ã·ã¹ã³ã Viptela ãè²·åãã 2017 幎 XNUMX æ以æ¥ãåæ£åäŒæ¥ãããã¯ãŒã¯ãçµç¹ããããã«æäŸãããäž»èŠãªãã¯ãããžãŒã¯ã Cisco SD-WANã éå» 3 幎éã§ãSD-WAN ãã¯ãããžãŒã¯è³ªçããã³éçã«å€ãã®å€åãéããŸããã ãããã£ãŠãæ©èœãå€§å¹ ã«æ¡åŒµããããã®ã·ãªãŒãºã®ã¯ã©ã·ã㯠ã«ãŒã¿ãŒããµããŒããããããã«ãªããŸããã Cisco ISR 1000ãISR 4000ãASR 1000ãããã³ä»®æ³ CSR 1000vã åæã«ãã·ã¹ã³ã®å€ãã®é¡§å®¢ãšããŒãããŒã¯æ¬¡ã®ãããªçåãæ±ãç¶ããŠããŸãã Cisco SD-WAN ãšã次ã®ãããªãã¯ãããžãŒã«åºã¥ããã§ã«ããç¥ãããã¢ãããŒããšã®éãã¯äœã§ãã? ã·ã¹ã³ DMVPN О ã·ã¹ã³ã®ããã©ãŒãã³ã¹ ã«ãŒãã£ã³ã° ãããŠãããã®éãã¯ã©ãã»ã©éèŠãªã®ã§ãããã?
ããã§ãCisco ããŒããã©ãªãªã« SD-WAN ãç»å Žããåã¯ãDMVPN ã PfR ãšãšãã«ã¢ãŒããã¯ãã£ã®éèŠãªéšåã圢æããŠãããšããããšãçŽã¡ã«çä¿ããŠããå¿
èŠããããŸãã Cisco IWAN (ã€ã³ããªãžã§ã³ã WAN)ãããã¯æ¬æ Œç㪠SD-WAN ãã¯ãããžãŒã®å身ãšãªããŸããã 解決ãããã¿ã¹ã¯ãšãã®è§£æ±ºæ¹æ³ã¯äžè¬çã«é¡äŒŒããŠããã«ãããããããIWAN 㯠SD-WAN ã«å¿
èŠãªèªååãæè»æ§ãæ¡åŒµæ§ã®ã¬ãã«ã決ããŠåŸããããæéã®çµéãšãšãã« IWAN ã®éçºã¯å€§å¹
ã«æžå°ããŸããã åæã«ãIWAN ãæ§æãããã¯ãããžãŒã¯æ¶æ»
ããŠããããå€ãã®ã客æ§ãææ°ã®æ©åšãå«ããåŒãç¶ããããã®ãã¯ãããžãŒãããŸã䜿çšãç¶ããŠããŸãã ãã®çµæãèå³æ·±ãç¶æ³ãçããŸãããåã Cisco æ©åšã䜿çšããŠã顧客ã®èŠä»¶ãšæåŸ
ã«å¿ããŠæé©ãª WAN ãã¯ãããžãŒïŒã¯ã©ã·ãã¯ãDMVPN+PfRããŸã㯠SD-WANïŒãéžæã§ããããã«ãªããŸããã
ãã®èšäºã¯ãCisco SD-WAN ããã³ DMVPN ãã¯ãããžãŒã®ãã¹ãŠã®æ©èœïŒããã©ãŒãã³ã¹ ã«ãŒãã£ã³ã°ã®æç¡ã«ãããããïŒã詳现ã«åæããããšãç®çãšãããã®ã§ã¯ãããŸãããããã«ã€ããŠã¯ãå
¥æå¯èœãªããã¥ã¡ã³ããè³æã倧éã«ãããŸãã äž»ãªã¿ã¹ã¯ã¯ããããã®ãã¯ãããžãŒéã®äž»ãªéããè©äŸ¡ããããšã§ãã ãã ãããããã®éãã«ã€ããŠèª¬æããåã«ããã¯ãããžãŒèªäœãç°¡åã«æãåºããŠã¿ãŸãããã
Cisco DMVPN ãšã¯äœã§ãã? ãªãå¿ èŠã§ãã?
Cisco DMVPN ã¯ãã€ã³ã¿ãŒããããªã©ã®ä»»æã®ã¿ã€ãã®éä¿¡ãã£ãã«ã䜿çšããå ŽåïŒ= éä¿¡ãã£ãã«ã®æå·åã䜿çšããå ŽåïŒãäŒæ¥ã®æ¬ç€Ÿãããã¯ãŒã¯ãžã®ãªã¢ãŒã ãã©ã³ã ãããã¯ãŒã¯ã®åçïŒ= ã¹ã±ãŒã©ãã«ãªïŒæ¥ç¶ã®åé¡ã解決ããŸãã æè¡çã«ã¯ãããã¯ããã¹ã¿ãŒãã¿ã€ã (ãã ã¢ã³ã ã¹ããŒã¯) ã®è«çããããžãåãããã€ã³ãããŒãã«ããã€ã³ã ã¢ãŒã㧠L3 VPN ã¯ã©ã¹ã®ä»®æ³åãªãŒããŒã¬ã€ ãããã¯ãŒã¯ãäœæããããšã«ãã£ãŠå®çŸãããŸãã ãããå®çŸããããã«ãDMVPN ã¯æ¬¡ã®ãã¯ãããžãŒãçµã¿åãããŠäœ¿çšââããŸãã
- IPã«ãŒãã£ã³ã°
- ãã«ããã€ã³ã GRE ãã³ãã« (mGRE)
- ãã¯ã¹ã ããã解決ãããã³ã« (NHRP)
- IPSec æå·åãããã¡ã€ã«
MPLS VPN ãã£ãã«ã䜿çšããã¯ã©ã·ã㯠ã«ãŒãã£ã³ã°ãšæ¯èŒãã Cisco DMVPN ã®äž»ãªå©ç¹ã¯äœã§ãã?
- ãã©ã³ãéãããã¯ãŒã¯ãäœæããã«ã¯ãä»»æã®éä¿¡ãã£ãã«ã䜿çšã§ããŸãããã©ã³ãéã® IP æ¥ç¶ãæäŸã§ãããã®ã¯ãã¹ãŠé©ããŠããããã©ãã£ãã¯ã¯ (å¿ èŠã«å¿ããŠ) æå·åããã(å¯èœãªå Žåã¯) ãã©ã³ã¹ããšãããŸãã
- ãã©ã³ãéã®å®å šã«æ¥ç¶ãããããããžãèªåçã«åœ¢æãããŸãã åæã«ãã»ã³ãã©ã« ãã©ã³ããšãªã¢ãŒã ãã©ã³ãéã«ã¯éçãã³ãã«ãããããªã¢ãŒã ãã©ã³ãéã«ã¯ãªã³ããã³ãã§åçãã³ãã«ãååšããŸã (ãã©ãã£ãã¯ãããå Žå)ã
- ã»ã³ãã©ã«ãã©ã³ããšãªã¢ãŒããã©ã³ãã®ã«ãŒã¿ã¯ãã€ã³ã¿ãŒãã§ã€ã¹ã® IP ã¢ãã¬ã¹ãŸã§åãæ§æã«ãªã£ãŠããŸãã mGRE ã䜿çšãããšãæ°åãæ°çŸãããã«ã¯æ°åã®ãã³ãã«ãåå¥ã«èšå®ããå¿ èŠããªããªããŸãã ãã®çµæãé©åãªèšèšã«ããé©åãªæ¡åŒµæ§ãåŸãããŸãã
Cisco Performance Routing ãšã¯äœã§ãã? ãªãå¿ èŠã§ãã?
