ProHoster > Блог > Gudanarwa > Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha

Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha

Na tabbata duk masu karatun Habr sun taba yin odar kayayyaki a kalla sau daya daga shagunan kan layi a kasashen waje sannan suka je karbar fakiti a ofishin gidan waya na Rasha. Shin za ku iya tunanin girman wannan aiki, ta fuskar tsara kayan aiki? Haɓaka adadin masu siye da adadin sayayyarsu, yi tunanin taswirar ƙasarmu mai faɗi, kuma a ciki akwai ofisoshin wasiƙa sama da dubu 40 ... A hanyar, a cikin 2018, Rukunin Rukunin Rasha ya sarrafa fakiti na duniya miliyan 345.

A cikin wannan labarin za mu gaya muku abubuwan da Pochta ta fuskanta da kuma yadda ƙungiyar haɗin gwiwar LANIT ta warware su, ƙirƙirar sabon kayan aikin IT don cibiyoyin bayanai.

Sabbin kayan aikin IT don cibiyar bayanan Post ta RashaDaya daga cikin zamani dabaru cibiyoyin na Rasha Post
 

Kafin aikin

Sakamakon karuwar adadin fakiti daga shagunan kasashen waje a China, Yammacin Turai da Arewacin Amurka, nauyin da ke kan wuraren kayan aiki na Rukunin Post ya karu. Don haka, an gina sabbin cibiyoyin dabaru, waɗanda ke amfani da injunan rarrabuwar kawuna. Suna buƙatar tallafi daga kayan aikin kwamfuta.

Ayyukan cibiyar bayanai sun tsufa kuma basu samar da aikin da ake buƙata da amincin aiki na tsarin bayanan kasuwanci ba. Har ila yau, Rasha Post ya sami rashin ikon sarrafa kwamfuta don ƙaddamar da sababbin ayyuka.
 

Cibiyoyin bayanan abokin ciniki da matsalolin su

Cibiyoyin bayanan Post na Rasha suna aiki fiye da wurare 40 da sassan yankuna 000. Cibiyoyin bayanai suna aiki da yawa na sabis na kasuwanci 85/XNUMX, gami da ayyukan kasuwancin e-commerce.

A yau, kamfanoni suna amfani da tsarin don adanawa, nazari da sarrafa manyan bayanai. Don irin waɗannan tsarin, amfani da hankali na wucin gadi da algorithms na koyon injin suna taka muhimmiyar rawa. A yau, ɗayan mafi mahimmancin shari'o'i ga kamfani shine inganta tsarin tafiyar da kayan aiki da haɓaka sabis na abokin ciniki a ofisoshin gidan waya.

Kafin fara aikin na zamani, akwai injuna kusan 3000 a manyan cibiyoyin bayanai da adana bayanai, adadin bayanan da aka adana ya wuce petabytes 2. Cibiyoyin bayanai suna da rikitaccen tsarin tafiyar da ababen hawa mai alaƙa da rarrabuwa zuwa sassa daban-daban bisa ga matakan tsaro.

Tare da haɓaka aikace-aikacen aikace-aikacen da gabatar da sabbin ayyuka, haɓakar bandwidth na kayan aikin cibiyar sadarwa a cikin cibiyoyin bayanai ya zama bai isa ba. Ana buƙatar sauyawa zuwa musaya tare da sababbin saurin gudu: 10 Gbit / s, maimakon 1 Gbit / s akan samun dama da 40 Gbit / s a ​​matakin mahimmanci, tare da cikakken sakewa na kayan aiki da tashoshin sadarwa.

Sashen tsaro na bayanai ya sami buƙatu don rarraba abubuwan more rayuwa zuwa sassa tare da babban matakin tsaro na bayanai na zirga-zirga da aikace-aikace (PN - Network Private da DMZ - Demilitarized Zone). Tafiya ta bi ta wuta (FWUs) waɗanda ba sa buƙatar tacewa. Ba a yi amfani da VRF akan maɓallan don wannan zirga-zirgar ba. Dokokin da ke kan Tacewar zaɓi ba su da kyau (dubun duban dokoki a kowace cibiyar bayanai).

