Nyob zoo, kuv lub npe yog Kostya Kramlich, Kuv yog tus tsim tawm ntawm Virtual Private Cloud faib ntawm Yandex.Cloud. Kuv tabtom ua haujlwm ntawm lub network virtual, thiab, raws li koj tuaj yeem twv, hauv tsab xov xwm no kuv yuav tham txog Virtual Private Cloud (VPC) ntaus ntawv feem ntau thiab lub network virtual tshwj xeeb. Thiab koj tseem yuav pom tias vim li cas peb, cov neeg tsim khoom pabcuam, muaj txiaj ntsig tawm tswv yim los ntawm peb cov neeg siv. Tab sis thawj yam ua ntej.
VPC yog dab tsi?
Niaj hnub no, muaj ntau yam kev xaiv rau kev xa cov kev pabcuam. Kuv paub tseeb tias ib tus neeg tseem khaws cov server hauv qab tus thawj coj lub rooj, txawm hais tias kuv vam tias cov dab neeg no tau dhau los ua tsawg dua.
Tam sim no cov kev pabcuam tau sim txav mus rau pej xeem huab, thiab qhov no yog qhov uas lawv ntsib VPCs. VPC yog ib feem ntawm cov huab huab uas cuam tshuam cov neeg siv, infrastructure, platform thiab lwm yam muaj peev xwm ua ke, txawm lawv nyob qhov twg, hauv peb Huab lossis dhau mus. Tib lub sijhawm, VPC tso cai rau koj kom tsis txhob nthuav tawm cov peev txheej no rau hauv Is Taws Nem yam tsis tsim nyog; lawv nyob hauv koj lub network cais.
Dab tsi virtual network zoo li los ntawm sab nraud
Los ntawm VPC peb txhais tau tias, ua ntej ntawm tag nrho cov, ib qho overlay network thiab network kev pab cuam, xws li VPNaaS, NATaas, LBaas, thiab lwm yam. Thiab tag nrho cov no ua hauj lwm nyob rau sab saum toj ntawm ib tug txhaum-tolerant network infrastructure, uas twb tau tham txog. ntawm no ntawm Habre.
Cia peb saib ze dua ntawm lub network virtual thiab nws cov qauv.
Cia peb saib ob thaj chaw muaj. Peb muab lub network virtual - qhov peb hu ua VPC. Qhov tseeb, nws txhais qhov chaw tshwj xeeb ntawm koj qhov chaw nyob "grey". Hauv txhua lub network virtual, koj muaj kev tswj hwm tag nrho ntawm qhov chaw nyob uas koj tuaj yeem muab rau suav cov peev txheej.
Lub network yog thoob ntiaj teb. Nyob rau tib lub sijhawm, nws tau npaj mus rau txhua qhov chaw muaj nyob hauv daim ntawv ntawm ib qho chaw hu ua Subnet. Rau txhua Subnet koj muab CIDR qhov loj 16 lossis tsawg dua. Txhua cheeb tsam muaj peev xwm muaj ntau tshaj li ib qho chaw, thiab ib txwm muaj pob tshab routing ntawm lawv. Qhov no txhais tau hais tias tag nrho koj cov peev txheej hauv tib VPC tuaj yeem "sib tham" rau ib leeg, txawm tias lawv nyob hauv thaj chaw muaj nyob sib txawv. "Kev sib txuas lus" yam tsis muaj kev nkag mus rau hauv Is Taws Nem, los ntawm peb cov kev sab hauv, "xav" tias lawv nyob hauv tib lub network ntiag tug.
Daim duab saum toj no qhia txog qhov xwm txheej zoo li no: ob lub VPCs uas cuam tshuam qhov chaw hauv lawv qhov chaw nyob. Ob leeg tuaj yeem yog koj li. Piv txwv li, ib qho rau kev txhim kho, lwm qhov rau kev sim. Tej zaum tsuas muaj cov neeg siv sib txawv - qhov no nws tsis muaj teeb meem. Thiab txhua VPC muaj ib lub tshuab virtual.
Cia peb ua lub tswv yim phem. Koj tuaj yeem ua ib lub tshuab virtual txuas rau ntau Subnets ib zaug. Thiab tsis yog li ntawd, tab sis nyob rau hauv sib txawv virtual networks.
Tib lub sijhawm, yog tias koj xav tau nthuav tawm cov tshuab hauv Is Taws Nem, qhov no tuaj yeem ua tiav los ntawm API lossis UI. Txhawm rau ua qhov no, koj yuav tsum teeb tsa NAT txhais lus ntawm koj "grey", chaw nyob sab hauv, rau hauv "dawb" - chaw nyob pej xeem. Koj tsis tuaj yeem xaiv qhov chaw nyob "dawb"; nws raug xaiv los ntawm peb qhov chaw nyob. Thaum koj tsis siv tus IP sab nraud, nws rov qab mus rau lub pas dej. Koj tsuas yog them rau lub sijhawm koj siv qhov chaw nyob "dawb".
