Ntsuas cov kev sib txuas hauv nruab nrab ntawm daim duab. Peb yuav rov qab mus rau lawv hauv qab no
Qee lub sij hawm, koj tuaj yeem pom tias qhov loj, nyuaj L2-raws li kev tes hauj lwm muaj mob. Ua ntej tshaj plaws, cov teeb meem cuam tshuam nrog kev ua haujlwm BUM thiab kev ua haujlwm ntawm STP raws tu qauv. Qhov thib ob, lub architecture feem ntau tsis siv lawm. Qhov no ua rau muaj teeb meem tsis zoo nyob rau hauv daim ntawv ntawm downtimes thiab inconvenient tuav.
Peb muaj ob txoj haujlwm sib luag, qhov twg cov neeg siv khoom tau soj ntsuam tag nrho cov txiaj ntsig thiab qhov tsis zoo ntawm cov kev xaiv thiab xaiv ob qhov sib txawv overlay kev daws teeb meem, thiab peb tau siv lawv.
Muaj lub sijhawm los sib piv qhov kev siv. Tsis yog kev siv dag zog; peb yuav tsum tham txog nws hauv ob lossis peb xyoos.
Yog li, dab tsi yog lub network ntaub nrog overlay networks thiab SDN?
Yuav ua li cas nrog cov teeb meem nias ntawm classical network architecture?
Txhua xyoo tshiab technologies thiab tswv yim tshwm sim. Hauv kev xyaum, qhov kev xav tau ceev kom rov tsim cov tes hauj lwm tsis tau tshwm sim rau lub sijhawm ntev, vim tias ua txhua yam manually siv cov txheej txheem qub qub kuj tseem ua tau. Yog li yuav ua li cas yog tias nws yog lub xyoo pua nees nkaum? Tom qab tag nrho, tus thawj coj yuav tsum ua haujlwm, thiab tsis zaum hauv nws lub chaw haujlwm.
Tom qab ntawd ib qho kev nthuav dav hauv kev tsim kho cov ntaub ntawv loj loj tau pib. Tom qab ntawd nws tau pom tseeb tias qhov kev txwv kev loj hlob ntawm classical architecture tau mus txog, tsis yog nyob rau hauv cov nqe lus ntawm kev ua tau zoo, ua txhaum cai, thiab scalability. Thiab ib qho ntawm cov kev xaiv los daws cov teeb meem no yog lub tswv yim ntawm kev tsim cov kev sib txuas sib txuas ntawm sab saum toj ntawm lub pob txha rov qab.
Tsis tas li ntawd, nrog kev nce qib ntawm cov tes hauj lwm, qhov teeb meem ntawm kev tswj cov chaw tsim khoom zoo li no tau dhau los ua mob hnyav, vim tias qhov kev daws teeb meem software-txhais network tau pib tshwm sim nrog lub peev xwm los tswj tag nrho cov txheej txheem hauv network raws li tag nrho. Thiab thaum lub network tau tswj hwm los ntawm ib qho taw tes, nws yooj yim dua rau lwm cov khoom ntawm IT infrastructure kom cuam tshuam nrog nws, thiab cov txheej txheem kev sib cuam tshuam no yooj yim dua rau automate.
Yuav luag txhua qhov chaw tsim khoom loj ntawm tsis yog cov khoom siv hauv network nkaus xwb, tab sis kuj virtualization, muaj kev xaiv rau cov kev daws teeb meem hauv nws cov ntaub ntawv.
Txhua yam uas tseem tshuav yog txhawm rau txheeb xyuas qhov tsim nyog rau yam xav tau. Piv txwv li, rau cov tuam txhab loj tshwj xeeb uas muaj kev txhim kho zoo thiab pab pawg ua haujlwm, cov kev daws teeb meem los ntawm cov neeg muag khoom tsis tas yuav txaus siab rau txhua qhov kev xav tau, thiab lawv siv los tsim lawv tus kheej SD (software txhais) cov kev daws teeb meem. Piv txwv li, cov no yog cov chaw muab kev pabcuam huab uas niaj hnub nthuav dav ntau yam kev pabcuam muab rau lawv cov neeg siv khoom, thiab cov kev daws teeb meem tsuas yog tsis tuaj yeem ua raws li lawv cov kev xav tau.
