Pulogalamu ya ProHoster > Blog > Ulamuliro > Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kuyambira Ogasiti 2017, pomwe Cisco idapeza Viptela, ukadaulo waukulu womwe umaperekedwa pakukonza ma network omwe amagawidwa wakhala. Cisco SD-WAN. Pazaka 3 zapitazi, ukadaulo wa SD-WAN wadutsa zosintha zambiri, zamtundu komanso kuchuluka. Chifukwa chake, magwiridwe antchito adakula kwambiri ndipo chithandizo chawonekera pamayendedwe apamwamba a mndandanda Cisco ISR 1000, ISR 4000, ASR 1000 ndi Virtual CSR 1000v. Nthawi yomweyo, makasitomala ambiri a Cisco ndi othandizana nawo akupitiliza kudabwa: pali kusiyana kotani pakati pa Cisco SD-WAN ndi njira zomwe zadziwika kale kutengera matekinoloje monga Cisco DMVPN ΠΈ Cisco Performance Routing ndipo kusiyana kumeneku kuli kofunika bwanji?

Apa tiyenera kusungitsa nthawi yomweyo kuti SD-WAN isanabwere mu mbiri ya Cisco, DMVPN pamodzi ndi PfR adapanga gawo lofunikira pakumanga. Cisco IWAN (Intelligent WAN), yomwe idatsogolera ukadaulo wathunthu wa SD-WAN. Ngakhale kufanana kwakukulu kwa ntchito zonse zomwe zikuthetsedwa komanso njira zowathetsera, IWAN sinalandirepo mulingo wa automation, kusinthasintha komanso scalability kofunikira pa SD-WAN, ndipo pakapita nthawi, chitukuko cha IWAN chatsika kwambiri. Panthawi imodzimodziyo, matekinoloje omwe amapanga IWAN sanachoke, ndipo makasitomala ambiri akupitiriza kuwagwiritsa ntchito bwino, kuphatikizapo zipangizo zamakono. Zotsatira zake, zinthu zosangalatsa zakhala zikuchitika - zida za Cisco zomwezo zimakupatsani mwayi wosankha tekinoloje yoyenera ya WAN (yachikale, DMVPN + PfR kapena SD-WAN) molingana ndi zomwe makasitomala amayembekezera.

Nkhaniyi sikufuna kusanthula mwatsatanetsatane mbali zonse za Cisco SD-WAN ndi DMVPN matekinoloje (okhala kapena opanda Performance Routing) - pali zikalata zambiri zomwe zilipo komanso zida za izi. Ntchito yayikulu ndikuyesa kuyesa kusiyana kwakukulu pakati pa matekinolojewa. Koma tisanapitirize kukambirana za kusiyana kumeneku, tiyeni tikumbukire mwachidule matekinoloje enieniwo.

Kodi Cisco DMVPN ndi chiyani ndipo chifukwa chiyani ikufunika?

Cisco DMVPN imathetsa vuto la kulumikizidwa kwamphamvu (= scalable) kwa netiweki yanthambi yakutali ndi netiweki ya ofesi yapakati yabizinesi mukamagwiritsa ntchito njira zolumikizirana zosagwirizana, kuphatikiza intaneti (= ndi encryption ya njira yolumikizirana). Mwaukadaulo, izi zimazindikirika popanga netiweki yophatikizika ya L3 VPN kalasi munjira ya point-to-multipoint yokhala ndi malingaliro omveka amtundu wa "Star" (Hub-n-Spoke). Kuti akwaniritse izi, DMVPN imagwiritsa ntchito matekinoloje otsatirawa:

  • Njira ya IP
  • Multipoint GRE tunnel (mGRE)
  • Next Hop Resolution Protocol (NHRP)
  • Mbiri ya IPSec Crypto

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kodi zabwino zazikulu za Cisco DMVPN ndi ziti poyerekeza ndi njira zakale zogwiritsa ntchito ma MPLS VPN?

  • Kuti mupange maukonde a interbranch, ndizotheka kugwiritsa ntchito njira zilizonse zoyankhulirana - chilichonse chomwe chingapereke kulumikizana kwa IP pakati pa nthambi ndizoyenera, pomwe magalimoto adzasungidwa (ngati kuli kofunikira) komanso moyenera (ngati kuli kotheka)
  • Topology yolumikizidwa kwathunthu pakati pa nthambi imapangidwa yokha. Panthawi imodzimodziyo, pali ma tunnel omwe ali pakati pa nthambi zapakati ndi zakutali, ndi ma tunnel omwe amafunidwa pakati pa nthambi zakutali (ngati pali magalimoto)
  • Ma routers a nthambi yapakati ndi yakutali ali ndi kasinthidwe kofanana mpaka ku ma adilesi a IP a zolumikizira. Pogwiritsa ntchito mGRE, palibe chifukwa chokonzekera payekha makumi, mazana, kapena masauzande a tunnel. Zotsatira zake, scalability yabwino ndi kapangidwe koyenera.

Kodi Cisco Performance Routing ndi chiyani ndipo chifukwa chiyani ikufunika?

Mukamagwiritsa ntchito DMVPN pa netiweki ya interbranch, funso limodzi lofunikira kwambiri silinayankhidwe - momwe mungawunikire mozama momwe mungayendere mayendedwe amtundu uliwonse wa DMVPN kuti mugwirizane ndi zofunikira zamagalimoto ofunikira pagulu lathu, komanso, kutengera kuwunika kotere, kupanga mwamphamvu. chisankho pakusintha njira? Chowonadi ndi chakuti DMVPN mu gawo ili imasiyana pang'ono ndi njira zakale - zabwino zomwe zingachitike ndikukonza njira za QoS zomwe zimakupatsani mwayi woyika patsogolo kuchuluka kwa magalimoto kumalo omwe akutuluka, koma osatha kuganizira momwe zinthu zilili. njira iliyonse nthawi imodzi.

