ãã¡ã€ã¢ãŠã©ãŒã«ã®æ§æãèŠããšãå€ãã®å ŽåãIP ã¢ãã¬ã¹ãããŒãããããã³ã«ããµãããããå«ãŸããã·ãŒãã衚瀺ãããã§ãããã ããã¯ããªãœãŒã¹ãžã®ãŠãŒã¶ãŒ ã¢ã¯ã»ã¹ã«é¢ãããããã¯ãŒã¯ ã»ãã¥ãªã㣠ããªã·ãŒãåŸæ¥ããå®è£
ãããŠããæ¹æ³ã§ãã æåã¯æ§æå
ã®é åºãç¶æããããšããŸããããã®åŸãåŸæ¥å¡ãéšéããéšéãžç§»åãå§ãããµãŒããŒãå¢å ããŠåœ¹å²ãå€ãããéåžžã¯èš±å¯ãããŠããªãããŸããŸãªãããžã§ã¯ããžã®ã¢ã¯ã»ã¹ãåºçŸããäœçŸãã®æªç¥ã®ã€ã® ãã¹ãåºçŸããŸãã
éãè¯ããã°ããã€ãã®ã«ãŒã«ã®æšªã«ããVasya ãç§ã«ãããããããã«é Œãã ããŸãã¯ããã㯠DMZ ãžã®éè·¯ã§ãããšããã³ã¡ã³ãã衚瀺ãããŸãã ãããã¯ãŒã¯ç®¡çè ã¯èŸããŠããŸãããã¹ãŠãå®å šã«äžæçã«ãªã£ãŠããŸããŸãã ãã®åŸã誰ãã Vasya ã®èšå®ãã¯ãªã¢ããããšæ±ºå®ããSAP ãã¯ã©ãã·ã¥ããŸãããããã¯ãVasya ããã€ãŠæŠéçš SAP ãå®è¡ããããã«ãã®ã¢ã¯ã»ã¹ãèŠæ±ããããã§ãã
ä»æ¥ã¯ããã¡ã€ã¢ãŠã©ãŒã«æ§æãæ··ä¹±ãããããšãªãããããã¯ãŒã¯éä¿¡ãšã»ãã¥ãªã㣠ããªã·ãŒãæ£ç¢ºã«é©çšããã®ã«åœ¹ç«ã€ VMware NSX ãœãªã¥ãŒã·ã§ã³ã«ã€ããŠèª¬æããŸãã ãã®ããŒãã§ã¯ãVMware ã以åã«åããŠãããã®ãšæ¯èŒããŠãã©ã®ãããªæ°æ©èœãç»å Žãããã玹ä»ããŸãã
VMWare NSX ã¯ããããã¯ãŒã¯ ãµãŒãã¹çšã®ä»®æ³åããã³ã»ãã¥ãªã㣠ãã©ãããã©ãŒã ã§ãã NSX ã¯ã«ãŒãã£ã³ã°ãã¹ã€ããã³ã°ãããŒã ãã©ã³ã·ã³ã°ããã¡ã€ã¢ãŠã©ãŒã«ã®åé¡ã解決ããä»ã«ãå€ãã®èå³æ·±ãããšãå®è¡ã§ããŸãã
NSX ã¯ãVMware ç¬èªã® vCloud Networking and Security (vCNS) 補åããã³è²·åãã Nicira NVP ã®åŸç¶è£œåã§ãã
vCNS ãã NSX ãž
以åã¯ãã¯ã©ã€ã¢ã³ã㯠VMware vCloud äžã«æ§ç¯ãããã¯ã©ãŠãå ã«å¥ã® vCNS vShield Edge ä»®æ³ãã·ã³ãæã£ãŠããŸããã ããã¯å¢çã²ãŒããŠã§ã€ãšããŠæ©èœããNATãDHCPããã¡ã€ã¢ãŠã©ãŒã«ãVPNãããŒã ãã©ã³ãµãŒãªã©ã®å€ãã®ãããã¯ãŒã¯æ©èœãæ§æã§ããŸãããvShield Edge ã¯ãä»®æ³ãã·ã³ãšå€éšäžçãšã®ããåãããvShield Edge ã§æå®ãããã«ãŒã«ã«åŸã£ãŠå¶éããŸããããã¡ã€ã¢ãŠã©ãŒã«ãšNATã