ãã©ã³ãéãããã¯ãŒã¯ã§ DMVPN ã䜿çšããå Žåãéåžžã«éèŠãªåé¡ã XNUMX ã€æªè§£æ±ºã®ãŸãŸã§ããããã¯ãçµç¹ã«ãšã£ãŠéèŠãªãã©ãã£ãã¯ã®èŠä»¶ã«æºæ ããããã«å DMVPN ãã³ãã«ã®ç¶æ ãåçã«è©äŸ¡ãããã®ãããªè©äŸ¡ã«åºã¥ããŠåçã«ã«ãŒãå€æŽã®æ±ºå®ã¯ïŒ å®éã®ãšããããã®éšåã® DMVPN ã¯åŸæ¥ã®ã«ãŒãã£ã³ã°ãšã»ãšãã©å€ãããŸãããå®è¡ã§ããæåã®æ¹æ³ã¯ãçºä¿¡æ¹åã®ãã©ãã£ãã¯ã«åªå é äœãä»ããããšãå¯èœã«ãã QoS ã¡ã«ããºã ãèšå®ããããšã§ããããã©ãã£ãã¯ã®ç¶æ ãèæ ®ããããšã¯ãŸã£ããã§ããŸããããã¹å šäœãäžåºŠã«å®è¡ããŸãã
ãŸãããã£ãã«ãå®å šã§ã¯ãªãéšåçã«å£åããå Žåã¯ã©ãããã°ããã§ããããããããã©ã®ããã«æ€åºããŠè©äŸ¡ããã®ã§ãããã? DMVPN èªäœã¯ãããè¡ãããšãã§ããŸããã ãã©ã³ããæ¥ç¶ãããã£ãã«ãããŸã£ããç°ãªããã¯ãããžãŒã䜿çšããŠããŸã£ããç°ãªãéä¿¡äºæ¥è ãééããå¯èœæ§ãããããšãèæ ®ãããšããã®äœæ¥ã¯éåžžã«ç°¡åã§ã¯ãªããªããŸãã ããã§ãCisco Performance Routing ãã¯ãããžãŒã圹ã«ç«ã¡ãŸãããã®ãã¯ãããžãŒã¯ããã®æç¹ã§ãã§ã«ããã€ãã®éçºæ®µéãçµãŠããŸããã
Cisco Performance RoutingïŒä»¥äžãPfRïŒã®ã¿ã¹ã¯ã¯ããããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³ã«ãšã£ãŠéèŠãªäž»èŠãªã¡ããªãã¯ã«åºã¥ããŠããã©ãã£ãã¯ã®ãã¹ïŒãã³ãã«ïŒã®ç¶æ
ã枬å®ããããšã«ãªããŸãã é
延ãé
延å€å (ãžãã¿ãŒ)ãããã³ãã±ããæ倱 (ããŒã»ã³ããŒãž)ã ããã«ã䜿çšãããŠãã垯åå¹
ã枬å®ããããšãã§ããŸãã ãããã®æž¬å®ã¯ãå¯èœãªéããªã¢ã«ã¿ã€ã ã«è¿ãæ£åœãªæ¹æ³ã§è¡ããããããã®æž¬å®ã®çµæã«åºã¥ããŠãPfR ã䜿çšããã«ãŒã¿ã¯ãç¹å®ã®ã¿ã€ãã®ãã©ãã£ãã¯ã®ã«ãŒãã£ã³ã°ãå€æŽããå¿
èŠæ§ã«ã€ããŠåçã«æ±ºå®ã§ããŸãã
ãããã£ãŠãDMVPN/PfR ã®çµã¿åããã®ã¿ã¹ã¯ã¯æ¬¡ã®ããã«ç°¡åã«èª¬æã§ããŸãã
- 顧客ã WAN ãããã¯ãŒã¯äžã®ããããéä¿¡ãã£ãã«ã䜿çšã§ããããã«ãã
- ãããã®ãã£ãã«ã§éèŠãªã¢ããªã±ãŒã·ã§ã³ã®å¯èœãªéãæé«ã®å質ã確ä¿ããŸã
Cisco SD-WAN ãšã¯äœã§ãã?
Cisco SD-WAN ã¯ãSDN ã¢ãããŒãã䜿çšããŠçµç¹ã® WAN ãããã¯ãŒã¯ãäœæããã³éçšãããã¯ãããžãŒã§ãã ããã¯ç¹ã«ããã¹ãŠã®ãœãªã¥ãŒã·ã§ã³ ã³ã³ããŒãã³ãã®äžå çãªãªãŒã±ã¹ãã¬ãŒã·ã§ã³ãšèªåæ§æãæäŸãããããããã³ã³ãããŒã©ãŒ (ãœãããŠã§ã¢èŠçŽ ) ã®äœ¿çšãæå³ããŸãã æ£èŠã® SDNïŒã¯ãªãŒã³ ã¹ã¬ãŒã ã¹ã¿ã€ã«ïŒãšã¯ç°ãªããCisco SD-WAN ã¯æ°çš®é¡ã®ã³ã³ãããŒã©ã䜿çšãããããããç¬èªã®åœ¹å²ãå®è¡ããŸããããã¯ãããåªããã¹ã±ãŒã©ããªãã£ãšå°ççåé·æ§ãæäŸããããã«æå³çã«è¡ãããŸããã
SD-WAN ã®å Žåãããããã¿ã€ãã®ãã£ãã«ã䜿çšããããžãã¹ ã¢ããªã±ãŒã·ã§ã³ã®åäœãä¿èšŒãããšããã¿ã¹ã¯ã¯å€ãããŸããããåæã«ããã®ãããªãããã¯ãŒã¯ã®èªååãã¹ã±ãŒã©ããªãã£ãã»ãã¥ãªãã£ãããã³æè»æ§ã«å¯ŸããèŠä»¶ãæ¡å€§ããŠããŸãã
çžéç¹ã«ã€ããŠã®è°è«
ãããã®ãã¯ãããžãŒã®éããåæãå§ãããšããããã¯æ¬¡ã®ã«ããŽãªã®ããããã«åé¡ãããŸãã
- ã¢ãŒããã¯ãã£ã®éã - æ©èœã¯ãœãªã¥ãŒã·ã§ã³ã®ããŸããŸãªã³ã³ããŒãã³ãã«ã©ã®ããã«åæ£ããããã®ãããªã³ã³ããŒãã³ãã®çžäºäœçšã¯ã©ã®ããã«çµç¹ãããããããã¯ãããžãŒã®æ©èœãæè»æ§ã«ã©ã®ãããªåœ±é¿ãäžããã®ã§ãããã?
- æ©èœæ§ â ãããã¯ãããžãŒã§ã§ããŠãå¥ã®ãã¯ãããžãŒã§ã¯ã§ããªãããšã¯äœã§ãã? ãããŠãããã¯æ¬åœã«éèŠãªã®ã§ããããïŒ
ã¢ãŒããã¯ãã£äžã®éãã¯äœã§ãã?ãŸããããã¯éèŠã§ãã?
ãããã®ãã¯ãããžãŒã«ã¯ããããã圹å²ãç°ãªãã ãã§ãªããçžäºã«äœçšããæ¹æ³ãç°ãªãå€ãã®ãå¯åéšåãããããŸãã ãããã®ååãã©ã®çšåºŠããèããããŠããããããã³ãœãªã¥ãŒã·ã§ã³ã®äžè¬çãªä»çµã¿ãããã®ã¹ã±ãŒã©ããªãã£ãèé害æ§ãããã³å šäœçãªå¹çãçŽæ¥æ±ºå®ããŸãã
ã¢ãŒããã¯ãã£ã®ããŸããŸãªåŽé¢ãããã«è©³ããèŠãŠã¿ãŸãããã
ããŒã¿ãã¬ãŒã³ â ãœãŒã¹ãšåä¿¡è éã®ãŠãŒã¶ãŒ ãã©ãã£ãã¯ã®éä¿¡ãæ åœãããœãªã¥ãŒã·ã§ã³ã®äžéšã DMVPN ãš SD-WAN ã¯ããã«ããã€ã³ã GRE ãã³ãã«ã«åºã¥ããŠã«ãŒã¿èªäœã«éåžžåæ§ã«å®è£ ãããŸãã éãã¯ããããã®ãã³ãã«ã«å¿ èŠãªãã©ã¡ãŒã¿ã®ã»ãããã©ã®ããã«åœ¢æããããã§ãã
- в DMVPN/PfR ã¯ãã¹ã¿ãŒãŸãã¯ããã¢ã³ãã¹ããŒã¯ ããããžãåããããŒãã® XNUMX ã¬ãã«ã®ã¿ã®éå±€ã§ãã ããã®éçèšå®ãšãããžã®ã¹ããŒã¯ã®éçãã€ã³ãã£ã³ã°ãå¿ èŠã§ãããããŒã¿ ãã¬ãŒã³æ¥ç¶ã圢æããããã« NHRP ãããã³ã«ãä»ãã察話ãå¿ èŠã§ãã ãã®çµæã ãããžã®å€æŽãå€§å¹ ã«å°é£ã«ãªãããšãã°ãæ°ãã WAN ãã£ãã«ã®å€æŽ/æ¥ç¶ããŸãã¯æ¢åã®ãã£ãã«ã®ãã©ã¡ãŒã¿ã®å€æŽã«é¢é£ããŸãã
