A yau zan gaya muku game da yadda ra'ayin ƙirƙirar sabuwar hanyar sadarwa ta cikin kamfaninmu ya zo kuma aka aiwatar da shi. Matsayin gudanarwa shine cewa kana buƙatar yin cikakken aikin da kanka kamar abokin ciniki. Idan muka yi wa kanmu da kyau, za mu iya gayyatar abokin ciniki kuma mu nuna yadda abin da muka ba shi ke aiki da aiki. Sabili da haka, mun kusanci ci gaban ra'ayi na sabon hanyar sadarwa don ofishin Moscow sosai, ta yin amfani da cikakken tsarin samar da kayan aiki: nazarin bukatun sashen → zaɓin mafita na fasaha → ƙira → aiwatarwa → gwaji. Don haka mu fara.
Zaɓin Magani na Fasaha: Wuri Mai Tsarki
Hanyar aiki a kan hadadden tsarin sarrafa kansa a halin yanzu yana da kyau a kwatanta a cikin GOST 34.601-90 "Tsarin sarrafa kansa. Matakan Halitta”, don haka muka yi aiki bisa ga shi. Kuma riga a matakan buƙatun samuwar da haɓaka ra'ayi, mun ci karo da matsaloli na farko. Ƙungiyoyin bayanan martaba daban-daban - bankuna, kamfanonin inshora, masu haɓaka software, da dai sauransu - don ayyukansu da ma'auni, suna buƙatar wasu nau'o'in cibiyoyin sadarwa, ƙayyadaddun su a bayyane da daidaitacce. Duk da haka, wannan ba zai yi aiki tare da mu ba.
Me ya sa?
Jet Infosystems babban kamfani ne na IT. A lokaci guda kuma, sashin tallafin mu na ciki yana da ƙananan (amma girman kai), yana tabbatar da ayyuka na ayyuka na asali da tsarin. Kamfanin ya ƙunshi sassa da yawa waɗanda ke aiwatar da ayyuka daban-daban: waɗannan ƙungiyoyi ne masu ƙarfi da yawa na fitar da kayayyaki, da kuma masu haɓaka tsarin kasuwanci a cikin gida, da tsaro na bayanai, da masu tsara tsarin kwamfuta - gabaɗaya, ko wanene. Saboda haka, ayyukansu, tsarinsu da manufofin tsaro su ma sun bambanta. Wanda, kamar yadda ake tsammani, ya haifar da matsaloli a cikin aiwatar da bincike da daidaitawa.
Anan, alal misali, sashin haɓakawa: ma'aikatansa suna rubutawa da gwada lambar don adadin abokan ciniki. Sau da yawa akwai buƙatar da sauri tsara yanayin gwaji, kuma a gaskiya magana, ba koyaushe zai yiwu a tsara buƙatun kowane aikin ba, neman albarkatu da gina yanayin gwaji daban daidai da duk ƙa'idodin cikin gida. Wannan yana haifar da yanayi masu ban sha'awa: wata rana bawanka mai tawali'u ya kalli ɗakin masu haɓakawa kuma ya samo a ƙarƙashin teburin wani gungu na Hadoop mai aiki da kyau na kwamfutoci 20, wanda ke da alaƙa da cibiyar sadarwa gama gari. Ba na jin yana da kyau a fayyace cewa sashen IT na kamfanin bai san wanzuwar sa ba. Wannan yanayin, kamar sauran mutane da yawa, yana da alhakin gaskiyar cewa a lokacin ci gaba da aikin, an haifi kalmar "mutant Reserve", wanda ke kwatanta yanayin gine-ginen ofisoshin da ke dadewa.
Ko kuma ga wani misali. Lokaci-lokaci, ana kafa benci na gwaji a cikin sashe. Wannan shi ne yanayin Jira da Confluence, waɗanda Cibiyar Bunkasa Software ta yi amfani da su zuwa iyakacin iyaka a wasu ayyukan. Bayan wani lokaci, wasu sassan sun koyi game da waɗannan albarkatu masu amfani, sun kimanta su, kuma a ƙarshen 2018, Jira da Confluence sun tashi daga matsayin "wasan wasan kwaikwayo na gida" zuwa matsayin "albarkatun kamfani." Yanzu dole ne a sanya mai shi ga waɗannan tsarin, SLAs, manufofin tsaro / samun damar bayanai, manufofin adanawa, saka idanu, ka'idojin buƙatun buƙatun don gyara matsalolin dole ne a bayyana su - gabaɗaya, duk halayen cikakken tsarin bayanai dole ne su kasance a wurin. .