Ndipo chochita ngati tchanelo chikuwonongeka pang'ono osati kwathunthu - momwe mungazindikire ndikuwunika izi? DMVPN palokha siyingachite izi. Poganizira kuti njira zolumikizira nthambi zimatha kudutsa oyendetsa ma telecom osiyanasiyana, pogwiritsa ntchito umisiri wosiyana kwambiri, ntchitoyi imakhala yochepa kwambiri. Ndipo apa ndipamene teknoloji ya Cisco Performance Routing imathandiza, yomwe panthawiyo inali itadutsa kale magawo angapo a chitukuko.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Ntchito ya Cisco Performance Routing (pambuyo pake PfR) imatsikira pakuyesa momwe mayendedwe (machubu) amayendera potengera ma metric ofunikira pakugwiritsa ntchito maukonde - latency, latency kusiyanasiyana (jitter) ndi kutayika kwa paketi (peresenti). Kuphatikiza apo, bandwidth yomwe imagwiritsidwa ntchito imatha kuyeza. Miyezo iyi imachitika pafupi ndi nthawi yeniyeni momwe zingathere komanso momveka bwino, ndipo zotsatira za miyeso iyi zimalola rauta yogwiritsa ntchito PfR kupanga zisankho zokhuza kufunika kosintha njira yamtunduwu kapena mtunduwo.

Chifukwa chake, ntchito ya kuphatikiza kwa DMVPN/PfR ikhoza kufotokozedwa mwachidule motere:

  • Lolani kasitomala kugwiritsa ntchito njira zilizonse zoyankhulirana pa netiweki ya WAN
  • Tsimikizirani mtundu wapamwamba kwambiri wazinthu zofunikira pamakanemawa

Kodi Cisco SD-WAN ndi chiyani?

Cisco SD-WAN ndiukadaulo womwe umagwiritsa ntchito njira ya SDN kupanga ndikugwiritsa ntchito netiweki ya WAN ya bungwe. Izi makamaka zikutanthauza kugwiritsa ntchito otchedwa olamulira (mapulogalamu azinthu), omwe amapereka orchestration yapakati komanso kasinthidwe kazinthu zonse zowongolera. Mosiyana ndi ovomerezeka SDN (Clean Slate style), Cisco SD-WAN imagwiritsa ntchito mitundu ingapo ya olamulira, iliyonse imagwira ntchito yakeyake - izi zidachitika mwadala kuti apereke scalability bwino ndi geo-redundancy.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Pankhani ya SD-WAN, ntchito yogwiritsira ntchito njira zamtundu uliwonse ndikuwonetsetsa kuti ntchito zamabizinesi zikuyendabe chimodzimodzi, koma nthawi yomweyo, zofunikira pakupanga makina, scalability, chitetezo ndi kusinthasintha kwa maukonde oterowo zimakula.

Kukambirana za kusiyana

Ngati tsopano tiyamba kusanthula kusiyana pakati pa matekinoloje awa, agwera m'magulu awa:

  • Kusiyana kwa zomangamanga - momwe ntchito zimagawidwira m'magawo osiyanasiyana a yankho, momwe kuyanjana kwa zigawo zotere kumapangidwira, ndipo izi zimakhudza bwanji kuthekera ndi kusinthasintha kwaukadaulo?
  • Kugwira ntchito - ndi chiyani ukadaulo wina ungachite zomwe wina sangathe? Ndipo kodi ndi zofunikadi choncho?

Kodi pali kusiyana kotani kwa kamangidwe ndipo ndi kofunikira?

Tekinoloje iliyonse ili ndi "zigawo zosuntha" zambiri zomwe zimasiyana osati ndi maudindo awo okha, komanso momwe amachitirana wina ndi mzake. Momwe mfundozi zimaganiziridwa bwino komanso makina onse a yankho lake amatsimikizira mwachindunji kukula kwake, kulolerana ndi zolakwika komanso kuchita bwino.

Tiyeni tiwone mbali zosiyanasiyana za zomangamanga mwatsatanetsatane:

Data-ndege - gawo la yankho lomwe limayang'anira kutumiza magalimoto ogwiritsira ntchito pakati pa gwero ndi wolandira. DMVPN ndi SD-WAN zimagwira ntchito mofanana ndi ma router pawokha kutengera njira za Multipoint GRE. Kusiyana kwake ndi momwe magawo ofunikira amapangidwe awa amapangidwira:

  • Π² DMVPN/PfR ndi gulu la magawo awiri okha omwe ali ndi topology ya Star kapena Hub-n-Spoke. Kukonzekera kosasunthika kwa Hub ndi kumangiriza kwa Spoke ku Hub ndikofunikira, komanso kulumikizana kudzera pa protocol ya NHRP kuti mupange kulumikizana kwa data-ndege. Chifukwa chake, kusintha kwa Hub kumakhala kovuta kwambirizokhudzana, mwachitsanzo, kusintha / kulumikiza njira zatsopano za WAN kapena kusintha magawo omwe alipo.
  • Π² Sd-WAN ndi chitsanzo champhamvu chodziwira magawo a tunnel omwe adayikidwa potengera control-plane (OMP protocol) ndi orchestration-ndege (kulumikizana ndi vBond controller kuti azindikire olamulira ndi NAT traversal tasks). Pankhaniyi, topologies iliyonse superimposed angagwiritsidwe ntchito, kuphatikizapo hierarchical. M'kati mwa topology yokhazikika, masinthidwe osinthika a topology yamunthu aliyense payekha VPN(VRF) ndizotheka.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Control-ndege - ntchito zosinthana, kusefa ndikusintha njira ndi zidziwitso zina pakati pazigawo zothetsera.