- в SD-WAN ã¯ãã³ã³ãããŒã« ãã¬ãŒã³ (OMP ãããã³ã«) ãšãªãŒã±ã¹ãã¬ãŒã·ã§ã³ ãã¬ãŒã³ (ã³ã³ãããŒã©ãŒæ€åºããã³ NAT ãã©ããŒãµã« ã¿ã¹ã¯ã®ããã® vBond ã³ã³ãããŒã©ãŒãšã®å¯Ÿè©±) ã«åºã¥ããŠãã€ã³ã¹ããŒã«ããããã³ãã«ã®ãã©ã¡ãŒã¿ãŒãæ€åºããããã®å®å šã«åçãªã¢ãã«ã§ãã ãã®å Žåãéå±€åããããžãå«ããä»»æã®éãåããããããžã䜿çšã§ããŸãã 確ç«ããããªãŒããŒã¬ã€ ãã³ãã« ããããžå ã§ãåå¥ã® VPN(VRF) ããšã«è«çããããžãæè»ã«æ§æã§ããŸãã
ã³ã³ãããŒã«ãã¬ãŒã³ â ãœãªã¥ãŒã·ã§ã³ã³ã³ããŒãã³ãéã®ã«ãŒãã£ã³ã°ããã®ä»ã®æ
å ±ã®äº€æããã£ã«ã¿ãªã³ã°ãããã³å€æŽã®æ©èœã
- в DMVPN/PfR â ãã ã¢ã³ã ã¹ããŒã¯ ã«ãŒã¿ãŒéã§ã®ã¿å®è¡ãããŸãã ã¹ããŒã¯éã§ã«ãŒãã£ã³ã°æ å ±ãçŽæ¥äº€æããããšã¯ã§ããŸããã ãã®çµæã ãããæ©èœããŠããªããšãã³ã³ãããŒã« ãã¬ãŒã³ãšããŒã¿ ãã¬ãŒã³ã¯æ©èœã§ããŸãããããã«ãããåžžã«æºãããããšã¯éããªãè¿œå ã®é«å¯çšæ§èŠä»¶ãããã«èª²ãããŸãã
- в SD-WAN â ã³ã³ãããŒã« ãã¬ãŒã³ã¯ã«ãŒã¿ãŒéã§çŽæ¥å®è¡ãããããšã¯ãããŸãã â ã€ã³ã¿ã©ã¯ã·ã§ã³ã¯ OMP ãããã³ã«ã«åºã¥ããŠè¡ãããå¿ ç¶çã«å¥ã®ç¹æ®ãªã¿ã€ãã® vSmart ã³ã³ãããŒã©ãŒãéããŠå®è¡ãããŸããä¿¡å·è² è·ã OMP ãããã³ã«ã®ãã XNUMX ã€ã®ç¹åŸŽã¯ãæ倱ã«å¯Ÿãã倧ããªèæ§ãšãã³ã³ãããŒã©ãŒãšã®éä¿¡ãã£ãã«ã®é床ããç¬ç«ããŠããããšã§ã (ãã¡ãããåççãªå¶éå ã§)ã ããã«ãããSD-WAN ã³ã³ãããŒã©ãŒããããªã㯠ã¯ã©ãŠããŸãã¯ãã©ã€ããŒã ã¯ã©ãŠãã«é 眮ããã€ã³ã¿ãŒãããçµç±ã§ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
ããªã·ãŒãã¬ãŒã³ â åæ£ãããã¯ãŒã¯äžã§ãã©ãã£ãã¯ç®¡çããªã·ãŒãå®çŸ©ãé
åžãé©çšãããœãªã¥ãŒã·ã§ã³ã®äžéšã
- DMVPN â CLI ãŸã㯠Prime Infrastructure ãã³ãã¬ãŒããä»ããŠåã«ãŒã¿ã§åå¥ã«èšå®ããããµãŒãã¹å質ïŒQoSïŒããªã·ãŒã«ãã£ãŠå¹æçã«å¶éãããŸãã
- DMVPN/PfR â PfR ããªã·ãŒã¯ãCLI ãä»ããŠéäžåãã¹ã¿ãŒ ã³ã³ãããŒã©ïŒMCïŒã«ãŒã¿äžã§åœ¢æããããã©ã³ã MC ã«èªåçã«é åžãããŸãã ãã®å ŽåãããŒã¿ãã¬ãŒã³ãšåãããªã·ãŒè»¢éãã¹ã䜿çšãããŸãã ããªã·ãŒãã«ãŒãã£ã³ã°æ å ±ããŠãŒã¶ãŒ ããŒã¿ã®äº€æãåé¢ããããšã¯ã§ããŸããã ããªã·ãŒã®äŒæã«ã¯ããããšã¹ããŒã¯ã®éã« IP æ¥ç¶ãååšããå¿ èŠããããŸãã ãã®å Žåãå¿ èŠã«å¿ã㊠MC æ©èœã DMVPN ã«ãŒã¿ãŒãšçµã¿åãããããšãã§ããŸãã äžå çãªããªã·ãŒçæã« Prime Infrastructure ãã³ãã¬ãŒãã䜿çšããããšã¯å¯èœã§ãïŒå¿ é ã§ã¯ãããŸããïŒã éèŠãªç¹åŸŽã¯ãããªã·ãŒããããã¯ãŒã¯å šäœã§åãæ¹æ³ã§ã°ããŒãã«ã«åœ¢æãããããšã§ãã åã ã®ã»ã°ã¡ã³ãã®åå¥ã®ããªã·ãŒã¯ãµããŒããããŠããŸãã.
- SD-WAN â ãã©ãã£ãã¯ç®¡çãšãµãŒãã¹å質ããªã·ãŒã¯ãïŒå¿
èŠã«å¿ããŠïŒã€ã³ã¿ãŒãããçµç±ã§ãã¢ã¯ã»ã¹ã§ãã Cisco vManage ã°ã©ãã£ã«ã« ã€ã³ã¿ãŒãã§ã€ã¹ãéããŠäžå
çã«æ±ºå®ãããŸãã ãããã¯ãã·ã°ããªã³ã° ãã£ãã«ãéããŠçŽæ¥ããŸã㯠vSmart ã³ã³ãããŒã©ãéããŠéæ¥çã« (ããªã·ãŒã®çš®é¡ã«å¿ããŠ) é
åžãããŸãã ãããã¯ã«ãŒã¿ãŒéã®ããŒã¿ãã¬ãŒã³æ¥ç¶ã«äŸåããŸããã ã³ã³ãããŒã©ãšã«ãŒã¿ãŒéã®å©çšå¯èœãªãã©ãã£ã㯠ãã¹ããã¹ãŠäœ¿çšããŸãã
ããŸããŸãªãããã¯ãŒã¯ ã»ã°ã¡ã³ãã«å¯ŸããŠãããŸããŸãªããªã·ãŒãæè»ã«çå®ããããšãã§ããŸããããªã·ãŒã®ç¯å²ã¯ããœãªã¥ãŒã·ã§ã³ã§æäŸãããå€ãã®äžæã®èå¥å (ãã©ã³ãçªå·ãã¢ããªã±ãŒã·ã§ã³ ã¿ã€ãããã©ãã£ãã¯ã®æ¹åãªã©) ã«ãã£ãŠæ±ºãŸããŸãã
ãªãŒã±ã¹ãã¬ãŒã·ã§ã³ãã¬ãŒã³ â ã³ã³ããŒãã³ããçžäºã«åçã«æ€åºãããã®åŸã®å¯Ÿè©±ãæ§æããã³èª¿æŽã§ããã¡ã«ããºã ã
- в DMVPN/PfR ã«ãŒã¿éã®çžäºæ€åºã¯ããã ããã€ã¹ã®éçèšå®ãšãããã«å¯Ÿå¿ããã¹ããŒã¯ ããã€ã¹ã®èšå®ã«åºã¥ããŠããŸãã åçæ€åºã¯ã¹ããŒã¯ã«å¯ŸããŠã®ã¿çºçããã¹ããŒã¯ã¯ãã®ããæ¥ç¶ãã©ã¡ãŒã¿ãããã€ã¹ã«å ±åããããã€ã¹ã¯ã¹ããŒã¯ã§äºåèšå®ãããŸãã ã¹ããŒã¯ãšå°ãªããšã XNUMX ã€ã®ããã®éã« IP æ¥ç¶ããªããã°ãããŒã¿ ãã¬ãŒã³ãŸãã¯ã³ã³ãããŒã« ãã¬ãŒã³ã圢æããããšã¯ã§ããŸããã