Rau cov tuam txhab nruab nrab, kev ua haujlwm tau muab los ntawm tus neeg muag khoom hauv daim ntawv ntawm cov thawv ntim khoom yog txaus hauv 99 feem pua ββββntawm cov neeg mob.
Dab tsi yog overlay networks?
Dab tsi yog lub tswv yim tom qab overlay networks? Qhov tseem ceeb, koj siv lub network classic routed thiab tsim lwm lub network rau saum nws kom tau txais ntau yam ntxiv. Feem ntau, peb tab tom tham txog kev xa khoom zoo ntawm cov khoom siv thiab cov kab sib txuas lus, ua rau muaj kev txwv ntau ntxiv, ua kom muaj kev ntseeg siab thiab muaj kev ruaj ntseg zoo (vim segmentation). Thiab SDN cov kev daws teeb meem, ntxiv rau qhov no, muab lub sijhawm rau kev tswj hwm yooj yim heev thiab ua rau lub network muaj pob tshab rau nws cov neeg siv khoom.
Feem ntau, yog tias cov kev sib txuas hauv zos tau tsim nyob rau xyoo 2010, lawv yuav tau saib deb ntawm qhov peb tau txais los ntawm cov tub rog hauv xyoo 1970s.
Nyob rau hauv cov nqe lus ntawm technologies rau lub tsev fabrics siv overlay tes hauj lwm, tam sim no muaj ntau tus neeg muag khoom siv thiab Internet RFC tej yaam num (EVPN + VXLAN, EVPN + MPLS, EVPN + MPLSoGRE, EVPN + Geneve thiab lwm yam). Yog lawm, muaj cov qauv, tab sis kev siv cov qauv no los ntawm cov tuam txhab sib txawv yuav txawv, yog li thaum tsim cov chaw tsim khoom zoo li no, nws tseem muaj peev xwm tso tseg tag nrho cov neeg muag khoom xauv nkaus xwb hauv kev xav ntawm daim ntawv.
Nrog rau kev daws teeb meem SD, tej yam tseem ceeb dua; txhua tus neeg muag khoom muaj nws lub zeem muag. Muaj tag nrho cov kev daws teeb meem uas, hauv txoj kev xav, koj tuaj yeem ua tiav koj tus kheej, thiab muaj cov kaw tag nrho.
Cisco muaj nws version ntawm SDN rau cov chaw zov me nyuam - ACI. Lawm, qhov no yog 100% tus neeg muag khoom-xauv cov kev daws teeb meem ntawm kev xaiv cov khoom siv network, tab sis tib lub sijhawm nws tau ua tiav nrog cov tshuab virtualization, ntim khoom, kev ruaj ntseg, orchestration, load balancers, thiab lwm yam. Tab sis nyob rau hauv qhov tseeb, nws tseem yog ib tug hom ntawm lub thawv dub, tsis muaj kev nkag mus rau tag nrho cov txheej txheem sab hauv. Tsis yog txhua tus neeg siv khoom pom zoo rau qhov kev xaiv no, txij li koj tau ua tiav nyob ntawm qhov zoo ntawm kev sau cov lus daws teeb meem thiab nws qhov kev siv, tab sis ntawm qhov tod tes, cov chaw tsim khoom muaj ib qho kev txhawb nqa zoo tshaj plaws hauv ntiaj teb thiab muaj kev mob siab rau pab pawg nkaus xwb. rau qhov kev daws teeb meem no. Cisco ACI tau raug xaiv los ua qhov kev daws teeb meem rau thawj qhov project.
