ProHoster > Блог > Kev tswj hwm > Tshiab IT infrastructure rau Russian Post data center

Tshiab IT infrastructure rau Russian Post data center

Kuv paub tseeb tias txhua tus nyeem ntawv Habr tau xaj khoom los ntawm cov khw muag khoom hauv online txawv teb chaws tsawg kawg ib zaug thiab tom qab ntawd mus rau chaw ua haujlwm xa ntawv Lavxias kom tuaj tos lawv cov pob khoom. Koj puas xav txog qhov loj ntawm txoj haujlwm no, los ntawm qhov kev xav ntawm kev xa khoom? Muab tus lej ntawm cov neeg siv khoom los ntawm tus lej ntawm lawv cov kev yuav khoom, xav txog daim ntawv qhia ntawm peb lub tebchaws loj heev nrog ntau dua 40 lub chaw xa ntawv ... Incidentally, xyoo 2018, Lavxias Post tau ua tiav 345 lab pob khoom thoob ntiaj teb.

Hauv tsab xov xwm no, peb yuav tham txog cov teeb meem uas Pochta ntsib thiab pab pawg LANIT Integration tau daws lawv li cas los ntawm kev tsim cov khoom siv IT tshiab rau cov chaw khaws ntaub ntawv.

Tshiab IT infrastructure rau Russian Post data centerIb qho ntawm cov chaw logistics niaj hnub ntawm Lavxias Post
 

Ua ntej qhov project

Qhov kev nce ntxiv ntawm cov pob khoom los ntawm cov khw muag khoom txawv teb chaws hauv Suav teb, Western Europe, thiab North America tau ua rau muaj kev thauj khoom ntau ntxiv rau Russian Post cov chaw xa khoom. Yog li ntawd, cov chaw xa khoom tshiab tau raug tsim los, siv cov tshuab cais khoom ua haujlwm siab. Cov no xav tau kev txhawb nqa ntawm cov khoom siv computer.

Cov chaw khaws ntaub ntawv qub dhau lawm thiab tsis muab kev ua tau zoo thiab kev ntseeg siab rau lub tuam txhab cov txheej txheem ntaub ntawv. Russian Post kuj tsis muaj lub zog suav lej los tsim cov kev pabcuam tshiab.
 

Cov chaw khaws cov ntaub ntawv rau cov neeg siv khoom thiab lawv cov teeb meem

Cov chaw khaws ntaub ntawv ntawm Russian Post muab kev pabcuam ntau dua 40,000 lub chaw thiab 85 lub chaw ua haujlwm hauv cheeb tsam. Cov chaw khaws ntaub ntawv no muab ntau yam kev pabcuam lag luam 24/7, suav nrog kev lag luam hauv online.

Lub tuam txhab twb siv cov txheej txheem rau kev khaws cia, tshuaj xyuas, thiab ua cov ntaub ntawv loj. Kev txawj ntse cuav thiab cov txheej txheem kev kawm tshuab ua lub luag haujlwm tseem ceeb hauv cov txheej txheem no. Tam sim no, qee qhov kev siv tseem ceeb tshaj plaws ntawm lub tuam txhab suav nrog kev ua kom zoo dua kev tswj hwm kev thauj mus los thiab kev ua kom cov neeg siv khoom sai dua ntawm cov chaw xa ntawv.

Ua ntej qhov project modernization, cov chaw khaws ntaub ntawv tseem ceeb thiab cov chaw khaws ntaub ntawv thaub qab muaj kwv yees li 3000 lub tshuab virtual, khaws cia ntau dua 2 petabytes ntawm cov ntaub ntawv. Cov chaw khaws ntaub ntawv muaj cov qauv kev thauj mus los nyuaj, muab faib ua ntau ntu raws li qib kev ruaj ntseg.

Thaum cov ntawv thov tau hloov zuj zus thiab cov kev pabcuam tshiab tau tsim tawm, qhov bandwidth ntawm lub network uas twb muaj lawm hauv cov chaw khaws ntaub ntawv tau tsis txaus. Yuav tsum muaj kev hloov mus rau cov interfaces nrog cov ceev tshiab: 10 Gbps es tsis yog 1 Gbps rau kev nkag mus thiab 40 Gbps ntawm theem tseem ceeb, nrog rau tag nrho cov khoom siv thiab cov channel sib txuas lus.

Lub chaw haujlwm kev ruaj ntseg ntawm cov ntaub ntawv xav kom cov khoom siv hauv paus no raug faib ua ntu nrog qib siab ntawm kev khiav tsheb thiab kev ruaj ntseg ntawm daim ntawv thov (PN - Private Network thiab DMZ - Demilitarized Zone). Kev khiav tsheb uas tsis xav tau kev lim dej tau dhau los ntawm firewalls (FWs). VRFs ntawm cov keyboards tsis tau siv rau kev khiav tsheb no. Cov cai ntawm FWs tsis zoo (kaum tawm txhiab tus cai hauv txhua lub chaw khaws ntaub ntawv).