- в SD-WAN ãœãªã¥ãŒã·ã§ã³ ã³ã³ããŒãã³ãã®ãªãŒã±ã¹ãã¬ãŒã·ã§ã³ã¯ãvBond ã³ã³ãããŒã©ãŒã䜿çšããŠè¡ãããŸããåã³ã³ããŒãã³ã (ã«ãŒã¿ãŒããã³ vManage/vSmart ã³ã³ãããŒã©ãŒ) ã¯ãæåã« vBond ã³ã³ãããŒã©ãŒã䜿çšã㊠IP æ¥ç¶ã確ç«ããå¿
èŠããããŸãã
åœåãã³ã³ããŒãã³ãã¯äºãã®æ¥ç¶ãã©ã¡ãŒã¿ã«ã€ããŠç¥ããŸããããã®ããã«ã¯ãvBond äžéãªãŒã±ã¹ãã¬ãŒã¿ãŒãå¿ èŠã§ãã äžè¬çãªåçã¯æ¬¡ã®ãšããã§ããåæãã§ãŒãºã®åã³ã³ããŒãã³ãã¯ãvBond ãžã®æ¥ç¶ãã©ã¡ãŒã¿ã«ã€ããŠã®ã¿ (èªåçãŸãã¯éçã«) åŠç¿ãããã®åŸãvBond 㯠vManage ããã³ vSmart ã³ã³ãããŒã© (åè¿°) ã«ã€ããŠã«ãŒã¿ãŒã«éç¥ããŸããããã«ãããèªåçã«æ¥ç¶ã確ç«ããããšãå¯èœã«ãªããŸããå¿ èŠãªãã¹ãŠã®ä¿¡å·æ¥ç¶ã
次ã®ã¹ãããã§ã¯ãæ°ããã«ãŒã¿ãŒã vSmart ã³ã³ãããŒã©ãŒãšã® OMP éä¿¡ãéããŠãããã¯ãŒã¯äžã®ä»ã®ã«ãŒã¿ãŒã«ã€ããŠåŠç¿ããŸãã ãããã£ãŠãã«ãŒã¿ã¯ãæåã¯ãããã¯ãŒã¯ ãã©ã¡ãŒã¿ã«ã€ããŠãŸã£ããç¥ããªããŠããã³ã³ãããŒã©ãå®å šã«èªåçã«æ€åºããŠæ¥ç¶ããããã«ä»ã®ã«ãŒã¿ãèªåçã«æ€åºããŠæ¥ç¶ã圢æããããšãã§ããŸãã ãã®å Žåããã¹ãŠã®ã³ã³ããŒãã³ãã®æ¥ç¶ãã©ã¡ãŒã¿ã¯æåã¯äžæã§ãããåäœäžã«å€æŽãããå¯èœæ§ããããŸãã
管çãã¬ãŒã³ â éäžç®¡çãšç£èŠãæäŸãããœãªã¥ãŒã·ã§ã³ã®äžéšã
- DMVPN/PfR â ç¹æ®ãªç®¡çãã¬ãŒã³ ãœãªã¥ãŒã·ã§ã³ã¯æäŸãããŸããã åºæ¬çãªèªååãšã¢ãã¿ãªã³ã°ã«ã¯ãCisco Prime Infrastructure ãªã©ã®è£œåã䜿çšã§ããŸãã åã«ãŒã¿ãŒã¯ãCLI ã³ãã³ãã©ã€ã³çµç±ã§å¶åŸ¡ã§ããŸãã APIã«ããå€éšã·ã¹ãã ãšã®é£æºã¯æäŸããŠãããŸããã
- SD-WAN â ãã¹ãŠã®å®æçãªå¯Ÿè©±ãšç£èŠã¯ãvManage ã³ã³ãããŒã©ã®ã°ã©ãã£ã«ã« ã€ã³ã¿ãŒãã§ã€ã¹ãéããŠäžå
çã«å®è¡ãããŸãã ãœãªã¥ãŒã·ã§ã³ã®ãã¹ãŠã®æ©èœã¯äŸå€ãªããvManage ããã³å®å
šã«ææžåããã REST API ã©ã€ãã©ãªãéããŠæ§æã§ããŸãã
vManage ã®ãã¹ãŠã® SD-WAN ãããã¯ãŒã¯èšå®ã¯ãããã€ã¹ ãã³ãã¬ãŒã (ããã€ã¹ ãã³ãã¬ãŒã) ã®åœ¢æãšããããã¯ãŒã¯æäœãšãã©ãã£ãã¯åŠçã®ããžãã¯ã決å®ããããªã·ãŒã®åœ¢æãšãã XNUMX ã€ã®äž»èŠãªæ§æèŠçŽ ã«éçŽãããŸãã åæã«ã管çè ãçæããããªã·ãŒããããŒããã£ã¹ããã vManage ã¯ãã©ã®å€æŽãã©ã®åå¥ã®ããã€ã¹/ã³ã³ãããŒã©ãŒã«å¯ŸããŠè¡ãå¿ èŠãããããèªåçã«éžæããŸããããã«ããããœãªã¥ãŒã·ã§ã³ã®å¹çãšæ¡åŒµæ§ãå€§å¹ ã«åäžããŸãã
vManage ã€ã³ã¿ãŒãã§ã€ã¹ãéããŠãCisco SD-WAN ãœãªã¥ãŒã·ã§ã³ã®èšå®ã ãã§ãªããåã ã®ãã³ãã«ã®ã¡ããªãã¯ã®çŸåšã®ç¶æ ãããŸããŸãªã¢ããªã±ãŒã·ã§ã³ã®äœ¿çšã«é¢ããçµ±èšã«è³ããŸã§ããœãªã¥ãŒã·ã§ã³ã®ãã¹ãŠã®ã³ã³ããŒãã³ãã®ã¹ããŒã¿ã¹ãå®å šã«ç£èŠããããšãã§ããŸãã DPIåæã«åºã¥ããŠããŸãã
ã€ã³ã¿ã©ã¯ã·ã§ã³ã®äžå åã«ãé¢ãããããã¹ãŠã®ã³ã³ããŒãã³ã (ã³ã³ãããŒã©ãŒãšã«ãŒã¿ãŒ) ã«ã¯ãå®å šã«æ©èœãã CLI ã³ãã³ã ã©ã€ã³ãåããŠããŸããããã¯ãå®è£ 段éãç·æ¥æã®ããŒã«ã«èšºæã«å¿ èŠã§ãã ã«ãŒã¿ãŒäžã®éåžžã¢ãŒã (ã³ã³ããŒãã³ãéã«ä¿¡å·ãã£ãã«ãããå Žå) ã§ã¯ãã³ãã³ã ã©ã€ã³ã¯èšºæã«ã®ã¿äœ¿çšã§ããããŒã«ã«ã®å€æŽã«ã¯äœ¿çšã§ããŸãããããã«ãããããŒã«ã«ã®ã»ãã¥ãªãã£ãä¿èšŒããããã®ãããªãããã¯ãŒã¯ã§ã®å€æŽã®å¯äžã®ãœãŒã¹ã¯ vManage ã§ãã
çµ±åã»ãã¥ãªã㣠â ããã§ã¯ããªãŒãã³ ãã£ãã«çµç±ã§éä¿¡ããããŠãŒã¶ãŒ ããŒã¿ã®ä¿è·ã ãã§ãªããéžæãããã¯ãããžãŒã«åºã¥ã WAN ãããã¯ãŒã¯å šäœã®ã»ãã¥ãªãã£ã«ã€ããŠã話ãåãå¿ èŠããããŸãã
- в DMVPN/PfR ãŠãŒã¶ãŒããŒã¿ãšã·ã°ããªã³ã°ãããã³ã«ãæå·åããããšãå¯èœã§ãã ç¹å®ã®ã«ãŒã¿ãŒã¢ãã«ã䜿çšããå Žåããã©ãã£ãã¯æ€æ»ãIPS/IDS ãåãããã¡ã€ã¢ãŠã©ãŒã«æ©èœãè¿œå ã§å©çšå¯èœã§ãã VRF ã䜿çšããŠãã©ã³ã ãããã¯ãŒã¯ãã»ã°ã¡ã³ãåããããšãã§ããŸãã (äžèŠçŽ ) å¶åŸ¡ãããã³ã«ãèªèšŒããããšãå¯èœã§ãã
ãã®å Žåããªã¢ãŒã ã«ãŒã¿ãŒã¯ããã©ã«ãã§ãããã¯ãŒã¯ã®ä¿¡é Œã§ããèŠçŽ ãšã¿ãªãããŸãã åã ã®ããã€ã¹ã®ç©çç䟵害ã®ã±ãŒã¹ãããããžã®äžæ£ã¢ã¯ã»ã¹ã®å¯èœæ§ã¯æ³å®ãŸãã¯èæ ®ãããŠããŸãããå°ççã«åæ£ãããããã¯ãŒã¯ã®å Žåããœãªã¥ãŒã·ã§ã³ ã³ã³ããŒãã³ãã® XNUMX èŠçŽ èªèšŒã¯ãããŸããã é倧ãªè¿œå ãªã¹ã¯ã䌎ãå¯èœæ§ããããŸãã