Hijira mara kyau na injunan kama-da-wane (VMs) tsakanin cibiyoyin bayanai yayin kiyaye adireshin IP da mafi kyawun hanya don zirga-zirga tsakanin sassan, gami da cibiyar sadarwar bayanan kamfanoni (CDN), ba zai yiwu ba.

An yi amfani da MSTP don ajiya; an toshe wasu tashoshin jiragen ruwa (jiran jiran aiki mai zafi). Ba a haɗa ainihin maɓalli da maɓallan shiga cikin gungu mai gazawa ba, kuma ba a yi amfani da haɗin haɗin kai (LAG) ba.

Tare da zuwan cibiyar bayanai ta uku, ana buƙatar sabon tsarin gine-gine da tsarin kayan aiki don sarrafa zobe tsakanin cibiyoyin bayanai (An gabatar da EVPN).

Babu wani ra'ayi na haɗin kai don haɓaka cibiyoyin bayanai, rubuce-rubuce a cikin nau'i na aikin kuma an amince da su tare da duk sassan abokin ciniki. Takardun aiki na cibiyar sadarwa na yanzu bai cika ba kuma ya ƙare.
 

Abokin ciniki tsammanin

Tawagar aikin ta fuskanci ayyuka kamar haka:

  • shirya tsarin gine-gine da ra'ayi na haɓaka don gina cibiyar sadarwa da kayan aikin uwar garke na cibiyar bayanai na uku;
  • gudanar da bincike na aiki na cibiyar sadarwar abokin ciniki;
  • faɗaɗa ƙarfin ainihin cibiyar sadarwa ta fiye da 1500 10/40 Gbit/s Ethernet tashoshin jiragen ruwa a cikin kowace cibiyar bayanai (tashoshi 4500 gabaɗaya);
  • tabbatar da aikin zobe tsakanin cibiyoyin bayanai guda uku tare da ikon haɓaka saurin zuwa 80 Gbit / s a ​​cikin kowane yanki don haɗa albarkatun lissafin abokin ciniki daga cibiyoyin bayanai daban-daban zuwa tsarin IT guda ɗaya;
  • samar da 100% ninki biyu na duk abubuwan cibiyar sadarwa don cimma burin Uptime a matakin 99,995%;
  • rage jinkirin zirga-zirga tsakanin injuna masu kama-da-wane don hanzarta aikace-aikacen kasuwanci;
  • tattara kididdiga, yin bincike da aiwatar da ingantaccen ingantaccen ka'idojin tace zirga-zirga a cibiyoyin bayanai (da farko akwai dokoki kusan 80);
  • haɓaka tsarin gine-ginen da aka yi niyya don tabbatar da ƙaura maras kyau na mahimman aikace-aikacen kasuwanci na abokin ciniki zuwa kowane ɗayan cibiyoyin bayanai guda uku.

Don haka muna da abin da za mu yi aiki a kai.

Kayan aiki

Bari mu dubi irin kayan aikin da muka yi amfani da su a cikin aikin.

Firewall (NGWF) USG9560:

  • rarraba ta VSYS;
  • har zuwa 720 Gbps;
  • har zuwa 720 miliyan zaman lokaci guda;
  • 8 ramuka.

Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha 
Mai ba da hanya tsakanin hanyoyin sadarwa NE40E-X8:

  • Har zuwa 7,08 Tbit/s Ƙarfin Canjawa;
  • Har zuwa 2,880 Mpps Isar da Ayyuka;
  • 8 ramummuka don katunan layi (LPU);
  • har zuwa 10M BGP IPV4 hanyoyin kowane MPU;
  • har zuwa 1500K OSPF IPV4 hanyoyin kowane MPU;
  • har zuwa 3000K - IPv4 FIB (dangane da LPU).

Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha
CE12800 Jerin Sauyawa:

  • Ƙwarewar Na'urar: VS (1:16 kamanta), Tsarin Canjin Cluster (CSS), Super Virtual Fabric (SVF);
  • Ƙwarewar hanyar sadarwa: M-LAG, TRILL, VXLAN da VXLAN bridging, QinQ a cikin VXLAN, EVN (Ethernet Virtual Network);
  • farawa daga VRP V2, tallafin EVPN ya haɗa;
  • M-LAG - analog na vPC (Tsarin tashar tashar jiragen ruwa) don Cisco Nexus;
  • Ka'idodin Bishiyar Bishiyar Ƙaƙwalwa (VSTP) - Mai jituwa tare da Cisco PVST.

CE12804

Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha
CE12808

Sabbin kayan aikin IT don cibiyar bayanan Post ta Rasha

Software

A cikin aikin da muka yi amfani da shi:

  • Canza fayilolin sanyi na Firewall daga wasu dillalai zuwa tsarin umarni don sabbin kayan aiki;
  • Rubutun mallakar mallaka don ingantawa da canza saitunan wuta.

Sabbin kayan aikin IT don cibiyar bayanan Post ta RashaBayyanar mai juyawa don canza fayilolin sanyi
 
Sabbin kayan aikin IT don cibiyar bayanan Post ta RashaTsarin tsara sadarwa tsakanin cibiyoyin bayanai (EVPN VXLAN)
 

Nuances na kafa kayan aiki

CE12808
 

  • EVPN (misali) maimakon EVN (Huawei mallakar mallaka) don sadarwa tsakanin cibiyoyin bayanai:

    ○ L2 akan L3 ta yin amfani da iBGP a cikin jirgin sarrafawa;
    ○ horo na MAC da tallan su ta hanyar iBGP EVPN iyali (hanyoyin MAC, nau'in 2);
    ○ Gina ta atomatik na ramukan VXLAN don watsa shirye-shirye / zirga-zirgar zirga-zirgar da ba a san su ba (Haɗaɗɗen Hanyoyi Multicast, nau'in 3).

  • Hanyoyin rarraba biyu akan VS:

    ○ dangane da tashar jiragen ruwa (tashar tashar jiragen ruwa) ko bisa ASIC (ƙungiyar yanayin tashar tashar jiragen ruwa, taswirar tashar tashar na'urar nuni);
    ○ Rarraba girman tashar tashar jiragen ruwa 40GE yana aiki ne kawai a cikin Admin VS (ba tare da la'akari da yanayin tashar jiragen ruwa ba).

USG9560
 

  • yiwuwar rarraba ta VSYS,
  • Tsayawa mai ƙarfi da yoyon hanya ba zai yiwu ba tsakanin VSYS!

CE12804
 
Duk GW mai aiki (Maigida / Master / Master) tare da MAC VRRP tace tsakanin cibiyoyin bayanai
 
acl number 4000
  rule 5 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 10 deny destination-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 15 permit
 
interface Eth-Trunk1
  traffic-filter acl 4000 outbound

Sabbin kayan aikin IT don cibiyar bayanan Post ta RashaTsarin hulɗar albarkatu tsakanin cibiyoyin bayanai (VXLAN EVPN da All Active GW)
 

Matsalolin aikin

Babban wahala shine buƙatar adana aikace-aikacen da ake da su ta amfani da kayan aikin kwamfuta. Abokin ciniki yana da aikace-aikace daban-daban fiye da 100, wasu daga cikinsu an rubuta su kusan shekaru 10 da suka gabata. Misali, idan don Yandex zaka iya kashe injunan kama-da-wane da yawa ba tare da lahani ga masu amfani da ƙarshen ba, to, a cikin Rubutun Rasha irin wannan hanyar zata buƙaci haɓaka aikace-aikacen da yawa daga karce da canje-canje a cikin gine-ginen tsarin bayanan kasuwanci. Mun warware matsalolin da suka taso a lokacin ƙaura da haɓakawa a matakin haɗin gwiwa na kayan aikin kwamfuta. Duk fasahohin hanyar sadarwa sababbi ga kamfani (kamar EVPN) sun yi gwaji na farko a cikin dakin gwaje-gwaje.
 

