"Za ku iya ƙirƙirar mafita (warware matsala) ta hanyoyi da yawa, amma hanya mafi tsada da / ko mashahuri ba koyaushe ba ne mafi inganci!"
Preamble
Kimanin shekaru uku da suka gabata, a cikin aiwatar da haɓaka samfurin nesa don dawo da bayanan bala'i, na gamu da cikas guda ɗaya wanda ba a lura da shi nan da nan ba - ƙarancin bayani game da sabbin hanyoyin magance sabbin hanyoyin sadarwa na cibiyar sadarwa a cikin kafofin al'umma.
An tsara algorithm don ƙirar da aka haɓaka kamar haka:
- Wani mai amfani da nesa wanda ya tuntube ni, wanda kwamfutarsa ta taɓa ƙi yin taya, yana nuna saƙon "Ba a gano diskin tsarin da ba a tsara shi ba," yana loda shi ta amfani da USB na rayuwa.
- A lokacin aikin taya, tsarin yana haɗuwa ta atomatik zuwa amintacciyar hanyar sadarwa ta gida mai zaman kanta, wanda ban da kanta ya ƙunshi wurin aiki na mai gudanarwa, a cikin wannan yanayin kwamfutar tafi-da-gidanka, da kumburin NAS.
- Sa'an nan na haɗa - ko dai don farfado da ɓangarori na diski, ko don cire bayanai daga wurin.
Da farko, na aiwatar da wannan ƙirar ta amfani da uwar garken VPN akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa na gida a cikin hanyar sadarwa da ke ƙarƙashin ikota, sannan akan VDS haya. Amma, kamar yadda sau da yawa yakan faru kuma bisa ga dokar farko ta Chisholm, idan ruwan sama ya yi sama, hanyar sadarwar mai ba da Intanet za ta ragu, to, jayayya tsakanin ƙungiyoyin kasuwanci za su sa mai bada sabis ya rasa "makamashi" ...
Saboda haka, na yanke shawarar fara tsara mahimman buƙatun waɗanda kayan aikin da suka dace dole ne su cika. Na farko shine raba gari. Na biyu, ganin cewa ina da nau'ikan kebul na rayuwa da yawa, kowannensu yana da keɓantaccen hanyar sadarwa. Da kyau, na uku, saurin haɗi zuwa hanyar sadarwar na'urori daban-daban da sauƙin sarrafa su, gami da idan kwamfutar tafi-da-gidanka ita ma ta faɗa cikin dokar da aka ambata a sama.
Bisa ga wannan kuma na shafe watanni biyu da rabi akan bincike mai amfani na wasu zaɓuɓɓukan da ba su dace ba, Ni, a cikin haɗari da haɗari, na yanke shawarar gwada wani kayan aiki daga farawa wanda ban sani ba a lokacin da ake kira ZeroTier. Wanda ban taba nadama daga baya ba.
A lokacin waɗannan bukukuwan Sabuwar Shekara, ƙoƙarin fahimtar ko halin da ake ciki tare da abun ciki ya canza tun lokacin abin tunawa, na gudanar da bincike na zaɓi don samun labaran kan wannan batu, ta amfani da Habr a matsayin tushen. Don tambayar "ZeroTier" a cikin sakamakon binciken akwai labarai guda uku da ke ambatonta, kuma ba guda ɗaya da ke da aƙalla taƙaitaccen bayanin ba. Kuma wannan duk da cewa a cikin su akwai fassarar labarin da wanda ya kafa ZeroTier, Inc. da kansa ya rubuta. - .
Sakamakon ya kasance mai ban takaici kuma ya sa na fara magana game da ZeroTier daki-daki, don ceton "masu neman" na zamani daga samun hanyar da na bi.
To mene ne ku?
Mai haɓakawa ya sanya ZeroTier a matsayin mai sauya Ethernet mai hankali don duniyar duniya.
“Mai rarraba hanyar sadarwa ce ta hypervisor wanda aka gina a saman hanyar sadarwa ta hanyar sadarwa ta duniya ta abokan gaba (P2P). Kayan aiki mai kama da canjin kamfani na SDN, wanda aka ƙera don tsara hanyoyin sadarwa ta zahiri akan na zahiri, na gida da na duniya, tare da ikon haɗa kusan kowace aikace-aikace ko na'ura. "
Wannan ƙarin bayanin talla ne, yanzu game da fasalulluka na fasaha.
Ƙarƙashin ƙwayar cuta:
ZeroTier Network Hypervisor injin ne wanda ke kwaikwayon hanyar sadarwar Ethernet, mai kama da VXLAN, a saman hanyar sadarwa ta duniya da aka rufaffen peer-to-peer (P2P).
