Mapangidwe atsopano a IT a Russian Post data center

Ndili wotsimikiza kuti owerenga onse a Habr adayitanitsapo katundu m'masitolo apaintaneti akunja ndikupita kukalandira maphukusi ku ofesi ya Russian Post. Kodi mungaganizire kukula kwa ntchitoyi, kuchokera pamalingaliro okonzekera mayendedwe? Muchulukitseni chiwerengero cha ogula ndi chiwerengero cha kugula kwawo, ganizirani mapu a dziko lathu lalikulu, ndipo pa izo pali oposa 40 zikwi ma positi maofesi ... Mwa njira, mu 2018, Russian Post inakonza maphukusi 345 miliyoni apadziko lonse.

M'nkhaniyi tikuuzani zomwe Pochta adakumana nazo komanso momwe gulu la LANIT Integration linawathetsera, ndikupanga njira yatsopano ya IT ya malo opangira deta.

Imodzi mwa malo amakono opangira zinthu za Russian Post
 

Ntchito isanachitike

Chifukwa chakuchulukirachulukira kwa maphukusi ochokera m'masitolo akunja ku China, Western Europe ndi North America, katundu wazopezeka ku Russian Post wakula. Chifukwa chake, malo opangira zida zatsopano adamangidwa, omwe amagwiritsa ntchito makina osankhidwa bwino kwambiri. Amafunikira thandizo kuchokera kuzinthu zamakompyuta.

Zomangamanga za data center zinali zachikale ndipo sizinapereke ntchito zofunikira komanso kudalirika pakugwiritsa ntchito machitidwe a chidziwitso chamakampani. Komanso, Russian Post idakumana ndi kusowa kwa makompyuta kuti ayambitse ntchito zatsopano.
 

Makasitomala deta malo ndi mavuto awo

Malo osungiramo data ku Russia Post amapereka malo oposa 40 ndi madipatimenti a 000. Malo opangira data amagwira ntchito zambiri zamabizinesi 85/XNUMX, kuphatikiza ma e-commerce.

Masiku ano, mabizinesi amagwiritsa ntchito makina osungira, kusanthula ndi kukonza deta yayikulu. Kwa machitidwe oterowo, kugwiritsa ntchito luntha lochita kupanga komanso makina ophunzirira makina kumakhala ndi gawo lofunikira. Masiku ano, imodzi mwamilandu yofunika kwambiri kubizinesi ndikuwongolera kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe ka kayendetsedwe kake ndikufulumizitsa ntchito yamakasitomala m'ma positi.

Asanayambe ntchito yamakono, panali makina pafupifupi 3000 m'malo akuluakulu ndi zosunga zobwezeretsera, kuchuluka kwa chidziwitso chosungidwa chinaposa 2 petabytes. Malo opangira data anali ndi njira yovuta yoyendetsera magalimoto yomwe imalumikizidwa ndi kugawikana m'magawo osiyanasiyana malinga ndi magawo achitetezo.

Ndi chitukuko cha mapulogalamu ndi kukhazikitsidwa kwa mautumiki atsopano, bandwidth yomwe ilipo ya zida zapaintaneti m'malo opangira deta yakhala yosakwanira. Kusintha kolumikizana ndi liwiro latsopano kunali kofunikira: 10 Gbit / s, m'malo mwa 1 Gbit / s pakupeza ndi 40 Gbit / s pamlingo wapakati, ndi redundancy yonse ya zida ndi njira zoyankhulirana.

Dipatimenti yachitetezo chazidziwitso idalandira chofunikira kuti agawane zomangazo m'magawo okhala ndi chitetezo chambiri chamayendedwe ndi ntchito (PN - Private Network ndi DMZ - Demilitarized Zone). Magalimoto adadutsa paziwopsezo zamoto (FWUs) zomwe sizimayenera kusefedwa. VRF pa zosintha sizinagwiritsidwe ntchito pamayendedwe awa. Malamulo pa firewall anali ocheperako (malamulo masauzande ambiri pamalo aliwonse a data).

