Yang'anirani zolumikizana zomwe zili pakatikati pa chithunzicho. Tibwerera kwa iwo pansipa
Panthawi ina, mutha kupeza kuti maukonde akulu, ovuta a L2 akudwala mwakayakaya. Choyamba, mavuto okhudzana ndi kukonza magalimoto a BUM ndikugwira ntchito kwa protocol ya STP. Kachiwiri, zomanga nthawi zambiri zimakhala zachikale. Izi zimabweretsa zovuta zosasangalatsa monga nthawi yopumira komanso kusagwira bwino ntchito.
Tidakhala ndi mapulojekiti awiri ofanana, pomwe makasitomala adawunika zonse zabwino ndi zoyipa zomwe mungasankhe ndikusankha njira ziwiri zokulirapo, ndipo tidazitsatira.
Panali mwayi wofananiza kukhazikitsa. Osati kudyera masuku pamutu; tiyenera kulankhula za izo mu zaka ziwiri kapena zitatu.
Kotero, kodi nsalu ya netiweki yokhala ndi maukonde okuta ndi SDN ndi chiyani?
Zoyenera kuchita ndi zovuta zokakamira zamamangidwe amtundu wapaintaneti?
Chaka chilichonse matekinoloje atsopano ndi malingaliro amawonekera. M'zochita, kufunikira kofulumira kumanganso maukonde sikunayambike kwa nthawi yayitali, chifukwa kuchita zonse ndi manja pogwiritsa ntchito njira zabwino zakale ndizothekanso. Nanga bwanji ngati ndi zaka makumi awiri ndi chimodzi? Kupatula apo, woyang'anira ayenera kugwira ntchito, osati kukhala muofesi yake.
Kenako chiwombankhanga chomanga malo akuluakulu a data chinayamba. Kenako zinaonekeratu kuti malire a chitukuko cha zomangamanga zakale anali atafika, osati ponena za kachitidwe, kulolerana zolakwa, ndi scalability. Ndipo imodzi mwa njira zothetsera mavutowa inali lingaliro lomanga maukonde pamwamba pa msana wodutsa.
Kuonjezera apo, ndi kuwonjezeka kwa kukula kwa maukonde, vuto loyang'anira mafakitale otere lakhala lovuta kwambiri, chifukwa cha zomwe mapulogalamu opangidwa ndi mapulogalamu opangira mapulogalamu anayamba kuonekera ndi mphamvu yoyendetsera zomangamanga zonse za intaneti pamodzi. Ndipo ma netiweki akamayendetsedwa kuchokera pamalo amodzi, zimakhala zosavuta kuti zida zina za IT zigwirizane nazo, ndipo njira zolumikizirana zotere ndizosavuta kuzipanga zokha.
Pafupifupi aliyense wopanga zida zamagetsi, komanso virtualization, ali ndi njira zothetsera mavutowa mu mbiri yake.
Chotsalira ndikulingalira zomwe zili zoyenera pazosowa. Mwachitsanzo, makamaka makampani akuluakulu omwe ali ndi gulu labwino lachitukuko ndi ntchito, mayankho ophatikizidwa kuchokera kwa ogulitsa samakwaniritsa zosowa zonse, ndipo amayamba kupanga mayankho awo a SD (mapulogalamu ofotokozedwa). Mwachitsanzo, awa ndi othandizira pamtambo omwe nthawi zonse akukulitsa kuchuluka kwa ntchito zomwe amaperekedwa kwa makasitomala awo, ndipo mayankho omwe ali m'matumba sangathe kukwaniritsa zosowa zawo.
Kwa makampani apakati, magwiridwe antchito operekedwa ndi wogulitsa ngati njira yothetsera mabokosi amakwanira 99 peresenti yamilandu.
Kodi ma overlay network ndi chiyani?