Ka'idojin da aka yi amfani da su a cikin ZeroTier na asali ne, ko da yake kama da kamanni zuwa VXLAN da IPSec kuma sun ƙunshi nau'i biyu na ra'ayi daban-daban, amma yadudduka masu alaƙa: VL1 da VL2.
→
▍VL1 shine ainihin layin sufuri na peer-to-peer (P2P), nau'in "kebul mai kama-da-wane".
"Cibiyar bayanai ta duniya tana buƙatar 'kabad na duniya' na cabling."
A cikin cibiyoyin sadarwa na al'ada, L1 (OSI Layer 1) yana nufin ainihin igiyoyi ko radiyo mara igiyar waya waɗanda ke ɗaukar bayanai da guntuwar na'urar transceiver na zahiri waɗanda ke daidaitawa da rage su. VL1 cibiyar sadarwa ce ta peer-to-peer (P2P) wacce ke yin abu iri daya, ta amfani da boye-boye, tantancewa, da sauran dabarun sadarwa don tsara igiyoyi masu kama da juna kamar yadda ake bukata.
Haka kuma, yana yin hakan ta atomatik, cikin sauri kuma ba tare da sa hannun mai amfani ya ƙaddamar da sabon kumburin ZeroTier ba.
Don cimma wannan, an tsara VL1 daidai da tsarin sunan yankin. A tsakiyar cibiyar sadarwa akwai rukuni na tushen sabobin da ake samu sosai, wanda aikinsu yayi kama da na sabobin tushen sunan DNS. A halin yanzu, manyan (planetary) tushen sabar suna ƙarƙashin ikon mai haɓakawa - ZeroTier, Inc. kuma ana bayar da su azaman sabis na kyauta.
Koyaya, yana yiwuwa a ƙirƙira tushen sabar na al'ada (luns) waɗanda ke ba ku damar:
- rage dogaro ga abubuwan more rayuwa na ZeroTier, Inc.;
- ƙara yawan aiki ta hanyar rage jinkiri;
- ci gaba da aiki kamar al'ada idan haɗin Intanet ya ɓace.
Da farko, ana ƙaddamar da nodes ba tare da haɗin kai tsaye da juna ba.
Kowane takwarorinsu a kan VL1 yana da keɓaɓɓen adireshin ZeroTier 40-bit (10 hexadecimal), wanda, ba kamar adiresoshin IP ba, mai gano ɓoyayyen ɓoyayyen ne wanda ba ya ƙunshi bayanin tuƙi. Ana ƙididdige wannan adireshin daga ɓangaren jama'a na maɓalli na jama'a/na sirri. Adireshin kumburi, maɓalli na jama'a, da maɓalli na sirri tare sun zama ainihin sa.
Member ID: df56c5621c
|
ZeroTier address of nodeDangane da boye-boye, wannan dalili ne na wani labarin daban.
→
Don kafa sadarwa, takwarorinsu na farko suna aika fakitin “sama” bishiyar tushen sabar, kuma yayin da waɗannan fakiti ke tafiya ta hanyar sadarwar, suna fara ƙirƙirar tashoshi na gaba a kan hanya. Itacen yana ƙoƙarin "rushewa da kansa" akai-akai don inganta kansa don taswirar hanyar da yake adanawa.
Hanyar kafa haɗin kai-da-tsara shine kamar haka:
- Node A yana son aika fakiti zuwa Node B, amma tunda bai san hanyar kai tsaye ba, yana aika shi sama zuwa Node R (wata, tushen sabar mai amfani).
- Idan kumburin R yana da haɗin kai kai tsaye tare da kumburin B, yana tura fakitin zuwa wurin. In ba haka ba, sai ta aika fakitin zuwa sama kafin ya kai ga tushen duniyar duniyar, tushen duniya ya san duk nodes, don haka fakitin zai iya kaiwa kumburin B idan yana kan layi.
- Node R kuma yana aika sakon da ake kira "rendezvous" zuwa kumburin A, mai dauke da alamun yadda zai iya kaiwa kumburin B. A halin yanzu, tushen uwar garken, wanda ke tura fakitin zuwa node B, yana aika "rendezvous" yana sanar da shi yadda zai iya. isa node A.
- Nodes A da B suna karɓar saƙon da suke yi da ƙoƙarin aika saƙon gwaji ga junansu a yunƙurin keta duk wani NAT ko tacewar wuta na jiha da aka ci karo da su a hanya. Idan wannan yana aiki, to an kafa haɗin kai tsaye, kuma fakiti ba za su sake komawa ba.
Idan ba za a iya kafa haɗin kai tsaye ba, sadarwa za ta ci gaba ta hanyar relay, kuma ƙoƙarin haɗin kai tsaye zai ci gaba har sai an sami sakamako mai nasara.