Kusamuka kosasunthika kwa makina owoneka bwino (VMs) pakati pa malo opangira ma data ndikusunga ma adilesi a IP ndi njira yabwino kwambiri yamagalimoto pakati pa magawo, kuphatikiza ma corporate data network (CDN), sikunali kotheka.

MSTP idagwiritsidwa ntchito posunga zosunga zobwezeretsera; madoko ena adatsekedwa (kuyimira kotentha). Zosintha zapakati ndi zolowera sizinaphatikizidwe kukhala gulu la failover, ndipo kuphatikizika kwa mawonekedwe (LAG) sikunagwiritsidwe ntchito.

Pofika malo achitatu a data, kamangidwe katsopano kamangidwe ndi zida zinafunika kuti zigwiritse ntchito mphete pakati pa malo opangira deta (EVPN inaperekedwa).

Panalibe lingaliro logwirizana la chitukuko cha malo opangira deta, olembedwa mu mawonekedwe a pulojekiti ndikugwirizana ndi madipatimenti onse a kasitomala. Zolemba zomwe zilipo panopa zinali zosakwanira komanso zachikale.
 

Zoyembekeza zamakasitomala

Gulu la polojekitiyi linakumana ndi ntchito zotsatirazi:

• konzani malingaliro omanga ndi chitukuko pomanga maukonde ndi ma seva a data center yachitatu;
• fufuzani ntchito za netiweki yomwe ilipo ya kasitomala;
• kuwonjezera mphamvu maukonde pachimake ndi oposa 1500 10/40 Gbps Efaneti madoko aliyense pakati deta (4500 madoko okwana);
• onetsetsani kuti ntchito ya mphete pakati pa malo atatu a data ndi kuthekera kowonjezera liwiro mpaka 80 Gbit / s mu gawo lililonse kuti agwirizane ndi makompyuta a makasitomala azinthu kuchokera kumalo osiyanasiyana a deta kupita ku dongosolo limodzi la IT;
• perekani 100% kusungirako kawiri kwazinthu zonse zapaintaneti kuti mukwaniritse cholinga cha Uptime pamlingo wa 99,995%;
• kuchepetsa kuchedwa kwa magalimoto pakati pa makina enieni kuti mufulumizitse ntchito zamabizinesi;
• sonkhanitsani ziwerengero, santhulani ndikuchitanso kukhathamiritsa kwa malamulo osefera magalimoto m'malo opangira data (poyamba panali malamulo pafupifupi 80);
• khazikitsani zomanga zomwe mukufuna kuti zitsimikizire kusamuka kosasunthika kwamabizinesi ofunikira a kasitomala kupita kumalo aliwonse atatu a data.

Chotero tinali ndi chinachake choti tikonze.

Zida

Tiyeni tiwone mwatsatanetsatane zida zomwe tidagwiritsa ntchito pantchitoyi.

Firewall (NGWF) USG9560:

• kugawanika ndi VSYS;
• mpaka 720 Gbps;
• mpaka 720 miliyoni nthawi imodzi;
• 8 mipata.

 
Njira NE40E-X8:

• mpaka 7,08 Tbit / s Kusintha Mphamvu;
• mpaka 2,880 Mpps Forwarding Performance;
• Mipata 8 yamakhadi amzere (LPU);
• mpaka 10M BGP IPv4 njira pa MPU;
• mpaka 1500K OSPF IPv4 njira pa MPU;
• mpaka 3000K - IPv4 FIB (kutengera LPU).

