ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Tshiab IT infrastructure rau Russian Post data center

Tshiab IT infrastructure rau Russian Post data center

Kuv paub tseeb tias txhua tus neeg nyeem Habr muaj tsawg kawg ib zaug xaj khoom los ntawm cov khw muag khoom online txawv teb chaws thiab tom qab ntawd tau mus txais parcels ntawm Lavxias Post Office. Koj puas tuaj yeem xav txog qhov ntsuas ntawm txoj haujlwm no, los ntawm qhov pom ntawm kev teeb tsa logistics? Ntau tus neeg yuav khoom los ntawm tus lej ntawm lawv cov kev yuav khoom, xav txog ib daim ntawv qhia ntawm peb lub tebchaws loj, thiab ntawm nws muaj ntau dua 40 txhiab lub chaw xa ntawv ... Los ntawm txoj kev, xyoo 2018, Lavxias Post tau ua tiav 345 lab thoob ntiaj teb parcels.

Hauv tsab xov xwm no peb yuav qhia koj txog qhov teeb meem Pochta ntsib li cas thiab pab pawg LANIT Integration daws lawv li cas, tsim kom muaj IT infrastructure tshiab rau cov chaw zov me nyuam.

Tshiab IT infrastructure rau Russian Post data centerIb qho ntawm cov chaw niaj hnub logistics ntawm Lavxias Post
 

Ua ntej qhov project

Vim muaj kev nce ntxiv ntawm cov parcels los ntawm cov khw muag khoom txawv teb chaws hauv Suav teb, Western Europe thiab North America, cov khoom thauj ntawm cov chaw xa khoom ntawm Lavxias Post tau nce ntxiv. Yog li ntawd, cov chaw logistics tshiab tau tsim, uas siv cov tshuab ua haujlwm siab. Lawv xav tau kev txhawb nqa los ntawm kev siv computer infrastructure.

Cov ntaub ntawv chaw tsim kho vaj tse tau dhau los thiab tsis tau muab qhov tsim nyog ua tau zoo thiab kev ntseeg siab hauv kev ua haujlwm ntawm kev lag luam cov ntaub ntawv xov xwm. Tsis tas li ntawd, Lavxias Post tau ntsib qhov tsis muaj kev suav lub zog los tsim cov kev pabcuam tshiab.
 

Cov neeg siv khoom cov chaw zov me nyuam thiab lawv cov teeb meem

Lavxias teb sab Post cov ntaub ntawv chaw pab ntau tshaj 40 chaw thiab 000 thaj chaw department. Cov chaw zov me nyuam ua haujlwm ntau ntau ntawm 85/XNUMX kev pabcuam kev lag luam, suav nrog kev pabcuam e-lag luam.

Niaj hnub no, cov tuam txhab siv cov tshuab khaws cia, txheeb xyuas thiab ua cov ntaub ntawv loj. Rau cov tshuab zoo li no, kev siv cov kev txawj ntse txawj ntse thiab tshuab kev kawm algorithms ua lub luag haujlwm tseem ceeb. Niaj hnub no, ib qho ntawm cov teeb meem tseem ceeb tshaj plaws rau kev lag luam yog kev ua kom zoo rau kev tswj hwm kev thauj mus los thiab ua kom cov neeg siv khoom nrawm hauv cov chaw xa ntawv.

Ua ntej pib qhov kev tsim kho tshiab, muaj txog 3000 lub tshuab virtual hauv cov chaw tseem ceeb thiab cov ntaub ntawv thaub qab, qhov ntim ntawm cov ntaub ntawv khaws cia ntau dua 2 petabytes. Cov chaw zov me nyuam muaj cov qauv kev sib tw tsheb sib txuas nrog kev faib ua ntau ntu raws li qib kev ruaj ntseg.

Nrog rau kev txhim kho cov ntawv thov thiab kev qhia txog cov kev pabcuam tshiab, cov bandwidth uas twb muaj lawm ntawm cov khoom siv network hauv cov chaw zov me nyuam tau dhau los ua tsis txaus. Kev hloov pauv mus rau kev cuam tshuam nrog kev nrawm tshiab yog xav tau: 10 Gbit / s, tsis yog 1 Gbit / s ntawm kev nkag thiab 40 Gbit / s ntawm qib tseem ceeb, nrog rau tag nrho cov khoom siv thiab kev sib txuas lus.