  • Π² DMVPN/PfR - zimangochitika pakati pa Hub ndi Spoke routers. Kusinthana kwachindunji kwa njira pakati pa Spokes sikutheka. Chifukwa chake, Popanda Hub yogwira ntchito, ndege yowongolera ndi ndege sizingagwire ntchito, zomwe zimayika zofunikira zowonjezera kupezeka kwa Hub zomwe sizingakwaniritsidwe nthawi zonse.
  • Π² Sd-WAN - Kuwongolera ndege sikumachitika mwachindunji pakati pa ma routers - kuyanjana kumachitika pamaziko a protocol ya OMP ndipo kumachitika kudzera mumtundu wina wapadera wa vSmart controller, yomwe imapereka mwayi wogwirizanitsa, kusungitsa malo ndi kuwongolera pakati pa katundu wa chizindikiro. Chinanso cha protocol ya OMP ndikukana kwake kutayika komanso kudziyimira pawokha pa liwiro la njira yolumikizirana ndi olamulira (m'malire oyenera, inde). Zomwe zimakulolani kuti muyike olamulira a SD-WAN pamtambo wapagulu kapena wachinsinsi ndi mwayi wopezeka pa intaneti.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Ndondomeko-ndege - gawo la yankho lomwe liyenera kufotokozera, kugawa ndi kugwiritsa ntchito ndondomeko zoyendetsera magalimoto pa intaneti yogawidwa.

  • DMVPN - imachepetsedwa bwino ndi malamulo amtundu wa ntchito (QoS) omwe amakonzedwa payekhapayekha pa rauta iliyonse kudzera pa CLI kapena ma template a Prime Infrastructure.
  • DMVPN/PfR - Malamulo a PfR amapangidwa pa rauta ya Master Controller (MC) yapakati kudzera pa CLI kenako ndikugawidwa ku nthambi za MC. Pankhaniyi, njira zomwezo zosinthira mfundo zimagwiritsidwa ntchito ngati ndege ya data. Palibe mwayi wolekanitsa kusinthana kwa mfundo, zidziwitso zamaulendo ndi deta ya ogwiritsa ntchito. Kufalitsa mfundo kumafuna kukhalapo kwa kulumikizana kwa IP pakati pa Hub ndi Spoke. Pankhaniyi, ntchito ya MC ikhoza, ngati kuli kofunikira, kuphatikizidwa ndi rauta ya DMVPN. Ndizotheka (koma osafunikira) kugwiritsa ntchito ma tempulo a Prime Infrastructure popanga mfundo zapakati. Chofunikira ndichakuti ndondomekoyi imapangidwa padziko lonse lapansi pa intaneti chimodzimodzi - Mfundo za aliyense payekhapayekha sizimathandizidwa.
  • Sd-WAN - kasamalidwe ka magalimoto ndi khalidwe la ndondomeko zautumiki zimatsimikiziridwa pakati pa Cisco vManage graphical interface, kupezekanso kudzera pa intaneti (ngati kuli kofunikira). Amagawidwa kudzera mumayendedwe osayina mwachindunji kapena mwanjira ina kudzera mwa olamulira a vSmart (malingana ndi mtundu wa ndondomeko). Iwo sadalira deta-ndege kugwirizana pakati ma routers, chifukwa gwiritsani ntchito njira zonse zamagalimoto zomwe zilipo pakati pa wowongolera ndi rauta.

    Pamagawo osiyanasiyana amtaneti, ndizotheka kupanga malingaliro osiyanasiyana - kuchuluka kwa mfundozo kumatsimikiziridwa ndi zizindikiritso zambiri zapadera zomwe zimaperekedwa mu yankho - nambala yanthambi, mtundu wa ntchito, mayendedwe apamsewu, ndi zina zambiri.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Orchestration - ndege - njira zomwe zimalola kuti zigawo zizitha kuzindikirana, kukonza ndi kugwirizanitsa zochitika zotsatila.

  • Π² DMVPN/PfR Kupezeka kwapakati pakati pa ma routers kumatengera kasinthidwe kazinthu za Hub ndi kasinthidwe kofananira ka zida za Spoke. Kuzindikira kwamphamvu kumachitika kokha kwa Spoke, yomwe imafotokoza magawo ake olumikizana ndi Hub ku chipangizocho, chomwe chimakonzedweratu ndi Spoke. Popanda kulumikizidwa kwa IP pakati pa Spoke ndi Hub imodzi, ndizosatheka kupanga ndege ya data kapena ndege yowongolera.
  • Π² Sd-WAN Kukonzekera kwa zigawo zoyankhira kumachitika pogwiritsa ntchito vBond controller, yomwe chigawo chilichonse (ma router ndi vManage/vSmart controllers) chiyenera choyamba kukhazikitsa kulumikizidwa kwa IP.

