SD-WAN da DNA don taimakawa mai gudanarwa: fasalin gine-gine da aiki

Matsayin da zaku iya taɓawa a cikin lab ɗin mu idan kuna so.

SD-WAN da SD-Access sabbin hanyoyin mallakar mallaka ne daban-daban guda biyu don gina hanyoyin sadarwa. Nan gaba, yakamata su haɗu zuwa cibiyar sadarwa mai rufi ɗaya, amma a yanzu suna kusa. Ma'anar ita ce: muna ɗaukar hanyar sadarwa daga shekarun 1990s kuma mu fitar da duk mahimman faci da fasali akanta, ba tare da jira ta zama sabon buɗaɗɗen ma'auni a cikin wasu shekaru 10 ba.

SD-WAN facin SDN ne zuwa cibiyoyin sadarwar kasuwanci da aka rarraba. Transport ya bambanta, sarrafawa ya bambanta, don haka ana sauƙaƙe sarrafawa.

Ribobi - duk hanyoyin sadarwa ana amfani da su sosai, gami da madadin. Akwai tsarin fakiti zuwa aikace-aikace: menene, ta wace tashar kuma tare da wace fifiko. Sauƙaƙen hanya don ƙaddamar da sabbin maki: maimakon mirgine tsarin saiti, kawai saka adireshin uwar garken Cisco akan babban Intanet, cibiyar bayanan CROC ko abokin ciniki, inda aka ɗauko saitin musamman don hanyar sadarwar ku.

SD-Access (DNA) sarrafa kansa ne na gudanarwar cibiyar sadarwa ta gida: daidaitawa daga aya ɗaya, wizards, musaya masu dacewa. A haƙiƙa, an gina wata hanyar sadarwa tare da jigilar kayayyaki daban-daban a matakin ƙa'ida a saman naku, kuma ana tabbatar da dacewa tare da tsofaffin cibiyoyin sadarwa a kan iyakoki.

Za mu kuma magance wannan a kasa.

Yanzu wasu nunin nuni akan benci na gwaji a cikin lab ɗin mu, yadda yake kama da aiki.

Bari mu fara da SD-WAN. Babban fasali:

• Sauƙaƙe ƙaddamar da sabbin maki (ZTP) - ana ɗauka cewa ko ta yaya za ku ciyar da batu tare da adireshin uwar garke tare da saituna. Batun yana buga shi, yana karɓar tsarin saiti, ya mirgina shi kuma yana cikin rukunin kula da ku. Wannan yana tabbatar da samar da Zero-Touch Provisioning (ZTP). Don tura wurin ƙarshe, injiniyan hanyar sadarwa baya buƙatar tafiya zuwa rukunin yanar gizon. Babban abu shine kunna na'urar daidai akan shafin kuma haɗa dukkan igiyoyi zuwa gare ta, to kayan aikin zasu haɗa ta atomatik zuwa tsarin. Kuna iya zazzage saiti ta hanyar tambayoyin DNS a cikin gajimare na mai siyarwa daga kebul na USB da aka haɗa, ko kuna iya buɗe hanyar haɗin yanar gizo daga kwamfutar tafi-da-gidanka da aka haɗa da na'urar ta hanyar Wi-Fi ko Ethernet.
• Sauƙaƙe tsarin gudanarwar cibiyar sadarwa na yau da kullun - saiti daga samfuri, manufofin duniya, an tsara su a tsakiya don aƙalla rassa biyar, aƙalla 5. Komai daga wuri ɗaya. Don guje wa tafiya mai nisa, akwai zaɓi mai dacewa don komawa ta atomatik zuwa saitin da ya gabata.
• Gudanar da matakan matakin aikace-aikacen-tabbatar da inganci da ci gaba da sabunta sa hannun aikace-aikacen. An tsara manufofi kuma an fitar da su a tsakiya (babu buƙatar rubutawa da sabunta taswirar hanya don kowane na'ura mai ba da hanya tsakanin hanyoyin sadarwa, kamar yadda ya gabata). Kuna iya ganin wanda ke aika me, a ina da me.
• Rarraba cibiyar sadarwa. VPNs keɓe masu zaman kansu a saman dukkan abubuwan more rayuwa - kowanne yana da nasa hanyar. Ta hanyar tsohuwa, zirga-zirgar zirga-zirga a tsakanin su tana rufe; za ku iya buɗe damar shiga kawai zuwa nau'ikan zirga-zirgar ababen hawa a cikin nodes ɗin hanyar sadarwar da za a iya fahimta, misali, wuce komai ta babban bangon wuta ko wakili.
• Ganuwa na ingancin tarihin cibiyar sadarwa - yadda aikace-aikace da tashoshi suka yi. Yana da matukar amfani don yin nazari da gyara halin da ake ciki tun ma kafin masu amfani su fara karɓar korafi game da rashin kwanciyar hankali na aikace-aikacen.
• Ganuwa a cikin tashoshi - shin sun cancanci kuɗin, masu aiki daban-daban guda biyu ne da gaske ke zuwa rukunin yanar gizon ku, ko kuma a zahiri suna cikin hanyar sadarwa iri ɗaya kuma suna lalata / faɗuwa a lokaci guda.
• Ganuwa don aikace-aikacen girgije da tuƙi ta hanyar wasu tashoshi dangane da shi (Cloud Onramp).
• Wani yanki na hardware ya ƙunshi na'ura mai ba da hanya tsakanin hanyoyin sadarwa da Tacewar zaɓi (mafi dai dai, NGFW). Ƙananan sassa na kayan aiki yana nufin yana da arha buɗe sabon reshe.