Nws tseem tuaj yeem muab lub tshuab siv Internet siv NAT piv txwv. Koj tuaj yeem xa cov tsheb mus rau koj qhov piv txwv los ntawm lub rooj sib tham zoo li qub. Peb tau muab rooj plaub no vim tias qee zaum cov neeg siv xav tau nws, thiab peb paub txog nws. Raws li, nyob rau hauv peb cov duab directory muaj ib tug tshwj xeeb configured NAT duab.
Tab sis txawm tias thaum muaj cov duab NAT npaj txhij, kev teeb tsa tuaj yeem nyuaj. Peb nkag siab tias rau qee tus neeg siv qhov no tsis yog qhov kev xaiv yooj yim tshaj plaws, yog li thaum kawg peb tau ua kom nws ua tau kom NAT rau qhov xav tau Subnet hauv ib nias. Cov yam ntxwv no tseem nyob rau hauv kaw saib ua ntej nkag, qhov twg nws raug sim nrog kev pab los ntawm cov tswv cuab hauv zej zog.
Yuav ua li cas lub network virtual ua haujlwm los ntawm sab hauv
Tus neeg siv cuam tshuam nrog lub network virtual li cas? Lub network saib sab nraud nrog nws API. Tus neeg siv tuaj rau API thiab ua haujlwm nrog lub xeev lub hom phiaj. Los ntawm API, tus neeg siv pom tias txhua yam yuav tsum tau teeb tsa thiab teeb tsa li cas, thaum nws pom cov xwm txheej, lub xeev tiag tiag txawv li cas ntawm qhov xav tau. Nov yog tus neeg siv daim duab. Dab tsi tshwm sim hauv?
Peb sau lub xeev xav tau hauv Yandex Database thiab mus rau kev teeb tsa sib txawv ntawm peb VPC. Lub overlay network hauv Yandex.Cloud yog tsim los ntawm kev xaiv cov khoom ntawm OpenContrail, uas tsis ntev los no hu ua Tungsten Fabric. Cov kev pabcuam network tau siv rau ntawm ib lub platform CloudGate. Ntawm CloudGate, peb kuj tau siv ntau qhov chaw qhib: GoBGP rau kev tswj cov ntaub ntawv, nrog rau VPP rau kev siv lub router software khiav saum DPDK rau cov ntaub ntawv txoj kev.
Tungsten Fabric sib txuas lus nrog CloudGate ntawm GoBGP. Qhia dab tsi tshwm sim hauv lub network overlay. CloudGate, nyob rau hauv lem, txuas overlay tes hauj lwm rau ib leeg thiab hauv Internet.
Tam sim no cia peb saib yuav ua li cas lub network virtual daws teeb meem scalability thiab muaj. Cia peb xav txog ib rooj plaub yooj yim. Muaj ib cheeb tsam muaj thiab ob VPCs tau tsim nyob rau hauv nws. Peb tau xa ib qho piv txwv Tungsten Fabric, thiab nws muaj ntau kaum tawm txhiab tus tes hauj lwm. Networks sib txuas lus nrog CloudGate. CloudGate, raws li peb tau hais lawm, ua kom lawv cov kev sib txuas nrog ib leeg thiab nrog Is Taws Nem.
Wb hais tias qhov Availability Zone thib ob ntxiv. Nws yuav tsum ua tsis tiav kiag li ntawm tus thawj. Yog li ntawd, peb yuav tsum nruab ib qho piv txwv tungsten Fabric cais nyob rau hauv qhov chaw muaj thib ob. Qhov no yuav yog ib qho kev sib cais uas tswj cov txheej txheem overlay thiab paub me ntsis txog thawj qhov system. Thiab qhov tsos uas peb lub network virtual yog thoob ntiaj teb, qhov tseeb, tsim peb VPC API. Nov yog nws txoj haujlwm.
VPC1 yog mapped rau Availability Zone B yog Availability Zone B muaj cov peev txheej uas lo rau VPC1. Yog tias tsis muaj cov peev txheej los ntawm VPC2 hauv thaj chaw muaj B, peb tsis tsim VPC2 hauv cheeb tsam no. Nyob rau hauv lem, txij li thaum cov kev pab cuam los ntawm VPC3 tsuas muaj nyob rau hauv cheeb tsam B, VPC3 tsis muaj nyob rau hauv cheeb tsam A. Txhua yam yog yooj yim thiab logic.