Kev tsiv chaw ntawm cov tshuab virtual (VMs) ntawm cov chaw khaws ntaub ntawv thaum tswj cov chaw nyob IP thiab cov kev khiav tsheb zoo tshaj plaws ntawm cov ntu, suav nrog lub network xa cov ntaub ntawv ntawm lub tuam txhab (CDTN), tsis yooj yim sua.

MSTP tau siv rau kev rov ua dua, nrog rau qee qhov chaw nres nkoj raug thaiv (hot standby). Cov core thiab cov access switches tsis tau koom ua ke rau hauv ib pawg failover, thiab link aggregation (LAG) tsis tau siv.

Nrog rau qhov tshwm sim ntawm lub chaw khaws ntaub ntawv thib peb, yuav tsum muaj cov qauv tshiab thiab cov khoom siv los ua haujlwm ntawm lub nplhaib ntawm cov chaw khaws ntaub ntawv (EVPN tau raug npaj tseg).

Tsis muaj lub tswv yim tsim kho chaw khaws ntaub ntawv sib koom ua ke, sau tseg ua ib qhov project thiab pom zoo los ntawm txhua lub chaw haujlwm ntawm cov neeg siv khoom. Cov ntaub ntawv ua haujlwm network tam sim no tsis tiav thiab qub dhau lawm.
 

Kev cia siab ntawm cov neeg siv khoom

Pawg neeg ua haujlwm tau ntsib cov haujlwm hauv qab no:

  • npaj cov qauv vaj tse thiab kev txhim kho lub tswv yim rau kev tsim kho lub network thiab server infrastructure ntawm lub chaw khaws ntaub ntawv thib peb;
  • ua ib qho kev tshuaj xyuas kev ua haujlwm ntawm tus neeg siv khoom lub network uas twb muaj lawm;
  • nthuav dav lub peev xwm ntawm lub network los ntawm ntau dua 1500 10/40 Gbps Ethernet ports hauv txhua lub chaw khaws ntaub ntawv (tag nrho 4500 ports);
  • xyuas kom meej tias kev ua haujlwm ntawm lub nplhaib ntawm peb lub chaw khaws ntaub ntawv nrog lub peev xwm los nce qhov ceev txog li 80 Gbit / s hauv txhua ntu kom muab cov peev txheej suav cov neeg siv khoom los ntawm ntau lub chaw khaws ntaub ntawv sib txawv rau hauv ib lub kaw lus IT;
  • xyuas kom meej 100% ob npaug ntawm txhua lub network kom ua tiav lub hom phiaj Uptime ntawm 99,995%;
  • txo qhov kev ncua sij hawm ntawm cov tsheb khiav ntawm cov tshuab virtual kom ua kom cov ntawv thov lag luam sai dua;
  • sau cov ntaub ntawv txheeb cais, ua kev tshuaj xyuas thiab ua qhov kev txhim kho tom qab ntawm cov cai lim tsheb hauv cov chaw khaws ntaub ntawv (thawj zaug muaj li ntawm 80,000 txoj cai);
  • tsim ib lub hom phiaj architecture kom ntseeg tau tias kev tsiv mus los ntawm cov neeg siv khoom cov ntawv thov lag luam tseem ceeb mus rau ib qho ntawm peb lub chaw khaws ntaub ntawv.

Yog li ntawd, peb muaj ib yam dab tsi los ua haujlwm rau.

Khoom siv

Cia peb los saib ze dua txog cov khoom siv uas peb siv hauv qhov project.

USG9560 Network Gateway Firewall (NGWF):

  • kev faib los ntawm VSYS;
  • txog li 720 Gbps;
  • txog li 720 lab lub sijhawm sib tham tib lub sijhawm;
  • 8 qhov.

Tshiab IT infrastructure rau Russian Post data center 
Router NE40E-X8:

  • txog li 7,08 Tbit / s Switching Peev Xwm;
  • txog li 2,880 Mpps Kev Ua Haujlwm Xa Mus Los;
  • 8 qhov rau cov kab ntawv (LPU);
  • txog li 10M BGP IPv4 txoj kev ib MPU;
  • txog li 1500K OSPF IPv4 kev rau ib MPU;
  • txog li 3000K - IPv4 FIB (nyob ntawm LPU).