Lub chaw saib xyuas kev ruaj ntseg cov ntaub ntawv tau txais qhov yuav tsum tau faib cov txheej txheem rau hauv ntu nrog qib siab ntawm cov ntaub ntawv kev nyab xeeb ntawm kev khiav tsheb thiab kev siv (PN - Private Network thiab DMZ - Demilitarized Zone). Cov tsheb hla dhau los ntawm firewalls (FWUs) uas tsis tas yuav tsum tau lim. VRF ntawm cov keyboards tsis tau siv rau lub tsheb no. Cov cai ntawm firewall yog qhov zoo tshaj plaws (ntau txhiab txoj cai hauv txhua qhov chaw khaws ntaub ntawv).

Seamless migration ntawm virtual machines (VMs) nruab nrab ntawm cov chaw zov me nyuam thaum tuav tus IP chaw nyob thiab txoj hauv kev zoo rau kev khiav tsheb ntawm ntu, suav nrog cov ntaub ntawv koom nrog (CDN), ua tsis tau.

MSTP tau siv rau thaub qab; qee qhov chaw nres nkoj tau thaiv (kub standby). Cov tub ntxhais thiab kev nkag mus hloov pauv tsis tau ua ke rau hauv pawg tsis ua haujlwm, thiab kev sib txuas sib txuas (LAG) tsis tau siv.

Nrog rau qhov tshwm sim ntawm qhov chaw thib peb cov ntaub ntawv, ib qho kev tsim kho tshiab thiab cov khoom siv tau tsim los ua haujlwm lub nplhaib ntawm cov chaw zov me nyuam (EVPN tau thov).

Tsis muaj lub tswv yim sib koom ua ke rau kev txhim kho cov chaw zov me nyuam cov ntaub ntawv, tau sau tseg rau hauv daim ntawv ntawm ib qhov project thiab pom zoo nrog txhua lub tuam tsev ntawm cov neeg siv khoom. Cov ntaub ntawv kev khiav hauj lwm hauv network tam sim no tsis tiav thiab dhau los.
 

Cov neeg siv khoom xav tau

Pab pawg ua haujlwm tau ntsib cov haujlwm hauv qab no:

  • npaj lub tswv yim architecture thiab kev loj hlob rau kev tsim lub network thiab server infrastructure ntawm peb cov ntaub ntawv chaw;
  • ua ib qho kev soj ntsuam kev ua haujlwm ntawm tus neeg siv khoom lub network uas twb muaj lawm;
  • nthuav dav lub network tub ntxhais muaj peev xwm ntau dua 1500 10/40 Gbit / s Ethernet ports hauv txhua qhov chaw cov ntaub ntawv (4500 chaw nres nkoj hauv tag nrho);
  • xyuas kom muaj kev ua haujlwm ntawm lub nplhaib ntawm peb lub chaw cov ntaub ntawv nrog lub peev xwm nce mus txog 80 Gbit / s hauv txhua ntu txhawm rau txhawm rau muab cov neeg siv khoom suav nrog cov chaw sib txawv ntawm cov ntaub ntawv sib txawv rau hauv ib qho IT system;
  • muab 100% ob npaug ntawm tag nrho cov ntsiab lus hauv network kom ua tiav lub hom phiaj Uptime ntawm qib 99,995%;
  • txo cov tsheb khiav qeeb ntawm cov tshuab virtual kom ceev cov ntawv thov kev lag luam;
  • sau cov txheeb cais, ua kev tshuaj xyuas thiab ua raws li kev ua kom zoo dua ntawm kev lim dej hauv cov ntaub ntawv (thaum pib muaj txog 80 txoj cai);
  • tsim ib lub hom phiaj architecture kom ntseeg tau tias seamless tsiv teb tsaws ntawm cov neeg siv khoom lag luam tseem ceeb rau ib qho ntawm peb lub chaw khaws ntaub ntawv.

Yog li peb muaj ib yam dab tsi los ua haujlwm.

Khoom siv

Cia peb ua tib zoo saib seb cov khoom siv twg peb siv hauv qhov project.

Firewall (NGWF) USG9560:

  • faib los ntawm VSYS;
  • mus txog 720 Gbps;
  • mus txog 720 lab ib zaug ib zaug;
  • 8 qhov.

Tshiab IT infrastructure rau Russian Post data center 
Router NE40E-X8:

  • mus txog 7,08 Tbit / s Hloov Peev Xwm;
  • mus txog 2,880 Mpps Forwarding Performance;
  • 8 qhov rau kab ntawv (LPU);
  • mus txog 10M BGP IPv4 txoj kev ib MPU;
  • mus txog 1500K OSPF IPv4 txoj kev ib MPU;
  • mus txog 3000K - IPv4 FIB (nyob ntawm LPU).

