ko kwantena don hanzarta aiwatar da sababbin ayyuka, tsara Sabis na Sabis da sauƙi a kwance.

VNF - Virtual Network Aiki. Specific kama-da-wane na'urar: na'ura mai ba da hanya tsakanin hanyoyin sadarwa, sauyawa, Tacewar zaɓi, NAT, IPS/IDs, da dai sauransu.

Yanzu da gangan nake sauƙaƙa bayanin zuwa takamaiman aiwatarwa, don kada in rikitar da mai karatu da yawa. Don ƙarin karatu mai zurfi, na mayar da shi zuwa sashin nassoshi. Bugu da ƙari, Roma Gorge, wanda ya soki wannan labarin don rashin kuskure, ya yi alkawarin rubuta wani batu na daban game da uwar garke da fasahar fasahar sadarwa, mafi zurfi da hankali ga daki-daki.

Yawancin cibiyoyin sadarwa a yau ana iya rarraba su a fili zuwa sassa biyu:

Karkashin ciki - cibiyar sadarwa ta jiki tare da tsayayyen tsari.
Kankara - abstraction over Underlay don ware masu haya.

Wannan gaskiya ne ga yanayin DC (wanda za mu bincika a cikin wannan labarin) da kuma ISP (wanda ba za mu bincika ba, saboda an riga an riga an yi nazari. SDSM). Tare da cibiyoyin sadarwar kasuwanci, ba shakka, yanayin ya ɗan bambanta.

Hoto tare da mai da hankali kan hanyar sadarwa:

Karkashin ciki

Underlay cibiyar sadarwa ce ta zahiri: na'urori masu sauyawa da igiyoyi. Na'urorin da ke karkashin kasa sun san yadda ake isa injina.

Ya dogara da daidaitattun ladabi da fasaha. Ba kaɗan ba saboda na'urorin hardware har yau suna aiki akan software na mallakar mallaka wanda baya ba da izini ko dai shirye-shiryen guntu ko aiwatar da ƙa'idodinsa; saboda haka, ana buƙatar dacewa da sauran dillalai da daidaitawa.

Amma wani kamar Google na iya samun damar haɓaka nasu sauya kuma suyi watsi da ka'idojin yarda gabaɗaya. Amma LAN_DC ba Google bane.

Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙaƙwalwar Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙaƙwalwar Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Ƙarƙashin Yana Canjin Yana Canjin Yanayi Domin Maƙasudinsa shine ainihin haɗin IP tsakanin injunan jiki. Underlay bai san komai ba game da sabis, abokan ciniki, ko masu haya da ke gudana a saman sa - kawai yana buƙatar isar da fakitin daga wannan na'ura zuwa waccan.
Underlay na iya zama kamar haka:

• IPV4+OSPF
• IPv6+ISIS+BGP+L3VPN
• L2+TILL
• L2+STP

An saita hanyar sadarwar Underlay ta hanyar gargajiya: CLI/GUI/NETCONF.

Da hannu, rubutun, abubuwan amfani na mallaka.

Labari na gaba a cikin jerin za a ƙaddamar da shi ga abin da ke ƙasa dalla-dalla.

Kankara

Overlay babbar hanyar sadarwa ce ta ramukan da aka shimfiɗa a saman Underlay, yana ba da damar VM na abokin ciniki ɗaya don sadarwa tare da juna, yayin ba da keɓancewa daga sauran abokan ciniki.

Ana tattara bayanan abokin ciniki a cikin wasu rubutun ramuka don watsawa akan hanyar sadarwar jama'a.

Don haka VMs na abokin ciniki ɗaya (sabis ɗaya) na iya sadarwa da juna ta hanyar Overlay, ba tare da sanin hanyar da fakitin ke ɗauka ba.

Mai rufi na iya zama, misali, kamar yadda na ambata a sama:

• GRE tunnel
• VXLAN
• EVPN
• L3VPN
• GENEVA

Ana saita cibiyar sadarwa mai rufi galibi kuma ana kiyaye ta ta hanyar mai sarrafawa ta tsakiya. Daga gare ta, saitin, Control Plane da Data Plane ana isar da su zuwa na'urorin da ke hanya da kuma rufe zirga-zirgar abokin ciniki. Kadan kasa Bari mu kalli wannan da misalai.