Zosintha za CE12800 Series:

• Kusintha kwa Chipangizo: VS (1: 16 virtualization), Cluster Switch System (CSS), Super Virtual Fabric (SVF);
• Network Virtualization: M-LAG, TRILL, VXLAN ndi VXLAN bridging, QinQ mu VXLAN, EVN (Ethernet Virtual Network);
• kuyambira ku VRP V2, thandizo la EVPN likuphatikizidwa;
• M-LAG - analogue ya vPC (virtual Port Channel) ya Cisco Nexus;
• Virtual Spanning Tree Protocol (VSTP) - Yogwirizana ndi Cisco PVST.

CE12804

CE12808

Software

Mu polojekiti tinagwiritsa ntchito:

• Kusintha kwa mafayilo osinthira ma firewall kuchokera kwa ogulitsa ena kukhala mtundu wamalamulo a zida zatsopano;
• scripts eni ake kuti muwongolere ndikusintha masinthidwe a firewall.

Maonekedwe a Converter kuti akatembenuka kasinthidwe owona
 
Ndondomeko yolumikizirana pakati pa malo opangira data (EVPN VXLAN)
 

Nuances kukhazikitsa zida

CE12808
 

• EVPN (muyezo) m'malo mwa EVN (yemwe ali ndi Huawei) yolumikizirana pakati pa malo opangira data:

  ○ L2 pa L3 pogwiritsa ntchito iBGP mu ndege Yoyang'anira;
  ○ Maphunziro a MAC ndi kutsatsa kwawo kudzera pabanja la iBGP EVPN (njira za MAC, mtundu wa 2);
  ○ Kupanga zokha ma tunnel a VXLAN owulutsa / magalimoto osadziwika a unicast (Njira Zophatikiza Multicast, mtundu 3).

• Mitundu iwiri yogawa pa VS:

  ○ kutengera madoko (doko la doko) kapena kutengera ASIC (gulu la ma port-mode, kuwonetsera mapu a chipangizo);
  ○ 40GE imagwira ntchito ZOKHA mu Admin VS (mosasamala kanthu za doko).

USG9560
 

• kuthekera kogawikana ndi VSYS,
• Mayendedwe amphamvu ndi kuchucha sikutheka pakati pa VSYS!

CE12804
 
Onse Active GW (VRRP Master/Master/Master) okhala ndi kusefa kwa MAC VRRP pakati pa malo opangira data
 
acl number 4000
  rule 5 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 10 deny destination-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 15 permit
 
interface Eth-Trunk1
  traffic-filter acl 4000 outbound

Dongosolo la kulumikizana kwazinthu pakati pa malo opangira data (VXLAN EVPN ndi All Active GW)
 

Mavuto a polojekiti

Chovuta chachikulu chinali kufunikira kosunga zosunga zobwezeretsera zomwe zilipo kale pogwiritsa ntchito zida zamakompyuta. Wogulayo anali ndi mapulogalamu osiyanasiyana oposa 100, ena mwa iwo analembedwa pafupifupi zaka 10 zapitazo. Mwachitsanzo, ngati kwa Yandex mungathe kuzimitsa makina pafupifupi mazana angapo popanda kuvulaza ogwiritsa ntchito, ndiye kuti mu Russian Post njira yotereyi ingafunike kupititsa patsogolo ntchito zingapo kuyambira pachiyambi ndi kusintha kwa kamangidwe kachitidwe kazinthu zamabizinesi. Tinathetsa mavuto omwe adachitika panthawi ya kusamuka ndi kukhathamiritsa pa nthawi ya kafukufuku wogwirizana wa zomangamanga zamakompyuta. Tekinoloje zonse zapaintaneti zatsopano kubizinesi (monga EVPN) zidayesedwa koyambirira mu labotale.
 

Zotsatira za polojekiti

Gulu la polojekitiyi linaphatikizapo akatswiri "LANIT-Integration", kasitomala ndi othandizana nawo pakugwiritsa ntchito zida zamakompyuta. Magulu othandizira odzipereka kuchokera kwa ogulitsa (Check Point ndi Huawei) adapangidwanso. Ntchitoyi inatenga zaka ziwiri. Izi n’zimene zinkachitika panthawiyi.