Tshiab IT infrastructure rau Russian Post data center
CE12800 Series Hloov:

  • Ntaus Virtualization: VS (1:16 virtualization), Cluster Switch System (CSS), Super Virtual Fabric (SVF);
  • Network Virtualization: M-LAG, TRILL, VXLAN thiab VXLAN bridging, QinQ hauv VXLAN, EVN (Ethernet Virtual Network);
  • pib los ntawm VRP V2, EVPN txhawb nqa suav nrog;
  • M-LAG – analogue ntawm vPC (virtual Port Channel) rau Cisco Nexus;
  • Virtual Spanning Tree Protocol (VSTP) - Tau tshaj Cisco PVST.

CE12804

Tshiab IT infrastructure rau Russian Post data center
CE12808

Tshiab IT infrastructure rau Russian Post data center

Software

Hauv qhov project peb siv:

  • Hloov ntawm firewall configuration ntaub ntawv los ntawm lwm tus neeg muag khoom rau hauv cov lus txib hom rau cov cuab yeej tshiab;
  • proprietary scripts rau optimizing thiab converting firewall configurations.

Tshiab IT infrastructure rau Russian Post data centerCov tsos ntawm lub converter rau converting configuration ntaub ntawv
 
Tshiab IT infrastructure rau Russian Post data centerLub tswv yim ntawm kev teeb tsa kev sib txuas lus ntawm cov chaw zov me nyuam (EVPN VXLAN)
 

Nuances ntawm kev teeb tsa cov cuab yeej

CE12808
 

  • EVPN (tus qauv) es tsis txhob EVN (Huawei proprietary) rau kev sib txuas lus ntawm cov chaw zov me nyuam:

    β—‹ L2 dhau L3 siv iBGP hauv lub dav hlau tswj;
    β—‹ MAC kev cob qhia thiab lawv tshaj tawm ntawm iBGP EVPN tsev neeg (MAC txoj hauv kev, hom 2);
    β—‹ Kev tsim kho tsis siv neeg ntawm VXLAN tunnels rau kev tshaj tawm / tsis paub txog unicast tsheb (Inclusive Multicast Routes, hom 3).

  • Ob chav faib hom ntawm VS:

    β—‹ raws li cov chaw nres nkoj (chaw nres nkoj hom chaw nres nkoj) lossis raws li ASIC (chaw nres nkoj-hom pab pawg, tso saib ntaus ntawv chaw nres nkoj-map);
    β—‹ chaw nres nkoj split dimension interface 40GE tsuas yog ua haujlwm hauv Admin VS (tsis hais qhov chaw nres nkoj hom).

USG 9560
 

  • muaj peev xwm faib los ntawm VSYS,
  • Dynamic routing thiab txoj kev xau tsis tuaj yeem ntawm VSYS!

CE12804
 
Tag nrho Active GW (VRRP Master / Master / Master) nrog MAC VRRP filtering ntawm cov chaw zov me nyuam
 
acl number 4000
  rule 5 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 10 deny destination-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 15 permit
 
interface Eth-Trunk1
  traffic-filter acl 4000 outbound

Tshiab IT infrastructure rau Russian Post data centerCov txheej txheem ntawm kev sib cuam tshuam ntawm cov chaw zov me nyuam (VXLAN EVPN thiab Tag Nrho Active GW)
 

Qhov project nyuaj

Qhov teeb meem tseem ceeb yog qhov xav tau rov qab cov ntawv thov uas twb muaj lawm uas siv cov cuab yeej siv computer. Cov neeg siv khoom muaj ntau dua 100 daim ntawv thov sib txawv, qee qhov tau sau yuav luag 10 xyoo dhau los. Piv txwv li, yog tias rau Yandex koj tuaj yeem tua ntau pua lub tshuab virtual yam tsis muaj kev puas tsuaj rau cov neeg siv kawg, tom qab ntawd hauv Lavxias Post xws li ib txoj hauv kev yuav xav tau kev txhim kho ntawm ntau daim ntawv thov los ntawm kos thiab hloov pauv hauv architecture ntawm cov ntaub ntawv lag luam. Peb tau daws cov teeb meem uas tshwm sim thaum lub sij hawm tsiv teb tsaws thiab kev ua kom zoo ntawm cov txheej txheem ntawm kev sib koom ua ke ntawm kev txheeb xyuas cov cuab yeej siv computer. Txhua lub network thev naus laus zis tshiab rau kev lag luam (xws li EVPN) tau dhau los ua qhov kev sim ua ntej hauv chav kuaj.
 