Ee, wannan shine SDN a cikin mafi kyawun sigar sa.

Akwai hanyoyi guda biyu na asali daban-daban don tsara hanyar sadarwa mai rufi:

1. Mai rufi tare da ToR
2. Mai rufi daga mai masaukin baki

Mai rufi tare da ToR

Mai rufi zai iya farawa daga madaidaicin shiga (ToR) yana tsaye a cikin rak, kamar yadda ya faru, misali, a yanayin masana'anta na VXLAN.

Wannan tsari ne da aka gwada lokaci akan cibiyoyin sadarwar ISP kuma duk masu siyar da kayan aikin cibiyar sadarwa suna tallafawa.

Koyaya, a wannan yanayin, canjin ToR dole ne ya iya raba ayyuka daban-daban, bi da bi, kuma mai gudanar da hanyar sadarwa dole ne, zuwa wani ɗan lokaci, ya ba da haɗin kai tare da masu gudanar da injin kama-da-wane da yin canje-canje (duk da haka ta atomatik) ga daidaita na'urorin. .

Anan zan mayar da mai karatu ga labarin game da shi VxLAN akan Habré tsohon abokinmu @bormoglotx.
A cikin wannan Abubuwan da aka bayar na ENOG Hanyoyi don gina cibiyar sadarwar DC tare da masana'anta na EVPN VXLAN an bayyana su dalla-dalla.

Kuma don ƙarin nutsewa cikin gaskiya, zaku iya karanta littafin Tsiska Na zamani, Buɗewa, da Zauren Fabric: VXLAN EVPN.

Na lura cewa VXLAN hanya ce ta ɓoyewa kawai kuma ƙarewar tunnels na iya faruwa ba akan ToR ba, amma akan mai watsa shiri, kamar yadda ya faru a yanayin OpenStack, alal misali.

Koyaya, masana'anta VXLAN, inda rufin ke farawa daga ToR, yana ɗaya daga cikin ƙirar hanyar sadarwa mai rufi da aka kafa.

Mai rufi daga mai masaukin baki

Wata hanya ita ce farawa da ƙare tunnels a kan runduna ta ƙarshe.
A wannan yanayin, hanyar sadarwar (Underlay) ta kasance mai sauƙi kuma a tsaye gwargwadon yiwuwa.
Kuma mai gida da kansa yana yin duk abin da ya dace.

Wannan hakika yana buƙatar gudanar da aikace-aikacen musamman akan runduna, amma yana da daraja.

Da fari dai, gudanar da abokin ciniki a kan na'urar Linux ya fi sauƙi ko, bari mu ce, ko da zai yiwu, yayin da a kan sauyawa za ku iya juyawa zuwa hanyoyin SDN na mallakar mallaka, wanda ke kashe ra'ayin dillalai da yawa.

Abu na biyu, ana iya barin canjin ToR a cikin wannan yanayin a matsayin mai sauƙi kamar yadda zai yiwu, duka daga mahangar Jirgin Kula da Jirgin Sama. Lalle ne, to, ba ya buƙatar sadarwa tare da mai kula da SDN, kuma ba ya buƙatar adana cibiyoyin sadarwa / ARP na duk abokan ciniki da aka haɗa - ya isa ya san adireshin IP na na'ura na jiki, wanda ya sauƙaƙa da sauyawa / sauyawa sosai. tebur kwatance.

A cikin jerin ADSM, na zaɓi tsarin rufewa daga mai watsa shiri - to kawai muna magana game da shi kuma ba za mu koma masana'antar VXLAN ba.

Yana da mafi sauƙi don duba misalai. Kuma a matsayin batun gwaji za mu ɗauki dandalin OpenSource SDN OpenContrail, wanda yanzu aka sani da Tungsten Fabric.

A ƙarshen labarin zan ba da wasu tunani game da kwatankwacin OpenFlow da OpenvSwitch.

Yin amfani da Tungsten Fabric a matsayin misali

Kowane inji na zahiri yana da vRouter - na'ura mai ba da hanya tsakanin hanyoyin sadarwa wanda ya san game da hanyoyin sadarwar da ke da alaƙa da shi da kuma waɗanne abokan ciniki suke cikin - ainihin mai ba da hanya tsakanin hanyoyin sadarwa na PE. Ga kowane abokin ciniki, yana kula da keɓantaccen tebur na tuƙi (karanta VRF). Kuma vRouter a zahiri yana yin rami mai rufi.

