Lero ndikuwuzani momwe lingaliro lopanga netiweki yatsopano yamkati ya kampani yathu idayambira ndikukhazikitsidwa. Udindo wa Management ndikuti muyenera kudzipangira nokha ntchito yofananira ndi kasitomala. Ngati tidzichitira tokha bwino, tingaitane wogulayo ndi kusonyeza mmene zimene tikumpatsa zimagwirira ntchito ndi kugwira ntchito bwino. Choncho, tinayandikira chitukuko cha lingaliro la intaneti yatsopano ku ofesi ya Moscow mozama kwambiri, pogwiritsa ntchito njira yonse yopangira: kusanthula zofunikira za dipatimenti β kusankha njira yothetsera luso β kupanga β kukhazikitsa β kuyesa. Ndiye tiyeni tiyambe.
Kusankha Njira Yaukadaulo: Mutant Sanctuary
Njira yogwirira ntchito pamakina ovuta kwambiri pano ikufotokozedwa bwino mu GOST 34.601-90 "Automated systems. Magawo a Chilengedweβ, kotero tinagwira ntchito molingana ndi izo. Ndipo kale pa magawo a zofunikira mapangidwe ndi chitukuko cha malingaliro, tinakumana ndi zovuta zoyamba. Mabungwe a mbiri zosiyanasiyana - mabanki, makampani a inshuwalansi, opanga mapulogalamu, ndi zina zotero - chifukwa cha ntchito zawo ndi miyezo, amafunikira mitundu ina ya maukonde, zomwe zimamveka bwino komanso zokhazikika. Komabe, izi sizigwira ntchito ndi ife.
Chifukwa chiyani?
Jet Infosystems ndi kampani yayikulu yosiyanasiyana ya IT. Panthawi imodzimodziyo, dipatimenti yathu yothandizira mkati ndi yaying'ono (koma yonyada), imatsimikizira kugwira ntchito kwa ntchito zofunikira ndi machitidwe. Kampaniyo ili ndi magawo ambiri omwe amagwira ntchito zosiyanasiyana: awa ndi magulu angapo amphamvu otulutsa, komanso opanga mabizinesi m'nyumba, komanso chitetezo chazidziwitso, komanso omanga makina apakompyuta - ambiri, kaya ndi ndani. Chifukwa chake, ntchito zawo, machitidwe ndi ndondomeko zachitetezo ndizosiyana. Zomwe, monga zimayembekezeredwa, zidayambitsa zovuta pakuwunika zosowa ndi kukhazikika.
Pano, mwachitsanzo, ndi dipatimenti yachitukuko: antchito ake amalemba ndikuyesa ma code kwa makasitomala ambiri. Nthawi zambiri pamakhala kufunikira kokonzekera mwachangu malo oyeserera, ndipo kunena zoona, sizotheka nthawi zonse kupanga zofunikira pa projekiti iliyonse, kupempha zothandizira ndikumanga malo oyesera padera malinga ndi malamulo onse amkati. Izi zimabweretsa zovuta: tsiku lina wantchito wanu wodzichepetsa adayang'ana m'chipinda cha omanga ndipo adapeza pansi pa tebulo gulu la Hadoop logwira ntchito bwino la ma desktops 20, lomwe linali lolumikizidwa mosadziwika bwino ndi netiweki wamba. Sindikuganiza kuti ndizoyenera kufotokozera kuti dipatimenti ya IT ya kampaniyo sinadziwe za kukhalapo kwake. Mkhalidwe uwu, monga ena ambiri, ndiwo unachititsa kuti panthawi ya chitukuko cha polojekitiyi, mawu akuti "mutant reserve" adabadwa, kufotokoza momwe maofesi a ofesi amakhalira oleza mtima.
Kapena apa pali chitsanzo china. Nthawi ndi nthawi, benchi yoyesera imakhazikitsidwa mkati mwa dipatimenti. Izi zinali choncho ndi Jira ndi Confluence, zomwe zinagwiritsidwa ntchito pang'ono ndi Software Development Center m'mapulojekiti ena. Patapita nthawi, madipatimenti ena adaphunzira za zinthu zothandizazi, adazisanthula, ndipo kumapeto kwa 2018, Jira ndi Confluence adachoka pa "chidole cha okonza mapulogalamu a m'deralo" kukhala "zothandizira zakampani." Tsopano mwiniwake ayenera kupatsidwa machitidwe awa, SLAs, ndondomeko zopezera / chitetezo chidziwitso, ndondomeko zosunga zobwezeretsera, kuyang'anira, malamulo oyendetsera zopempha kuti athetse mavuto ayenera kufotokozedwa - kawirikawiri, zikhumbo zonse za dongosolo lachidziwitso lathunthu liyenera kukhalapo. .