Kowannen sassan mu ma incubator ne wanda ke noman kayan sa. Wasu daga cikinsu suna mutuwa a matakin ci gaba, wasu muna amfani da su yayin aiki a kan ayyuka, yayin da wasu suna yin tushe kuma sun zama mafita mai ma'ana wanda muka fara amfani da kanmu kuma mu sayar wa abokan ciniki. Ga kowane irin wannan tsarin, yana da kyawawa don samun yanayin sadarwar kansa, inda zai ci gaba ba tare da tsoma baki tare da wasu tsarin ba, kuma a wani lokaci za a iya haɗa shi cikin kayan aikin kamfanin.
Baya ga ci gaba, muna da girma sosai tare da ma'aikata sama da 500, waɗanda aka kafa cikin ƙungiyoyi don kowane abokin ciniki. Suna shiga cikin kiyaye cibiyoyin sadarwa da sauran tsarin, sa ido na nesa, warware da'awar, da sauransu. Wato, ababen more rayuwa na SC shine, a zahiri, kayan aikin abokin ciniki wanda suke aiki tare da su a halin yanzu. Mahimmancin aiki tare da wannan sashe na hanyar sadarwa shine cewa wuraren aikin su na kamfaninmu wani bangare ne na waje, kuma wani bangare na ciki. Sabili da haka, ga SC mun aiwatar da hanyar da ta biyo baya - kamfanin yana samar da sashin da ya dace tare da hanyar sadarwa da sauran albarkatu, la'akari da wuraren aiki na waɗannan sassan a matsayin haɗin kai na waje (ta kwatankwacin rassan da masu amfani da nesa).
Tsarin babbar hanya: mu ne ma'aikacin (mamaki)
Bayan mun tantance duk wasu matsaloli, sai muka gane cewa muna samun hanyar sadarwar ma’aikatan sadarwa a cikin ofishi guda, kuma muka fara aiwatar da hakan.
Mun ƙirƙiri cibiyar sadarwa mai mahimmanci tare da taimakon wanda kowane ciki, kuma a nan gaba kuma na waje, ana ba da mabukaci tare da sabis ɗin da ake buƙata: L2 VPN, L3 VPN ko na yau da kullun L3. Wasu sassan suna buƙatar amintacciyar hanyar shiga Intanet, yayin da wasu ke buƙatar shiga mai tsafta ba tare da bangon wuta ba, amma a lokaci guda suna kare albarkatun haɗin gwiwarmu da cibiyar sadarwar mu daga zirga-zirgarsu.
Mun "kammala SLA" tare da kowane bangare ba bisa ka'ida ba. Dangane da shi, duk abubuwan da suka faru dole ne a kawar da su a cikin wani ƙayyadadden lokacin da aka riga aka yi yarjejeniya. Bukatun kamfanin na hanyar sadarwar sa sun zama masu tsauri. Matsakaicin lokacin mayar da martani ga abin da ya faru idan an gazawar tarho da imel shine mintuna 5. Lokacin dawo da aikin cibiyar sadarwa yayin gazawar yau da kullun bai wuce minti ɗaya ba.
Tunda muna da hanyar sadarwa mai ɗaukar nauyi, zaku iya haɗawa da ita kawai bisa ƙa'idodi. Rukunin sabis sun tsara manufofi da ba da sabis. Ba su ma buƙatar bayani game da haɗin kai na takamaiman sabar, injuna da wuraren aiki. Amma a lokaci guda, ana buƙatar hanyoyin kariya, saboda bai kamata haɗin haɗin gwiwa ɗaya ya kashe hanyar sadarwar ba. Idan an ƙirƙiri madauki da gangan, sauran masu amfani kada su lura da wannan, wato, isassun amsa daga hanyar sadarwar ya zama dole. Duk wani ma'aikacin sadarwa koyaushe yana magance irin waɗannan matsaloli masu rikitarwa a cikin cibiyar sadarwarsa. Yana ba da sabis ga abokan ciniki da yawa tare da buƙatu daban-daban da zirga-zirga. A lokaci guda, masu biyan kuɗi daban-daban kada su fuskanci matsala daga zirga-zirgar wasu.
