Moni, dzina langa ndine Kostya Kramlikh, ndine woyambitsa gulu la Virtual Private Cloud division ku Yandex.Cloud. Ndine wogwiritsa ntchito intaneti, ndipo monga momwe mungaganizire, m'nkhaniyi ndilankhula za chipangizo cha Virtual Private Cloud (VPC) komanso ma netiweki odziwika makamaka. Ndipo mupezanso chifukwa chomwe ife, oyambitsa ntchitoyo, timayamikira ndemanga zochokera kwa ogwiritsa ntchito. Koma zinthu zoyamba choyamba.
VPC ndi chiyani?
Masiku ano, pali njira zosiyanasiyana zoperekera ntchito. Ndikukhulupirira kuti wina amasungabe seva pansi pa desiki la woyang'anira, ngakhale ndikuyembekeza kuti nkhani zoterezi ndi zochepa.
Tsopano mautumiki akuyesera kupita ku mitambo ya anthu, ndipo apa ndi pamene amamenyana ndi VPC. VPC ndi gawo la mtambo wapagulu womwe umagwirizanitsa ogwiritsa ntchito, zomangamanga, nsanja ndi maluso ena palimodzi, kulikonse komwe ali, mumtambo wathu kapena kunja kwake. Panthawi imodzimodziyo, VPC imakulolani kuti musawonetsere izi pa intaneti mosayenera, zimakhalabe mkati mwa intaneti yanu yakutali.
Kodi netiweki yeniyeni imawoneka bwanji kuchokera kunja?
Ndi VPC, tikutanthauza ma netiweki ophatikizika ndi mautumiki apaintaneti, monga VPNaaS, NATaas, LBaas, ndi zina zotero. apa, pa Habre.
Tiyeni tione mwatsatanetsatane maukonde pafupifupi ndi chipangizo chake.
Ganizirani magawo awiri opezeka. Timapereka maukonde enieni - zomwe tidatcha VPC. M'malo mwake, imatanthawuza danga lapadera la ma adilesi anu "otuwa". Mu netiweki iliyonse, mumatha kuwongolera malo a maadiresi omwe mungawagawire kuti muwerenge zinthu.
Network ndi yapadziko lonse lapansi. Nthawi yomweyo, ikuwonetsedwa pagawo lililonse lomwe likupezeka ngati gulu lotchedwa Subnet. Pa Subnet iliyonse, mumagawira CIDR ya kukula 16 kapena kuchepera. Pakhoza kukhala zinthu zambiri ngati izi m'malo aliwonse omwe akupezeka, ndipo nthawi zonse pamakhala njira zowonekera pakati pawo. Izi zikutanthauza kuti zida zanu zonse mkati mwa VPC yomweyo zitha "kulankhulana" wina ndi mnzake, ngakhale zili m'malo osiyanasiyana opezeka. "Kulankhulana" popanda intaneti, kudzera mumayendedwe athu amkati, "kuganiza" kuti ali mkati mwamaneti omwewo.
Chithunzi pamwambapa chikuwonetsa momwe zinthu zilili: ma VPC awiri omwe amadutsana penapake mumaadiresi. Onse akhoza kukhala anu. Mwachitsanzo, imodzi yopangira chitukuko, ina yoyesera. Pakhoza kukhala ogwiritsa ntchito osiyanasiyana - pamenepa zilibe kanthu. Ndipo makina amodzi amalumikizidwa mu VPC iliyonse.
Tiyeni tichite chiwembucho. Mutha kuzipanga kuti makina amodzi atsekeke mu Subnets angapo nthawi imodzi. Ndipo osati monga choncho, koma mu maukonde osiyana pafupifupi.
Nthawi yomweyo, ngati mukufuna kuwonetsa makina pa intaneti, izi zitha kuchitika kudzera mu API kapena UI. Kuti muchite izi, muyenera kukonza kumasulira kwa NAT kwa "imvi", adilesi yanu yamkati, kukhala "yoyera" - pagulu. Simungasankhe adilesi "yoyera", imaperekedwa mwachisawawa kuchokera pama adilesi athu. Mukangosiya kugwiritsa ntchito IP yakunja, imabwereranso kudziwe. Mumalipira nthawi yokhayo yogwiritsira ntchito adilesi "yoyera".