Rau qhov thib ob qhov project, ib qho kev daws teeb meem Juniper raug xaiv. Cov chaw tsim khoom kuj muaj nws tus kheej SDN rau cov ntaub ntawv chaw, tab sis cov neeg siv khoom txiav txim siab tsis siv SDN. Ib qho EVPN VXLAN npuag yam tsis muaj kev siv lub hauv paus tswj tau raug xaiv raws li kev siv tshuab network.
Nws yog dab tsi?
Tsim ib lub Hoobkas tso cai rau koj los tsim kom tau ib qho yooj yim scalable, txhaum-tolerant, txhim khu kev qha network. Lub architecture (nplooj-sab qaum) coj mus rau hauv tus account cov yam ntxwv ntawm cov chaw zov me nyuam cov ntaub ntawv (txoj kev taug kev, txo qis qeeb thiab tsis muaj dab tsi hauv lub network). SD cov kev daws teeb meem hauv cov chaw zov me nyuam tso cai rau koj kom yooj yim heev, sai, thiab hloov pauv yooj yim tswj lub Hoobkas thiab muab tso rau hauv cov ntaub ntawv chaw ecosystem.
Ob tus neeg siv khoom xav tau los tsim cov chaw zov me nyuam cov ntaub ntawv rov qab los xyuas kom meej qhov ua txhaum cai, thiab ntxiv rau, kev khiav tsheb ntawm cov chaw zov me nyuam yuav tsum tau encrypted.
Thawj cov neeg siv khoom twb tau txiav txim siab txog cov kev daws teeb meem tsis muaj ntaub ntawv raws li tus qauv ua tau rau lawv cov tes hauj lwm, tab sis hauv kev ntsuam xyuas lawv muaj teeb meem nrog STP kev sib raug zoo ntawm ntau tus neeg muag khoom kho vajtse. Muaj kev poob qis uas ua rau cov kev pabcuam poob. Thiab rau cov neeg siv khoom qhov no yog qhov tseem ceeb.
Cisco twb yog tus neeg siv khoom tus qauv, lawv saib ACI thiab lwm yam kev xaiv thiab txiav txim siab tias nws tsim nyog noj cov tshuaj no. Kuv nyiam qhov automation ntawm kev tswj los ntawm ib lub pob los ntawm ib tus maub los. Cov kev pabcuam raug teeb tsa sai dua thiab tswj tau sai dua. Peb txiav txim siab los xyuas kom meej kev nkag mus encryption los ntawm kev khiav MACSec ntawm IPN thiab SPINE keyboards. Yog li, peb tau tswj kom tsis txhob muaj lub fwj hauv daim ntawv ntawm lub rooj vag crypto, txuag rau lawv thiab siv qhov siab tshaj plaws bandwidth.
Cov neeg siv khoom thib ob tau xaiv qhov kev daws teeb meem tsis muaj kev tswj hwm los ntawm Juniper vim tias lawv cov ntaub ntawv uas twb muaj lawm twb muaj kev teeb tsa me me siv EVPN VXLAN ntaub. Tab sis muaj nws tsis yog qhov txhaum-hloov (ib qho hloov tau siv). Peb txiav txim siab los nthuav cov txheej txheem ntawm cov ntaub ntawv tseem ceeb thiab tsim lub Hoobkas hauv cov ntaub ntawv thaub qab. EVPN uas twb muaj lawm tsis tau siv tag nrho: VXLAN encapsulation tsis tau siv tiag tiag, txij li txhua tus tswv tau txuas nrog ib qho kev hloov, thiab txhua qhov chaw nyob MAC thiab / 32 tus tswv tsev nyob hauv zos, lub rooj vag rau lawv yog tib qho kev hloov, tsis muaj lwm yam khoom siv. , qhov twg nws yog tsim nyog los tsim VXLAN tunnels. Lawv tau txiav txim siab los xyuas kom meej kev nkag mus rau hauv kev siv IPSEC thev naus laus zis ntawm firewalls (qhov kev ua tau zoo ntawm firewall yog txaus).