    Poyamba, zigawo sizidziwa za magawo kugwirizana wina ndi mzake - chifukwa amafunikira oimba vBond. Mfundo yayikulu ndi iyi - chigawo chilichonse mu gawo loyambirira chimaphunzira (mokha kapena mokhazikika) za magawo olumikizira ku vBond, ndiye vBond imadziwitsa rauta za vManage ndi vSmart controller (zomwe zidapezeka kale), zomwe zimapangitsa kuti zikhazikike zokha. kugwirizana zonse zofunika zizindikiro.

    Chotsatira ndi chakuti rauta yatsopano iphunzire za ma router ena pa netiweki kudzera mu kulumikizana kwa OMP ndi wowongolera vSmart. Chifukwa chake, rauta, popanda poyambira kudziwa chilichonse chokhudza magawo a netiweki, imatha kudzizindikira yokha ndikulumikizana ndi owongolera ndikuzindikiranso ndikupanga kulumikizana ndi ma routers ena. Pankhaniyi, magawo kugwirizana kwa zigawo zonse poyamba sadziwika ndipo akhoza kusintha pa ntchito.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Management-ndege - gawo la yankho lomwe limapereka kasamalidwe kapakati ndi kuyang'anira.

  • DMVPN/PfR - palibe njira yapadera yoyendetsera ndege yomwe imaperekedwa. Pazinthu zoyambira zokha komanso zowunikira, zinthu monga Cisco Prime Infrastructure zitha kugwiritsidwa ntchito. Router iliyonse imatha kuwongoleredwa kudzera pa mzere wa CLI. Kuphatikizana ndi machitidwe akunja kudzera pa API sikuperekedwa.
  • Sd-WAN - kuyanjana kwanthawi zonse ndi kuyang'anira kumachitika pakati pazithunzi za vManage controller. Zonse za yankho, popanda kupatulapo, zilipo kuti zisinthidwe kudzera mu vManage, komanso kudzera mu laibulale ya REST API yolembedwa.

    Makonda onse a netiweki a SD-WAN mu vManage amatsikira kuzinthu ziwiri zazikulu - kupanga ma templates a chipangizo (Device Template) ndikupanga ndondomeko yomwe imatsimikizira malingaliro ogwiritsira ntchito maukonde ndi kukonza magalimoto. Panthawi imodzimodziyo, vManage, kufalitsa ndondomeko yopangidwa ndi woyang'anira, amasankha okha kusintha ndi zomwe zipangizo / olamulira ayenera kupangidwira, zomwe zimawonjezera kwambiri mphamvu ndi scalability ya yankho.

    Kupyolera mu mawonekedwe a vManage, osati kusintha kokha kwa yankho la Cisco SD-WAN komwe kulipo, komanso kuyang'anitsitsa momwe zigawo zonse za yankho, zimakhalira, mpaka momwe ma metrics amakono amagwirira ntchito komanso ziwerengero pakugwiritsa ntchito mapulogalamu osiyanasiyana. kutengera kusanthula kwa DPI.

    Ngakhale kugwirizanitsa pakati, zigawo zonse (olamulira ndi ma routers) zimakhalanso ndi mzere wa malamulo wa CLI, womwe umakhala wofunikira panthawi yogwiritsira ntchito kapena pakakhala ngozi yadzidzidzi. Mumayendedwe abwinobwino (ngati pali njira yolumikizirana pakati pa zigawo) pa ma routers, mzere wolamula umapezeka kokha pakuwunika ndipo supezeka pakusintha komweko, zomwe zimatsimikizira chitetezo cham'deralo komanso gwero lokhalo losinthira maukonde otere ndi vManage.

Integrated Security - apa sitiyenera kuyankhula kokha za chitetezo cha deta yogwiritsira ntchito pamene imafalitsidwa pazitsulo zotseguka, komanso za chitetezo chonse cha WAN network pogwiritsa ntchito teknoloji yosankhidwa.

  • Π² DMVPN/PfR Ndizotheka kubisa deta ya ogwiritsa ntchito ndi ma protocol osayina. Mukamagwiritsa ntchito mitundu ina ya rauta, ma firewall amagwira ntchito powunika magalimoto, IPS/IDS amapezekanso. Ndizotheka kugawa maukonde a nthambi pogwiritsa ntchito VRF. Ndizotheka kutsimikizira (chinthu chimodzi) chowongolera ma protocol.

    Pankhaniyi, router yakutali imatengedwa kuti ndi chinthu chodalirika cha intaneti mwachisawawa - i.e. milandu ya kuwonongeka kwakuthupi kwa zida zamunthu payekha komanso mwayi wopezeka mosavomerezeka kwa iwo sizimaganiziridwa kapena kuganiziridwa; palibe kutsimikizika kwazinthu ziwiri zamagulu athawidwe, omwe pakakhala ma network omwe amagawidwa m'malo. akhoza kukhala ndi zoopsa zina zowonjezera.

  • Π² Sd-WAN pofananiza ndi DMVPN, kuthekera kosunga deta ya ogwiritsa ntchito kumaperekedwa, koma ndi chitetezo chowonjezereka cha intaneti ndi magawo a L3/VRF (firewall, IPS/IDS, kusefa kwa URL, kusefa kwa DNS, AMP/TG, SASE, TLS/SSL proxy, ndi zina) d.). Panthawi imodzimodziyo, kusinthana kwa makiyi a encryption kumachitika bwino kwambiri kudzera mwa olamulira a vSmart (osati mwachindunji), kupyolera mu njira zowonetseratu zomwe zakhazikitsidwa kale zotetezedwa ndi DTLS / TLS encryption yochokera pa ziphaso za chitetezo. Zomwe zimatsimikiziranso chitetezo cha kusinthanitsa koteroko ndikuwonetsetsa kuti scalability yabwino yothetsera yankho mpaka makumi zikwi za zipangizo pa intaneti yomweyo.