Tshiab IT infrastructure rau Russian Post data center
CE12800 Series Hloov:

  • Kev Siv Khoom Siv Virtualization: VS (1:16 virtualization), Cluster Switch System (CSS), Super Virtual Fabric (SVF);
  • Kev Ua Haujlwm Virtualization hauv Network: M-LAG, TRILL, VXLAN thiab VXLAN bridging, QinQ hauv VXLAN, EVN (Ethernet Virtual Network);
  • Pib nrog VRP V2, kev txhawb nqa EVPN suav nrog;
  • M-LAG yog ib qho piv txwv ntawm vPC (virtual Port Channel) hauv Cisco Nexus;
  • Virtual Spanning Tree Protocol (VSTP) - sib xws nrog Cisco PVST.

CE12804

Tshiab IT infrastructure rau Russian Post data center
CE12808

Tshiab IT infrastructure rau Russian Post data center

Software

Hauv qhov project no peb tau siv:

  • hloov cov ntaub ntawv teeb tsa firewall los ntawm lwm tus neeg muag khoom mus rau hauv hom ntawv hais kom ua rau cov khoom siv tshiab;
  • Cov ntawv sau tsim tawm hauv tsev rau kev ua kom zoo dua thiab hloov kho cov teeb tsa firewall.

Tshiab IT infrastructure rau Russian Post data centerCov tsos ntawm lub converter rau kev hloov cov ntaub ntawv teeb tsa
 
Tshiab IT infrastructure rau Russian Post data centerDaim duab qhia txog kev sib txuas lus ntawm chaw khaws ntaub ntawv (EVPN VXLAN)
 

Lub nuances ntawm kev teeb tsa cov khoom siv

CE12808
 

  • EVPN (tus qauv) es tsis yog EVN (Huawei proprietary) rau kev sib txuas lus ntawm cov chaw khaws ntaub ntawv:

    ○ L2 hla L3 siv iBGP hauv Control plane;
    ○ Kev kawm MAC thiab lawv cov lus tshaj tawm los ntawm tsev neeg iBGP EVPN (MAC txoj kev, hom 2);
    ○ Tsim cov VXLAN tunnels rau kev tshaj tawm / tsis paub unicast traffic (Inclusive Multicast Routes, hom 3).

  • Ob hom kev faib ntawm VS:

    ○ raws li chaw nres nkoj (chaw nres nkoj hom) lossis ASIC-raws li (chaw nres nkoj hom pawg, tso saib daim ntawv qhia chaw nres nkoj);
    ○ Qhov chaw nres nkoj faib qhov ntev interface 40GE tsuas yog ua haujlwm hauv Admin VS (tsis hais hom chaw nres nkoj).

USG9560
 

  • lub peev xwm faib los ntawm VSYS,
  • Dynamic routing thiab route leaking tsis ua tau ntawm VSYS!

CE12804
 
Txhua yam Active GW (VRRP Master/Master/Master) nrog MAC VRRP filtering ntawm cov chaw khaws ntaub ntawv
 
acl number 4000
  rule 5 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 10 deny destination-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 15 permit
 
interface Eth-Trunk1
  traffic-filter acl 4000 outbound

Tshiab IT infrastructure rau Russian Post data centerDaim duab qhia txog kev sib cuam tshuam ntawm cov peev txheej ntawm cov chaw khaws ntaub ntawv (VXLAN EVPN thiab Txhua Lub GW uas siv tau)
 

Cov teeb meem ntawm qhov project

Qhov teeb meem tseem ceeb yog qhov xav tau los thaub qab cov ntawv thov uas twb muaj lawm siv cov khoom siv hauv computer. Tus neeg siv khoom muaj ntau dua 100 daim ntawv thov sib txawv, qee qhov tau sau yuav luag 10 xyoo dhau los. Piv txwv li, thaum Yandex tuaj yeem kaw ntau pua lub tshuab virtual yam tsis muaj kev cuam tshuam rau cov neeg siv kawg, ntawm Russian Post, txoj hauv kev zoo li no yuav xav tau kev tsim ntau daim ntawv thov los ntawm kos thiab rov tsim dua lub tuam txhab cov txheej txheem cov ntaub ntawv. Peb tau daws txhua yam teeb meem uas tshwm sim thaum lub sijhawm tsiv teb tsaws chaw thiab kev ua kom zoo dua thaum lub sijhawm tshuaj xyuas ua ke ntawm cov khoom siv hauv computer. Txhua yam thev naus laus zis network tshiab (xws li EVPN) tau dhau los ua qhov kev sim ua ntej hauv chav kuaj.
 

Qhov project tshwm sim

Cov pab pawg neeg ua haujlwm suav nrog cov kws tshwj xeeb "LANIT-Integration", tus neeg siv khoom, thiab nws cov neeg koom tes hauv kev khiav lag luam cov khoom siv computer. Cov pab pawg txhawb nqa tshwj xeeb los ntawm cov neeg muag khoom (Check Point thiab Huawei) kuj tau tsim. Qhov project siv sijhawm ob xyoos. Nov yog yam uas tau ua tiav thaum lub sijhawm ntawd.