Ndikothekanso kupatsa makina mwayi wopezeka pa intaneti pogwiritsa ntchito chitsanzo cha NAT. Mutha kuwongolera kuchuluka kwa magalimoto pachitsanzo kudzera pa tebulo lokhazikika. Tapereka nkhaniyi, chifukwa ogwiritsa ntchito nthawi zina amafunikira, ndipo timadziwa za izo. Chifukwa chake, mndandanda wathu wazithunzi uli ndi chithunzi chokonzedwa mwapadera cha NAT.
Koma ngakhale pakakhala chithunzi chokonzeka cha NAT, kukhazikitsa kungakhale kovuta. Tidamvetsetsa kuti kwa ogwiritsa ntchito iyi si njira yabwino kwambiri, chifukwa chake pamapeto tidapangitsa kuti NAT ikhale ndi Subnet yomwe mukufuna ndikudina kamodzi. Eeci cibikkilizyidwe munzila iitali kabotu, mbocikonzya kucitwa munzila yakumuuya.
Momwe netiweki yeniyeni imapangidwira kuchokera mkati
Kodi wogwiritsa ntchito amalumikizana bwanji ndi netiweki yeniyeni? Ukonde umawoneka kunja ndi API yake. Wogwiritsa amabwera ku API ndikugwira ntchito ndi dziko lomwe akufuna. Kupyolera mu API, wogwiritsa ntchito amawona momwe chirichonse chiyenera kukonzedweratu ndi kukonzedwa, pamene akuwona momwe alili, momwe dziko lenilenili limasiyana ndi lomwe likufunikira. Ichi ndi chithunzi cha wogwiritsa ntchito. Kodi chikuchitika ndi chiyani mkatimo?
Timalemba zomwe tikufuna ku Yandex Database ndikupita kukakonza magawo osiyanasiyana a VPC yathu. Netiweki yokulirapo mu Yandex.Cloud imachokera pazigawo zosankhidwa za OpenContrail, zomwe zangotchedwa Tungsten Fabric. Ntchito zapaintaneti zimakhazikitsidwa papulatifomu imodzi ya CloudGate. Mu CloudGate, tidagwiritsanso ntchito zigawo zingapo zotseguka: GoBGP - kuti tipeze chidziwitso chowongolera, komanso VPP - kukhazikitsa rauta ya pulogalamu yomwe imayenda pamwamba pa DPDK panjira ya data.
Tungsten Fabric imalumikizana ndi CloudGate kudzera pa GoBGP. Imawulula zomwe zikuchitika mu netiweki ya overlay. CloudGate, nayonso, imalumikiza maukonde ophatikizika wina ndi mnzake komanso ndi intaneti.
Tsopano tiyeni tiwone momwe netiweki yeniyeni imathetsera mavuto akukulitsa ndi kupezeka. Tiyeni tikambirane nkhani yosavuta. Pali malo amodzi omwe amapezeka ndipo ma VPC awiri amapangidwa mmenemo. Tidatumiza chitsanzo chimodzi cha Tungsten Fabric, ndipo chimakoka maukonde masauzande angapo. Maukonde amalumikizana ndi CloudGate. CloudGate, monga tanena kale, imatsimikizira kulumikizana kwawo wina ndi mnzake komanso ndi intaneti.
Tinene kuti gawo lachiwiri lopezeka lawonjezeredwa. Iyenera kulephera kwathunthu popanda woyamba. Chifukwa chake, mugawo lachiwiri lopezeka, tiyenera kukhazikitsa chosiyana cha Tungsten Fabric. Ichi chidzakhala dongosolo lapadera lomwe limagwira ntchito zophimba pamwamba ndipo sadziwa pang'ono za dongosolo loyamba. Ndipo kuwoneka kuti maukonde athu enieni ndi apadziko lonse lapansi, kwenikweni, amapanga VPC API yathu. Iyi ndi ntchito yake.
VPC1 imayikidwa pa Kupezeka Zone B ngati pali zothandizira mu Kupezeka Zone B zomwe zimakankhidwira ku VPC1. Ngati palibe zothandizira kuchokera ku VPC2 m'dera lopezeka B, sitipanga VPC2 m'derali. Nayenso, popeza chuma chochokera ku VPC3 chilipo m'chigawo B chokha, VPC3 kulibe m'chigawo A. Chilichonse ndi chosavuta komanso chomveka.