    Malumikizidwe onse amasigino (wowongolera-kwa-wolamulira, owongolera-rauta) amatetezedwanso kutengera DTLS/TLS. Ma routers ali ndi ziphaso zotetezedwa panthawi yopanga ndi kuthekera kosintha / kukulitsa. Kutsimikizika kwazinthu ziwiri kumatheka kudzera pakukwaniritsidwa kovomerezeka komanso munthawi yomweyo kwa zinthu ziwiri kuti rauta/wowongolera azigwira ntchito mu netiweki ya SD-WAN:

    • Satifiketi yovomerezeka yachitetezo
    • Kuphatikizidwa momveka bwino komanso mozindikira ndi woyang'anira gawo lililonse pamndandanda "woyera" wa zida zololedwa.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kusiyana kwa magwiridwe antchito pakati pa SD-WAN ndi DMVPN/PfR

Kupitiliza kukambirana za kusiyana kwa ntchito, ziyenera kuzindikiridwa kuti ambiri a iwo ndi kupitiriza kwa zomangamanga - si chinsinsi kuti popanga mapangidwe a yankho, omanga amayamba kuchokera ku mphamvu zomwe akufuna kuti apeze pamapeto pake. Tiyeni tiwone kusiyana kwakukulu pakati pa matekinoloje awiriwa.

AppQ (Ubwino Wogwiritsa Ntchito) - imagwira ntchito kuti iwonetsetse kufalikira kwa magalimoto ogwiritsira ntchito bizinesi

Ntchito zazikuluzikulu zamaukadaulo omwe akuganiziridwa ndicholinga chofuna kupititsa patsogolo luso la wogwiritsa ntchito momwe angathere akamagwiritsa ntchito zovuta zamabizinesi mumaneti omwe amagawidwa. Izi ndizofunikira makamaka pamene gawo lina lachitukuko silimayendetsedwa ndi IT kapena sizikutsimikiziranso kusamutsa deta.

DMVPN siimapereka njira zoterezi. Zabwino kwambiri zomwe zingachitike mumaneti wapagulu wa DMVPN ndikuyika m'magulu anthu omwe akutuluka pogwiritsira ntchito ndikuyika patsogolo mukatumizidwa ku chiteshi cha WAN. Kusankhidwa kwa ngalande ya DMVPN kumatsimikiziridwa pankhaniyi kokha ndi kupezeka kwake komanso zotsatira za magwiridwe antchito a njira. Panthawi imodzimodziyo, mapeto a njira / ngalandeyo ndi kuwonongeka kwapang'ono komwe kungatheke sizikuganiziridwa potengera ma metrics ofunikira omwe ali ofunikira pakugwiritsa ntchito maukonde - kuchedwa, kuchedwa kusinthika (jitter) ndi kutayika (% ). Pachifukwa ichi, kuyerekeza mwachindunji DMVPN yachikale ndi SD-WAN pothana ndi mavuto a AppQ kumataya tanthauzo lonse - DMVPN silingathetse vutoli. Mukawonjezera ukadaulo wa Cisco Performance Routing (PfR) munkhaniyi, zinthu zimasintha ndipo kuyerekeza ndi Cisco SD-WAN kumakhala kutanthauza.

Tisanakambilane za kusiyanako, nayi kuyang'ana mwachangu momwe matekinoloje amafananira. Choncho, matekinoloje onse awiri:

  • khalani ndi makina omwe amakulolani kuti muwunike mozama momwe mungayendere iliyonse yokhazikitsidwa malinga ndi ma metrics ena - osachepera, kuchedwa, kuchedwetsa kusinthika ndi kutayika kwa paketi (%).
  • gwiritsani ntchito zida zinazake kuti mupange, kugawa ndi kugwiritsa ntchito malamulo oyendetsera magalimoto (ndondomeko), poganizira zotsatira za kuyeza mkhalidwe wazitsulo zazikulu za tunnel.
  • sinthani kuchuluka kwa magalimoto pamilingo ya L3-L4 (DSCP) ya mtundu wa OSI kapena ndi siginecha ya L7 yotengera njira za DPI zomangidwa mu rauta
  • Pamapulogalamu ofunikira, amakulolani kuti muzindikire zovomerezeka zama metrics, malamulo otumizira magalimoto mosakhazikika, ndi malamulo owongolera magalimoto akadutsa malire.
  • Akamangirira kuchuluka kwa magalimoto mu GRE/IPSec, amagwiritsa ntchito njira yokhazikitsidwa kale yosinthira zilembo za DSCP kupita kumutu wapaketi wakunja wa GRE/IPSEC, womwe umalola kulunzanitsa mfundo za QoS za bungwe ndi woyendetsa telecom (ngati pali SLA yoyenera) .

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kodi SD-WAN ndi DMVPN/PfR end-to-end metrics amasiyana bwanji?