Abubuwan da ke cikin tsarin SD-WAN mafita

Ƙarshen na'urori su ne masu amfani da WAN, waɗanda zasu iya zama hardware ko kama-da-wane.

Mawaƙa kayan aiki ne na sarrafa hanyar sadarwa. An saita su tare da sigogi na na'ura na ƙarshe, manufofin tafiyar da zirga-zirga, da ayyukan tsaro. Ana aika saitunan da aka samo ta atomatik ta hanyar hanyar sadarwa zuwa nodes. Hakazalika, ƙungiyar makaɗa tana sauraron hanyar sadarwa kuma tana sa ido kan samuwar na'urori, tashoshin jiragen ruwa, tashoshin sadarwa, da lodawa ta hanyar sadarwa.

Kayan aikin nazari. Suna yin rahotanni dangane da bayanan da aka tattara daga na'urorin ƙarshe: tarihin ingancin tashoshi, aikace-aikacen cibiyar sadarwa, samun kumburi, da sauransu.

Masu sarrafawa suna da alhakin aiwatar da manufofin zirga-zirgar ababen hawa zuwa hanyar sadarwar. Ana iya la'akari da mafi kusancin analog ɗin su a cikin cibiyoyin sadarwar gargajiya ana iya ɗaukar BGP Route Reflector. Manufofin duniya waɗanda mai gudanarwa ke tsarawa a cikin ƙungiyar mawaƙa suna haifar da masu sarrafawa su canza abun da ke cikin tebur ɗin su da aika bayanan da aka sabunta zuwa ƙarshen na'urori.

Menene sabis ɗin IT ke samu daga SD-WAN:

1. Ana amfani da tashar madadin koyaushe (ba aiki ba). Ya zama mai rahusa saboda kuna iya samun tashoshi marasa kauri biyu.
2. Canza zirga-zirga ta atomatik tsakanin tashoshi.
3. Lokacin gudanarwa: zaku iya haɓaka hanyar sadarwa a duniya, maimakon yin rarrafe ta kowane yanki na kayan aiki tare da saiti.
4. Saurin haɓaka sabbin rassa. Ta fi tsayi sosai.
5. Kadan lokacin raguwa yayin maye gurbin matattun kayan aiki.
6. Da sauri sake saita hanyar sadarwar don sababbin ayyuka.

Me kasuwanci ke samu daga SD-WAN:

1. Tabbataccen aiki na aikace-aikacen kasuwanci akan hanyar sadarwa da aka rarraba, gami da ta hanyar buɗe tashoshin Intanet. Yana da game da tsinkayar kasuwanci.
2. Goyon baya nan take don sabbin aikace-aikacen kasuwanci a duk hanyar sadarwar da aka rarraba, ba tare da la'akari da adadin rassan ba. Yana da game da saurin kasuwanci.
3. Haɗin haɗin kai mai sauri da aminci na rassan a kowane wuri mai nisa ta amfani da kowace fasahar haɗin kai (Intanet yana ko'ina, amma layin haya da VPN ba). Wannan game da sassaucin kasuwanci ne a zabar wuri.
4. Wannan na iya zama aiki tare da bayarwa da ƙaddamarwa, ko kuma yana iya zama sabis
   tare da biyan kuɗi na wata-wata daga kamfanin IT, ma'aikacin sadarwa ko ma'aikacin girgije. Duk wanda ya dace da ku.