• Njira yopangira ma network a data center, Corporate Data Network (CDTN) ndi mphete pakati pa malo opangira deta yapangidwa ndikuvomerezedwa ndi madipatimenti onse a kasitomala.
• Kupezeka kwa mautumiki kwawonjezeka. Izi zidadziwika ndi bizinesi yamakasitomala ndipo zidapangitsa kuti magalimoto achuluke kwambiri chifukwa choyambitsa ntchito zatsopano.
• Malamulo opitilira 40 adasamutsidwa ndikuwongoleredwa kuchokera ku FWSM/ASA kupita ku USG 000. Zosiyanasiyana za ASA pa UGG 9560 zaphatikizidwa kukhala ndondomeko imodzi yachitetezo.
• Mayendedwe a madoko a data adawonjezedwa kuchokera ku 1G mpaka 10/40G pogwiritsa ntchito CE12800/CE6850. Izi zidapangitsa kuti zithetse kuchulukira kwa mawonekedwe ndi kutayika kwa mapaketi.
• Ma routers onyamulira NE40E-X8 adakwaniritsa zonse zofunikira za malo opangira data ndi malo otumizira ma data, poganizira za chitukuko chamtsogolo chabizinesi.
• Zopempha zatsopano zisanu ndi zitatu zapemphedwa kwa USG 9560. Mwa izi, zisanu ndi ziwiri zakhala zikugwiritsidwa ntchito kale ndipo zikuphatikizidwa mu VRP yamakono. 1 FR - kuti ichitike mu Huawei R&D. Ili ndi gulu la ma chassis asanu ndi atatu lomwe limatha kukonza magwiridwe antchito ofunikira pakuyanjanitsa popanda kulumikiza gawo. Zimafunika ngati kuchedwa kwa magalimoto kumalo amodzi a data ndikwambiri (Adler - Moscow 1300 km panjira yayikulu ndi 2800 km panjira yosungira).

Ntchitoyi ilibe ma analogi poyerekeza ndi makampani ena aku Russia.

Kusintha kwamakono kwa maukonde a malo opangira ma data kwatsegula mwayi watsopano kuti bizinesiyo ipange ntchito za digito.

• Kupereka akaunti yanu ndi pulogalamu yam'manja ya anthu ndi mabungwe ovomerezeka.
• Kuphatikizana ndi masitolo amagetsi kuti apereke ntchito zoperekera katundu.
• Kukwaniritsidwa - kusungirako katundu, kupanga ndi kutumiza malamulo kuchokera kumasitolo apakompyuta.
• Kukulitsa malo otengera madongosolo, kuphatikiza kugwiritsa ntchito maukonde ogwirizana.
• Chikalata chofunikira mwalamulo chimayenda ndi anzawo. Izi zidzathetsa kutumiza kwapang'onopang'ono komanso kokwera mtengo kwa zikalata zamapepala.
• Kulandila makalata olembetsedwa mu mawonekedwe apakompyuta ndi kutumiza pakompyuta komanso pamapepala (ndi kusindikiza zinthu pafupi kwambiri ndi wolandila womaliza). Ntchito zamakalata olembetsedwa pakompyuta pa portal service portal.
• Platform yopereka chithandizo cha telemedicine.
• Kulandila kosavuta komanso kutumiza makalata olembetsedwa mosavuta pogwiritsa ntchito siginecha yosavuta yamagetsi.
• Digitalization ya positi ofesi network.
• Kukonzanso kwa ntchito zodzichitira nokha (ma terminal ndi ma parcel terminals).
• Kupanga nsanja ya digito yoyang'anira ntchito zotumizira mauthenga ndi pulogalamu yatsopano yam'manja yamakasitomala otumizira mauthenga.

Bwerani mudzagwire nafe ntchito!

• Corporate Infrastructure Engineer
• Lead Linux/DevOps Engineer

Source: www.habr.com