Tiyeni tipite mozama pang'ono ndikuwona momwe wolandila wina mu Y.Cloud amagwirira ntchito. Chinthu chachikulu chomwe ndikufuna kudziwa ndikuti makamu onse amakonzedwa mofanana. Timapanga kuti ntchito zochepa zokha ziziyenda pa hardware, zina zonse zimayenda pamakina enieni. Timamanga ntchito zapamwamba kutengera ntchito zoyambira, komanso timagwiritsa ntchito Cloud kuthana ndi zovuta zina zamainjiniya, mwachitsanzo, mkati mwa Continuous Integration.
Ngati tiyang'ana pagulu linalake, titha kuwona kuti pali zigawo zitatu zomwe zikuyenda pa OS yomwe ikubwera:
- Kuwerengera - gawo lomwe limayang'anira kugawa zida zamakompyuta kwa omwe akuchititsa.
- VRouter ndi gawo la Tungsten Fabric yomwe imapanga zokutira, ndiye kuti, imayendetsa mapaketi kudzera pazitsulo.
- VDisks ndi magawo azinthu zosungirako.
Kuphatikiza apo, mautumiki amakhazikitsidwa pamakina enieni: Ntchito zamakina amtambo, ntchito zamapulatifomu ndi kuthekera kwamakasitomala. Kuthekera kwamakasitomala ndi ntchito zamapulatifomu nthawi zonse zimapita pamwamba pa VRouter.
Ntchito zomangamanga zimatha kumamatira pazowonjezera, koma makamaka zimafuna kugwira ntchito pansi. Iwo anakanidwa mu underlay mothandizidwa ndi SR-IOV. M'malo mwake, timadula makhadiwo kukhala makhadi apaintaneti (ntchito zenizeni) ndikuwakankhira m'makina owoneka bwino kuti asataye ntchito. Mwachitsanzo, CloudGate yomweyi imayambitsidwa ngati imodzi mwamakina awa.
Tsopano popeza tafotokoza ntchito zapadziko lonse lapansi za netiweki wapadziko lonse lapansi komanso kapangidwe kazinthu zoyambira pamtambo, tiyeni tiwone momwe magawo osiyanasiyana a netiweki amalumikizirana.
Timasiyanitsa zigawo zitatu mu dongosolo lathu:
- Config Plane - imakhazikitsa dongosolo lomwe mukufuna. Izi ndi zomwe wogwiritsa ntchito amakonza kudzera pa API.
- Control Plane - imapereka semantics yofotokozedwa ndi ogwiritsa ntchito, ndiko kuti, imabweretsa dziko la Data Plane ku zomwe zidafotokozedwa ndi wogwiritsa ntchito mu Config Plane.
- Data Plane - imayendetsa mwachindunji mapaketi a ogwiritsa ntchito.
Monga ndanenera pamwambapa, zonse zimayamba ndi chakuti wogwiritsa ntchito kapena ntchito yamkati ya pulatifomu imabwera ku API ndikufotokozera dziko linalake.
Dzikoli limalembedwa nthawi yomweyo ku Yandex Database, limabweza ID ya opareshoni ya asynchronous kudzera pa API, ndikuyamba makina athu amkati kuti abwezeretse dziko lomwe wogwiritsa ntchitoyo amafuna. Ntchito zosinthira zimapita kwa wowongolera wa SDN ndikuwuza Tungsten Fabric zoyenera kuchita pakukuta. Mwachitsanzo, amasunga madoko, ma network enieni, ndi zina zotero.
Config Plane mu Tungsten Fabric imatumiza malo ofunikira ku Control Plane. Kupyolera mu izi, Config Plane imalumikizana ndi omwe akukhala nawo, ndikuwuza zomwe zidzachitike posachedwa.