Kadan akan vRouter yana ƙarshen labarin.

Kowane VM dake kan hypervisor an haɗa shi da vRouter na wannan injin ta TAP dubawa.

TAP - Terminal Access Point - abin dubawa mai kama-da-wane a cikin kernel na Linux wanda ke ba da damar hulɗar hanyar sadarwa.

Idan akwai cibiyoyin sadarwa da yawa a bayan vRouter, to, an ƙirƙiri ƙirar kama-da-wane ga kowane ɗayansu, wanda aka sanya adireshin IP - zai zama adireshin ƙofar tsoho.
Ana sanya duk hanyoyin sadarwa na abokin ciniki ɗaya cikin ɗaya VRF (Table daya), daban-daban - cikin daban-daban.
Zan yi watsi a nan cewa ba komai ba ne mai sauƙi, kuma zan aika mai karatu mai tambaya zuwa ƙarshen labarin..

Ta yadda vRouters za su iya sadarwa da juna, kuma bisa ga VMs da ke bayan su, suna musayar bayanai ta hanyar sadarwa. Mai sarrafa SDN.

Don fita cikin duniyar waje, akwai wurin fita daga matrix - ƙofar hanyar sadarwa ta kama-da-wane VNGW - Virtual Network Gatewayajalina).

Yanzu bari mu dubi misalan sadarwa - kuma za a sami haske.

Sadarwa a cikin injin jiki guda ɗaya

VM0 yana son aika fakiti zuwa VM2. Bari mu ɗauka a yanzu cewa wannan VM abokin ciniki ɗaya ne.

Jirgin Data

1. VM-0 yana da hanyar da ta dace zuwa ga eth0 interface. Ana aika kunshin a can.
   Wannan haɗin gwiwar eth0 yana haɗe kusan zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa vRouter ta hanyar TAP interface tap0.
2. vRouter yana nazarin abin da fakitin ya zo, wato, wane abokin ciniki ne (VRF) nasa, kuma yana bincika adireshin mai karɓa tare da tebur na jigilar wannan abokin ciniki.
3. Bayan gano cewa mai karɓa akan na'ura ɗaya yana kan tashar jiragen ruwa daban, vRouter kawai yana aika fakitin zuwa gare shi ba tare da ƙarin abin kai ba - don wannan yanayin, vRouter ya riga ya sami shigarwar ARP.

A wannan yanayin, fakitin ba ya shiga cibiyar sadarwar jiki - an lalata shi a cikin vRouter.

Jirgin Kulawa

Lokacin da injin kama-da-wane ya fara, hypervisor yana gaya masa:

• Adireshin IP nata.
• Tsohuwar hanyar ita ce ta adireshin IP na vRouter akan wannan hanyar sadarwa.

Mai hypervisor yayi rahoton vRouter ta API na musamman:

• Abin da kuke buƙatar ƙirƙirar ƙirar kama-da-wane.
• Wace irin hanyar sadarwa ce (VM) ke buƙatar ƙirƙirar?
• Wanne VRF (VN) don ɗaure shi.
• Matsakaicin shigarwar ARP na wannan VM - wanda ke dubawa yana bayan adireshin IP ɗin sa kuma wane adireshin MAC yake da alaƙa da shi.

Bugu da ƙari, ainihin hanyar mu'amala ta sauƙaƙa ce don fahimtar manufar.

Don haka, vRouter yana ganin duk VMs na abokin ciniki ɗaya akan na'ura da aka bayar azaman cibiyoyin sadarwar da aka haɗa kai tsaye kuma suna iya tafiya tsakanin su da kansu.

Amma VM0 da VM1 sun kasance na abokan ciniki daban-daban kuma, saboda haka, suna cikin tebur na vRouter daban-daban.

Ko za su iya sadarwa da juna kai tsaye ya dogara da saitunan vRouter da ƙirar hanyar sadarwa.
Misali, idan VM na abokan ciniki biyu suna amfani da adiresoshin jama'a, ko NAT ta faru akan vRouter kanta, to ana iya yin hanyar kai tsaye zuwa vRouter.