Kodi lingaliro la kuseri kwa maukonde owonjezera ndi chiyani? M'malo mwake, mumatenga netiweki yachikale ndikumanga netiweki ina pamwamba pake kuti mupeze zina zambiri. Nthawi zambiri, tikulankhula za kugawa bwino katundu pazida ndi mizere yolumikizirana, kukulitsa kwambiri malire a scalability, kudalirika kowonjezereka ndi gulu lazinthu zachitetezo (chifukwa cha magawo). Ndipo mayankho a SDN, kuphatikiza pa izi, amapereka mwayi wowongolera wosinthika kwambiri, wosavuta kwambiri, ndikupanga maukonde kukhala owonekera kwa ogula.
Mwambiri, ngati maukonde akomweko adapangidwa mu 2010s, akadawoneka mosiyana kwambiri ndi zomwe tidatengera ku usilikali m'ma 1970.
Pankhani ya matekinoloje omanga nsalu pogwiritsa ntchito maukonde ophatikizika, pakali pano pali ma projekiti ambiri ogulitsa ndi ma projekiti a intaneti a RFC (EVPN+VXLAN, EVPN+MPLS, EVPN+MPLSoGRE, EVPN+Geneve ndi ena). Inde, pali miyezo, koma kukhazikitsidwa kwa miyezo imeneyi ndi opanga osiyanasiyana kungakhale kosiyana, kotero popanga mafakitale oterowo, n'zotheka kusiya kwathunthu loko ya ogulitsa pokhapokha papepala.
Ndi yankho la SD, zinthu zimakhala zosokoneza kwambiri; wogulitsa aliyense ali ndi masomphenya ake. Pali mayankho otseguka omwe, mwachidziwitso, mutha kudzimaliza nokha, ndipo pali otsekedwa kwathunthu.
Cisco imapereka mtundu wake wa SDN wama data center - ACI. Mwachilengedwe, iyi ndi 100% yotsekedwa ndi mavenda otsekedwa posankha zida zopezera maukonde, koma nthawi yomweyo ikuphatikizidwa kwathunthu ndi machitidwe a virtualization, containerization, chitetezo, orchestration, katundu balancers, etc. Koma kwenikweni, akadali a mtundu wa bokosi lakuda, popanda mwayi wopeza njira zonse zamkati. Osati makasitomala onse amavomereza chisankho ichi, popeza mumadalira kwambiri mtundu wa ndondomeko yolembedwa ndi kukhazikitsidwa kwake, koma kumbali ina, wopangayo ali ndi chithandizo chabwino kwambiri padziko lonse lapansi ndipo ali ndi gulu lodzipereka lodzipereka lokha. ku yankho ili. Cisco ACI idasankhidwa kukhala yankho la polojekiti yoyamba.
Pantchito yachiwiri, yankho la Juniper linasankhidwa. Wopangayo alinso ndi SDN yake ya data center, koma kasitomala adasankha kuti asagwiritse ntchito SDN. Nsalu ya EVPN VXLAN popanda kugwiritsa ntchito olamulira apakati idasankhidwa ngati ukadaulo womanga maukonde.
Ndi cha chiyani?
Kupanga fakitale kumakupatsani mwayi wopanga maukonde osavuta, olekerera zolakwika, odalirika. Zomangamanga (tsamba-msana) zimaganizira za makhalidwe a malo opangira deta (njira zamagalimoto, kuchepetsa kuchedwa ndi kutsekeka kwa intaneti). Mayankho a SD m'malo opangira ma data amakulolani kuti muzitha kuyang'anira fakitale yotere mosavuta, mwachangu, komanso momasuka ndikuyiphatikiza ndi chilengedwe cha data.
Makasitomala onse awiriwa amayenera kumanga malo osungiramo data kuti atsimikizire kulekerera zolakwika, komanso kuwonjezera, kuchuluka kwa magalimoto pakati pa malo opangira data kumayenera kubisidwa.
Wogula woyamba anali akuganiza kale njira zopanda nsalu monga momwe zingathere pa maukonde awo, koma mu mayesero anali ndi vuto ndi STP kugwirizana pakati pa mavenda angapo hardware. Panali zovuta zomwe zidapangitsa kuti ntchito ziwonongeke. Ndipo kwa kasitomala izi zinali zovuta.