Lawv kuj tau sim ACI, tab sis txiav txim siab tias vim yog qhov chaw muag khoom xauv, lawv yuav tau yuav khoom siv ntau dhau, suav nrog kev hloov cov cuab yeej tshiab uas nyuam qhuav yuav, thiab nws tsuas yog tsis ua rau kev lag luam. Yog lawm, Cisco ntaub integrates nrog txhua yam, tab sis tsuas yog nws cov cuab yeej ua tau nyob rau hauv cov ntaub nws tus kheej.
Ntawm qhov tod tes, raws li peb tau hais ua ntej, koj tsis tuaj yeem sib xyaw EVPN VXLAN ntaub nrog ib tus neeg muag khoom nyob sib ze, vim tias kev siv raws tu qauv sib txawv. Nws zoo li hla Cisco thiab Huawei hauv ib lub network - nws zoo li cov qauv zoo ib yam, tab sis koj yuav tau seev cev nrog lub tambourine. Txij li qhov no yog ib lub txhab nyiaj, thiab kev ntsuam xyuas kev sib raug zoo yuav ntev heev, peb tau txiav txim siab tias nws yog qhov zoo dua los yuav los ntawm tib tus neeg muag khoom tam sim no, thiab tsis tau dhau mus nrog kev ua haujlwm dhau ntawm qhov pib.
Txoj kev npaj tsiv teb tsaws chaw
Ob lub chaw ACI-raws li cov ntaub ntawv:
Lub koom haum ntawm kev sib cuam tshuam ntawm cov ntaub ntawv chaw. Cov kev daws teeb meem Multi-Pod raug xaiv - txhua qhov chaw cov ntaub ntawv yog lub plhaub. Cov kev xav tau rau kev ntsuas los ntawm tus lej ntawm cov keyboards thiab ncua sijhawm ntawm cov pods (RTT tsawg dua 50 ms) raug coj mus rau hauv tus account. Nws tau txiav txim siab tsis tsim cov kev daws teeb meem Multi-Site rau kev yooj yim ntawm kev tswj hwm (kev daws teeb meem Multi-Pod siv ib qho kev tswj xyuas ib leeg, Multi-Site yuav muaj ob qhov sib cuam tshuam, lossis xav tau Multi-Site Orchestrator), thiab txij li tsis muaj thaj chaw. yuav tsum tau reservation ntawm qhov chaw.
Los ntawm qhov pom ntawm cov kev pabcuam tsiv teb tsaws chaw los ntawm Legacy network, qhov kev xaiv pob tshab tshaj plaws tau raug xaiv, maj mam hloov VLANs sib xws rau qee qhov kev pabcuam.
Rau kev tsiv teb tsaws, EPG sib raug (End-point-group) tau tsim rau txhua VLAN ntawm lub Hoobkas. Ua ntej, lub network tau ncab ntawm cov qub network thiab cov ntaub dhau L2, tom qab tag nrho cov tswv tau tsiv teb tsaws, lub rooj vag tau tsiv mus rau cov ntaub, thiab EPG cuam tshuam nrog lub network uas twb muaj lawm los ntawm L3OUT, thaum kev sib cuam tshuam ntawm L3OUT thiab EPG tau piav qhia siv cov ntawv cog lus. Daim duab kwv yees:
Ib tus qauv qauv ntawm feem ntau ACI Hoobkas cov cai yog qhia hauv daim duab hauv qab no. Tag nrho cov kev teeb tsa yog ua raws li cov cai nyob hauv lwm txoj cai thiab lwm yam. Thaum xub thawj nws nyuaj heev los txiav txim siab, tab sis maj mam, raws li kev xyaum qhia, cov thawj coj hauv network tau siv rau cov qauv no nyob rau ib hlis, thiab tom qab ntawd lawv tsuas pib nkag siab tias nws yooj yim npaum li cas.