Iliyonse mwa magawo athu ndi chofungatira chomwe chimalima zinthu zake. Ena amamwalira panthawi yachitukuko, ena timawagwiritsa ntchito pogwira ntchito, pamene ena amazika mizu ndikukhala mayankho omwe timayamba kugwiritsa ntchito tokha ndikugulitsa kwa makasitomala. Kwa dongosolo lililonse loterolo, ndilofunika kukhala ndi malo ake ochezera a pa Intaneti, kumene adzakula popanda kusokoneza machitidwe ena, ndipo panthawi ina akhoza kuphatikizidwa kuzinthu zamakampani.
Kuphatikiza pa chitukuko, tili ndi chachikulu kwambiri ndi antchito opitilira 500, opangidwa kukhala magulu a kasitomala aliyense. Amagwira nawo ntchito yosamalira maukonde ndi machitidwe ena, kuyang'anira kutali, kuthetsa madandaulo, ndi zina zotero. Ndiye kuti, zomangamanga za SC ndizomwe zimapangidwira makasitomala omwe akugwira nawo ntchito pano. Chodziwika bwino chogwira ntchito ndi gawo ili la maukonde ndikuti malo awo ogwirira ntchito a kampani yathu ndi ena akunja, komanso amkati. Chifukwa chake, kwa SC tinagwiritsa ntchito njira zotsatirazi - kampaniyo imapereka dipatimenti yofananira ndi maukonde ndi zinthu zina, poganizira malo ogwirira ntchito m'madipatimentiwa ngati kulumikizana kwakunja (mwa fanizo ndi nthambi ndi ogwiritsa ntchito akutali).
Mapangidwe a msewu waukulu: ndife oyendetsa (zodabwitsa)
Titapenda misampha yonse, tinazindikira kuti tikupeza maukonde a wogwiritsa ntchito matelefoni muofesi imodzi, ndipo tinayamba kuchitapo kanthu.
Tidapanga maukonde oyambira mothandizidwa ndi omwe aliyense wamkati, komanso mtsogolomonso akunja, ogula amapatsidwa ntchito yofunikira: L2 VPN, L3 VPN kapena njira yanthawi zonse ya L3. Madipatimenti ena amafunikira intaneti yotetezeka, pomwe ena amafunikira mwayi wopanda zotchingira zozimitsa moto, koma nthawi yomweyo kuteteza chuma chathu chamakampani ndi maukonde oyambira kumayendedwe awo.
"Tidamaliza SLA" mwamwayi ndi gawo lililonse. Mogwirizana ndi izi, zochitika zonse zomwe zimachitika ziyenera kuthetsedwa mkati mwa nthawi yomwe idagwirizana kale. Zofunikira zamakampani pamaneti ake zidakhala zokhwima. Nthawi yokwanira yoyankha ku chochitika pakagwa foni ndi imelo kulephera kunali mphindi 5. Nthawi yobwezeretsa magwiridwe antchito a netiweki panthawi yolephereka sikupitilira miniti imodzi.
Popeza tili ndi maukonde onyamulira, mutha kulumikizana nawo motsatira malamulo. Magawo a mautumiki amakhazikitsa ndondomeko ndikupereka chithandizo. Safuna ngakhale chidziwitso chokhudzana ndi ma seva enieni, makina enieni ndi malo ogwirira ntchito. Koma panthawi imodzimodziyo, njira zotetezera ndizofunikira, chifukwa palibe mgwirizano umodzi womwe uyenera kulepheretsa maukonde. Ngati chipika chapangidwa mwangozi, ogwiritsa ntchito ena sayenera kuzindikira izi, ndiko kuti, kuyankha kokwanira kuchokera pa intaneti ndikofunikira. Wogwiritsa ntchito telecom nthawi zonse amathetsa mavuto omwe amawoneka ngati ovuta mkati mwa netiweki yake yayikulu. Amapereka chithandizo kwa makasitomala ambiri omwe ali ndi zosowa zosiyanasiyana komanso magalimoto. Panthawi imodzimodziyo, olembetsa osiyanasiyana sayenera kukumana ndi zovuta zamtundu wa anthu ena.