Cisco anali kale muyeso wamakasitomala, adayang'ana ACI ndi zosankha zina ndipo adaganiza kuti ndikofunikira kutenga yankho ili. Ndinkakonda makina owongolera kuchokera pa batani limodzi kudzera pa chowongolera chimodzi. Ntchito zimakonzedwa mwachangu komanso zimayendetsedwa mwachangu. Tidaganiza zowonetsetsa kubisa kwa magalimoto poyendetsa MACSec pakati pa ma switch a IPN ndi SPINE. Chifukwa chake, tinatha kupewa kutsekeka kwa botolo ngati njira ya crypto, sungani pa iwo ndikugwiritsa ntchito bandwidth yayikulu.
Wogula wachiwiri adasankha njira yosalamuliridwa kuchokera ku Juniper chifukwa malo awo a data omwe analipo kale anali ndi kakhazikitsidwe kakang'ono kakukhazikitsa nsalu ya EVPN VXLAN. Koma kumeneko sikunali kulekerera zolakwika (kusintha kumodzi kunagwiritsidwa ntchito). Tinaganiza zokulitsa zomangamanga za malo akuluakulu a deta ndikumanga fakitale mu malo osungirako deta. EVPN yomwe inalipo sinagwiritsidwe ntchito mokwanira: Kuyika kwa VXLAN sikunagwiritsidwe ntchito, popeza makamu onse adalumikizidwa ndi chosinthira chimodzi, ndipo ma adilesi onse a MAC ndi / 32 maadiresi okhala nawo anali amderalo, chipata chawo chinali chosinthira chomwecho, panalibe zida zina. , kumene kunali koyenera kumanga ngalande za VXLAN. Iwo adaganiza zowonetsetsa kubisa kwa magalimoto pogwiritsa ntchito ukadaulo wa IPSEC pakati pa zozimitsa moto (ntchito ya firewall inali yokwanira).
Adayesanso ACI, koma adaganiza kuti chifukwa cha loko ya ogulitsa, amayenera kugula zida zochulukirapo, kuphatikiza kusintha zida zatsopano zomwe zidagulidwa posachedwa, ndipo sizinapangitse ndalama. Inde, nsalu ya Cisco imagwirizanitsa ndi chirichonse, koma zipangizo zake zokha ndizotheka mkati mwa nsalu yokha.
Kumbali ina, monga tanenera kale, simungangosakaniza nsalu ya EVPN VXLAN ndi wogulitsa aliyense wapafupi, chifukwa machitidwe a protocol ndi osiyana. Zili ngati kuwoloka Cisco ndi Huawei mu maukonde amodzi - zikuoneka ngati mfundo wamba, koma muyenera kuvina ndi maseche. Popeza iyi ndi banki, ndipo mayesero ogwirizana adzakhala aatali kwambiri, tinaganiza kuti ndi bwino kugula kuchokera kwa wogulitsa yemweyo tsopano, osati kutengeka kwambiri ndi magwiridwe antchito kuposa zoyambirira.
Ndondomeko yosamukira
Malo awiri opangira ma data a ACI:
Kukonzekera kwa mgwirizano pakati pa malo opangira deta. Yankho la Multi-Pod linasankhidwa - malo aliwonse a data ndi pod. Zofunikira pakukulitsa ndi kuchuluka kwa masinthidwe ndi kuchedwa pakati pa ma pod (RTT zosakwana 50 ms) zimaganiziridwa. Zinaganiziridwa kuti zisamangidwe njira ya Multi-Site kuti ikhale yosavuta kuyang'anira (yankho la Multi-Pod limagwiritsa ntchito mawonekedwe a kasamalidwe amodzi, Multi-Site ingakhale ndi mawonekedwe awiri, kapena ingafunike Multi-Site Orchestrator), ndipo popeza palibe malo. kusungitsa malo kunali kofunika.
Kuchokera pakuwona mautumiki osamuka kuchokera ku Network Legacy, njira yowonekera kwambiri idasankhidwa, kusamutsa pang'onopang'ono ma VLAN ogwirizana ndi mautumiki ena.