ãããã¯ãŒã¯å ã§ã¯ãä»®æ³ãã·ã³ã¯ãµããããå ã§èªç±ã«çžäºã«éä¿¡ããŸããã æ¬åœã«ãã©ãã£ãã¯ãåå²ããŠåŸæãããå Žåã¯ãã¢ããªã±ãŒã·ã§ã³ã®åã ã®éšå (ããŸããŸãªä»®æ³ãã·ã³) ã«å¥åã®ãããã¯ãŒã¯ãäœæãããã¡ã€ã¢ãŠã©ãŒã«ã§ã®ãããã¯ãŒã¯çžäºäœçšã«é©åãªã«ãŒã«ãèšå®ã§ããŸãã ããããç¹ã«ä»®æ³ãã·ã³ãæ°åå°ããå Žåãããã¯é·ããŠé£ãããé¢çœããããŸããã
NSX ã§ã¯ãVMware ã¯ãã€ããŒãã€ã¶ãŒ ã«ãŒãã«ã«çµã¿èŸŒãŸããåæ£ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŠãã€ã¯ãã»ã°ã¡ã³ããŒã·ã§ã³ã®æŠå¿µãå®è£ ããŸããã IP ã¢ãã¬ã¹ãš MAC ã¢ãã¬ã¹ã ãã§ãªããä»®æ³ãã·ã³ãã¢ããªã±ãŒã·ã§ã³ãªã©ã®ä»ã®ãªããžã§ã¯ãã®ã»ãã¥ãªãã£ãšãããã¯ãŒã¯çžäºäœçšã®ããªã·ãŒãæå®ããŸãã NSX ãçµç¹å ã«å±éãããŠããå Žåããããã®ãªããžã§ã¯ã㯠Active Directory ã®ãŠãŒã¶ãŒãŸãã¯ãŠãŒã¶ãŒã®ã°ã«ãŒãã§ããå¯èœæ§ããããŸãã ãã®ãããªåãªããžã§ã¯ãã¯ãç¬èªã®å± å¿å°ã®è¯ã DMZ ãæã€ãå¿ èŠãªãµããããå ã®ç¬èªã®ã»ãã¥ãªã㣠ã«ãŒãå ã®ãã€ã¯ãã»ã°ã¡ã³ãã«å€ãããŸã:)ã
以åã¯ããªãœãŒã¹ ããŒã«å
šäœã«å¯ŸããŠã»ãã¥ãªãã£å¢çã XNUMX ã€ã ãããããšããž ã¹ã€ããã«ãã£ãŠä¿è·ãããŠããŸããããNSX ã䜿çšãããšãåããããã¯ãŒã¯å
ã§ãã£ãŠããå¥ã®ä»®æ³ãã·ã³ãäžå¿
èŠãªå¯Ÿè©±ããä¿è·ã§ããŸãã
ãšã³ãã£ãã£ãå¥ã®ãããã¯ãŒã¯ã«ç§»åãããšãã»ãã¥ãªã㣠ããªã·ãŒãšãããã¯ãŒã¯ ããªã·ãŒãé©å¿ãããŸãã ããšãã°ãããŒã¿ããŒã¹ã®ãããã·ã³ãå¥ã®ãããã¯ãŒã¯ ã»ã°ã¡ã³ãããŸãã¯æ¥ç¶ãããŠããå¥ã®ä»®æ³ããŒã¿ ã»ã³ã¿ãŒã«ç§»åããå Žåããã®ä»®æ³ãã·ã³çšã«äœæãããã«ãŒã«ã¯ãæ°ããå Žæã«é¢ä¿ãªãåŒãç¶ãé©çšãããŸãã ã¢ããªã±ãŒã·ã§ã³ ãµãŒããŒã¯åŒãç¶ãããŒã¿ããŒã¹ãšéä¿¡ã§ããŸãã
Edge ã²ãŒããŠã§ã€èªäœãvCNS vShield Edge 㯠NSX Edge ã«çœ®ãæããããŸããã å€ã Edge ã®çŽ³å£«çãªæ©èœããã¹ãŠåãã£ãŠããã ãã§ãªããããã€ãã®æ°ãã䟿å©ãªæ©èœãåããŠããŸãã ãããã«ã€ããŠã¯ããã«è©³ãã説æããŸãã
NSX Edge ã®æ°æ©èœã¯äœã§ãã?