A gida, mun magance wannan matsala ta hanya mai zuwa: mun gina hanyar sadarwa ta L3 na baya tare da cikakken sakewa, ta amfani da yarjejeniyar IS-IS. An gina hanyar sadarwa mai rufi a saman tushen bisa fasaha /, ta hanyar yin amfani da ka'idar zirga-zirga . Don haɓaka haɗakar ka'idojin zirga-zirga, an yi amfani da fasahar BFD.
Tsarin hanyar sadarwa
A cikin gwaje-gwaje, wannan makirci ya nuna kansa mai kyau - lokacin da aka cire kowane tashar ko sauyawa, lokacin haɗuwa bai wuce 0.1-0.2 s ba, ƙananan fakiti sun ɓace (sau da yawa babu), zaman TCP ba ya tsage, tattaunawar tarho ba a katsewa.
Labaran Layer - Routing
Mai rufi Layer - Ragewa
Huawei CE6870 masu sauyawa tare da lasisin VXLAN an yi amfani da su azaman masu juyawa. Wannan na'urar tana da ma'auni mafi kyawun farashi/ inganci, yana ba ku damar haɗa masu biyan kuɗi a saurin 10 Gbit/s, da haɗawa da kashin baya a saurin 40–100 Gbit/s, ya danganta da na'urorin da ake amfani da su.
Huawei CE 6870 na'ura mai ba da hanya tsakanin hanyoyin sadarwa
Huawei CE8850 switches an yi amfani dashi azaman maɓalli na asali. Manufar ita ce watsa zirga-zirga cikin sauri da dogaro. Babu na'urori da aka haɗa da su sai masu sauyawa masu rarrabawa, ba su san komai game da VXLAN ba, don haka an zaɓi samfurin tare da tashar jiragen ruwa na 32 40/100 Gbps, tare da lasisi na asali wanda ke ba da hanya ta L3 da goyon baya ga IS-IS da MP-BGP. ladabi .
Na ƙasa shine Huawei CE8850 core switch
A matakin ƙira, tattaunawa ta barke a cikin ƙungiyar game da fasahohin da za a iya amfani da su don aiwatar da haɗin kai mai jurewa ga ƙwanƙolin cibiyar sadarwa. Ofishin mu na Moscow yana cikin gine-gine uku, muna da dakunan rarraba 7, a cikin kowannensu an shigar da na'urorin rarraba Huawei CE6870 guda biyu (kawai an shigar da maɓallin shiga a cikin ɗakunan rarraba da yawa). Lokacin haɓaka ra'ayin hanyar sadarwa, an yi la'akari da zaɓuɓɓukan sakewa guda biyu:
- Ƙaddamar da rarrabawa yana juyawa zuwa cikin tari mai jurewa kuskure a kowane ɗakin haɗin giciye. Ribobi: sauƙi da sauƙi na saitin. Rashin hasara: akwai yuwuwar gazawar duka tari lokacin da kurakurai suka faru a cikin firmware na na'urorin cibiyar sadarwa (“leaks ƙwaƙwalwar ajiya” da makamantansu).
- Aiwatar da fasahar ƙofar M-LAG da Anycast don haɗa na'urori zuwa masu sauya rarraba.
A ƙarshe, mun daidaita akan zaɓi na biyu. Yana da ɗan wahalar daidaitawa, amma ya nuna a aikace aikinsa da babban abin dogaro.
Bari mu fara la'akari da haɗa na'urori masu ƙarewa zuwa na'urori masu rarrabawa:
Ketare
Maɓallin shiga, uwar garken, ko duk wata na'ura da ke buƙatar haɗin haƙuri-laifi an haɗa shi cikin maɓallan rarraba guda biyu. Fasahar M-LAG tana ba da sakewa a matakin haɗin bayanai. Ana ɗauka cewa maɓallan rarraba guda biyu suna bayyana ga kayan aikin da aka haɗa azaman na'ura ɗaya. Ana aiwatar da sakewa da daidaita kaya ta amfani da ka'idar LACP.
Fasahar ƙofa ta Anycast tana ba da ƙarin aiki a matakin hanyar sadarwa. An saita adadi mai yawa na VRF akan kowane maɓalli na rarraba (kowane VRF an yi nufinsa ne don nasa dalilai - daban don masu amfani da "na yau da kullun", daban don wayar tarho, daban don wurare daban-daban na gwaji da haɓakawa, da sauransu), kuma a cikin kowane. VRF yana da VLANs da yawa da aka saita. A cikin hanyar sadarwar mu, maɓallan rarraba sune tsoffin ƙofofin ga duk na'urorin da aka haɗa da su. Adireshin IP ɗin da suka dace da mu'amalar VLAN iri ɗaya ne ga maɓallan rarraba. Ana bi da zirga-zirga ta hanyar sauyawa mafi kusa.