Pakusamuka, EPG yofananira (End-point-group) idapangidwa pa VLAN iliyonse pafakitale. Choyamba, maukonde anatambasulidwa pakati pa maukonde akale ndi nsalu pamwamba L2, ndiye pambuyo makamu onse anasamutsidwa, chipata anasamukira ku nsalu, ndi EPG kucheza ndi maukonde alipo kudzera L3OUT, pamene kugwirizana pakati L3OUT ndi EPG. adafotokozedwa pogwiritsa ntchito makontrakitala. Chithunzi choyerekeza:
Chitsanzo cha ndondomeko zambiri zamafakitale a ACI zikuwonetsedwa pachithunzichi. Kukonzekera konse kumatengera ndondomeko zomwe zili mkati mwa ndondomeko zina ndi zina zotero. Poyamba zimakhala zovuta kuzizindikira, koma pang'onopang'ono, monga momwe zimasonyezera, oyang'anira maukonde amazolowera dongosololi mkati mwa mwezi umodzi, ndiyeno amangoyamba kumvetsetsa momwe kulili kosavuta.
Kuyerekeza
Mu yankho la Cisco ACI, muyenera kugula zipangizo zambiri (zosintha zosiyana za Inter-Pod interaction ndi APIC olamulira), zomwe zimapangitsa kuti zikhale zodula. Yankho la Juniper silinafune kugula olamulira kapena zowonjezera; Zinali zotheka kugwiritsa ntchito pang'ono zida zomwe kasitomala anali nazo.
Nawa mapangidwe a nsalu a EVPN VXLAN a malo awiri a data a polojekiti yachiwiri:
Ndi ACI mumapeza yankho lokonzekera - palibe chifukwa chowongolera, osafunikira kukhathamiritsa. Panthawi yodziwana koyamba ndi kasitomala ndi fakitale, palibe opanga omwe amafunikira, palibe anthu othandizira omwe amafunikira pama code ndi automation. Ndiosavuta kugwiritsa ntchito; zokonda zambiri zitha kuchitika kudzera pa wizard, zomwe sizowonjezera nthawi zonse, makamaka kwa anthu omwe amazolowera mzere wolamula. Mulimonsemo, zimatenga nthawi kuti mumangenso ubongo pamakina atsopano, kuzinthu zapadera za makonda kudzera mu ndondomeko ndikugwira ntchito ndi mfundo zambiri zomwe zasungidwa. Kuphatikiza pa izi, ndizofunikira kwambiri kukhala ndi dongosolo lomveka bwino lotchulira ndondomeko ndi zinthu. Ngati vuto lililonse likupezeka mumalingaliro a wolamulira, likhoza kuthetsedwa kokha mwa chithandizo chaumisiri.
Mu EVPN - console. Kuvutika kapena kusangalala. Mawonekedwe odziwika bwino alonda akale. Inde, pali masinthidwe okhazikika ndi akalozera. Muyenera kusuta mana. Mapangidwe osiyanasiyana, zonse ndi zomveka komanso zatsatanetsatane.
Mwachibadwa, muzochitika zonsezi, pamene mukusamuka, ndi bwino kuti musamuke poyamba osati ntchito zovuta kwambiri, mwachitsanzo, malo oyesera, ndipo pokhapo, mutagwira nsikidzi zonse, pitirizani kupanga. Ndipo musayimbe Lachisanu usiku. Simuyenera kudalira wogulitsa kuti zonse zikhala bwino, nthawi zonse ndibwino kuti muzisewera bwino.