A cikin akasin halin da ake ciki, yana yiwuwa a ketare wuraren adireshi - kana buƙatar shiga ta hanyar uwar garken NAT don samun adireshin jama'a - wannan yana kama da samun damar cibiyoyin sadarwa na waje, wanda aka tattauna a kasa.

Sadarwa tsakanin VMs da ke kan injina daban-daban

Jirgin Data

1. Farkon daidai yake: VM-0 yana aika fakiti tare da wurin VM-7 (172.17.3.2) a tsoho.
2. vRouter yana karɓa kuma wannan lokacin yana ganin cewa wurin yana kan na'ura daban kuma ana samun dama ta hanyar Tunnel0.
3. Na farko, yana rataye lakabin MPLS da ke gano wurin sadarwa mai nisa, ta yadda a gefen baya vRouter zai iya tantance inda za a sanya wannan fakiti ba tare da ƙarin bincike ba.

   

4. Tunnel0 yana da tushen 10.0.0.2, makoma: 10.0.1.2.
   vRouter yana ƙara masu kai GRE (ko UDP) da sabon IP zuwa fakiti na asali.
5. Teburin tuƙi na vRouter yana da tsohuwar hanya ta hanyar ToR1 adireshin 10.0.0.1. Nan ya aika.

   
   

6. ToR1, a matsayin memba na cibiyar sadarwa na Underlay, ya san (misali, ta OSPF) yadda ake zuwa 10.0.1.2 kuma ya aika fakitin tare da hanya. Lura cewa an kunna ECMP anan. Akwai hanyoyi guda biyu na gaba a cikin kwatancin, kuma za a jera zaren daban-daban a cikin su ta hanyar zanta. A cikin yanayin masana'anta na gaske, za a sami kusan 4 na gaba.

   A lokaci guda, baya buƙatar sanin abin da ke ƙarƙashin taken IP na waje. Wato, a zahiri, a ƙarƙashin IP ana iya samun sandwich na IPv6 akan MPLS akan Ethernet akan MPLS akan GRE akan Greek.

7. Saboda haka, a gefen karɓa, vRouter yana cire GRE kuma, ta amfani da alamar MPLS, ya fahimci abin da ya kamata a aika wannan fakitin zuwa gare shi, ya tube shi kuma ya aika da shi a cikin ainihin siffarsa ga mai karɓa.

Jirgin Kulawa

Lokacin da kuka kunna motar, abu ɗaya yana faruwa kamar yadda aka bayyana a sama.

Kuma da wadannan:

• Ga kowane abokin ciniki, vRouter yana ware alamar MPLS. Wannan ita ce alamar sabis na L3VPN, wanda abokan ciniki za su rabu a cikin injin jiki iri ɗaya.
  

  A zahiri, alamar MPLS koyaushe ana keɓance shi ba tare da wani sharadi ba ta hanyar vRouter - bayan haka, ba a sani ba a gaba cewa injin ɗin zai yi hulɗa da wasu injina a bayan vRouter iri ɗaya kuma wannan ba ma gaskiya bane.

• vRouter yana kafa haɗi tare da mai sarrafa SDN ta amfani da ka'idar BGP (ko kama da ita - a cikin yanayin TF, wannan shine XMPP 0_o).
• Ta wannan zaman, vRouter yana ba da rahoton hanyoyin zuwa cibiyoyin sadarwar da aka haɗa zuwa mai sarrafa SDN:
  • Adireshin cibiyar sadarwa
  • Hanyar ɗaukar hoto (MPLSoGRE, MPLSoUDP, VXLAN)
  • MPLS abokin ciniki tag
  • Adireshin IP ɗin ku azaman nexthop

• Mai sarrafa SDN yana karɓar irin waɗannan hanyoyin daga duk masu haɗa vRouters kuma yana nuna su ga wasu. Wato tana aiki azaman Mai Nufin Hanya.

Haka abin yake faruwa a sabanin hanya.

Mai rufi na iya canzawa aƙalla kowane minti daya. Wannan shine kusan abin da ke faruwa a cikin gajimare na jama'a, inda abokan ciniki akai-akai suke farawa da rufe injinan su.

Mai kula da tsakiya yana kula da duk wani rikitarwa na kiyaye tsari da kuma saka idanu akan tebur na sauyawa / tukwici akan vRouter.