DMVPN/PfR

  • Masensa onse omwe amagwira ntchito komanso osagwira ntchito (Probes) amagwiritsidwa ntchito kuwunika ma metrics azaumoyo. Zomwe zimagwira zimatengera kuchuluka kwa ogwiritsa ntchito, osachita chilichonse amatengera kuchuluka kwa magalimoto otere (palibe).
  • Palibe kukonzanso bwino kwa nthawi komanso kuzindikirika kowonongeka - algorithm imakhazikika.
  • Kuphatikiza apo, kuyeza kwa bandwidth yogwiritsidwa ntchito komwe kumatuluka kulipo. Zomwe zimawonjezera kusinthasintha kwa kayendetsedwe ka magalimoto ku DMVPN/PfR.
  • Panthawi imodzimodziyo, njira zina za PfR, pamene ma metrics apyola, amadalira kuwonetsera kwa ndemanga mu mawonekedwe apadera a TCA (Threshold Crossing Alert) mauthenga omwe ayenera kubwera kuchokera kwa wolandira magalimoto kupita ku gwero, omwe amalingalira kuti dziko la njira zoyezera ziyenera kukhala zokwanira kufalitsa mauthenga a TCA. Zomwe nthawi zambiri sizili vuto, koma mwachiwonekere sizingatsimikizidwe.

Sd-WAN

  • Pakuwunika komaliza mpaka kumapeto kwa metrics wamba, protocol ya BFD imagwiritsidwa ntchito ngati echo. Pankhaniyi, mayankho apadera mu mawonekedwe a TCA kapena mauthenga ofanana sakufunika - kudzipatula kwa madera olephera kumasungidwa. Simafunikiranso kukhalapo kwa kuchuluka kwa ogwiritsa ntchito kuti aunikire momwe mungayendere.
  • Ndizotheka kukonza zowerengera za BFD kuti ziwongolere liwiro la kuyankha komanso kukhudzika kwa algorithm pakuwonongeka kwa njira yolumikizirana kuchokera pamasekondi angapo mpaka mphindi.

    Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

  • Panthawi yolemba, pali gawo limodzi lokha la BFD mumsewu uliwonse. Izi zitha kupangitsa kuti pakhale kuchulukirachulukira pakuwunika mkhalidwe wa tunnel. M'malo mwake, izi zitha kukhala malire ngati mutagwiritsa ntchito kulumikizana kwa WAN kutengera MPLS L2/L3 VPN yokhala ndi QoS SLA yogwirizana - ngati chizindikiro cha DSCP cha BFD traffic (pambuyo pa encapsulation mu IPSec/GRE) chikufanana ndi mzere wotsogola kwambiri maukonde a telecom opareshoni, ndiye izi zitha kukhudza kulondola komanso kuthamanga kwa kuzindikirika kowonongeka kwa magalimoto omwe amafunikira kwambiri. Nthawi yomweyo, ndizotheka kusintha zilembo za BFD zosasinthika kuti muchepetse ngozi ngati izi. M'mitundu yamtsogolo ya pulogalamu ya Cisco SD-WAN, zosintha bwino za BFD zikuyembekezeredwa, komanso kuthekera koyambitsa magawo angapo a BFD mkati mwa ngalande imodzi yokhala ndi ma DSCP (pazogwiritsa ntchito zosiyanasiyana).
  • BFD imakupatsaninso mwayi woyerekeza kukula kwake kwa paketi komwe kumatha kufalitsidwa kudzera munjira inayake popanda kugawikana. Izi zimathandiza SD-WAN kusintha magawo monga MTU ndi TCP MSS Sinthani kuti apindule kwambiri ndi bandwidth yomwe ilipo pa ulalo uliwonse.
  • Mu SD-WAN, kusankha kwa kulunzanitsa kwa QoS kuchokera kwa oyendetsa ma telecom kumapezekanso, osati kungotengera magawo a L3 DSCP, komanso kutengera mikhalidwe ya L2 CoS, yomwe imatha kupangidwa yokha mu netiweki yanthambi ndi zida zapadera - mwachitsanzo, IP. mafoni

Kodi kuthekera, njira zofotokozera ndikugwiritsa ntchito mfundo za AppQ zimasiyana bwanji?

Ndondomeko za DMVPN/PfR:

  • Kutanthauziridwa pa router (ma) nthambi yapakati kudzera pamzere wamalamulo wa CLI kapena ma templates a CLI. Kupanga ma tempulo a CLI kumafuna kukonzekera ndi chidziwitso cha syntax ya mfundo.

    Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

  • Kutanthauziridwa padziko lonse lapansi popanda kuthekera kwa kasinthidwe / kusintha kwamunthu payekha pazofunikira zamagulu amtundu wapaintaneti.
  • Kupanga mfundo zogwiritsa ntchito sikunaperekedwe mu mawonekedwe azithunzi.
  • Kutsata zosintha, cholowa, ndi kupanga mitundu ingapo ya mfundo zosinthira mwachangu siziperekedwa.
  • Zimagawidwa zokha kwa ma routers a nthambi zakutali. Pamenepa, njira zoyankhulirana zomwezo zimagwiritsidwa ntchito potumiza deta ya ogwiritsa ntchito. Ngati palibe njira yolankhulirana pakati pa nthambi yapakati ndi yakutali, kugawa / kusintha kwa ndondomeko sikungatheke.
  • Amagwiritsidwa ntchito pa rauta iliyonse ndipo, ngati kuli kofunikira, sinthani zotsatira za ma protocol wamba, kukhala ndi zofunika kwambiri.
  • Pazochitika zomwe maulalo onse a nthambi ya WAN amawonongeka kwambiri, palibe njira zolipirira zoperekedwa.