Sakamakon aikin

Tawagar aikin sun hada da kwararru "LANIT-Haɗin kai", abokin ciniki da abokansa a cikin aiki na kayan aikin kwamfuta. Ƙungiyoyin tallafi na sadaukarwa daga dillalai (Check Point da Huawei) an kuma kafa su. Aikin ya dauki shekaru biyu. Wannan shi ne abin da aka yi a wannan lokacin.

  • An tsara dabarun haɓaka cibiyar sadarwa na cibiyoyin bayanai, cibiyar sadarwa ta kamfanoni (CDTN) da zobe tsakanin cibiyoyin bayanai kuma an amince da su tare da duk sassan abokin ciniki.
  • Samuwar ayyuka ya ƙaru. Wannan kasuwancin abokin ciniki ya lura da hakan kuma ya haifar da haɓakar zirga-zirgar ababen hawa saboda ƙaddamar da sabbin ayyuka.
  • Fiye da dokoki 40 an yi ƙaura kuma an inganta su daga FWSM/ASA zuwa USG 000. Matsalolin ASA daban-daban akan UGG 9560 an haɗa su cikin tsarin tsaro guda ɗaya.
  • An ƙara yawan kayan aikin tashar tashar bayanai daga 1G zuwa 10/40G ta hanyar amfani da CE12800/CE6850. Wannan ya sa ya yiwu a kawar da yawan abubuwan dubawa da asarar fakiti.
  • Masu ba da hanya mai ɗaukar kaya NE40E-X8 sun cika buƙatun cibiyar bayanan abokin ciniki da cibiyar musayar bayanai, la’akari da ci gaban kasuwanci na gaba.
  • An nemi sabbin buƙatun fasali takwas don USG 9560. Daga cikin waɗannan, an riga an aiwatar da bakwai kuma an haɗa su cikin sigar VRP na yanzu. 1 FR - don aiwatarwa a cikin Huawei R&D. Wannan gungu na chassis takwas ne tare da ikon daidaita ayyukan da suka dace don daidaitawa tare da aiki tare ba tare da aiki tare ba. Ana buƙatar idan jinkirin zirga-zirga zuwa ɗaya daga cikin cibiyoyin bayanai ya yi girma (Adler - Moscow 1300 km tare da babban hanya da 2800 km tare da hanyar ajiyewa).

Aikin ba shi da kwatanci idan aka kwatanta da sauran kamfanonin gidan waya na Rasha.

Zamantakewar hanyoyin sadarwa na cibiyoyin bayanai ya buɗe sabbin damammaki ga kamfani don haɓaka sabis na dijital.

  • Samar da asusun sirri da aikace-aikacen hannu don daidaikun mutane da ƙungiyoyin doka.
  • Haɗin kai tare da shagunan lantarki don samar da sabis na isar da kayayyaki.
  • Cika - ajiyar kaya, samuwa da kuma isar da umarni daga shagunan lantarki.
  • Fadada wuraren karban oda, gami da amfani da hanyoyin sadarwa masu alaƙa.
  • Mahimman takaddun shaida na gudana tare da takwarorinsu. Wannan zai kawar da a hankali da tsadar aika takardun takarda.
  • Karɓar haruffa masu rijista ta hanyar lantarki tare da isarwa ta hanyar lantarki da kuma a cikin takarda (tare da bugu na abubuwa kusa da mai karɓa na ƙarshe). Sabis na haruffa masu rijista na lantarki akan tashar sabis na jama'a.
  • Platform don samar da sabis na telemedicine.
  • Sauƙaƙe liyafar da sauƙaƙe isar da saƙo mai rijista ta amfani da sa hannun lantarki mai sauƙi.
  • Digitalization na gidan waya cibiyar sadarwa.
  • Sake fasalin sabis na kai (tashoshi da tashoshi).
  • Ƙirƙirar dandali na dijital don sarrafa sabis na isar da sako da sabon aikace-aikacen wayar hannu don abokan cinikin sabis na isar da sako.

Ku zo aiki tare da mu!

source: www.habr.com

Add a comment