Kusan magana, mai sarrafawa yana sadarwa tare da duk vRouters ta hanyar BGP (ko wata yarjejeniya mai kama da ita) kuma tana watsa bayanan da ke kan hanya kawai. BGP, alal misali, ta riga tana da Adireshi-Iyali don isar da hanyar rufewa MPLS-in-GRE ko MPLS-in-UDP.

A lokaci guda, daidaitawar cibiyar sadarwar Underlay ba ta canzawa ta kowace hanya, wanda, ta hanyar, ya fi wahalar sarrafa kansa, kuma yana da sauƙin karya tare da motsi mara kyau.

Fita zuwa duniyar waje

Wani wuri dole ne simintin ya ƙare, kuma kuna buƙatar fita daga duniyar kama-da-wane zuwa na ainihi. Kuma kuna buƙatar ƙofar wayar tarho.

Ana aiwatar da hanyoyi guda biyu:

1. An shigar da na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
2. An ƙaddamar da wasu na'urori waɗanda ke aiwatar da ayyukan na'ura mai ba da hanya tsakanin hanyoyin sadarwa (eh, bin SDN, mun kuma ci karo da VNF). Bari mu kira shi madaidaicin ƙofa.

Fa'idar hanya ta biyu ita ce arha a kwance a kwance - babu isasshen ƙarfi - mun ƙaddamar da wani injin kama-da-wane tare da ƙofa. A kan kowace na'ura ta zahiri, ba tare da neman rakiyar kyauta ba, raka'a, wutar lantarki, siyan kayan aikin da kanta, jigilar shi, shigar da shi, canza shi, daidaita shi, sannan kuma canza abubuwan da ba su da kyau a cikinsa.

Rashin lahani na ƙofa mai kama-da-wane shine cewa naúrar na'ura mai ba da hanya tsakanin hanyoyin sadarwa na zahiri har yanzu tana da oda mafi girma fiye da na'ura mai mahimmanci, kuma software ɗin ta, wanda aka keɓance da tushen kayan masarufi, yana aiki da kwanciyar hankali (babu). Hakanan yana da wahala musan gaskiyar cewa kayan masarufi da software suna aiki kawai, suna buƙatar daidaitawa kawai, yayin ƙaddamarwa da kiyaye ƙofa mai kama-da-wane aiki ne ga injiniyoyi masu ƙarfi.

Tare da ƙafa ɗaya, ƙofar yana duban hanyar sadarwa mai kama da overlay, kamar na'urar Virtual na yau da kullun, kuma tana iya hulɗa tare da duk sauran VMs. A lokaci guda, zai iya dakatar da cibiyoyin sadarwa na duk abokan ciniki kuma, saboda haka, aiwatar da hanyar sadarwa tsakanin su.

Da dayan kafarta, kofar tana duba hanyar sadarwar kashin baya kuma ta san yadda ake shiga Intanet.

Jirgin Data

Wato tsarin yayi kama da haka:

1. VM-0, tun da ya saba wa vRouter iri ɗaya, yana aika fakiti tare da makoma a cikin duniyar waje (185.147.83.177) zuwa ƙirar eth0.
2. vRouter ya karɓi wannan fakitin kuma ya duba adireshin inda aka nufa a cikin tebur ɗin tuƙi - ya sami tsohuwar hanyar ta ƙofar VNGW1 ta hanyar Tunnel 1.
   Har ila yau, ya ga cewa wannan rami ne na GRE mai SIP 10.0.0.2 da DIP 10.0.255.2, kuma yana buƙatar fara haɗa alamar MPLS na wannan abokin ciniki, wanda VNGW1 ke tsammanin.
3. vRouter ya tattara fakitin farko tare da MPLS, GRE da sabbin kanun IP kuma ya aika zuwa ToR1 10.0.0.1 ta tsohuwa.
4. Cibiyar sadarwar da ke ƙasa tana ba da fakitin zuwa ƙofar VNGW1.
5. Ƙofar VNGW1 tana cire GRE da MPLS tunneling heads, duba adireshin inda za a nufa, tuntuɓi tebur ɗin ta kuma ya fahimci cewa ana tura shi zuwa Intanet - wato, ta hanyar Cikakken Duba ko Default. Idan ya cancanta, yana yin fassarar NAT.
6. Ana iya samun hanyar sadarwar IP na yau da kullun daga VNGW zuwa iyaka, wanda ba zai yuwu ba.
   Ana iya samun hanyar sadarwa ta MPLS ta zamani (IGP+LDP/RSVP TE), za a iya samun masana'anta na baya tare da BGP LU ko ramin GRE daga VNGW zuwa kan iyaka ta hanyar hanyar sadarwar IP.
   Ko ta yaya, VNGW1 yana yin abubuwan da suka dace kuma yana aika fakitin farko zuwa kan iyaka.