Cia wb mus tob me ntsis thiab saib seb tus tswv tsev tshwj xeeb hauv Y.Cloud ua haujlwm li cas. Qhov tseem ceeb tshaj plaws kuv xav kom nco ntsoov yog tias txhua tus tswv tsev tau tsim tib yam. Peb xyuas kom meej tias tsuas yog qhov tsim nyog yam tsawg kawg nkaus ntawm cov kev pab cuam khiav ntawm hardware; tag nrho cov seem khiav ntawm lub tshuab virtual. Peb tsim cov kev pabcuam siab dua raws li cov kev pabcuam hauv vaj tse, thiab tseem siv Huab los daws qee qhov teeb meem engineering, piv txwv li, ua ib feem ntawm Kev Sib Txuas Ntxiv.
Yog tias peb saib ntawm ib tus tswv tsev tshwj xeeb, peb tuaj yeem pom tias muaj peb yam haujlwm khiav hauv tus tswv OS:
- Compute yog ib feem ntawm lub luag haujlwm rau kev faib cov khoom siv suav nrog ntawm tus tswv tsev.
- VRouter yog ib feem ntawm Tungsten Fabric, uas npaj cov txheej txheem overlay, uas yog, nws tunnels pob ntawv los ntawm underlay.
- VDisks yog ib feem ntawm kev cia virtualization.
Tsis tas li ntawd, cov tshuab virtual khiav cov kev pabcuam: Cov kev pabcuam huab cua, kev pabcuam platform thiab cov neeg siv khoom muaj peev xwm. Cov neeg siv khoom muaj peev xwm thiab cov kev pabcuam platform ib txwm mus rau qhov sib tshooj ntawm VRouter.
Infrastructure cov kev pab cuam tuaj yeem ntsaws rau hauv qhov sib tshooj, tab sis feem ntau lawv xav ua haujlwm hauv qab. Lawv tau daig rau hauv qab siv SR-IOV. Qhov tseeb, peb txiav daim npav rau hauv daim npav virtual network (virtual functions) thiab thawb lawv mus rau hauv infrastructure virtual machines kom tsis txhob poob kev ua haujlwm. Piv txwv li, tib CloudGate tau pib ua ib qho ntawm cov tshuab virtual no.
Tam sim no peb tau piav qhia txog cov haujlwm thoob ntiaj teb ntawm lub network virtual thiab tsim cov khoom siv hauv huab, cia saib seb qhov sib txawv ntawm virtual network cuam tshuam li cas.
Peb paub qhov txawv peb txheej hauv peb qhov system:
- Config Plane - teeb tsa lub hom phiaj ntawm lub system. Nov yog qhov uas tus neeg siv teeb tsa los ntawm API.
- Control Plane - muab cov lus qhia tshwj xeeb rau cov neeg siv, uas yog, nws coj lub xeev ntawm Cov Ntaub Ntawv Dav Hlau rau yam uas tau piav qhia los ntawm tus neeg siv hauv Config Plane.
- Cov Ntaub Ntawv Dav Hlau - ncaj qha ua cov neeg siv pob khoom.
Raws li kuv tau hais saum toj no, txhua yam pib nrog cov neeg siv lossis cov kev pabcuam sab hauv tuaj rau API thiab piav qhia txog lub xeev lub hom phiaj.
Lub xeev no tau sau tam sim ntawd rau Yandex Database, rov qab ID ntawm asynchronous ua haujlwm ntawm API, thiab tso peb cov tshuab sab hauv los tsim lub xeev uas tus neeg siv xav tau. Kev teeb tsa cov dej num mus rau SDN maub los thiab qhia Tungsten Fabric dab tsi yuav tsum tau ua nyob rau hauv overlay. Piv txwv li, lawv khaws cov chaw nres nkoj, virtual networks, thiab lwm yam.
Lub Config Plane nyob rau hauv Tungsten Fabric uploads lub xeev yuav tsum tau mus rau lub Control Plane. Los ntawm nws, Config Plane sib txuas lus nrog cov tswv, qhia lawv qhov tseeb yuav ua haujlwm rau lawv yav tom ntej.
Tam sim no cia saib seb qhov system zoo li cas ntawm cov tswv. Lub tshuab virtual muaj qee lub network adapter ntsaws rau hauv VRouter. VRouter yog Tungsten Fabric core module uas saib cov pob ntawv. Yog tias twb muaj qhov txaus rau qee pob ntawv, lub module ua nws. Yog tias tsis muaj ntws, lub module ua li hu ua punting, uas yog, nws xa cov pob ntawv mus rau tus txheej txheem usermod. Cov txheej txheem txheeb xyuas cov pob ntawv thiab teb rau nws tus kheej, xws li DHCP thiab DNS, lossis qhia VRouter yuav ua li cas nrog nws. VRouter tuaj yeem ua cov pob ntawv.