Yanzu bari mu kalli haɗa maɓallan rarraba zuwa kernel:
Ana ba da haƙurin kuskure a matakin cibiyar sadarwa ta amfani da ka'idar IS-IS. Lura cewa an samar da wani layin sadarwa na L3 daban tsakanin masu sauyawa, a saurin 100G. A zahiri, wannan layin sadarwa na USB ne kai tsaye; ana iya gani a hannun dama a hoton Huawei CE6870 switches.
Madadin zai kasance don tsara “masu gaskiya” cikakken haɗin tauraron taurari biyu, amma, kamar yadda aka ambata a sama, muna da ɗakunan haɗin giciye guda 7 a cikin gine-gine uku. Saboda haka, da mun zaɓi topology na “tauraro biyu”, da muna buƙatar daidai ninki biyu na masu “tsayi mai tsayi” 40G. Ajiye a nan yana da matukar muhimmanci.
Ana buƙatar faɗi kaɗan game da yadda fasahar ƙofar VXLAN da Anycast ke aiki tare. VXLAN, ba tare da shiga cikin cikakkun bayanai ba, rami ne don jigilar firam ɗin Ethernet cikin fakitin UDP. Ana amfani da musaya na madauki na maɓalli na rarraba azaman adireshin IP na madaidaicin ramin VXLAN. Kowane crossover yana da maɓalli guda biyu tare da adiresoshin madogara guda ɗaya, don haka fakiti na iya isa kowane ɗayansu, kuma ana iya fitar da firam ɗin Ethernet daga gare ta.
Idan mai sauya ya san game da adireshin MAC da aka nufa na firam ɗin da aka dawo da shi, za a isar da firam ɗin daidai zuwa inda yake. Don tabbatar da cewa duka na'urori masu rarraba da aka sanya a cikin haɗin giciye ɗaya suna da bayanai na yau da kullum game da duk adiresoshin MAC "sun iso" daga masu sauyawa, tsarin M-LAG yana da alhakin aiki tare da teburin adireshin MAC (da kuma ARP). Tables) akan nau'ikan M-LAG guda biyu masu sauyawa.
Ana samun daidaituwar zirga-zirgar ababen hawa saboda kasancewar a cikin hanyar sadarwar da ke ƙasa ta hanyoyi da yawa zuwa musaya na madauki na maɓallan rarraba.
Maimakon a ƙarshe
Kamar yadda aka ambata a sama, yayin gwaji da aiki cibiyar sadarwa ta nuna babban dogaro (lokacin dawowa don gazawar al'ada bai wuce ɗaruruwan millise seconds ba) da kyakkyawan aiki - kowane haɗin giciye yana haɗa zuwa ainihin ta tashoshi 40 Gbit / s guda biyu. Maɓallan shiga cikin hanyar sadarwar mu an tara su kuma an haɗa su zuwa masu sauyawa ta LACP/M-LAG tare da tashoshi 10 Gbit/s guda biyu. Tari yawanci yana ƙunshe da maɓalli 5 tare da tashoshin jiragen ruwa 48 kowanne, kuma har zuwa 10 damar shiga ana haɗa su zuwa rarrabawa a cikin kowane haɗin giciye. Don haka, kashin baya yana ba da kusan 30 Mbit / s kowane mai amfani har ma da matsakaicin nauyin ka'idar, wanda a lokacin rubutawa ya isa ga duk aikace-aikacen mu masu amfani.
Cibiyar sadarwar tana ba ku damar tsara nau'ikan nau'ikan kowane na'urori masu alaƙa ta hanyar L2 da L3 ba tare da ɓata lokaci ba, suna ba da cikakkiyar keɓewar zirga-zirga (wanda sabis ɗin tsaro na bayanai ke so) da wuraren kuskure (wanda ƙungiyar ayyukan ke so).
A kashi na gaba za mu gaya muku yadda muka yi ƙaura zuwa sabuwar hanyar sadarwa. Ku ci gaba da saurare!
Maxim Klochkov
Babban mashawarci na cibiyar bincike na cibiyar sadarwa da hadaddun ayyuka kungiyar
Cibiyar Sadarwar Sadarwa
"Jet Infosystems"
source: www.habr.com