NSX Edge ã®æ©èœã¯ä»¥äžã«äŸåããŸã
ãã¡ã€ã¢ãŠã©ãŒã«ã ã«ãŒã«ãé©çšãããªããžã§ã¯ããšããŠãIP ã¢ãã¬ã¹ããããã¯ãŒã¯ãã²ãŒããŠã§ã€ ã€ã³ã¿ãŒãã§ã€ã¹ãããã³ä»®æ³ãã·ã³ãéžæã§ããŸãã
DHCPã ãã®ãããã¯ãŒã¯äžã®ä»®æ³ãã·ã³ã«èªåçã«çºè¡ããã IP ã¢ãã¬ã¹ã®ç¯å²ã®æ§æã«å ããŠãNSX Edge ã«ã¯æ¬¡ã®æ©èœãè¿œå ãããŸããã ãã€ã³ãã£ã³ã° О ãªã¬ãŒ.
ã¿ãå ãã€ã³ãã£ã³ã° IP ã¢ãã¬ã¹ãå€æŽããããªãå Žåã¯ãä»®æ³ãã·ã³ã® MAC ã¢ãã¬ã¹ã IP ã¢ãã¬ã¹ã«ãã€ã³ãã§ããŸãã éèŠãªããšã¯ããã® IP ã¢ãã¬ã¹ã DHCP ããŒã«ã«å«ãŸããŠããªãããšã§ãã
ã¿ãå
ãªã¬ãŒ DHCP ã¡ãã»ãŒãžã®ãªã¬ãŒã¯ãvCloud Director ã§çµç¹ã®å€éšã«ãã DHCP ãµãŒã㌠(ç©çã€ã³ãã©ã¹ãã©ã¯ãã£ã® DHCP ãµãŒããŒãå«ã) ã«å¯ŸããŠæ§æãããŸãã
ã«ãŒãã£ã³ã°ã vShield Edge ã¯éçã«ãŒãã£ã³ã°ã®ã¿ãæ§æã§ããŸããã ããã§ã¯ãOSPF ããã³ BGP ãããã³ã«ããµããŒãããåçã«ãŒãã£ã³ã°ãç»å ŽããŸããã ECMP (ã¢ã¯ãã£ã-ã¢ã¯ãã£ã) èšå®ãå©çšå¯èœã«ãªããŸãããããã¯ãç©çã«ãŒã¿ãŒãžã®ã¢ã¯ãã£ã-ã¢ã¯ãã£ã ãã§ã€ã«ãªãŒããŒãæå³ããŸãã
OSPFã®èšå®
BGP ã®èšå®
ãã XNUMX ã€ã®æ°ããããšã¯ãç°ãªããããã³ã«éã§ã®ã«ãŒãã®è»¢éãèšå®ããããšã§ãã
ã«ãŒãã®åé
åžã
L4/L7 ããŒããã©ã³ãµãŒã X-Forwarded-For ã HTTPs ããããŒã«å°å
¥ãããŸããã 圌ãããªããŠãã¿ããªæ³£ããã ããšãã°ããã©ã³ã¹ã調æŽããŠãã Web ãµã€ãããããšããŸãã ãã®ããããŒã転éããªããŠããã¹ãŠãæ©èœããŸãããWeb ãµãŒããŒã®çµ±èšã«ã¯ã蚪åè
ã® IP ã§ã¯ãªãããã©ã³ãµãŒã® IP ã衚瀺ãããŸãã ä»ã§ã¯ãã¹ãŠãæ£ãããªããŸããã
ãŸãã[ã¢ããªã±ãŒã·ã§ã³ ã«ãŒã«] ã¿ãã§ã¯ããã©ãã£ã㯠ãã©ã³ã·ã³ã°ãçŽæ¥å¶åŸ¡ããã¹ã¯ãªãããè¿œå ã§ããããã«ãªããŸããã
VPN IPSec VPN ã«å ããŠãNSX Edge ã¯ä»¥äžããµããŒãããŸãã
- L2 VPNãå°ççã«åæ£ãããµã€ãéã§ãããã¯ãŒã¯ãæ¡åŒµã§ããŸãã ãã®ãã㪠VPN ã¯ãããšãã°ãå¥ã®ãµã€ãã«ç§»åãããšãã«ä»®æ³ãã·ã³ãåããµããããå ã«çãŸãããã® IP ã¢ãã¬ã¹ãä¿æã§ããããã«ããããã«å¿ èŠã§ãã