Amfanin kasuwanci na SD-WAN na iya zama daban-daban, alal misali, abokin ciniki ɗaya ya gaya mana cewa babban manajan ya karɓi buƙatun layin kai tsaye tare da duk ma'aikatan kamfani dubu da yawa da kuma ikon sadar da abun ciki.

A gare mu “aikin soja ne.” A wannan lokacin, mun riga mun magance matsalar zamanantar da CSPD. Kuma idan muka fahimci cewa, a ka'ida, muna buƙatar shiga aikin gyaran kayan aiki, kuma tarin fasaha ya ci gaba, me ya sa za mu shiga aikin sabunta fasahohi da ayyuka iri ɗaya idan za mu iya ɗaukar mataki na gaba.

An shigar da SD-WAN akan shafin ta Enikey. Wannan yana da mahimmanci ga rassan nesa, inda ƙila ba za a sami mai gudanarwa na yau da kullun ba. Aika ta wasiƙa, ce: “Toshe kebul na 1 cikin akwatin 1, kebul na 2 cikin akwati na 2, kuma kar a haɗa ta! Kar ku ruɗe, #@$@%!" Kuma idan ba su haɗa shi ba, na'urar da kanta tana sadarwa tare da uwar garken tsakiya, ta ɗauka kuma ta yi amfani da na'urorinta, kuma wannan ofishin ya zama wani ɓangare na cibiyar sadarwa na kamfanin. Yana da kyau lokacin da ba dole ba ne ku yi tafiya kuma yana da sauƙi don tabbatar da kasafin ku.

Ga hoton tsayawar:

Wasu misalan daidaitawa:

Manufa - dokokin duniya don sarrafa zirga-zirga. Gyara manufa.

Kunna manufofin sarrafa zirga-zirga.

Tsarin taro na sigogin na'ura na asali (adireshin IP, wuraren waha na DHCP).

Hoton hoto na saka idanu akan ayyukan aikace-aikacen

Don aikace-aikacen girgije.

Takardar bayanai:Office365.

Don aikace-aikacen kan-prem. Abin takaici, ba mu sami ikon nemo aikace-aikacen da kurakurai a wurinmu ba (Matsalar FEC ba komai bane).

Bugu da ƙari - aikin tashoshin watsa bayanai.

Menene kayan aikin da ake tallafawa akan SD-WAN

1. Dandalin Hardware:

• Cisco vEdge Routers (tsohuwar Viptela vEdge) masu gudanar da Viptela OS.
• 1 da 000 series Integrated Services Routers (ISRs) yana gudana IOS XE SD-WAN.
• Aggregation Services Router (ASR) jerin 1 yana gudana IOS XE SD-WAN.

2. Kafofin yada labarai na zahiri:

• Cloud Services Router (CSR) 1v yana aiki da IOS XE SD-WAN.
• vEdge Cloud Router yana aiki da Viptela OS.

Ana iya amfani da dandamali na yau da kullun akan dandamalin kwamfuta na Cisco x86, irin su Tsarin Sadarwar Sadarwar Sadarwar Sadarwar Sadarwa (ENCS) 5 jerin, Tsarin Ƙididdigar Ƙididdigar (UCS), da Cloud Services Platform (CSP) jerin 000. Hakanan dandamali na zahiri na iya aiki akan kowace na'urar x5. ta amfani da hypervisor kamar KVM ko VMware ESi.

Yadda sabuwar na'ura ke kunnawa

Ana zazzage lissafin na'urori masu lasisi don turawa ko dai daga asusun mai wayo na Cisco ko kuma an ɗora su azaman fayil ɗin CSV. Zan yi ƙoƙarin samun ƙarin hotunan kariyar kwamfuta daga baya, a yanzu ba mu da sababbin na'urorin da za mu tura.

Jerin matakan da na'urar ke bi lokacin turawa.

Yadda ake fitar da sabuwar hanyar isar da na'ura/daidaitacce

Muna ƙara na'urori zuwa Smart Account.

Kuna iya zazzage fayil ɗin CSV, ko kuna iya zazzage ɗaya lokaci ɗaya:

Cika sigogin na'urar:

Na gaba, a cikin vManage muna daidaita bayanai tare da Smart Account. Na'urar tana bayyana a cikin jeri:

A cikin menu mai saukarwa da ke gaban na'urar, danna Ƙirƙirar Kanfigareshan Bootstrap
kuma sami tsarin farko:

Dole ne a ciyar da wannan saitin zuwa na'urar. Hanya mafi sauƙi ita ce haɗa filasha tare da adana fayil mai suna ciscosd-wan.cfg zuwa na'urar. Lokacin yin booting, na'urar za ta nemi wannan fayil ɗin.