Tsopano tiyeni tiwone momwe dongosolo limawonekera pa makamu. Makina enieni ali ndi adaputala ya netiweki yolumikizidwa mu VRouter. VRouter ndi gawo lalikulu la Tungsten Fabric lomwe limayang'ana mapaketi. Ngati pali kale kutuluka kwa phukusi lina, gawoli limayendetsa. Ngati palibe kutuluka, gawoli limachita zomwe zimatchedwa punting, ndiko kuti, zimatumiza paketi ku ndondomeko ya usermod. Njirayi imagawa paketiyo ndikuyankha yokha, monga DHCP ndi DNS, kapena imauza VRouter chochita nayo. Pambuyo pake, VRouter imatha kukonza paketi.
Kupitilira apo, kuchuluka kwa magalimoto pakati pamakina omwe ali mkati mwa netiweki yomweyo kumapita mowonekera, sikulunjikitsidwa ku CloudGate. Makasitomala omwe makina enieni amatumizidwa amalumikizana mwachindunji. Amawongolera magalimoto ndikutumizirana wina ndi mnzake kudzera pamunsi.
Maplaneti Owongolera amalumikizana wina ndi mnzake pakati pazigawo zopezeka kudzera pa BGP, monga rauta ina. Amauza makina omwe ali komweko kuti ma VM a mdera limodzi athe kulumikizana mwachindunji ndi ma VM ena.
Ndipo Control Plane imalumikizana ndi CloudGate. Momwemonso, limafotokoza komwe ndi makina omwe amakwezedwa, ma adilesi omwe ali nawo. Izi zimakuthandizani kuti muwongolere magalimoto akunja ndi magalimoto kuchokera kwa owongolera kupita kwa iwo.
Magalimoto omwe amachoka ku VPC amabwera ku CloudGate, kupita ku njira ya data, komwe VPP yokhala ndi mapulagini athu imafufuzidwa mwachangu. Kenako magalimoto amathamangitsidwa ku ma VPC ena kapena kunja, kupita kumalire amalire omwe amakonzedwa kudzera mu Control Plane ya CloudGate yokha.
Zokonzekera zamtsogolo posachedwa
Ngati tifotokozera mwachidule zonse zomwe zanenedwa pamwambapa m'mawu ochepa, tikhoza kunena kuti VPC mu Yandex.Cloud imathetsa ntchito ziwiri zofunika:
- Amapereka kudzipatula pakati pa makasitomala osiyanasiyana.
- Amaphatikiza zothandizira, zomangamanga, ntchito zamapulatifomu, mitambo ina komanso pamalo amodzi kukhala netiweki imodzi.
Ndipo kuti muthe kuthetsa mavutowa bwino, muyenera kupereka scalability ndi kulolerana zolakwika pamlingo wa zomangamanga zamkati, zomwe VPC imachita.
Pang'onopang'ono VPC imapeza ntchito, timakhazikitsa zatsopano, timayesetsa kukonza china chake potengera kusavuta kwa ogwiritsa ntchito. Malingaliro ena amanenedwa ndikukhala pamndandanda wotsogola chifukwa cha anthu amdera lathu.
Pakali pano tili ndi mndandanda wa mapulani amtsogolo:
- VPN ngati ntchito.
- Zochitika zapadera za DNS ndi zithunzi zokhazikitsa mwachangu makina enieni okhala ndi seva ya DNS yokonzedweratu.
- DNS ngati ntchito.
- Internal load balancer.
- Kuwonjezera "yoyera" IP adilesi osapanganso makina enieni.
Wolinganiza komanso kuthekera kosintha ma adilesi a IP pamakina omwe adapangidwa kale anali pamndandandawu pofunsidwa ndi ogwiritsa ntchito. Kunena zowona, popanda kuyankha momveka bwino, tikadachita izi posachedwa. Ndipo kotero ife kale ntchito vuto la maadiresi.
Poyambirira, adilesi ya IP "yoyera" imatha kuwonjezeredwa popanga makina. Ngati wosuta wayiwala kuchita izi, makina enieniwo amayenera kupangidwanso. Momwemonso, ngati kuli kofunikira, chotsani IP yakunja. Posachedwa zitheka kuyatsa ndi kuzimitsa IP yapagulu popanda kupanganso makinawo.
Khalani omasuka kufotokoza zanu ogwiritsa ntchito ena. Mumatithandiza kupanga Cloud kukhala bwino ndikupeza zofunikira komanso zothandiza mwachangu!
Source: www.habr.com