Mumalipira kwambiri ACI, ngakhale Cisco ikulimbikitsanso yankho ili ndipo nthawi zambiri imapereka kuchotsera kwabwino, koma mumasunga pakukonza. Kasamalidwe ndi makina aliwonse a fakitale ya EVPN popanda wowongolera amafunikira ndalama komanso ndalama zokhazikika - kuyang'anira, kupanga zokha, kukhazikitsa ntchito zatsopano. Nthawi yomweyo, kukhazikitsidwa koyambirira ku ACI kumatenga nthawi yayitali 30-40%. Izi zimachitika chifukwa zimatenga nthawi yayitali kuti mupange mbiri yonse yofunikira ndi mfundo zomwe zidzagwiritsidwe ntchito. Koma pamene netiweki ikukula, kuchuluka kwa masinthidwe ofunikira kumachepa. Mumagwiritsa ntchito ndondomeko zopangidwira kale, mbiri, zinthu. Mutha kusintha magawo ndi chitetezo, kuwongolera mapangano omwe ali ndi udindo wolola kuyanjana pakati pa ma EPG - kuchuluka kwa ntchito kumatsika kwambiri.
Mu EVPN, muyenera kukonza chipangizo chilichonse mufakitale, kuthekera kwa zolakwika ndikokulirapo.
Ngakhale ACI inali yochedwa kukhazikitsa, EVPN inatenga pafupifupi kuwirikiza kawiri kuti ikonze. Ngati pa nkhani ya Cisco nthawi zonse mumatha kuyitana injiniya wothandizira ndikufunsa za intaneti yonse (chifukwa imaphimbidwa ngati yankho), ndiye kuchokera ku Juniper Networks mumangogula hardware, ndipo ndizomwe zimaphimbidwa. Kodi mapaketi asiya chipangizochi? Chabwino, ndiye mavuto anu. Koma mutha kutsegula funso lokhudza kusankha yankho kapena kapangidwe ka maukonde - kenako adzakulangizani kuti mugule ntchito yaukadaulo, pamtengo wowonjezera.
Thandizo la ACI ndilozizira kwambiri, chifukwa ndilosiyana: gulu losiyana limakhala chifukwa cha izi. Palinso akatswiri olankhula Chirasha. Bukhuli likufotokozedwa mwatsatanetsatane, zothetsera zake zimakonzedweratu. Amayang'ana ndikulangiza. Amatsimikizira mwamsanga mapangidwe, omwe nthawi zambiri amakhala ofunika. Juniper Networks imachita zomwezo, koma pang'onopang'ono (tinali ndi izi, tsopano ziyenera kukhala bwino malinga ndi mphekesera), zomwe zimakukakamizani kuti muchite zonse nokha komwe wokonza yankho angakupangitseni kulangiza.
Cisco ACI imathandizira kuphatikizika ndi ma virtualization ndi makina osungira (VMware, Kubernetes, Hyper-V) ndi kasamalidwe kapakati. Kupezeka ndi maukonde ndi chitetezo ntchito - kusanja, zozimitsa moto, WAF, IPS, etc... Good micro-segmentation kunja kwa bokosi. Mu yankho lachiwiri, kuphatikiza ndi mautumiki a pa intaneti ndi kamphepo, ndipo ndi bwino kukambirana mabwalo pasadakhale ndi omwe achita izi.
Zotsatira
Pankhani iliyonse yapadera, ndikofunikira kusankha yankho, osati kungotengera mtengo wa zida, komanso ndikofunikira kuganiziranso ndalama zina zogwirira ntchito komanso mavuto akulu omwe kasitomala akukumana nawo, ndi mapulani otani pamenepo. ndi za chitukuko cha zomangamanga za IT.
ACI, chifukwa cha zida zowonjezera, inali yokwera mtengo kwambiri, koma yankho liri lokonzeka popanda kufunikira komaliza; Yachiwiri ndiyovuta komanso yokwera mtengo kwambiri, koma yotsika mtengo.
Ngati mukufuna kukambirana kuti zingawononge ndalama zingati kuti mugwiritse ntchito nsalu zapaintaneti kwa ogulitsa osiyanasiyana, ndi mtundu wanji wa zomangamanga zomwe zikufunika, mukhoza kukumana ndi kukambirana. Tidzakulangizani kwaulere mpaka mutapeza zojambula zovuta za zomangamanga (zomwe mungathe kuwerengera bajeti), kulongosola mwatsatanetsatane, ndithudi, kulipiridwa kale.
Vladimir Klepche, maukonde amakampani.
Source: www.habr.com