Qhov project tshwm sim

Pab neeg ua haujlwm nrog cov kws tshaj lij "LANIT-Integration", tus neeg siv khoom thiab nws cov neeg koom tes hauv kev ua haujlwm ntawm kev siv computer infrastructure. Pab pawg txhawb nqa los ntawm cov neeg muag khoom (Check Point thiab Huawei) kuj tau tsim. Qhov project tau siv ob xyoos. Qhov no yog qhov ua tau thaum lub sijhawm no.

  • Ib lub tswv yim rau kev txhim kho lub network ntawm cov chaw zov me nyuam, Corporate Data Network (CDTN) thiab lub nplhaib ntawm cov chaw zov me nyuam tau tsim thiab pom zoo nrog txhua lub tuam tsev ntawm cov neeg siv khoom.
  • Muaj cov kev pabcuam tau nce ntxiv. Qhov no tau sau tseg los ntawm cov neeg siv khoom lag luam thiab ua rau muaj kev nce ntxiv hauv cov tsheb thauj mus los vim muaj kev qhia txog cov kev pabcuam tshiab.
  • Ntau tshaj 40 txoj cai tau raug tsiv teb tsaws thiab ua kom zoo dua los ntawm FWSM/ASA rau USG 000. Cov ntsiab lus sib txawv ntawm ASA ntawm UGG 9560 tau muab tso ua ke rau hauv ib qho kev ruaj ntseg-txoj cai.
  • Kev xa tawm ntawm cov chaw nres nkoj cov ntaub ntawv tau nce los ntawm 1G rau 10/40G los ntawm kev siv CE12800 / CE6850. Qhov no ua rau nws muaj peev xwm tshem tawm cov interface overloads thiab poob ntawm pob ntawv.
  • Carrier-qib routers NE40E-X8 tau them tag nrho cov kev xav tau ntawm cov neeg siv khoom cov ntaub ntawv chaw thiab cov ntaub ntawv hloov chaw, suav nrog kev txhim kho kev lag luam yav tom ntej.
  • Yim qhov kev thov tshiab tshiab tau thov rau USG 9560. Ntawm cov no, xya tau ua tiav thiab suav nrog VRP version tam sim no. 1 FR - rau kev siv hauv Huawei R&D. Qhov no yog yim-chassis pawg nrog lub peev xwm los teeb tsa cov haujlwm tsim nyog rau kev teeb tsa synchronization yam tsis muaj kev sib kho synchronization. Nws yuav tsum tau yog hais tias lub tsheb ncua mus rau ib tug ntawm cov ntaub ntawv chaw yog heev loj (Adler - Moscow 1300 km raws txoj kev loj thiab 2800 km raws txoj kev cia).

Qhov project tsis muaj analogues piv rau lwm cov tuam txhab xa ntawv hauv Lavxias.

Modernization ntawm network infrastructure ntawm cov chaw zov me nyuam tau qhib lub sijhawm tshiab rau kev lag luam los tsim cov kev pabcuam digital.

  • Muab tus kheej tus account thiab daim ntawv thov mobile rau cov tib neeg thiab cov koom haum raug cai.
  • Kev koom ua ke nrog cov khw muag khoom hluav taws xob los muab kev pabcuam xa khoom.
  • Ua tiav - khaws cov khoom, tsim thiab xa cov xaj los ntawm cov khw muag khoom hluav taws xob.
  • Nthuav kev txiav txim khaws cov ntsiab lus, suav nrog kev siv cov koom tes sib koom tes.
  • Cov ntaub ntawv tseem ceeb raug cai khiav nrog cov neeg sib tw. Qhov no yuav tshem tawm qhov qeeb thiab kim xa cov ntaub ntawv.
  • Kev lees txais cov ntawv sau npe hauv daim ntawv hluav taws xob nrog kev xa khoom hauv tshuab hluav taws xob thiab hauv daim ntawv (nrog rau luam tawm cov khoom kom ze li sai tau rau tus neeg txais zaum kawg). Kev pabcuam ntawm cov ntawv sau npe hauv hluav taws xob ntawm cov kev pabcuam pej xeem portal.
  • Platform muab kev pabcuam telemedicine.
  • Kev txais tos yooj yim thiab yooj yim xa cov ntawv sau npe siv ib qho yooj yim hluav taws xob kos npe.
  • Digitalization ntawm lub chaw xa ntawv network.
  • Rov tsim kho cov kev pabcuam tus kheej (terminals thiab parcel terminals).
  • Tsim ib lub platform digital rau kev tswj cov kev pabcuam xa khoom thiab daim ntawv thov mobile tshiab rau cov neeg siv khoom xa tuaj.

Tuaj nrog peb ua haujlwm!

Tau qhov twg los: www.hab.com

Ntxiv ib saib