- в SD-WAN DMVPN ãšåæ§ã«ããŠãŒã¶ãŒ ããŒã¿ãæå·åããæ©èœãæäŸãããŸããã倧å¹
ã«æ¡åŒµããããããã¯ãŒã¯ ã»ãã¥ãªãã£ãš L3/VRF ã»ã°ã¡ã³ããŒã·ã§ã³æ©èœ (ãã¡ã€ã¢ãŠã©ãŒã«ãIPS/IDSãURL ãã£ã«ã¿ãªã³ã°ãDNS ãã£ã«ã¿ãªã³ã°ãAMP/TGãSASEãTLS/SSL ãããã·ããªã©ïŒ d.ïŒã åæã«ãæå·åããŒã®äº€æã¯ãã»ãã¥ãªãã£èšŒææžã«åºã¥ã DTLS/TLS æå·åã«ãã£ãŠä¿è·ãããäºåã«ç¢ºç«ãããä¿¡å·ãã£ãã«ãéã㊠(çŽæ¥ã§ã¯ãªã) vSmart ã³ã³ãããŒã©ãŒãä»ããŠããå¹ççã«å®è¡ãããŸãã ããã«ããããã®ãããªäº€æã®ã»ãã¥ãªãã£ãä¿èšŒãããåããããã¯ãŒã¯äžã®æ倧æ°äžå°ã®ããã€ã¹ã«å¯Ÿãããœãªã¥ãŒã·ã§ã³ã®æ¡åŒµæ§ãåäžããŸãã
ãã¹ãŠã®ã·ã°ããªã³ã°æ¥ç¶ (ã³ã³ãããŒã©ãŒããã³ã³ãããŒã©ãŒãã³ã³ãããŒã©ãŒããã«ãŒã¿ãŒ) ã DTLS/TLS ã«åºã¥ããŠä¿è·ãããŸãã ã«ãŒã¿ãŒã«ã¯ã亀æ/æ¡åŒµã®å¯èœæ§ãåãã補é æã«å®å šèšŒææžãè£ åãããŠããŸãã XNUMX èŠçŽ èªèšŒã¯ãã«ãŒã¿ãŒ/ã³ã³ãããŒã©ãŒã SD-WAN ãããã¯ãŒã¯ã§æ©èœããããã® XNUMX ã€ã®æ¡ä»¶ãå¿ é ãã€åæã«æºããããšã§å®çŸãããŸãã
- æå¹ãªã»ãã¥ãªãã£èšŒææž
- èš±å¯ãããããã€ã¹ã®ããã¯ã€ãããªã¹ãã«åã³ã³ããŒãã³ãã管çè ãæ瀺çãã€æèçã«å«ããããšã
SD-WAN ãš DMVPN/PfR ã®æ©èœã®éã
æ©èœã®éãã®èª¬æã«ç§»ããŸãããæ©èœã®éãã®å€ãã¯ã¢ãŒããã¯ãã£äžã®éãã®ç¶ç¶ã§ããããšã«æ³šæããå¿ èŠããããŸãããœãªã¥ãŒã·ã§ã³ã®ã¢ãŒããã¯ãã£ã圢æããéãéçºè ãæçµçã«ååŸãããæ©èœããå§ããããšã¯åšç¥ã®äºå®ã§ãã XNUMX ã€ã®ãã¯ãããžãŒã®æãéèŠãªéããèŠãŠã¿ãŸãããã
AppQ (Application Quality) â ããžãã¹ã¢ããªã±ãŒã·ã§ã³ãã©ãã£ãã¯ã®äŒéå質ãä¿èšŒããæ©èœ
æ€èšäžã®ãã¯ãããžãŒã®äž»èŠãªæ©èœã¯ãåæ£ãããã¯ãŒã¯ã§ããžãã¹ ã¯ãªãã£ã«ã«ãªã¢ããªã±ãŒã·ã§ã³ã䜿çšããéã®ãŠãŒã¶ãŒ ãšã¯ã¹ããªãšã³ã¹ãå¯èœãªéãåäžãããããšãç®çãšããŠããŸãã ããã¯ãã€ã³ãã©ã¹ãã©ã¯ãã£ã®äžéšã IT ã«ãã£ãŠå¶åŸ¡ãããŠããªãããããŒã¿è»¢éã®æåããä¿èšŒãããŠããªãç¶æ³ã§ã¯ç¹ã«éèŠã§ãã
DMVPN èªäœã¯ãã®ãããªã¡ã«ããºã ãæäŸããŸããã åŸæ¥ã® DMVPN ãããã¯ãŒã¯ã§å®è¡ã§ããæåã®æ¹æ³ã¯ãéä¿¡ãã©ãã£ãã¯ãã¢ããªã±ãŒã·ã§ã³ããšã«åé¡ããWAN ãã£ãã«ã«éä¿¡ãããšãã«åªå é äœãä»ããããšã§ãã ãã®å ŽåãDMVPN ãã³ãã«ã®éžæã¯ããã®å¯çšæ§ãšã«ãŒãã£ã³ã° ãããã³ã«ã®åäœã®çµæã«ãã£ãŠã®ã¿æ±ºå®ãããŸãã åæã«ããã¹/ãã³ãã«ã®ãšã³ãããŒãšã³ãã®ç¶æ ãšããã®å¯èœæ§ã®ããéšåçãªå£åã¯ããããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³ã«ãšã£ãŠéèŠãªäž»èŠãªææšã§ããé 延ãé 延å€å (ãžãã¿ãŒ)ãæ倱 (%) ã«é¢ããŠèæ ®ãããŠããŸããã ïŒã ãã®ç¹ã«é¢ããŠãAppQ ã®åé¡ã解決ãããšããç¹ã§åŸæ¥ã® DMVPN ãš SD-WAN ãçŽæ¥æ¯èŒããããšã¯ãŸã£ããæå³ã倱ããŸããDMVPN ã¯ãã®åé¡ã解決ã§ããŸããã ãã®ã³ã³ããã¹ãã« Cisco Performance RoutingïŒPfRïŒãã¯ãããžãŒãè¿œå ãããšãç¶æ³ãå€ãããCisco SD-WAN ãšã®æ¯èŒãããæå³ã®ãããã®ã«ãªããŸãã
éãã«ã€ããŠèª¬æããåã«ããããã®ãã¯ãããžãŒãã©ã®ããã«äŒŒãŠããããç°¡åã«èª¬æããŸãã ãããã£ãŠãäž¡æ¹ã®ãã¯ãããžãŒã¯æ¬¡ã®ããã«ãªããŸãã
- 確ç«ãããåãã³ãã«ã®ç¶æ ãç¹å®ã®ã¡ããªã¯ã¹ (å°ãªããšããé 延ãé 延å€åããã±ããæ倱 (%)) ã«åºã¥ããŠåçã«è©äŸ¡ã§ããã¡ã«ããºã ãåããŠããŸãã
- ç¹å®ã®ããŒã« ã»ããã䜿çšããŠãäž»èŠãªãã³ãã« ã¡ããªãã¯ã®ç¶æ ã®æž¬å®çµæãèæ ®ããŠããã©ãã£ãã¯ç®¡çã«ãŒã« (ããªã·ãŒ) ãäœæãé åžãããã³é©çšããŸãã
- OSI ã¢ãã«ã®ã¬ãã« L3 ïœ L4 (DSCP)ããŸãã¯ã«ãŒã¿ã«çµã¿èŸŒãŸãã DPI ã¡ã«ããºã ã«åºã¥ã L7 ã¢ããªã±ãŒã·ã§ã³çœ²åã«ãã£ãŠã¢ããªã±ãŒã·ã§ã³ ãã©ãã£ãã¯ãåé¡ããŸãã
- éèŠãªã¢ããªã±ãŒã·ã§ã³ã®å Žåãã¡ããªã¯ã¹ã®èš±å®¹å¯èœãªãããå€ãããã©ã«ãã§ã®ãã©ãã£ãã¯éä¿¡ã®ã«ãŒã«ãããã³ãããå€ãè¶ ããå Žåã®ãã©ãã£ãã¯ã®åã«ãŒãã£ã³ã°ã®ã«ãŒã«ã決å®ã§ããŸãã
- GRE/IPSec ã§ãã©ãã£ãã¯ãã«ãã»ã«åããå Žåããã§ã«ç¢ºç«ãããŠããæ¥çã¡ã«ããºã ã䜿çšããŠãå éš DSCP ããŒãã³ã°ãå€éš GRE/IPSEC ãã±ãã ããããŒã«è»¢éããŸããããã«ãããçµç¹ãšéä¿¡äºæ¥è ã® QoS ããªã·ãŒãåæã§ããŸã (é©å㪠SLA ãããå Žå)ã ã
SD-WAN ãš DMVPN/PfR ã®ãšã³ãããŒãšã³ã ã¡ããªãã¯ã¯ã©ã®ããã«ç°ãªããŸãã?