VL1 kuma yana da wasu fasalulluka don kafa haɗin kai kai tsaye, gami da binciken ɗan adam na LAN, tsinkayar tashar tashar jiragen ruwa don ratsawa na IPV4 NAT mai ma'ana, da taswirar tashar jiragen ruwa ta amfani da uPnP da/ko NAT-PMP idan akwai akan LAN na zahiri.
→
▍VL2 ƙayyadaddun ƙa'idar haɓakar hanyar sadarwa ce mai kama da VXLAN tare da ayyukan sarrafa SDN. Sanin yanayin sadarwa don OS da aikace-aikace...
Ba kamar VL1 ba, ƙirƙirar cibiyoyin sadarwar VL2 (VLANs) da haɗa nodes zuwa gare su, da sarrafa su, yana buƙatar shiga kai tsaye daga mai amfani. Zai iya yin haka ta amfani da mai sarrafa hanyar sadarwa. A zahiri, kumburin ZeroTier ne na yau da kullun, inda ake sarrafa ayyukan mai sarrafawa ta hanyoyi biyu: ko dai kai tsaye, ta hanyar canza fayiloli, ko, kamar yadda mai haɓaka ya ba da shawarar sosai, ta amfani da API da aka buga.
Wannan hanyar sarrafa hanyoyin sadarwa na ZeroTier ba ta dace sosai ga matsakaicin mutum ba, don haka akwai GUI da yawa:
- Ɗaya daga cikin mai haɓaka ZeroTier, yana samuwa azaman mafita na SaaS na jama'a tare da tsare-tsaren biyan kuɗi guda huɗu, gami da kyauta, amma iyakance a cikin adadin na'urorin sarrafawa da matakin tallafi.
- Na biyu ya fito ne daga mai haɓakawa mai zaman kansa, ɗan sauƙi a cikin ayyuka, amma ana samunsa azaman mafita mai zaman kansa don amfani da kan-gida ko kan albarkatun girgije.
Ana aiwatar da VL2 a saman VL1 kuma ana ɗaukarsa da shi. Koyaya, ta gaji ɓoyewa da tabbatarwa na ƙarshen ƙarshen VL1, kuma yana amfani da maɓallan asymmetric don sa hannu da tabbatar da takaddun shaida. VL1 yana ba ku damar aiwatar da VL2 ba tare da damuwa game da yanayin cibiyar sadarwa ta zahiri ba. Wato, matsaloli tare da haɗin haɗin gwiwa da ingantaccen tsarin aiki sune matsalolin VL1. Yana da mahimmanci a fahimci cewa babu haɗin kai tsakanin hanyoyin sadarwa na VL2 da hanyoyin VL1. Mai kama da multixing na VLAN a cikin LAN mai waya, nodes biyu waɗanda ke raba membobin cibiyar sadarwa da yawa har yanzu za su sami hanyar VL1 (Virtual USB) ɗaya kawai a tsakanin su.
Ana gano kowace hanyar sadarwa ta VL2 (VLAN) ta hanyar adireshin cibiyar sadarwa mai lamba 64-bit (16 hexadecimal) ZeroTier, wanda ya ƙunshi adireshin ZeroTier 40-bit na mai sarrafawa da lamba 24-bit da ke gano cibiyar sadarwar da waccan mai sarrafa ya ƙirƙira.
Network ID: 8056c2e21c123456
| |
| Network number on controller
|
ZeroTier address of controllerLokacin da kumburi ya shiga hanyar sadarwa ko yana buƙatar sabuntawar saitin cibiyar sadarwa, yana aika saƙon buƙatar saitin hanyar sadarwa (ta VL1) zuwa mai sarrafa cibiyar sadarwa. Sannan mai sarrafa yana amfani da adireshin kumburin VL1 don nemo shi akan hanyar sadarwar kuma ya aika masa da takaddun shaida, takaddun shaida, da bayanan daidaitawa. Daga ra'ayi na cibiyoyin sadarwa na VL2, adiresoshin VL1 ZeroTier za a iya tunanin su azaman lambobi na tashar jiragen ruwa akan babban canjin kama-da-wane na duniya.
Duk takaddun shaidar da masu kula da cibiyar sadarwa suka bayar zuwa ga kuɗaɗen memba na wata hanyar sadarwar da aka ba su an sanya hannu tare da maɓallin sirrin mai sarrafawa domin duk mahalarta cibiyar sadarwa su iya tantance su. Takaddun shaida suna da tambarin lokaci da mai sarrafawa ya ƙirƙira, yana ba da damar kwatanta dangi ba tare da samun damar agogon tsarin gida na mai watsa shiri ba.
Ana ba da takaddun shaida ga masu su kawai sannan a aika zuwa takwarorinsu waɗanda ke son sadarwa tare da wasu nodes akan hanyar sadarwa. Wannan yana ba da damar cibiyar sadarwa don yin ma'auni zuwa manyan girma dabam ba tare da buƙatar cache adadi mai yawa na takaddun shaida akan nodes ko tuntuɓar mai sarrafa cibiyar koyaushe ba.