Ndondomeko za SD-WAN:

  • Kutanthauziridwa mu vManage GUI kudzera mu wizard yolumikizana.
  • Imathandizira kupanga mfundo zingapo, kukopera, kutengera cholowa, kusinthana pakati pa mfundo munthawi yeniyeni.
  • Imathandizira zoikidwiratu zamalamulo amtundu uliwonse pamagawo osiyanasiyana amtaneti (nthambi)
  • Amagawidwa pogwiritsa ntchito njira iliyonse yomwe ilipo pakati pa wowongolera ndi rauta ndi/kapena vSmart - sizidalira mwachindunji kulumikizana kwa data-ndege pakati pa ma routers. Izi, ndithudi, zimafuna kugwirizanitsa kwa IP pakati pa rauta yokha ndi olamulira.

    Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

  • Pazochitika zomwe nthambi zonse zomwe zilipo zanthambi zimataya kutayika kwakukulu kwa data kupitilira malire ovomerezeka pakugwiritsa ntchito zovuta, ndizotheka kugwiritsa ntchito njira zina zomwe zimakulitsa kudalirika kwa kufalitsa:
    • FEC (Forward Error Correction) - amagwiritsa ntchito ma algorithm apadera owonjezera. Potumiza magalimoto ovuta pamayendedwe omwe ali ndi kuchuluka kwakukulu kwa zotayika, FEC imatha kukhazikitsidwa yokha ndikulola, ngati kuli kofunikira, kubwezeretsa gawo lotayika la data. Izi zimawonjezera pang'ono bandwidth yomwe imagwiritsidwa ntchito, koma imathandizira kwambiri kudalirika.

      Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

    • Kubwereza kwa mitsinje ya data - Kuphatikiza pa FEC, ndondomekoyi ikhoza kupereka kubwereza kwa magalimoto osankhidwa mwachisawawa pokhapokha ngati pali kutaya kwakukulu komwe sikungalipidwe ndi FEC. Pachifukwa ichi, deta yosankhidwa idzaperekedwa kudzera muzitsulo zonse zopita kunthambi yolandira ndi kubwereza motsatira (kuponya mapepala owonjezera a mapaketi). Makinawa amakulitsa kwambiri kugwiritsa ntchito njira, komanso kumawonjezera kudalirika kwapatsiku.

Kuthekera kwa Cisco SD-WAN, popanda ma analogi achindunji mu DMVPN/PfR

Kapangidwe ka yankho la Cisco SD-WAN nthawi zina kumakupatsani mwayi wopeza maluso omwe mwina ndi ovuta kwambiri kukhazikitsa mkati mwa DMVPN/PfR, kapena osatheka chifukwa cha ndalama zogwirira ntchito, kapena zosatheka. Tiyeni tiwone zosangalatsa kwambiri mwa iwo:

Traffic-Engineering (TE)

TE imaphatikizapo njira zomwe zimalola magalimoto kuti achoke panjira yokhazikika yopangidwa ndi ma protocol. TE nthawi zambiri imagwiritsidwa ntchito kuwonetsetsa kupezeka kwakukulu kwa mautumiki apaintaneti, kudzera pakutha mwachangu komanso/kapena mwachangu kusamutsa magalimoto ofunikira kupita kunjira ina (yosagwirizana) yopatsirana, kuti awonetsetse kuti ntchito yabwinoko kapena kuchira msanga pakalephera. panjira yayikulu.

Kuvuta pakukhazikitsa TE kuli pakufunika kuwerengera ndikusunga (onani) njira ina pasadakhale. M'ma network a MPLS ogwiritsira ntchito telecom, vutoli limathetsedwa pogwiritsa ntchito matekinoloje monga MPLS Traffic-Engineering ndi zowonjezera za IGP protocol ndi RSVP protocol. Posachedwapa, ukadaulo wa Segment Routing, womwe umakongoletsedwa kwambiri pakusinthitsa ndi kuyimba kwapakati, wadziwika kwambiri. Mumanetiweki akale a WAN, matekinolojewa nthawi zambiri samayimiridwa kapena amachepetsedwa kuti agwiritse ntchito njira za hop-by-hop monga Policy-Based Routing (PBR), zomwe zimatha kusuntha magalimoto, koma tsatirani izi pa rauta iliyonse padera - osatenga. kutengera momwe netiweki yonse kapena PBR zimatsata m'mbuyomu kapena zotsatila. Chotsatira chogwiritsa ntchito zosankha za TE izi ndizokhumudwitsa - MPLS TE, chifukwa cha zovuta za kasinthidwe ndi ntchito, imagwiritsidwa ntchito, monga lamulo, pagawo lovuta kwambiri la intaneti (pachimake), ndipo PBR imagwiritsidwa ntchito pa ma routers popanda kuthekera kopanga mfundo zolumikizana za PBR pa netiweki yonse. Mwachiwonekere, izi zikugwiranso ntchito pamanetiweki a DMVPN.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

SD-WAN pankhaniyi imapereka yankho lokongola kwambiri lomwe silosavuta kuyikonza, komanso masikelo abwinoko. Izi ndi zotsatira za kayendetsedwe ka ndege ndi ndondomeko za ndege zomwe zimagwiritsidwa ntchito. Kukhazikitsa ndondomeko-ndege mu SD-WAN kumakupatsani mwayi wofotokozera zapakati mfundo za TE - ndi anthu otani omwe ali ndi chidwi? za VPN ziti? Kodi ndi njira ziti zomwe ndizofunikira kapena, kuletsedwa kupanga njira ina? Momwemonso, kukhazikitsidwa kwapakati pakuwongolera-ndege kutengera owongolera a vSmart kumakupatsani mwayi wosintha zotsatira zamayendedwe osagwiritsa ntchito makonzedwe a zida zapayekha - ma routers amawona kale zotsatira za malingaliro omwe adapangidwa mu vManage mawonekedwe ndikusamutsidwa kuti agwiritse ntchito vSmart.