Bayan samun tsarin farko, na'urar za ta iya isa ga ƙungiyar makaɗa kuma ta karɓi cikakken tsari daga can.

Muna kallon SD-Access (DNA)

SD-Access yana sauƙaƙe saita tashoshin jiragen ruwa da haƙƙin samun dama don haɗa masu amfani. Ana yin wannan ta amfani da wizards. An saita sigogin tashar jiragen ruwa dangane da ƙungiyoyin “Masu Gudanarwa”, “Accounting”, “Printers”, kuma ba zuwa ga VLANs da kuma cibiyoyin sadarwa na IP ba. Wannan yana rage kurakuran ɗan adam. Idan, alal misali, kamfani yana da rassa da yawa a duk faɗin Rasha, amma babban ofishin yana da yawa, to SD-Access yana ba ku damar magance ƙarin matsaloli a gida. Misali, irin waɗannan matsalolin game da matsala.

Don tsaro na bayanai, yana da mahimmanci cewa SD-Access ya ƙunshi bayyanannen rarrabuwar masu amfani da na'urori zuwa ƙungiyoyi da ma'anar manufofin hulɗar tsakanin su, izini ga kowane haɗin abokin ciniki zuwa cibiyar sadarwar, da samar da "haƙƙin shiga" a cikin hanyar sadarwa. Idan kun bi wannan hanya, gudanarwa zai zama mafi sauƙi.

Hakanan an sauƙaƙe tsarin farawa don sabbin ofisoshi godiya ga wakilan Plug-da-Play a cikin masu sauyawa. Babu buƙatar zagayawa cikin ƙasa tare da na'ura wasan bidiyo, ko ma zuwa rukunin yanar gizon kwata-kwata.

Ga misalan daidaitawa:

Matsayi na gaba ɗaya.

Abubuwan da ya kamata mai gudanarwa ya duba.

Shawarwari ta atomatik akan abin da za a canza a cikin saiti.

Shiri don haɗa SD-WAN tare da Samun-SD

Na ji cewa Cisco yana da irin waɗannan tsare-tsaren - SD-WAN da SD-Access. Wannan yakamata ya rage yawan basur yayin sarrafa rarrabawar ƙasa da CSPDs na gida.

vManage (SD-WAN orchestrator) ana sarrafa shi ta hanyar API daga Cibiyar DNA (Mai sarrafa SD-Access).

An tsara manufofin ƙananan-da macro-segmentation manufofin kamar haka:

A matakin kunshin, komai yayi kama da haka:

Wanene yake tunani game da wannan kuma menene?

Muna aiki akan SD-WAN tun daga 2016 a cikin wani dakin gwaje-gwaje daban, inda muke gwada mafita daban-daban don bukatun dillalai, bankuna, sufuri da masana'antu.

Muna sadarwa da yawa tare da abokan ciniki na gaske.

Zan iya cewa dillali ya riga ya gwada ƙarfin hali na SD-WAN, kuma wasu suna yin hakan tare da dillalai (mafi yawan lokuta tare da Cisco), amma akwai kuma waɗanda ke ƙoƙarin magance matsalar da kansu: suna rubuta nasu sigar software wanda yayi kama da aiki zuwa SD-WAN.

Kowane mutum, wata hanya ko wata, yana so ya cimma tsarin gudanarwa na dukan kayan aikin zoo. Wannan batu ɗaya ne na gudanarwa don shigarwar da ba daidai ba da kuma daidaitattun masu sayarwa daban-daban da fasaha daban-daban. Yana da mahimmanci don rage girman aikin hannu saboda, da farko, yana rage haɗarin halayen ɗan adam lokacin kafa kayan aiki, na biyu kuma, yana 'yantar da albarkatun sabis na IT don magance wasu matsaloli. Yawanci, fahimtar buƙatun yana zuwa ne daga dogayen zagayowar sabuntawa a faɗin ƙasar. Kuma, alal misali, idan dillali ya sayar da barasa, to yana buƙatar sadarwa akai-akai don tallace-tallace. Sabuntawa ko raguwa yayin rana kai tsaye yana shafar kudaden shiga.