Harkokin zirga-zirgar ababen hawa suna tafiya ta hanyar matakai iri ɗaya a cikin akasin tsari.

1. Iyakar tana sauke fakitin zuwa VNGW1
2. Ya tuɓe shi, ya dubi adireshin mai karɓa kuma ya ga ana iya samunsa ta hanyar Tunnel1 (MPLSoGRE ko MPLSoUDP).
3. Saboda haka, yana haɗa alamar MPLS, kan GRE/UDP da sabon IP kuma yana aika shi zuwa ToR3 10.0.255.1.
   Adireshin maƙasudin ramin shine adireshin IP na vRouter wanda ke bayan VM mai niyya - 10.0.0.2.
4. Cibiyar sadarwar da ke ƙasa tana ba da fakitin zuwa vRouter da ake so.
5. Maƙasudin vRouter yana karanta GRE/UDP, yana gano ma'amala ta amfani da alamar MPLS kuma yana aika fakitin IP mara kyau zuwa ƙirar TAP ɗin sa mai alaƙa da eth0 na VM.

Jirgin Kulawa

VNGW1 yana kafa unguwar BGP tare da mai sarrafa SDN, wanda daga gare shi yake karɓar duk bayanan da aka ba da izini game da abokan ciniki: wanda adireshin IP (vRouter) ke bayan wane abokin ciniki, kuma wanda MPLS ke yi masa lakabi da shi.

Hakazalika, shi da kansa ya sanar da mai kula da SDN na hanyar da ta dace tare da lakabin wannan abokin ciniki, yana nuna kansa a matsayin mai zuwa. Sannan wannan tsoho yana zuwa vRouters.

Akan VNGW, tara hanya ko fassarar NAT yawanci yana faruwa.

Kuma a cikin wata hanya, tana aika daidai wannan haɗakar hanya zuwa zaman tare da iyakoki ko Hanyoyi na Hanyoyi. Kuma daga gare su yana karɓar hanyar da ba ta dace ba ko Full-View, ko wani abu dabam.

Dangane da encapsulation da musayar zirga-zirga, VNGW bai bambanta da vRouter ba.
Idan ka ɗan faɗaɗa iyakar, to, za ka iya ƙara wasu na'urorin sadarwa zuwa VNGWs da vRouters, irin su firewalls, tsaftacewar zirga-zirga ko gonakin haɓaka, IPS, da sauransu.

Kuma tare da taimakon ƙirƙira na VRFs na jeri da kuma ingantacciyar sanarwar hanyoyi, zaku iya tilasta zirga-zirga don madauki hanyar da kuke so, wanda ake kira Chaining Service.

Wato, a nan ma mai sarrafa SDN yana aiki azaman hanyar-Reflector tsakanin VNGWs, vRouters da sauran na'urorin cibiyar sadarwa.

Amma a zahiri, mai sarrafa kuma yana fitar da bayanai game da ACL da PBR (Manufar Hanyar Hanya), yana haifar da zirga-zirgar zirga-zirgar kowane mutum don tafiya daban fiye da yadda hanyar ta gaya musu.

FAQ

Me yasa koyaushe kuke yin bayanin GRE/UDP?

Da kyau, gabaɗaya, ana iya cewa wannan ya keɓanta da Tungsten Fabric - ba lallai ne ku yi la'akari da shi kwata-kwata ba.

Amma idan muka ɗauka, to, TF da kanta, yayin da har yanzu OpenContrail, ta goyi bayan duka encapsulations: MPLS a GRE da MPLS a UDP.

UDP yana da kyau saboda a cikin Source Port yana da sauƙi don ɓoye aikin hash daga ainihin IP + Proto + Port a cikin rubutun sa, wanda zai ba ku damar yin daidaitawa.

