M'magawo awiri apitawo (, ) tinayang'ana pa mfundo zomwe fakitale yatsopano yachizolowezi inamangidwa, ndipo tinakambirana za kusamuka kwa ntchito zonse. Tsopano ndi nthawi yoti tikambirane za fakitale ya seva.
M'mbuyomu, tinalibe magawo osiyana a seva: masinthidwe a seva adalumikizidwa pachimake chofanana ndi masiwichi ogawa ogwiritsa ntchito. Kuwongolera kolowera kunkachitika pogwiritsa ntchito ma intaneti (VLANs), njira za VLAN zidachitika nthawi ina - pachimake (malinga ndi mfundoyi. ).
Zida zakale zama network
Nthawi yomweyo ndi netiweki yatsopano yamaofesi, tidaganiza zomanga chipinda chatsopano cha seva ndi fakitale yatsopano yake. Zinakhala zazing'ono (makabati atatu a seva), koma motsata ma canon onse: choyambira chosiyana pa masiwichi a CE8850, topology yokhazikika (tsamba la msana), pamwamba pa rack (ToR) CE6870 masiwichi, awiri osiyana. zosinthira kuti zigwirizane ndi maukonde ena onse (masamba amalire). Mwachidule, wathunthu mincemeat.
Network ya fakitale yatsopano ya seva
Tinaganiza zosiya seva ya SCS kuti tigwirizane ndi ma seva mwachindunji ku ma switch a ToR. Chifukwa chiyani? Tili kale ndi zipinda ziwiri za seva, zomwe zimamangidwa pogwiritsa ntchito seva SCS, ndipo tazindikira kuti izi ndi:
- zovuta kugwiritsa ntchito (zolumikizira zambiri, muyenera kusintha mosamala chipika cha chingwe);
- okwera mtengo malinga ndi malo okhala ndi zigamba;
- ndi chopinga pamene kuli kofunikira kuonjezera liwiro la kugwirizana kwa ma seva (mwachitsanzo, sinthani kuchokera ku 1 Gbit / s kugwirizana pa mkuwa kupita ku 10 Gbit / s pa kuwala).
Pamene tikusamukira ku fakitale yatsopano ya seva, tinayesera kuchoka pa ma seva olumikiza pa liwiro la 1 Gbit / s ndikudzichepetsera ku 10 Gbit interfaces. Pafupifupi ma seva onse akale omwe sangathe kuchita izi adasinthidwa, ndipo ena onse adalumikizidwa kudzera pa ma transceivers a gigabit kupita ku madoko 10 a gigabit. Tidachita masamu ndipo tidaganiza kuti zitha kukhala zotsika mtengo kuposa kuwayikira ma switch a gigabit.
Kusintha kwa ToR
Komanso m'chipinda chathu chatsopano cha seva, tidayika masiwichi osiyana a out-of-band management (OOM) okhala ndi madoko 24, amodzi pa rack. Lingaliro ili lidakhala labwino kwambiri, koma panalibe madoko okwanira, nthawi ina tidzakhazikitsa ma switch a OOM okhala ndi madoko 48.
Timalumikiza malo olumikizirana ndi ma seva akutali monga ILO, kapena iBMC mu Huawei terminology, ku netiweki ya OOM. Ngati seva yataya kugwirizana kwake kwakukulu ndi intaneti, ndiye kuti zidzatheka kuzifikira kudzera mu mawonekedwe awa. Komanso, mawonekedwe owongolera a ma switch a ToR, masensa kutentha, mawonekedwe owongolera a UPS ndi zida zina zofananira zimalumikizidwa ndi masiwichi a OOM. Netiweki ya OOM imapezeka kudzera pa mawonekedwe osiyana a firewall.
OOM Network Connection
Kuphatikizira ma seva ndi maukonde ogwiritsa ntchito
Mufakitale yokhazikika, ma VRF apadera amagwiritsidwa ntchito pazifukwa zosiyanasiyana - kulumikiza malo ogwirira ntchito, makina owonera makanema, makina owonera makanema m'zipinda zochitira misonkhano, kukonza malo ndi malo owonetsera, ndi zina zambiri.