- SSL VPN Plus: ãŠãŒã¶ãŒãäŒæ¥ãããã¯ãŒã¯ã«ãªã¢ãŒãæ¥ç¶ã§ããããã«ããŸãã vSphere ã¬ãã«ã§ã¯ãã®ãããªæ©èœããããŸããããvCloud Director ã§ã¯ãããé©æ°ã§ãã
SSL蚌ææžã 蚌ææžã NSX Edge ã«ã€ã³ã¹ããŒã«ã§ããããã«ãªããŸããã ããã¯ãhttps ã®èšŒææžã®ãªããã©ã³ãµãŒã誰ãå¿
èŠãšããã®ããšããåé¡ã«åã³ã€ãªãããŸãã
ãªããžã§ã¯ãã®ã°ã«ãŒãåã ãã®ã¿ãã§ã¯ããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãªã©ã®ç¹å®ã®ãããã¯ãŒã¯ ã€ã³ã¿ã©ã¯ã·ã§ã³ ã«ãŒã«ãé©çšããããªããžã§ã¯ãã®ã°ã«ãŒããæå®ãããŸãã
ãããã®ãªããžã§ã¯ã㯠IP ã¢ãã¬ã¹ãš MAC ã¢ãã¬ã¹ã§ãã
ãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ã®äœææã«äœ¿çšã§ãããµãŒãã¹ (ãããã³ã«ãšããŒãã®çµã¿åãã) ãšã¢ããªã±ãŒã·ã§ã³ã®ãªã¹ãããããŸãã æ°ãããµãŒãã¹ãšã¢ããªã±ãŒã·ã§ã³ãè¿œå ã§ããã®ã¯ãvCD ããŒã¿ã«ç®¡çè
ã®ã¿ã§ãã
çµ±èš æ¥ç¶çµ±èš: ã²ãŒããŠã§ã€ããã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ãµãŒãééãããã©ãã£ãã¯ã
å IPSEC VPN ããã³ L2 VPN ãã³ãã«ã®ã¹ããŒã¿ã¹ãšçµ±èšã
ãã®ã³ã°ã [Edge èšå®] ã¿ãã§ã¯ããã°ãèšé²ãããµãŒããŒãèšå®ã§ããŸãã ãã°ã¯ DNAT/SNATãDHCPããã¡ã€ã¢ãŠã©ãŒã«ãã«ãŒãã£ã³ã°ããã©ã³ãµãŒãIPsec VPNãSSL VPN Plus ã§æ©èœããŸãã
åãªããžã§ã¯ã/ãµãŒãã¹ã§æ¬¡ã®ã¿ã€ãã®ã¢ã©ãŒãã䜿çšã§ããŸãã
-ãããã°
âèŠå
-èŽåœç
- ãšã©ãŒ
- èŠå
- ç¥ãã
- æ
å ±
NSX Edge ã®å¯žæ³
解決ããã¿ã¹ã¯ãš VMware ã®éã«å¿ããŠ
NSX ãšããž
ïŒã³ã³ãã¯ãïŒ
NSX ãšããž
ïŒå€§ïŒ
NSX ãšããž
(ã¯ã¯ããã©ãŒãž)
NSX ãšããž
ïŒÃã©ãŒãžïŒ
vCPU
1
2
4
6
ã¡ã¢ãª
512MB
1GB
1GB
8GB
ãã£ã¹ã¯
512MB
512MB
512MB
4.5GB + 4GB
ä»»åœ
1ã€
ã¢ããªã±ãŒã·ã§ã³ããã¹ã
ããŒã¿ã»ã³ã¿ãŒ
å°ãã
ãŸãã¯å¹³åçãª
ããŒã¿ã»ã³ã¿ãŒ
ããŒãæžã¿
ãã¡ã€ã¢ãŠã©ãŒã«
ãã©ã³ã¹èª¿æŽ
ã¬ãã« L7 ã§ã®è² è·
以äžã®è¡šã¯ãNSX Edge ã®ãµã€ãºã«å¿ãããããã¯ãŒã¯ ãµãŒãã¹ã®éçšã¡ããªãã¯ã瀺ããŠããŸãã
NSX ãšããž
ïŒã³ã³ãã¯ãïŒ
NSX ãšããž
ïŒå€§ïŒ
NSX ãšããž
(ã¯ã¯ããã©ãŒãž)
NSX ãšããž