Kunyumba, tinathetsa vutoli motere: tinamanga nsana wa L3 network ndi redundancy kwathunthu, pogwiritsa ntchito protocol IS-IS. Network overlay inamangidwa pamwamba pa pachimake potengera ukadaulo /, pogwiritsa ntchito protocol yolowera . Pofuna kufulumizitsa kuphatikizika kwa ma protocol, ukadaulo wa BFD unagwiritsidwa ntchito.
Network kapangidwe
M'mayesero, chiwembuchi chinadziwonetsa kukhala chabwino kwambiri - pamene njira iliyonse kapena kusinthana kwatsekedwa, nthawi yolumikizana siposa 0.1-0.2 s, mapaketi ochepera amatayika (nthawi zambiri palibe), magawo a TCP samang'ambika, kukambirana patelefoni. sizimasokonezedwa.
Pansi Pansi - Njira
Wowonjezera Wowonjezera - Njira
Ma switch a Huawei CE6870 okhala ndi ziphaso za VXLAN adagwiritsidwa ntchito ngati zosinthira zogawa. Chipangizochi chili ndi chiwerengero chabwino cha mtengo / khalidwe, kukulolani kuti mugwirizane ndi olembetsa pa liwiro la 10 Gbit / s, ndikugwirizanitsa ndi msana pa liwiro la 40-100 Gbit / s, malingana ndi ma transceivers omwe amagwiritsidwa ntchito.
Huawei CE6870 kusintha
Zosintha za Huawei CE8850 zidagwiritsidwa ntchito ngati zosinthira zoyambira. Cholinga chake ndikutumiza magalimoto mwachangu komanso modalirika. Palibe zida zomwe zimalumikizidwa kwa iwo kupatula masiwichi ogawa, sadziwa chilichonse chokhudza VXLAN, kotero mtundu wokhala ndi madoko a 32 40/100 Gbps unasankhidwa, ndi chilolezo choyambirira chomwe chimapereka njira ya L3 ndi chithandizo cha IS-IS ndi MP-BGP. protocol.
Pansi pake ndi Huawei CE8850 core switch
Pamakonzedwe apangidwe, zokambirana zinayambika mkati mwa gululo za matekinoloje omwe angagwiritsidwe ntchito kukhazikitsa kugwirizana kosalekeza kwa ma node apakatikati. Ofesi yathu ya ku Moscow ili m'nyumba zitatu, tili ndi zipinda zogawa 7, zomwe zili ndi ma switches awiri a Huawei CE6870 (ma switches okhawo amaikidwa m'zipinda zingapo zogawa). Popanga lingaliro la netiweki, njira ziwiri za redundancy zidaganiziridwa:
- Kuphatikizika kwa masinthidwe ogawa kukhala mulu wololera zolakwika mchipinda chilichonse cholumikizirana. Ubwino: kuphweka komanso kosavuta kukhazikitsa. Zoipa: pali kuthekera kwakukulu kwa kulephera kwa stack yonse pamene zolakwika zimachitika mu firmware ya zipangizo zamakina ("kukumbukira kukumbukira" ndi zina zotero).
- Gwiritsani ntchito matekinoloje a M-LAG ndi Anycast pachipata kuti mulumikizane ndi zida ndi masiwichi ogawa.
Pamapeto pake, tinakhazikika pa njira yachiwiri. Zimakhala zovuta kuzikonza, koma zawonetsa pochita ntchito yake komanso kudalirika kwakukulu.
Tiyeni tikambirane kaye kulumikiza zida zomaliza ndi masiwichi ogawa:
Mtanda
Chosinthira chofikira, seva, kapena chida china chilichonse chomwe chimafunikira kulumikizana kosalakwitsa chimaphatikizidwa muzosintha ziwiri zogawa. Ukadaulo wa M-LAG umapereka kuperewera pamlingo wamalumikizidwe a data. Zimaganiziridwa kuti zosintha ziwiri zogawa zimawonekera ku zida zolumikizidwa ngati chipangizo chimodzi. Redundancy ndi kusanja katundu kumachitika pogwiritsa ntchito protocol ya LACP.
Anycast pachipata luso amapereka redundancy pa mlingo maukonde. Ma VRF ambiri amapangidwa pa masiwichi aliwonse ogawa (VRF iliyonse imapangidwira zolinga zake - padera kwa ogwiritsa ntchito "wanthawi zonse", padera pa telefoni, padera pazoyesa zosiyanasiyana ndi chitukuko, ndi zina), komanso m'malo aliwonse. VRF ili ndi ma VLAN angapo okonzedwa. Mumanetiweki athu, zosinthira zogawa ndizozipata zosasinthika za zida zonse zolumikizidwa kwa iwo. Ma adilesi a IP omwe amafanana ndi mawonekedwe a VLAN ndi ofanana pazosintha zonse ziwiri. Magalimoto amadutsa pa switch yapafupi.