Game da GRE, alas, akwai kawai na waje na IP da GRE, waɗanda suke iri ɗaya ne ga duk zirga-zirgar zirga-zirgar zirga-zirgar kuma babu maganar daidaitawa - mutane kaɗan ne za su iya yin zurfafa cikin fakitin.

Har zuwa wani lokaci, masu amfani da hanyar sadarwa, idan sun san yadda ake amfani da tunnels masu ƙarfi, sun yi haka ne kawai a cikin MPLSoGRE, kuma kwanan nan ne suka koyi amfani da MPLSoUDP. Sabili da haka, koyaushe dole ne mu yi bayanin kula game da yuwuwar ɓoyayyiyar ɓoyayyen ɓoyayyiya guda biyu.

A cikin gaskiya, yana da mahimmanci a lura cewa TF tana goyan bayan haɗin L2 ta amfani da VXLAN.

Kun yi alkawarin zana daidaici da OpenFlow.
Da gaske suke nema. vSwitch a cikin OpenStack iri ɗaya yana yin abubuwa masu kama da juna, ta amfani da VXLAN, wanda, ta hanyar, yana da taken UDP.

A cikin Data Plane suna aiki kusan iri ɗaya; Tsarin Kulawa ya bambanta sosai. Tungsten Fabric yana amfani da XMPP don sadar da bayanan da aka keɓe zuwa vRouter, yayin da OpenStack ke gudanar da Openflow.

Za a iya gaya mani kadan game da vRouter?
Ya kasu kashi biyu: vRouter Agent da vRouter Forwarder.

Na farko yana gudana a cikin Wurin Mai amfani na OS mai watsa shiri kuma yana sadarwa tare da mai sarrafa SDN, musayar bayanai game da hanyoyi, VRFs da ACLs.

Na biyu yana aiwatar da Data Plane - yawanci a cikin Kernel Space, amma kuma yana iya aiki akan SmartNICs - katunan cibiyar sadarwa tare da CPU da wani guntu na sauya shirye-shirye daban-daban, wanda ke ba ku damar cire kaya daga CPU na na'ura mai watsa shiri, kuma yana sa hanyar sadarwar sauri da ƙari. wanda ake iya faɗi.

Wani yuwuwar yanayin shine vRouter aikace-aikacen DPDK ne a cikin Sararin mai amfani.

vRouter Agent yana aika saituna zuwa vRouter Forwarder.

Menene Virtual Network?
Na ambata a farkon labarin game da VRF cewa kowane mai haya yana daure da nasa VRF. Kuma idan wannan ya isa don fahimtar yanayin aiki na cibiyar sadarwa mai rufi, to, a gaba na gaba ya zama dole don yin bayani.

Yawanci, a cikin ingantattun hanyoyin haɓakawa, mahaɗan cibiyar sadarwar Virtual (zaka iya ɗaukar wannan suna mai dacewa) an gabatar da shi daban daga abokan ciniki/masu haya/na'urori masu kama-da-wane - abu ne mai zaman kansa gabaɗaya. Kuma ana iya haɗa wannan hanyar sadarwa ta Virtual ta hanyar mu'amala da mai haya ɗaya, zuwa wani, zuwa biyu, ko kuma ko'ina. Don haka, alal misali, ana aiwatar da Sabis na Sabis lokacin da ake buƙatar wucewa ta wasu nodes a cikin jerin abubuwan da ake buƙata, ta hanyar ƙirƙira da haɗa hanyoyin sadarwa ta hanyar sadarwa daidai.

Don haka, don haka, babu wani wasiku kai tsaye tsakanin Cibiyar Sadarwar Sadarwar Sadarwa da mai haya.

ƙarshe

Wannan siffa ce ta zahiri na aikin hanyar sadarwa mai kama da juna tare da mai rufi daga mai watsa shiri da mai sarrafa SDN. Amma komai dandali na haɓakawa da kuka zaɓa a yau, zai yi aiki ta irin wannan hanya, kasancewa VMWare, ACI, OpenStack, CloudStack, Tungsten Fabric ko Juniper Contrail. Za su bambanta da nau'ikan rufaffiyar rubutu da masu kai, ka'idoji don isar da bayanai don kawo ƙarshen na'urorin cibiyar sadarwa, amma ƙa'idar cibiyar sadarwa mai juzu'i mai daidaitawa da ke aiki a saman hanyar sadarwa mai sauƙi kuma madaidaiciyar hanyar sadarwa za ta kasance iri ɗaya.
Za mu iya cewa a yau SDN dangane da hanyar sadarwa mai rufi ya ci nasara a fagen ƙirƙirar girgije mai zaman kansa. Duk da haka, wannan ba yana nufin cewa Openflow ba shi da wuri a cikin zamani na zamani - ana amfani da shi a cikin OpenStacke kuma a cikin VMWare NSX guda ɗaya, kamar yadda na sani, Google yana amfani da shi don kafa cibiyar sadarwa ta ƙasa.