  • Ib lub tswv yim rau kev tsim kom muaj lub network ntawm cov chaw khaws ntaub ntawv, lub network xa cov ntaub ntawv ntawm cov tuam txhab (CDTN), thiab lub nplhaib ntawm cov chaw khaws ntaub ntawv tau tsim thiab pom zoo nrog txhua lub chaw haujlwm ntawm tus neeg siv khoom.
  • Kev muaj kev pabcuam tau nce ntxiv. Qhov no tau pom los ntawm tus neeg siv khoom lub lag luam thiab ua rau muaj kev loj hlob ntxiv ntawm cov tsheb khiav vim muaj kev qhia txog cov kev pabcuam tshiab.
  • Muaj ntau tshaj 40,000 txoj cai tau raug hloov thiab kho kom zoo dua los ntawm FWSM/ASA mus rau USG 9560. Cov ntsiab lus ASA sib txawv ntawm UGG 9560 tau raug muab tso ua ke rau hauv ib txoj cai kev ruaj ntseg.
  • Kev siv CE12800/CE6850 los ua kom cov ntaub ntawv xa mus rau lwm qhov chaw tau nce ntxiv los ntawm 1G mus rau 10/40G. Qhov no tshem tawm qhov kev sib tsoo ntawm cov interface thiab kev poob kev sib txuas.
  • Cov NE40E-X8 carrier-class routers tau ua tiav tag nrho cov kev xav tau ntawm cov neeg siv khoom hauv chaw khaws ntaub ntawv thiab chaw khaws ntaub ntawv, suav nrog kev txhim kho kev lag luam yav tom ntej.
  • Muaj yim qhov Kev Thov Tshiab rau USG 9560. Xya ntawm cov no twb tau siv thiab suav nrog hauv VRP version tam sim no. 1 FR tam sim no tab tom siv hauv Huawei R&D. Qhov no yog ib lub cluster yim-chassis nrog lub peev xwm los teeb tsa qhov kev teeb tsa synchronization functionality uas xav tau yam tsis muaj kev sib txuas lus. Qhov no yog qhov yuav tsum tau ua yog tias qhov latency ntawm tsheb mus rau ib qho ntawm cov chaw khaws ntaub ntawv siab dhau (Adler-Moscow yog 1300 km ntawm txoj kev loj thiab 2800 km ntawm txoj kev thaub qab).

Qhov project no tsis muaj analogues piv rau lwm lub tuam txhab xa ntawv hauv Russia.

Kev kho dua tshiab ntawm cov chaw khaws ntaub ntawv network tau qhib cov cib fim tshiab rau lub tuam txhab los tsim cov kev pabcuam digital.

  • Muab ib tus account tus kheej thiab daim ntawv thov mobile rau cov tib neeg thiab cov koom haum raug cai.
  • Kev koom ua ke nrog cov chaw lag luam e-commerce los muab cov kev pabcuam xa khoom.
  • Kev ua tiav yog kev khaws cia cov khoom muag, kev tsim thiab kev xa khoom ntawm cov xaj los ntawm cov khw muag khoom hauv online.
  • Kev nthuav dav ntawm cov chaw tos txais kev txiav txim, suav nrog los ntawm cov tes hauj lwm koom tes.
  • Kev xa cov ntaub ntawv raws li txoj cai nrog cov neeg sib koom tes. Qhov no yuav tshem tawm qhov kev xa cov ntaub ntawv qeeb thiab kim.
  • Peb txais cov ntawv sau npe hauv hluav taws xob, xa lawv hauv hluav taws xob thiab hauv daim ntawv (nrog rau cov ntawv xa ntawv luam tawm ze rau tus neeg txais kawg li sai tau). Cov ntawv sau npe hauv hluav taws xob muaj nyob rau ntawm lub vev xaib kev pabcuam tsoomfwv.
  • Lub platform rau kev muab cov kev pabcuam telemedicine.
  • Kev lees txais yooj yim thiab kev xa khoom yooj yim ntawm cov ntawv sau npe siv cov kos npe hluav taws xob yooj yim.
  • Kev hloov pauv ntawm lub network ntawm chaw xa ntawv.
  • Kev tsim kho dua tshiab ntawm cov chaw nres tsheb rau tus kheej thiab cov chaw nres tsheb xa khoom.
  • Tsim ib lub platform digital rau kev tswj hwm kev pabcuam xa khoom thiab daim ntawv thov mobile tshiab rau cov neeg siv khoom pabcuam xa khoom.

Los ua haujlwm rau peb!

Tau qhov twg los: www.hab.com

Ntxiv ib saib