Tsopano tiyeni tiwone kulumikiza masiwichi ogawa ku kernel:
Kulekerera zolakwika kumaperekedwa pa intaneti pogwiritsa ntchito protocol ya IS-IS. Chonde dziwani kuti mzere wolumikizana wa L3 wosiyana umaperekedwa pakati pa zosintha, pa liwiro la 100G. Mwathupi, chingwe cholumikizira ichi ndi chingwe cha Direct Access chikhoza kuwoneka kumanja pa chithunzi cha masiwichi a Huawei CE6870.
Njira ina ingakhale kukonza "zowona" zolumikizidwa kwathunthu ndi nyenyezi ziwiri, koma, monga tafotokozera pamwambapa, tili ndi zipinda 7 zolumikizirana m'nyumba zitatu. Chifukwa chake, tikadasankha topology ya "nyenyezi ziwiri", tikadafunikira kuwirikiza kawiri ma transceivers a 40G "akutali". Ndalama zosungira pano ndizofunika kwambiri.
Mawu ochepa ayenera kunenedwa za momwe VXLAN ndi Anycast gateway matekinoloje amagwirira ntchito limodzi. VXLAN, osalowa mwatsatanetsatane, ndi ngalande yonyamula mafelemu a Ethernet mkati mwa mapaketi a UDP. Kulumikizana kwa loopback kwa masinthidwe ogawa kumagwiritsidwa ntchito ngati adilesi ya IP ya munjira ya VXLAN. Kulumikizana kulikonse kumakhala ndi masiwichi awiri okhala ndi ma adilesi ofanana a loopback, kotero paketi imatha kufika pa iliyonse ya iwo, ndipo chimango cha Ethernet chitha kuchotsedwamo.
Ngati chosinthiracho chikudziwa za komwe adilesi ya MAC ya chimango chobwezedwa, chimangocho chidzaperekedwa komwe chikupita. Kuwonetsetsa kuti masiwiwi onse ogawa omwe adayikidwa pamtanda womwewo ali ndi zidziwitso zaposachedwa za ma adilesi onse a MAC "obwera" kuchokera pazosinthira zolowera, makina a M-LAG ali ndi udindo wolumikiza ma adilesi a MAC (komanso ARP). table) pa masiwichi onse awiri a M-LAG.
Kulinganiza kwa magalimoto kumatheka chifukwa cha kupezeka kwa netiweki yapansi panthaka ya misewu ingapo yopita kumalo olowera kumbuyo kwa masiwichi ogawa.
M'malo mapeto
Monga tafotokozera pamwambapa, pakuyezetsa ndikugwiritsa ntchito maukonde adawonetsa kudalirika kwakukulu (nthawi yobwezeretsanso zolephera zomwe zimalephera siziposa mazana a ma milliseconds) ndikuchita bwino - kulumikizana kulikonse kumalumikizidwa pachimake ndi njira ziwiri za 40 Gbit / s. Zosintha zofikira pamanetiweki athu zimapakidwa ndikulumikizidwa ndi masiwichi ogawa kudzera pa LACP/M-LAG yokhala ndi mayendedwe awiri a 10 Gbit/s. Mundawu nthawi zambiri umakhala ndi masiwichi 5 okhala ndi ma doko 48 aliwonse, ndipo mpaka ma stacks 10 ofikira amalumikizidwa ndi kugawa pamalumikizidwe aliwonse. Chifukwa chake, msana umapereka za 30 Mbit / s pa wogwiritsa ntchito ngakhale pazambiri zongopeka, zomwe panthawi yolemba ndizokwanira pazogwiritsa ntchito zathu zonse.
Netiweki imakupatsani mwayi wokonza zolumikizana ndi zida zilizonse zolumikizidwa mosavutikira kudzera pa L2 ndi L3, ndikupereka kudzipatula kwathunthu kwa magalimoto (omwe achitetezo azidziwitso amakonda) ndi madera olakwika (omwe gulu la opareshoni limakonda).
Mu gawo lotsatira tidzakuuzani momwe tinasamukira ku netiweki yatsopano. Dzimvetserani!
Maxim Klochkov
Mlangizi wamkulu wa ma network audit and complex project group
Network Solutions Center
"Jet Infosystems"
Source: www.habr.com