DMVPN/PfR
- ã¢ã¯ãã£ãããã³ããã·ãã®äž¡æ¹ã®ãœãããŠã§ã¢ ã»ã³ãµãŒ (ãããŒã) ã䜿çšããŠãæšæºã®ãã³ãã«ã®å¥å šæ§ã¡ããªãã¯ãè©äŸ¡ããŸãã ã¢ã¯ãã£ããªãã®ã¯ãŠãŒã¶ãŒ ãã©ãã£ãã¯ã«åºã¥ããŠãããããã·ããªãã®ã¯ãã®ãããªãã©ãã£ã㯠(ååšããªãå Žå) ããšãã¥ã¬ãŒãããŸãã
- ã¿ã€ããŒãå£åæ€åºæ¡ä»¶ã埮調æŽããå¿ èŠã¯ãªããã¢ã«ãŽãªãºã ã¯åºå®ãããŠããŸãã
- ããã«ãéä¿¡æ¹åã®äœ¿çšåž¯åå¹ ã®æž¬å®ãå¯èœã§ãã ããã«ãããDMVPN/PfR ã«ãã©ãã£ãã¯ç®¡çã®æè»æ§ãããã«è¿œå ãããŸãã
- åæã«ãäžéšã® PfR ã¡ã«ããºã ã¯ãã¡ããªãã¯ãè¶ éããå Žåããã©ãã£ãã¯åä¿¡è ããéä¿¡å ã«åããŠéä¿¡ãããå¿ èŠãããç¹å¥ãª TCAïŒãããå€è¶ éã¢ã©ãŒãïŒã¡ãã»ãŒãžã®åœ¢åŒã§ã®ãã£ãŒããã㯠ã·ã°ããªã³ã°ã«äŸåããŸãã枬å®ããããã£ãã«ã¯ãå°ãªããšããã®ãã㪠TCA ã¡ãã»ãŒãžã®éä¿¡ã«ã¯ååã§ããå¿ èŠããããŸãã ã»ãšãã©ã®å Žåãããã¯åé¡ã§ã¯ãããŸããããæããã«ä¿èšŒã¯ã§ããŸããã
SD-WAN
- æšæºã®ãã³ãã«ç¶æ ã¡ããªãã¯ã®ãšã³ãããŒãšã³ãè©äŸ¡ã§ã¯ãBFD ãããã³ã«ããšã³ãŒ ã¢ãŒãã§äœ¿çšãããŸãã ãã®å ŽåãTCA ãŸãã¯åæ§ã®ã¡ãã»ãŒãžã®åœ¢åŒã§ã®ç¹å¥ãªãã£ãŒãããã¯ã¯å¿ èŠãããŸãããé害ãã¡ã€ã³ã®åé¢ã¯ç¶æãããŸãã ãŸãããã³ãã«ã®ç¶æ ãè©äŸ¡ããããã«ãŠãŒã¶ãŒ ãã©ãã£ãã¯ãååšããå¿ èŠããããŸããã
- BFD ã¿ã€ããŒã埮調æŽããŠãéä¿¡ãã£ãã«ã®å£åã«å¯Ÿããã¢ã«ãŽãªãºã ã®å¿çé床ãšæ床ãæ°ç§ããæ°åãŸã§èª¿æŽããããšãã§ããŸãã
- ãã®èšäºã®å·çæç¹ã§ã¯ãåãã³ãã«ã«ã¯ BFD ã»ãã·ã§ã³ã 2 ã€ã ããããŸãã ããã«ããããã³ãã«ç¶æ åæã®ç²åºŠãäœäžããå¯èœæ§ããããŸãã å®éã«ã¯ããããå¶éãšãªãã®ã¯ãåæããã QoS SLA ãåãã MPLS L3/LXNUMX VPN ã«åºã¥ã WAN æ¥ç¶ã䜿çšããå Žåãã€ãŸã BFD ãã©ãã£ãã¯ã® DSCP ããŒãã³ã° (IPSec/GRE ã§ã®ã«ãã»ã«ååŸ) ããIPSec/GRE ã®é«åªå 床ãã¥ãŒãšäžèŽããå Žåã®ã¿ã§ããéä¿¡äºæ¥è ã®ãããã¯ãŒã¯ã«åœ±é¿ãäžãããšãåªå 床ã®äœããã©ãã£ãã¯ã®å£åæ€åºã®ç²ŸåºŠãšé床ã«åœ±é¿ãäžããå¯èœæ§ããããŸãã åæã«ãããã©ã«ãã® BFD ã©ãã«ãå€æŽããŠããã®ãããªç¶æ³ã®ãªã¹ã¯ã軜æžããããšãã§ããŸãã Cisco SD-WAN ãœãããŠã§ã¢ã®å°æ¥ã®ããŒãžã§ã³ã§ã¯ããã埮調æŽããã BFD èšå®ã«å ããŠãïŒããŸããŸãªã¢ããªã±ãŒã·ã§ã³åãã«ïŒåå¥ã® DSCP å€ã䜿çšããŠåããã³ãã«å ã§è€æ°ã® BFD ã»ãã·ã§ã³ãèµ·åã§ããæ©èœãæåŸ ãããŠããŸãã
- ããã«ãBFD ã䜿çšãããšãæçåããã«ç¹å®ã®ãã³ãã«ãä»ããŠéä¿¡ã§ããæ倧ãã±ãã ãµã€ãºãèŠç©ããããšãã§ããŸãã ããã«ãããSD-WAN 㯠MTU ã TCP MSS Adjust ãªã©ã®ãã©ã¡ãŒã¿ãåçã«èª¿æŽããŠãåãªã³ã¯ã§å©çšå¯èœãªåž¯åå¹ ãæ倧éã«æŽ»çšã§ããŸãã
- SD-WAN ã§ã¯ãéä¿¡äºæ¥è ã«ãã QoS åæã®ãªãã·ã§ã³ãå©çšã§ããŸããããã¯ãL3 DSCP ãã£ãŒã«ãã ãã§ãªããIP ãªã©ã®ç¹æ®ãªããã€ã¹ã«ãã£ãŠãã©ã³ã ãããã¯ãŒã¯ã§èªåçã«çæã§ãã L2 CoS å€ã«ãåºã¥ããŠããŸããé»è©±
AppQ ããªã·ãŒã®å®çŸ©ãšé©çšã®æ©èœãæ¹æ³ã¯ã©ã®ããã«ç°ãªããŸãã?
DMVPN/PfR ããªã·ãŒ:
- CLI ã³ãã³ã ã©ã€ã³ãŸã㯠CLI èšå®ãã³ãã¬ãŒããä»ããŠäžå€®ãã©ã³ã ã«ãŒã¿ã§å®çŸ©ãããŸãã CLI ãã³ãã¬ãŒããçæããã«ã¯ãæºåãšããªã·ãŒæ§æã®ç¥èãå¿
èŠã§ãã
- ã°ããŒãã«ã«å®çŸ© åã ã®ãããã¯ãŒã¯ã»ã°ã¡ã³ãã®èŠä»¶ãåå¥ã«æ§æ/å€æŽããå¿ èŠããããŸããã
- 察話åã®ããªã·ãŒçæã¯ãã°ã©ãã£ã«ã« ã€ã³ã¿ãŒãã§ã€ã¹ã§ã¯æäŸãããŸããã
- å€æŽã®è¿œè·¡ãç¶æ¿ãããã³è¿ éãªåãæ¿ãã®ããã®è€æ°ããŒãžã§ã³ã®ããªã·ãŒã®äœæã¯æäŸãããŸããã
- ãªã¢ãŒãæ¯åºã®ã«ãŒã¿ãŒã«èªåçã«é ä¿¡ãããŸãã ãã®å ŽåããŠãŒã¶ãŒããŒã¿ã®éä¿¡ãšåãéä¿¡ãã£ãã«ã䜿çšãããŸãã äžå€®ãã©ã³ããšãªã¢ãŒããã©ã³ãã®éã«éä¿¡ãã£ãã«ããªãå Žåãããªã·ãŒã®é åž/å€æŽã¯äžå¯èœã§ãã
- ãããã¯åã«ãŒã¿ãŒã§äœ¿çšãããå¿ èŠã«å¿ããŠãããé«ãåªå é äœãæã€æšæºã«ãŒãã£ã³ã° ãããã³ã«ã®çµæãå€æŽããŸãã
- ãã¹ãŠã®ãã©ã³ã WAN ãªã³ã¯ã§é倧ãªãã©ãã£ãã¯æ倱ãçºçããå Žåã è£åã¡ã«ããºã ã¯æäŸãããŠããªã.