A ƙasa na ba da hanyoyin haɗi zuwa ƙarin cikakkun bayanai idan kuna son yin nazarin batun zurfi.

Kuma menene game da Underlay ɗinmu?

Amma a gaba ɗaya, ba kome ba. Bai canza gaba daya ba. Duk abin da yake buƙatar yi game da abin rufewa daga mai watsa shiri shine sabunta hanyoyin da ARPs kamar yadda vRouter/VNGW ya bayyana kuma ya ɓace tare da ɗaukar fakiti a tsakanin su.

Bari mu tsara jerin buƙatun don cibiyar sadarwar Underlay.

1. Samun damar yin amfani da wasu nau'ikan ka'idojin zirga-zirga, a halin da muke ciki - BGP.
2. Yi babban bandwidth mai faɗi, zai fi dacewa ba tare da biyan kuɗi ba, don kada fakitin su ɓace saboda abubuwan da suka yi yawa.
3. Taimakawa ECMP wani bangare ne na masana'anta.
4. Samun damar samar da QoS, gami da abubuwa masu banƙyama kamar ECN.
5. Taimakawa NETCONF tushe ne na gaba.

Na keɓe lokaci kaɗan a nan ga aikin cibiyar sadarwar Underlay kanta. Wannan shi ne saboda daga baya a cikin jerin zan mayar da hankali a kansa, kuma za mu tabo ne kawai a kan Overlay a wucewa.

A bayyane yake, Ina iyakance mu duka ta hanyar amfani da misali cibiyar sadarwar DC da aka gina a cikin masana'antar Cloz tare da tsantsar hanyar IP da mai rufi daga mai watsa shiri.

Duk da haka, ina da yakinin cewa duk wata hanyar sadarwa da ke da ƙira za a iya siffanta su a cikin ƙa'idodi na yau da kullun kuma ta atomatik. Kawai dai burina anan shine in fahimci hanyoyin da ake bi don sarrafa kansa, kuma kada in rikitar da kowa ta hanyar warware matsalar ta hanyar gama gari.

A matsayin wani ɓangare na ADSM, Roman Gorge ni da ni muna shirin buga wani batu daban game da ƙwaƙƙwaran ikon sarrafa kwamfuta da mu'amalarsa da tsarin sadarwa. Ci gaba da tuntuɓar juna.

hanyoyi masu amfani

• Tungsten Fabric Archvitecture.
• game da: girgije. Sa'o'i 6 game da Yandex.Cloud, wanda kuma ya rufe hanyar sadarwar kama-da-wane akan TF.
• Menene Buɗe vSwitch?
• Gabatarwa zuwa VxLAN.
• RFC 7348. Virtual eXtensible Local Area Network (VXLAN): Tsari don overlaying Virtualized Layer 2 Networks akan Layer 3 Networks.
  
• Hanyar Scaleway zuwa VXLAN EVPN Fabric. Yana magana game da gabaɗayan cibiyar sadarwar DC, gami da Underlay, Overlay, hanyoyin zuwa gidaje da yawa da gudanarwa.

na gode

• Roman Gorga - tsohon mai watsa shiri na podcast linkmeup kuma yanzu kwararre ne a fagen dandamalin girgije. Domin sharhi da gyara. To, muna jiran ƙarin labarinsa mai zurfi game da haɓakawa a nan gaba.
• Alexander Shalimov - Abokina kuma kwararre a fannin ci gaban hanyar sadarwa ta zamani. Domin sharhi da gyara.
• Valentin Sinitsyn - Abokina kuma gwani a fagen Tungsten Fabric. Domin sharhi da gyara.
• Artyom Chernobay - mai zane linkmeup. don KDPV.
• Alexander Limonov. Don "atomatik" meme.

source: www.habr.com