Sib piv
Hauv kev daws teeb meem Cisco ACI, koj yuav tsum yuav cov cuab yeej siv ntau dua (sib cais hloov pauv rau Inter-Pod kev sib cuam tshuam thiab APIC tswj), uas ua rau nws kim dua. Juniper cov tshuaj tsis xav tau kev yuav khoom ntawm cov tswj lossis cov khoom siv ntxiv; Nws tuaj yeem siv ib nrab ntawm cov neeg siv khoom siv uas twb muaj lawm.
Ntawm no yog EVPN VXLAN npuag architecture rau ob lub chaw cov ntaub ntawv ntawm ob qhov project:
Nrog ACI koj tau txais kev npaj ua tiav - tsis tas yuav tinker, tsis tas yuav ua kom zoo dua. Thaum thawj zaug paub txog cov neeg siv khoom nrog lub Hoobkas, tsis muaj cov neeg tsim khoom xav tau, tsis muaj kev txhawb nqa cov neeg xav tau kev cai thiab automation. Nws yooj yim heev rau siv; ntau qhov chaw tuaj yeem ua tiav los ntawm tus wizard, uas tsis yog ib qho ntxiv, tshwj xeeb tshaj yog rau cov neeg siv cov kab hais kom ua. Nyob rau hauv txhua rooj plaub, nws yuav siv sij hawm los txhim kho lub hlwb ntawm txoj kev tshiab, mus rau qhov peculiarities ntawm kev teeb tsa los ntawm cov cai thiab kev khiav hauj lwm nrog ntau txoj cai nested. Ntxiv rau qhov no, nws yog qhov xav tau kom muaj cov qauv meej meej rau npe cov cai thiab cov khoom. Yog tias muaj teeb meem tshwm sim hauv lub logic ntawm tus maub los, nws tsuas tuaj yeem daws tau los ntawm kev txhawb nqa.
Hauv EVPN - console. Txaus siab lossis zoo siab. Ib tug paub interface rau tus qub saib xyuas. Yog, muaj cov qauv kev teeb tsa thiab cov lus qhia. Koj yuav tau haus luam yeeb mana. Txawv designs, txhua yam yog meej thiab meej.
Lawm, nyob rau hauv ob qho tib si, thaum tsiv teb tsaws, nws yog qhov zoo dua rau thawj migrate tsis yog cov kev pab cuam tseem ceeb tshaj plaws, piv txwv li, kuaj ib puag ncig, thiab tsuas yog tom qab ntawd, tom qab ntes tag nrho cov kab, mus rau ntau lawm. Thiab tsis txhob mloog hnub Friday hmo ntuj. Koj yuav tsum tsis txhob tso siab rau tus neeg muag khoom tias txhua yam yuav zoo, nws yog qhov zoo dua los ua si kom nyab xeeb.
Koj them nyiaj ntau dua rau ACI, txawm hais tias Cisco tam sim no nquag txhawb cov kev daws teeb meem no thiab feem ntau muab cov luv nqi zoo rau nws, tab sis koj txuag ntawm kev saib xyuas. Kev tswj hwm thiab kev ua haujlwm ntawm lub Hoobkas EVPN yam tsis muaj tus tswj hwm yuav tsum tau nqis peev thiab cov nqi tsis tu ncua - saib xyuas, automation, kev siv cov kev pabcuam tshiab. Nyob rau tib lub sijhawm, kev pib pib ntawm ACI siv sijhawm 30-40 feem pua ββββntev dua. Qhov no tshwm sim vim nws yuav siv sij hawm ntev dua los tsim tag nrho cov txheej txheem tsim nyog thiab cov cai uas yuav siv tom qab ntawd. Tab sis raws li lub network loj hlob, tus naj npawb ntawm cov teeb tsa yuav tsum tau txo qis. Koj siv txoj cai tsim ua ntej, profiles, khoom. Koj tuaj yeem hloov kho qhov segmentation thiab kev ruaj ntseg, hauv nruab nrab tswj cov ntawv cog lus uas muaj lub luag haujlwm rau kev tso cai rau qee qhov kev sib cuam tshuam ntawm EPGs - cov nyiaj ua haujlwm poob qis.