ïŒÃã©ãŒãžïŒ
ã€ã³ã¿ãŒãã§ãŒã¹
10
10
10
10
ãµãã€ã³ã¿ãŒãã§ã€ã¹ (ãã©ã³ã¯)
200
200
200
200
NATã«ãŒã«
2,048
4,096
4,096
8,192
ARPãšã³ããª
äžæžããããŸã§
1,024
2,048
2,048
2,048
FWã«ãŒã«
2000
2000
2000
2000
FWããã©ãŒãã³ã¹
3Gbps
9.7Gbps
9.7Gbps
9.7Gbps
DHCP ããŒã«
20,000
20,000
20,000
20,000
ECMP ãã¹
8
8
8
8
éçã«ãŒã
2,048
2,048
2,048
2,048
LB ããŒã«
64
64
64
1,024
LB ä»®æ³ãµãŒããŒ
64
64
64
1,024
LBãµãŒããŒ/ããŒã«
32
32
32
32
LB ãã«ã¹ãã§ãã¯
320
320
320
3,072
LBç³è«ã«ãŒã«
4,096
4,096
4,096
4,096
L2VPN ã¯ã©ã€ã¢ã³ãã®ããããŒã¹ããŒã¯
5
5
5
5
ã¯ã©ã€ã¢ã³ã/ãµãŒããŒããšã® L2VPN ãããã¯ãŒã¯
200
200
200
200
IPSec ãã³ãã«
512
1,600
4,096
6,000
SSLVPN ãã³ãã«
50
100
100
1,000
SSLVPNãã©ã€ããŒããããã¯ãŒã¯
16
16
16
16
åæã»ãã·ã§ã³
64,000
1,000,000
1,000,000
1,000,000
ã»ãã·ã§ã³/ç§
8,000
50,000
50,000
50,000
LB ã¹ã«ãŒããã L7 ãããã·)
2.2Gbps
2.2Gbps
3Gbps
LB ã¹ã«ãŒããã L4 ã¢ãŒã)
6Gbps
6Gbps
6Gbps
LB æ¥ç¶æ°/ç§ (L7 ãããã·)
46,000
50,000
50,000
LB åææ¥ç¶ (L7 ãããã·)
8,000
60,000
60,000
LB æ¥ç¶æ°/ç§ (L4 ã¢ãŒã)
50,000
50,000
50,000
LB åææ¥ç¶ (L4 ã¢ãŒã)
600,000
1,000,000
1,000,000
BGP ã«ãŒã
20,000
50,000
250,000
250,000
BGP ãã€ããŒ
10
20
100
100
BGP ã«ãŒãã®åé åž
å¶éãªã
å¶éãªã
å¶éãªã
å¶éãªã
OSPFã«ãŒã
20,000
50,000
100,000
100,000
OSPF LSA ãšã³ããªæ倧 750 ã¿ã€ã 1
20,000
50,000
100,000
100,000
OSPFé£æ¥é¢ä¿
10
20
40
40
OSPF ã«ãŒãã®åé åž
2000
5000
20,000
20,000
ç·ã«ãŒãæ°
20,000
50,000
250,000
250,000
â
ãã®è¡šã¯ãçç£çãªã·ããªãªã§ã¯ã倧ãµã€ãºããã®ã¿ NSX Edge ã§ãã©ã³ã¹ã調æŽããããšãæšå¥šããããšã瀺ããŠããŸãã
ä»æ¥ã¯ããã§çµããã§ãã 次ã®ããŒãã§ã¯ãå NSX Edge ãããã¯ãŒã¯ ãµãŒãã¹ãæ§æããæ¹æ³ã詳ãã説æããŸãã
åºæïŒ habr.com