Cibiyoyin sadarwar ZeroTier suna goyan bayan rarrabawar multicast ta tsarin bugawa/sauƙan tsarin biyan kuɗi.
→
Lokacin da kumburi yana son karɓar watsa shirye-shiryen watsa shirye-shiryen multicast don ƙungiyar rarrabawa ta musamman, tana tallata zama memba a wannan rukunin ga sauran membobin cibiyar sadarwar da yake sadarwa tare da mai sarrafa cibiyar sadarwa. Lokacin da kumburi yana so ya aika multicast, lokaci guda yana samun dama ga ma'ajiyar wallafe-wallafen kwanan nan kuma yana buƙatar ƙarin wallafe-wallafe lokaci-lokaci.
Ana ɗaukar watsa shirye-shirye (Ethernet ff: ff: ff: ff: ff: ff) azaman ƙungiyar multicast wanda duk mahalarta ke biyan kuɗi. Ana iya kashe shi a matakin cibiyar sadarwa don rage zirga-zirga idan ba a buƙata ba.
ZeroTier yana kwaikwayon ainihin canjin Ethernet. Wannan gaskiyar tana ba mu damar aiwatarwa haɗa hanyoyin sadarwar da aka ƙirƙira tare da sauran hanyoyin sadarwa na Ethernet (wayoyin LAN, WiFi, jirgin baya mai kama-da-wane, da sauransu) a matakin haɗin bayanan - ta amfani da gadar Ethernet na yau da kullun.
Don yin aiki azaman gada, dole ne mai kula da hanyar sadarwa ya ayyana mai watsa shiri kamar haka. Ana aiwatar da wannan makirci don dalilai na tsaro, tun da ba a yarda masu watsa shirye-shiryen hanyar sadarwa na yau da kullun su aika da zirga-zirga daga wata tushe ba tare da adireshin MAC ɗin su ba. Nodes da aka keɓe azaman gadoji kuma suna amfani da yanayi na musamman na multicast algorithm, wanda ke hulɗa da su da ƙarfi da niyya yayin biyan kuɗi na rukuni da maimaita duk zirga-zirgar watsa shirye-shirye da buƙatun ARP.
Maɓalli kuma yana da ikon ƙirƙirar cibiyoyin sadarwa na jama'a da ad-hoc, tsarin QoS da editan dokokin cibiyar sadarwa.
▍ Node:
ZeroTier Daya sabis ne da ke gudana akan kwamfyutocin kwamfyutoci, kwamfutoci, sabobin, injunan kama-da-wane da kwantena waɗanda ke ba da haɗin kai zuwa cibiyar sadarwar kama-da-wane ta hanyar tashar sadarwar kama-da-wane, kama da abokin ciniki na VPN.
Da zarar an shigar da sabis ɗin kuma an fara, zaku iya haɗawa zuwa cibiyoyin sadarwar kama-da-wane ta amfani da adireshi masu lamba 16. Kowace cibiyar sadarwa tana bayyana azaman tashar sadarwa mai kama-da-wane akan tsarin, wanda ke aiki kamar tashar tashar Ethernet ta yau da kullun.
ZeroTier One yana samuwa a halin yanzu don OS da tsarin masu zuwa.
OS:
- Microsoft Windows - Mai sakawa MSI x86/x64
- MacOS - Mai sakawa PKG
- apple iOS - Store Store
- Android - Play Store
- Linux - DEB/RPM
- FreeBSD - Kunshin FreeBSD
NAS:
- Synology NAS
- QNAP NAS
- WD MyCloud NAS
Sauran:
- Docker - fayil docker
- OpenWRT - tashar al'umma
- Shigar app - SDK (libzt)
Don taƙaita duk abubuwan da ke sama, zan lura cewa ZeroTier kayan aiki ne mai kyau da sauri don haɗa kayan aikin ku na zahiri, kama-da-wane ko girgije a cikin hanyar sadarwar gida ta gama gari, tare da ikon raba shi zuwa VLANs da rashin gazawar guda ɗaya. .
Shi ke nan don ɓangaren ka'idar a cikin tsarin labarin farko game da ZeroTier don Habr - tabbas ke nan! A cikin labarin na gaba, na yi shirin nunawa a aikace ƙirƙirar kayan aikin cibiyar sadarwa mai kama-da-wane bisa ZeroTier, inda za a yi amfani da VDS tare da samfurin GUI mai buɗewa mai zaman kansa a matsayin mai sarrafa hanyar sadarwa.
Ya ku masu karatu! Kuna amfani da fasahar ZeroTier a cikin ayyukanku? Idan ba haka ba, wadanne kayan aikin kuke amfani da su don sadarwar albarkatun ku?
source: www.habr.com