Hauv EVPN, koj yuav tsum teeb tsa txhua lub cuab yeej hauv lub Hoobkas, qhov yuav ua rau yuam kev ntau dua.
Thaum ACI qeeb dua los siv, EVPN siv sijhawm yuav luag ob zaug kom debug. Yog hais tias nyob rau hauv cov ntaub ntawv ntawm Cisco koj yeej ib txwm hu rau ib tug txhawb nqa engineer thiab nug txog lub network tag nrho (vim hais tias nws yog them raws li kev daws teeb meem), ces los ntawm Juniper Networks koj tsuas yuav kho vajtse, thiab yog dab tsi yog them. Puas muaj cov pob khoom tawm ntawm lub cuab yeej? Zoo, ok, ces koj cov teeb meem. Tab sis koj tuaj yeem qhib ib lo lus nug txog kev xaiv cov kev daws teeb meem lossis kev tsim network - thiab tom qab ntawd lawv yuav qhia koj kom yuav cov kev pabcuam tshaj lij, rau tus nqi ntxiv.
ACI kev txhawb nqa yog qhov txias heev, vim tias nws yog cais: ib pab pawg sib cais zaum rau qhov no. Kuj tseem muaj cov kws tshaj lij hais lus Lavxias. Cov lus qhia ntxaws ntxaws, cov kev daws teeb meem tau txiav txim siab ua ntej. Lawv saib thiab qhia. Lawv sai validate tus tsim, uas yog feem ntau tseem ceeb. Juniper Networks ua tib yam, tab sis qeeb qeeb (peb muaj qhov no, tam sim no nws yuav tsum zoo dua raws li cov lus xaiv), uas yuam koj ua txhua yam koj tus kheej qhov twg tus kws kho tsheb tuaj yeem qhia.
Cisco ACI txhawb kev koom ua ke nrog virtualization thiab ntim tshuab (VMware, Kubernetes, Hyper-V) thiab kev tswj hwm hauv nruab nrab. Muaj nrog kev pabcuam network thiab kev ruaj ntseg - ntsuas qhov ntsuas, firewalls, WAF, IPS, thiab lwm yam ... Zoo micro-segmentation tawm ntawm lub thawv. Hauv qhov kev daws teeb meem thib ob, kev koom ua ke nrog cov kev pabcuam hauv network yog qhov yooj yim, thiab nws yog qhov zoo dua los tham txog cov rooj sib tham ua ntej nrog cov uas tau ua qhov no.
Qhov no
Rau txhua qhov tshwj xeeb, nws yog ib qho tsim nyog los xaiv ib qho kev daws teeb meem, tsis yog raws li tus nqi ntawm cov khoom siv, tab sis kuj tseem yuav tsum tau coj mus rau hauv tus account ntxiv cov nqi khiav lag luam thiab cov teeb meem tseem ceeb uas cov neeg siv khoom tam sim no ntsib, thiab cov phiaj xwm muaj dab tsi. yog rau kev txhim kho ntawm IT infrastructure.
ACI, vim yog cov cuab yeej siv ntxiv, tau kim dua, tab sis cov kev daws teeb meem yog npaj ua tiav yam tsis tas yuav tsum tau ua tiav ntxiv; cov tshuaj thib ob yog qhov nyuaj dua thiab raug nqi ntawm kev ua haujlwm, tab sis pheej yig dua.
Yog tias koj xav sib tham txog ntau npaum li cas nws yuav raug nqi los siv lub network ntaub ntawm cov neeg muag khoom sib txawv, thiab xav tau dab tsi ntawm architecture, koj tuaj yeem ntsib thiab sib tham. Peb yuav qhia koj dawb kom txog rau thaum koj tau txais ib daim duab ntxhib ntawm cov architecture (nrog rau qhov koj tuaj yeem suav cov peev nyiaj), cov ncauj lus kom ntxaws, tau kawg, twb tau them.
Vladimir Klepche, koom tes tes hauj lwm.
Tau qhov twg los: www.hab.com