SD-WAN ããªã·ãŒ:
- ã€ã³ã¿ã©ã¯ãã£ããªãã³ãã¬ãŒã ãŠã£ã¶ãŒãã䜿çšã㊠vManage GUI ã§å®çŸ©ããŸãã
- è€æ°ã®ããªã·ãŒã®äœæãã³ããŒãç¶æ¿ããªã¢ã«ã¿ã€ã ã§ã®ããªã·ãŒéã®åãæ¿ãããµããŒãããŸãã
- ããŸããŸãªãããã¯ãŒã¯ ã»ã°ã¡ã³ã (ãã©ã³ã) ã®åå¥ã®ããªã·ãŒèšå®ããµããŒã
- ãããã¯ãã³ã³ãããŒã©ãŒãšã«ãŒã¿ãŒããã³/ãŸã㯠vSmart ã®éã§å©çšå¯èœãªä¿¡å·ãã£ãã«ã䜿çšããŠåæ£ãããŸããã«ãŒã¿ãŒéã®ããŒã¿ ãã¬ãŒã³æ¥ç¶ã«ã¯çŽæ¥äŸåããŸããã ãã¡ãããããã«ã¯ã«ãŒã¿ãŒèªäœãšã³ã³ãããŒã©ãŒéã® IP æ¥ç¶ãå¿ èŠã§ãã
- ãã©ã³ãã®å©çšå¯èœãªãã¹ãŠã®ãã©ã³ãã§ãéèŠãªã¢ããªã±ãŒã·ã§ã³ã®èš±å®¹ãããå€ãè¶
ããé倧ãªããŒã¿æ倱ãçºçããå Žåãéä¿¡ã®ä¿¡é Œæ§ãé«ããè¿œå ã®ã¡ã«ããºã ã䜿çšããããšãã§ããŸãã
- FEC (åæ¹èª€ãèšæ£) â ç¹å¥ãªåé·ã³ãŒãã£ã³ã° ã¢ã«ãŽãªãºã ã䜿çšããŸãã ããªãã®å²åã§æ倱ãçºçããéèŠãªãã©ãã£ãã¯ããã£ãã«çµç±ã§éä¿¡ããå ŽåãFEC ãèªåçã«ã¢ã¯ãã£ãåãããå¿ èŠã«å¿ããŠããŒã¿ã®æ倱éšåã埩å ã§ããŸãã ããã«ããã䜿çšãããäŒé垯åå¹ ããããã«å¢å ããŸãããä¿¡é Œæ§ã¯å€§å¹ ã«åäžããŸãã
- ããŒã¿ã¹ããªãŒã ã®éè€ â FEC ã«å ããŠããã®ããªã·ãŒã¯ãFEC ã§ã¯è£åã§ããªãããã«æ·±å»ãªã¬ãã«ã®æ倱ãçºçããå Žåã«ãéžæããã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ãã¯ã®èªåè€è£œãæäŸã§ããŸãã ãã®å ŽåãéžæãããããŒã¿ã¯ããã¹ãŠã®ãã³ãã«ãä»ããŠåä¿¡ãã©ã³ãã«éä¿¡ããããã®åŸã®éè€æé€ (ãã±ããã®äœåãªã³ããŒã®ãããã) ãè¡ãããŸãã ãã®ã¡ã«ããºã ã«ããããã£ãã«ã®äœ¿çšçãå€§å¹ ã«å¢å ããŸãããéä¿¡ã®ä¿¡é Œæ§ãå€§å¹ ã«åäžããŸãã
DMVPN/PfR ã«çŽæ¥é¡äŒŒããæ©èœãæããªã Cisco SD-WAN æ©èœ
Cisco SD-WAN ãœãªã¥ãŒã·ã§ã³ã®ã¢ãŒããã¯ãã£ã§ã¯ãå Žåã«ãã£ãŠã¯ãDMVPN/PfR å ã§å®è£ ããã®ãéåžžã«é£ããæ©èœããå¿ èŠãªäººä»¶è²»ã®ããã§éçŸå®çããŸãã¯ãŸã£ããäžå¯èœãªæ©èœãååŸã§ããŸãã ãã®äžã§æãèå³æ·±ããã®ãèŠãŠã¿ãŸãããã
ãã©ãã£ã㯠ãšã³ãžãã¢ãªã³ã° (TE)
TE ã«ã¯ãã«ãŒãã£ã³ã° ãããã³ã«ã«ãã£ãŠåœ¢æãããæšæºãã¹ãããã©ãã£ãã¯ãåå²ã§ããããã«ããã¡ã«ããºã ãå«ãŸããŠããŸãã TE ã¯ãé害çºçæã®ãµãŒãã¹å質ãå埩é床ã®åäžã確ä¿ããããã«ãéèŠãªãã©ãã£ãã¯ãè¿ éãã€/ãŸãã¯ç©æ¥µçã«ä»£æ¿ã® (ç¬ç«ãã) äŒéãã¹ã«è»¢éããæ©èœãéããŠããããã¯ãŒã¯ ãµãŒãã¹ã®é«å¯çšæ§ã確ä¿ããããã«ãã䜿çšãããŸããã¡ã€ã³ãã¹äžã
TE ã®å®è£ ã®é£ããã¯ã代æ¿ãã¹ãäºåã«èšç®ããŠäºçŽ (確èª) ããå¿ èŠãããããšã§ãã éä¿¡äºæ¥è ã® MPLS ãããã¯ãŒã¯ã§ã¯ãIGP ãããã³ã«ã RSVP ãããã³ã«ãæ¡åŒµãã MPLS ãã©ãã£ã㯠ãšã³ãžãã¢ãªã³ã°ãªã©ã®ãã¯ãããžãŒã䜿çšããŠããã®åé¡ã解決ããŸãã ãŸããæè¿ã§ã¯ãäžå çãªæ§æãšãªãŒã±ã¹ãã¬ãŒã·ã§ã³åãã«ããã«æé©åãããã»ã°ã¡ã³ã ã«ãŒãã£ã³ã° ãã¯ãããžãŒã®äººæ°ãé«ãŸã£ãŠããŸãã åŸæ¥ã® WAN ãããã¯ãŒã¯ã§ã¯ããããã®ãã¯ãããžãŒã¯éåžžã¯è¡šçŸãããªããããã©ãã£ãã¯ãåå²ã§ããããªã·ãŒããŒã¹ ã«ãŒãã£ã³ã° (PBR) ãªã©ã®ããããã€ããã ã¡ã«ããºã ã®äœ¿çšã«éå®ãããŠããŸããããããåã«ãŒã¿ãŒã«åå¥ã«å®è£ ããŸããååŸã®ã¹ãããã§ã®ãããã¯ãŒã¯ãŸã㯠PBR ã®å šäœçãªç¶æ ãèæ ®ããŸãã ãããã® TE ãªãã·ã§ã³ã䜿çšããçµæã¯æ®å¿µãªãã®ã§ããMPLS TE ã¯ãèšå®ãšéçšã®è€éãã®ãããååãšããŠãããã¯ãŒã¯ã®æãéèŠãªéšå (ã³ã¢) ã§ã®ã¿äœ¿çšãããPBR ã¯åå¥ã®ã«ãŒã¿ãŒã§äœ¿çšãããŸãããããã¯ãŒã¯å šäœã«çµ±åããã PBR ããªã·ãŒãäœæããæ©èœã æããã«ããã㯠DMVPN ããŒã¹ã®ãããã¯ãŒã¯ã«ãåœãŠã¯ãŸããŸãã
ãã®ç¹ã§ãSD-WAN ã¯ãæ§æãç°¡åãªã ãã§ãªããããåªããæ¡åŒµæ§ãåãããããæŽç·Žããããœãªã¥ãŒã·ã§ã³ãæäŸããŸãã ããã¯ã䜿çšãããã³ã³ãããŒã« ãã¬ãŒã³ãšããªã·ãŒ ãã¬ãŒã³ã®ã¢ãŒããã¯ãã£ã®çµæã§ãã SD-WAN ã«ããªã·ãŒ ãã¬ãŒã³ãå®è£
ãããšãã©ã®ãã©ãã£ãã¯ã察象ãšãªãããªã©ãTE ããªã·ãŒãäžå
çã«å®çŸ©ã§ããŸãã ã©ã®VPNã«å¯Ÿå¿ããŠããŸããïŒ ã©ã®ããŒã/ãã³ãã«ãçµç±ããŠä»£æ¿ã«ãŒãã圢æããå¿
èŠããããããŸãã¯éã«çŠæ¢ãããŠããŸãã? ããã«ãvSmart ã³ã³ãããŒã©ã«åºã¥ãã³ã³ãããŒã« ãã¬ãŒã³ç®¡çã®äžå
åã«ãããåã
ã®ããã€ã¹ã®èšå®ã«é Œãããšãªãã«ãŒãã£ã³ã°çµæãå€æŽã§ããããã«ãªããŸããã«ãŒã¿ãŒã«ã¯ãvManage ã€ã³ã¿ãŒãã§ã€ã¹ã§çæããã䜿çšããããã«è»¢éãããããžãã¯ã®çµæã®ã¿ããã§ã«è¡šç€ºãããŠããŸãã vã¹ããŒãã
ãµãŒãã¹ãã§ãŒã³