Tsis tas li ntawd, kev khiav tsheb ntawm cov tshuab virtual hauv tib lub network virtual ntws pob tshab, nws tsis raug xa mus rau CloudGate. Cov tswv tsev uas cov tshuab virtual raug xa mus sib txuas lus ncaj qha. Lawv tunnel tsheb thiab xa mus rau ib leeg los ntawm underlay.
Control Planes sib txuas lus nrog ib leeg nyob rau hauv Availability Zones ntawm BGP, ib yam li nrog rau lwm tus router. Lawv qhia koj tias lub tshuab twg tau teeb tsa qhov twg, kom cov tshuab virtual hauv ib cheeb tsam tuaj yeem sib txuas lus ncaj qha nrog lwm lub tshuab virtual.
Control Plane kuj sib txuas lus nrog CloudGate. Ib yam li ntawd, nws qhia qhov twg thiab lub tshuab virtual raug teeb tsa, lawv qhov chaw nyob yog dab tsi. Qhov no tso cai rau koj coj mus rau sab nraud tsheb thiab tsheb khiav los ntawm balancers rau lawv.
Cov tsheb khiav tawm ntawm VPC tuaj rau CloudGate, nyob rau hauv cov ntaub ntawv txoj kev, qhov twg VPP nrog peb cov plugins sai sai zom. Tom qab ntawd cov tsheb khiav mus rau lwm tus VPCs, lossis sab nraud, mus rau ntug routers, uas tau teeb tsa los ntawm Control Plane ntawm CloudGate nws tus kheej.
Kev npaj rau yav tom ntej
Yog tias peb sau txhua yam hais saum toj no hauv ob peb kab lus, peb tuaj yeem hais tias VPC hauv Yandex.Cloud daws ob qhov teeb meem tseem ceeb:
- Muab kev cais ntawm cov neeg siv khoom sib txawv.
- Sib sau cov peev txheej, kev tsim kho vaj tse, kev pabcuam platform, lwm yam huab thiab hauv tsev rau hauv ib lub network.
Thiab txhawm rau daws cov teeb meem no kom zoo, koj yuav tsum xyuas kom meej qhov muaj peev xwm thiab kev ua txhaum cai nyob rau theem ntawm cov txheej txheem sab hauv, uas yog qhov VPC ua.
Maj mam, VPC tau txais kev ua haujlwm, peb tab tom siv cov yam ntxwv tshiab, thiab sim txhim kho qee yam ntawm kev yooj yim rau cov neeg siv. Qee lub tswv yim tau hais tawm thiab suav nrog hauv cov npe tseem ceeb ua tsaug rau cov tswv cuab ntawm peb lub zej zog.
Tam sim no peb muaj kwv yees li cov npe hauv qab no ntawm cov phiaj xwm rau yav tom ntej:
- VPN raws li kev pabcuam.
- Cov xwm txheej DNS ntiag tug - cov duab rau kev teeb tsa lub tshuab virtual sai sai nrog lub DNS server uas tau teeb tsa ua ntej.
- DNS raws li kev pabcuam.
- Internal load balancer.
- Ntxiv qhov "dawb" IP chaw nyob yam tsis rov tsim lub tshuab virtual.
Ib qho kev sib npaug thiab muaj peev xwm hloov qhov chaw nyob IP rau lub tshuab virtual uas twb muaj lawm tau suav nrog hauv daim ntawv teev npe no ntawm kev thov ntawm cov neeg siv. Yuav kom ncaj ncees, tsis muaj cov lus qhia meej peb yuav tau ua cov haujlwm no me ntsis tom qab. Thiab yog li peb twb tau ua haujlwm ntawm qhov teeb meem txog qhov chaw nyob.
Thaum pib, tus IP chaw nyob "dawb" tsuas yog ntxiv thaum tsim lub tshuab. Yog tias tus neeg siv tsis nco qab ua qhov no, lub tshuab virtual yuav tsum tau rov tsim dua. Tib yam mus rau tshem tawm tus IP sab nraud yog tias tsim nyog. Tsis ntev nws yuav muaj peev xwm tig tau tus IP pej xeem rau thiab tawm yam tsis tas yuav rov tsim lub tshuab.
Xav tias dawb los qhia koj li lwm cov neeg siv. Koj pab peb ua kom huab zoo dua thiab tau txais cov yam ntxwv tseem ceeb thiab muaj txiaj ntsig sai dua!
Tau qhov twg los: www.hab.com