Gulu lina la VRF lapangidwa mu fakitale ya seva:
- Kulumikiza ma seva okhazikika omwe ntchito zamakampani zimatumizidwa.
- VRF yosiyana, yomwe ma seva omwe ali ndi intaneti amatumizidwa.
- VRF yosiyana ya ma seva a database omwe amangofikiridwa ndi ma seva ena (mwachitsanzo, ma seva a pulogalamu).
- Patulani VRF pamakalata athu (MS Exchange + Skype for Business).
Chifukwa chake tili ndi ma VRF pagawo la fakitale ya ogwiritsa ntchito ndi ma VRF mbali ya fakitale ya seva. Ma seti onsewa amayikidwa pamagulu a corporate firewall (FW). Ma ME amalumikizidwa ndi masiwichi amalire (masamba amalire) a nsalu zonse za seva ndi nsalu ya ogwiritsa ntchito.
Kulumikizana ndi mafakitale kudzera mu ME - physics
Kulumikizana ndi mafakitale kudzera mu ME - logic
Kodi kusamukako kunayenda bwanji?
Panthawi yosamuka, tidalumikiza mafakitale atsopano ndi akale a seva pamlingo wolumikizira deta, kudzera mumitengo yanthawi yochepa. Kuti tisamuke ma seva omwe ali mu VLAN yeniyeni, tinapanga malo osiyana a mlatho, omwe anaphatikizapo VLAN ya fakitale yakale ya seva ndi VXLAN ya fakitale yatsopano ya seva.
Kukonzekera kumawoneka motere, mizere iwiri yomaliza ndi yofunika:
bridge-domain 22
vxlan vni 600022
evpn
route-distinguisher 10.xxx.xxx.xxx:60022
vpn-target 6xxxx:60022 export-extcommunity
vpn-target 6xxxx:60022 import-extcommunity
interface Eth-Trunk1
mode lacp-static
dfs-group 1 m-lag 1
interface Eth-Trunk1.1022 mode l2
encapsulation dot1q vid 22
bridge-domain 22
Kusamuka kwa makina enieni
Kenaka, pogwiritsa ntchito VMware vMotion, makina enieni mu VLAN iyi adasamutsidwa kuchokera ku hypervisors akale (mtundu 5.5) kupita ku atsopano (mtundu 6.5). Pa nthawi yomweyi, ma seva a hardware adasinthidwa.
MukayesansoKonzani MTU pasadakhale ndikuyang'ana ndimeyi ya mapaketi akulu "mapeto mpaka kumapeto".
Mu netiweki yakale ya seva, tidagwiritsa ntchito VMware vShield virtual firewall. Popeza VMware sichirikizanso chida ichi, tinasintha kuchokera ku vShield kupita ku hardware firewalls nthawi yomweyo tinasamukira ku famu yatsopano.
Pambuyo panalibe ma seva otsala mu VLAN inayake pa netiweki yakale, tidasintha njira. M'mbuyomu, zidachitika pachimake chakale, chomangidwa pogwiritsa ntchito ukadaulo wa Collapsed Backbone, ndipo mu fakitale yatsopano ya seva tidagwiritsa ntchito ukadaulo wa Anycast Gateway.
Kusintha njira
Pambuyo posintha njira ya VLAN yeniyeni, idachotsedwa kuchokera ku mlatho wa mlatho ndikuchotsedwa ku thunthu pakati pa maukonde akale ndi atsopano, mwachitsanzo, inasamukira ku fakitale yatsopano ya seva. Chifukwa chake, tidasamukira pafupifupi ma VLAN 20.
Chifukwa chake tidapanga netiweki yatsopano, seva yatsopano komanso famu yatsopano yowonera. M'nkhani yotsatirayi tikambirana zomwe tidachita ndi Wi-Fi.
Maxim Klochkov
Mlangizi wamkulu wa ma network audit and complex project group
Network Solutions Center
"Jet Infosystems"
Source: www.habr.com