åŸæ¥ã®ã«ãŒãã£ã³ã°ã§ã¯ããµãŒãã¹ ãã§ãŒã³ã®åœ¢æã¯ããã§ã«èª¬æãããã©ãã£ã㯠ãšã³ãžãã¢ãªã³ã° ã¡ã«ããºã ãããããã«åŽåéçŽçãªã¿ã¹ã¯ã§ãã å®éããã®å Žåãç¹å®ã®ãããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³çšã«ç¹å¥ãªã«ãŒããäœæããã ãã§ãªããSD-WAN ãããã¯ãŒã¯ã®ç¹å® (ãŸãã¯ãã¹ãŠ) ããŒãäžã®ãããã¯ãŒã¯ãããã©ãã£ãã¯ãåé€ããŠåŠçã§ããããã«ããå¿ èŠããããŸããç¹å¥ãªã¢ããªã±ãŒã·ã§ã³ãŸãã¯ãµãŒãã¹ (ãã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã·ã³ã°ããã£ãã·ã³ã°ãæ€æ»ãã©ãã£ãã¯ãªã©)ã åæã«ããã©ãã¯ããŒã«ç¶æ³ãé²ãããã«ãããã®å€éšãµãŒãã¹ã®ç¶æ ãå¶åŸ¡ã§ããå¿ èŠããããåãçš®é¡ã®å€éšãµãŒãã¹ãç°ãªãå°ççäœçœ®ã«é 眮ã§ããã¡ã«ããºã ãå¿ èŠã§ããç¹å®ã®ãã©ã³ãã®ãã©ãã£ãã¯ãåŠçããããã«æé©ãªãµãŒãã¹ ããŒããèªåçã«éžæãããããã¯ãŒã¯ã®æ©èœãåããŠããŸãã Cisco SD-WAN ã®å Žåãããã¯ãã¿ãŒã²ãã ãµãŒãã¹ ãã§ãŒã³ã®ãã¹ãŠã®åŽé¢ã XNUMX ã€ã®å šäœã«ãæ¥çãããå¿ èŠãªå Žåã«ã®ã¿ããŒã¿ ãã¬ãŒã³ãšã³ã³ãããŒã« ãã¬ãŒã³ã®ããžãã¯ãèªåçã«å€æŽããé©åãªéäžããªã·ãŒãäœæããããšã§éåžžã«ç°¡åã«å®çŸã§ããŸãããããŠå¿ èŠãªãšãã
ç¹æ®ãªïŒãã ããSD-WAN ãããã¯ãŒã¯èªäœã«ã¯é¢ä¿ããªãïŒæ©åšäžã§ãç¹å®ã®ã·ãŒã±ã³ã¹ã§éžæããã¿ã€ãã®ã¢ããªã±ãŒã·ã§ã³ã®ãã©ãã£ãã¯ã®å°çåæ£åŠçãäœæã§ããæ©èœã¯ãããããåŸæ¥ã® Cisco SD-WAN ã«å¯Ÿãã Cisco SD-WAN ã®å©ç¹ãæãæ確ã«ç€ºããŠããŸãããã¯ãããžãŒãããã«ã¯ä»ã®ã¡ãŒã«ãŒã®ä»£æ¿ SD ãœãªã¥ãŒã·ã§ã³ (WAN) ãå«ãŸããŸãã
ãã®çµæã¯ïŒ
æããã«ãDMVPNïŒããã©ãŒãã³ã¹ ã«ãŒãã£ã³ã°ã®æç¡ã«ãããããïŒãš Cisco SD-WAN ã®äž¡æ¹ çµå±éåžžã«äŒŒããããªåé¡ã解決ããããšã«ãªã çµç¹ã®åæ£ WAN ãããã¯ãŒã¯ã«é¢é£ããŠã åæã«ãCisco SD-WAN ãã¯ãããžãŒã®ã¢ãŒããã¯ãã£ãšæ©èœã®å€§ããªéããããããã®åé¡ã解決ããããã»ã¹ã«ã€ãªãããŸãã å¥ã®å質ã¬ãã«ãžã èŠçŽãããšãSD-WAN ãã¯ãããžãŒãš DMVPN/PfR ãã¯ãããžãŒã®éã«ã¯æ¬¡ã®å€§ããªéããããããšãããããŸãã
- DMVPN/PfR ã¯äžè¬ã«ããªãŒããŒã¬ã€ VPN ãããã¯ãŒã¯ã®æ§ç¯ã«å®çžŸã®ãããã¯ãããžãŒã䜿çšããŠãããããŒã¿ ãã¬ãŒã³ã®èŠ³ç¹ããã¯ãããææ°ã® SD-WAN ãã¯ãããžãŒã«äŒŒãŠããŸãããå¿ é ã®éçæ§æãšãã圢ã§å€ãã®å¶éããããŸããã«ãŒã¿ã®æ°ãå¶éãããããããžã®éžæã¯ãã ã¢ã³ã ã¹ããŒã¯ã«éå®ãããŸãã äžæ¹ãDMVPN/PfR ã«ã¯ãSD-WAN å ã§ã¯ãŸã å©çšã§ããªãæ©èœãããã€ããããŸãïŒã¢ããªã±ãŒã·ã§ã³ããšã® BFD ã«ã€ããŠè©±ããŠããŸãïŒã
- ã³ã³ãããŒã« ãã¬ãŒã³å ã§ã¯ããã¯ãããžãŒã¯æ ¹æ¬çã«ç°ãªããŸãã ã·ã°ããªã³ã° ãããã³ã«ã®éäžåŠçãèæ ®ãããšãSD-WAN ã§ã¯ãç¹ã«é害ãã¡ã€ã³ãå€§å¹ ã«çµã蟌ã¿ããŠãŒã¶ãŒ ãã©ãã£ãã¯ã®éä¿¡ããã»ã¹ãã·ã°ããªã³ã° ã€ã³ã¿ã©ã¯ã·ã§ã³ãããåãé¢ããããšãã§ããŸããã³ã³ãããŒã©ãäžæçã«å©çšã§ããªããªã£ãŠãããŠãŒã¶ãŒ ãã©ãã£ãã¯ã®éä¿¡èœåã«ã¯åœ±é¿ããŸããã ã åæã«ãããããã®ãã©ã³ã (äžå€®ãã©ã³ããå«ã) ãäžæçã«å©çšã§ããªããªã£ãŠããä»ã®ãã©ã³ããçžäºã«ããåãããããã³ã³ãããŒã©ãŒãšå¯Ÿè©±ãããããèœåã«ã¯ãŸã£ãã圱é¿ããŸããã
- SD-WAN ã®å Žåã®ãã©ãã£ãã¯ç®¡çããªã·ãŒã®åœ¢æãšé©çšã®ã¢ãŒããã¯ãã£ããDMVPN/PfR ã®ã¢ãŒããã¯ãã£ãããåªããŠããŸããå°ççäºçŽãã¯ããã«é©åã«å®è£ ãããŠããããããžã®æ¥ç¶ããªãã詳现ãªãã©ãã£ãã¯ç®¡çããªã·ãŒãé©çšããæ©äŒãå¢ããŠããŸãã - ãã¥ãŒãã³ã° ããªã·ãŒã«å ããŠãå®è£ ããããã©ãã£ãã¯ç®¡çã·ããªãªã®ãªã¹ããå€§å¹ ã«å¢å ããŸããã
- ãœãªã¥ãŒã·ã§ã³ ãªãŒã±ã¹ãã¬ãŒã·ã§ã³ ããã»ã¹ã倧ããç°ãªããŸãã DMVPN ã¯ãäœããã®æ¹æ³ã§èšå®ã«åæ ããå¿ èŠãããæ¢ç¥ã®ãã©ã¡ãŒã¿ã®ååšãåæãšããŠããããããœãªã¥ãŒã·ã§ã³ã®æè»æ§ãšåçãªå€æŽã®å¯èœæ§ãããçšåºŠå¶éãããŸãã äžæ¹ãSD-WAN ã¯ãæ¥ç¶ã®æåã®ç¬éã«ã¯ãã«ãŒã¿ãŒã¯ã³ã³ãããŒã©ãŒã«ã€ããŠãäœãç¥ããªããããã誰ã«è³ªåã§ããããã¯ç¥ã£ãŠãããšãããã©ãã€ã ã«åºã¥ããŠããŸããããã¯ãèªåçã«éä¿¡ã確ç«ããã ãã§ãªããã³ã³ãããŒã©ãŒã ãã§ãªããå®å šã«æ¥ç¶ãããããŒã¿ ãã¬ãŒã³ ããããžãèªåçã«åœ¢æãããããªã·ãŒã䜿çšããŠæè»ã«æ§æ/å€æŽã§ããŸãã
- éäžç®¡çãèªååãã¢ãã¿ãªã³ã°ã®ç¹ã§ãSD-WAN 㯠DMVPN/PfR ã®æ©èœãäžåããšæåŸ ãããŠããŸããDMVPN/PfR ã¯åŸæ¥ã®ãã¯ãããžãŒããé²åããCLI ã³ãã³ã ã©ã€ã³ãšãã³ãã¬ãŒã ããŒã¹ã® NMS ã·ã¹ãã ã®äœ¿çšã«å€§ããäŸåããŠããŸãã
- SD-WAN ã§ã¯ãDMVPN ãšæ¯èŒããŠãã»ãã¥ãªãã£èŠä»¶ã¯ç°ãªã質çã¬ãã«ã«éããŠããŸãã äž»ãªååã¯ããŒããã©ã¹ããã¹ã±ãŒã©ããªãã£ãããã³ XNUMX èŠçŽ èªèšŒã§ãã
ãããã®åçŽãªçµè«ã¯ãDMVPN/PfR ã«åºã¥ãããããã¯ãŒã¯ã®æ§ç¯ãä»æ¥ã§ã¯ãŸã£ããæå³ã倱ã£ãŠãããšãã誀ã£ãå°è±¡ãäžããå¯èœæ§ããããŸãã ãã¡ãããããã¯å®å šã«çå®ã§ã¯ãããŸããã ããšãã°ããããã¯ãŒã¯ã§å€ãã®å€ãæ©åšã䜿çšãããŠãããããã亀æããæ¹æ³ããªãå ŽåãDMVPN ã䜿çšãããšããå€ããããã€ã¹ãšãæ°ãããããã€ã¹ãåäžã®å°çåæ£ãããã¯ãŒã¯ã«çµã¿åãããããšãã§ããåè¿°ããå€ãã®å©ç¹ãåŸãããŸãããã®äžã
äžæ¹ãIOS XE (ISR 1000ãISR 4000ãASR 1000ãCSR 1000v) ãããŒã¹ãšããçŸåšã® Cisco äŒæ¥ã«ãŒã¿ã¯ãã¹ãŠãçŸåšãã¯ã©ã·ã㯠ã«ãŒãã£ã³ã°ãš DMVPN ããã³ SD-WAN ã®äž¡æ¹ã®ããããåäœã¢ãŒãããµããŒãããŠããããšãèŠããŠããå¿
èŠããããŸãã éžæã¯ãçŸåšã®ããŒãºãšãåãæ©åšã䜿çšããŠãã€ã§ãããé«åºŠãªãã¯ãããžãŒã«ç§»è¡ã§ãããšããç解ã«ãã£ãŠæ±ºãŸããŸãã
åºæïŒ habr.com