Yanzu a cikin dillalan akwai fahimtar fahimtar menene ayyukan IT za su yi amfani da SD-WAN:

1. Aiwatar da sauri (sau da yawa ana buƙata akan LTE kafin mai samar da kebul ya zo, sau da yawa ya zama dole don haɓaka sabon batu daga mai gudanarwa a cikin birni ta hanyar GPC, sannan cibiyar kawai ta duba da daidaitawa).
2. Gudanar da tsakiya, sadarwa don abubuwa na waje.
3. Rage farashin sadarwa.
4. Ƙarin ƙarin ayyuka (fasali na DPI suna ba da damar ba da fifiko ga isar da zirga-zirga daga mahimman aikace-aikace kamar rajistan kuɗi).
5. Yi aiki tare da tashoshi ta atomatik, ba da hannu ba.

Kuma akwai kuma bincikar yarda - kowa yana magana game da shi da yawa, amma babu wanda ya san shi a matsayin matsala. Tsayawa cewa komai yana aiki daidai kuma yana aiki lafiya a cikin wannan yanayin. Mutane da yawa sun yi imanin cewa duk kasuwar fasahar cibiyar sadarwa za ta motsa ta wannan hanyar.

Bankuna, IMHO, a halin yanzu suna gwada SD-WAN maimakon sabon fasalin fasaha. Suna jiran ƙarshen tallafi ga al'ummomin da suka gabata na kayan aiki kuma sai kawai za su canza. Bankunan gaba daya suna da nasu yanayi na musamman ta hanyoyin sadarwa, don haka halin da masana’antar ke ciki ba ta damun su matuka. Matsalolin sun kasance a kan wasu jirage.

Ba kamar kasuwar Rasha ba, SD-WAN ana aiwatar da shi sosai a Turai. Hanyoyin sadarwar su sun fi tsada, sabili da haka kamfanonin Turai suna kawo tarin su zuwa sassan Rasha. A Rasha, akwai wani kwanciyar hankali, saboda farashin tashoshi (ko da a lokacin da yankin ne 25 sau mafi tsada fiye da cibiyar) dubi quite al'ada da kuma ba ta da tambayoyi. Daga shekara zuwa shekara, akwai kasafin kuɗi mara ƙa'ida don hanyoyin sadarwa.

Anan akwai misali daga aikin duniya, lokacin da kamfani ya adana lokaci da kuɗi ta amfani da SD-WAN akan Cisco.

Akwai irin wannan kamfani - National Instruments. A wani lokaci, sun fara fahimtar cewa cibiyar sadarwar kwamfuta ta duniya, "aka samu" ta hanyar hada shafukan 88 a duniya, ba ta da tasiri. Bugu da kari, kamfanin ba shi da iyawa da aikin samar da ruwan zafi na cikin gida. Babu daidaito tsakanin ci gaba da ci gaban kamfanin da iyakacin kasafin kudin IT.

SD-WAN ya taimaka kayan aikin ƙasa rage farashin MPLS da kashi 25% (ajiye $450 a ƙarshen 2018), faɗaɗa bandwidth da 3%.

A sakamakon aiwatar da SD-WAN, kamfanin ya sami hanyar sadarwa mai wayo da aka ayyana software da tsarin gudanarwa na tsakiya don inganta zirga-zirgar zirga-zirga da aikace-aikacen kai tsaye. nan - cikakken hali.

A nan wani cikakken mahaukaci yanayin motsa S7 zuwa wani ofishin, lokacin da da farko duk abin ya fara da wuya, amma mai ban sha'awa - ya zama dole a sake gyara tashar jiragen ruwa 1,5 dubu. Amma sai wani abu ya taso, a sakamakon haka, admins din ya zama na karshe kafin wa'adin, wanda duk tsaikon da aka tara ya fadi.

Kara karantawa cikin Ingilishi:

• Ma'aikacin Banki na Amurka: Na biyar na uku yana saka hannun jari a haɓaka hanyar sadarwar shekaru 5 tare da SD-WAN .
• Gina nasarar Cloud SD-WAN a Koch.
• Tafiya ta SD-WAN ta McKesson zuwa Tattalin Arziki .
• SD-WAN Retail PoC & Rarraba: Shagunan Gap.
• Amma Cisco Global Nazarin akan hanyoyin sadarwa a duniya.

A cikin Rasha:

• Na CNews.
• Yadda muka aiwatar da SD-Access da kuma dalilin da yasa ake buƙata.
• masana'anta na cibiyar sadarwa don cibiyar bayanan Cisco ACI - don taimakawa mai gudanarwa.
• Tashar mai tsayayye dangane da ƙayyadaddun hanyoyin sadarwar SD-WAN na software: warware matsalolin zaɓin hanya.
• Imel na, idan kuna da wasu tambayoyi ko kuna son gwada ayyukanku a wurin mu, - [email kariya].

source: www.habr.com