Service-chaining

Kupanga maunyolo ogwira ntchito ndi ntchito yovuta kwambiri pamayendedwe akale kuposa momwe tafotokozera kale za Traffic-Engineering. Zowonadi, pakadali pano, ndikofunikira osati kungopanga njira yapadera yogwiritsira ntchito netiweki, komanso kuwonetsetsa kuti mutha kuchotsa kuchuluka kwa magalimoto pamaneti pazida zina (kapena zonse) za netiweki ya SD-WAN kuti ikonzedwe ndi. ntchito yapadera kapena ntchito (Firewall, Balancing, Caching, Inspection traffic, etc.). Panthawi imodzimodziyo, ndikofunikira kuti muzitha kuyendetsa ntchito zakunja izi kuti muteteze zochitika zakuda, komanso njira zomwe zimalola kuti mautumiki akunja amtundu womwewo akhazikitsidwe m'malo osiyanasiyana a geo. ndi luso la netiweki kusankha basi mulingo woyenera kwambiri utumiki mfundo pokonza magalimoto a nthambi inayake . Pankhani ya Cisco SD-WAN, izi ndizosavuta kukwaniritsa popanga mfundo yoyenera yapakati yomwe "imamatira" mbali zonse za unyolo wautumiki womwe mukufuna kuti ukhale umodzi ndikusintha ma data-ndege ndi kuwongolera-ndege pokhapokha. ndipo pakafunika kutero.

Kodi Cisco SD-WAN idzadula nthambi yomwe DMVPN imakhalapo?

Kuthekera kopanga ma geo-gawidwe kugawika kwa magalimoto amitundu yosankhidwa motsatizana pazida zapadera (koma zosakhudzana ndi netiweki ya SD-WAN yokha) mwina ndiye chiwonetsero chowonekera bwino chaubwino wa Cisco SD-WAN kuposa wapamwamba kwambiri. matekinoloje komanso njira zina za SD -WAN kuchokera kwa opanga ena.

Cholinga chake ndi chiyani?

Mwachiwonekere, onse DMVPN (wokhala kapena opanda Performance Routing) ndi Cisco SD-WAN kuthetsa mavuto ofanana kwambiri mogwirizana ndi netiweki ya WAN yogawidwa ya bungwe. Nthawi yomweyo, kusiyana kwakukulu kwamamangidwe ndi magwiridwe antchito muukadaulo wa Cisco SD-WAN kumabweretsa njira yothetsera mavutowa. ku mlingo wina wabwino. Mwachidule, titha kuzindikira kusiyana kwakukulu pakati pa SD-WAN ndi DMVPN/PfR matekinoloje:

  • DMVPN/PfR nthawi zambiri amagwiritsa ntchito matekinoloje oyesedwa nthawi yomanga ma network a VPN ndipo, malinga ndi data-plane, ndi ofanana ndi ukadaulo wamakono wa SD-WAN, komabe, pali zolephera zingapo mu mawonekedwe a kuvomerezedwa kokhazikika. ya ma routers ndi kusankha kwa topology kumangokhala ku Hub-n-Spoke. Kumbali inayi, DMVPN/PfR ili ndi magwiridwe antchito omwe sanapezeke mkati mwa SD-WAN (tikulankhula za BFD iliyonse).
  • Mkati mwa ndege zowongolera, matekinoloje amasiyana kwambiri. Poganizira zakusintha kwapakati pamasigino osayina, SD-WAN imalola, makamaka, kuchepetsa madera olephera komanso "kuchepetsa" njira yotumizira kuchuluka kwa ogwiritsa ntchito kuchokera pamasigino - kusapezeka kwakanthawi kwa owongolera sikukhudza kuthekera kotumiza anthu. . Panthawi imodzimodziyo, kusapezeka kwakanthawi kwa nthambi iliyonse (kuphatikiza yapakati) sikumakhudza mwanjira iliyonse kuthekera kwa nthambi zina kuyanjana wina ndi mnzake ndi olamulira.
  • Mapangidwe a mapangidwe ndi kugwiritsa ntchito malamulo oyendetsera magalimoto pa nkhani ya SD-WAN ndiwopambananso kuposa omwe ali mu DMVPN/PfR - kusungitsa malo kumayendetsedwa bwino kwambiri, palibe kulumikizana ndi Hub, pali mwayi wochulukirapo. -kukonza ndondomeko, mndandanda wa zochitika zoyendetsera magalimoto zomwe zakhazikitsidwa ndizokulirapo.
  • Njira yothetsera vutoli imakhalanso yosiyana kwambiri. DMVPN imalingalira kukhalapo kwa magawo odziwika kale omwe ayenera kuwonetsedwa mwanjira ina, zomwe zimalepheretsa kusinthasintha kwa yankho komanso kuthekera kwa kusintha kwamphamvu. Komanso, SD-WAN imachokera pamalingaliro akuti panthawi yoyamba yolumikizana, rauta "sikudziwa kalikonse" za oyang'anira ake, koma amadziwa "yemwe mungamufunse" - izi ndizokwanira osati kungoyambitsa kulumikizana ndi. olamulira, komanso kuti azidzipanga zokha zolumikizidwa bwino ndi data-ndege topology, yomwe imatha kusinthidwa / kusinthidwa pogwiritsa ntchito mfundo.
  • Pankhani ya kasamalidwe kapakati, makina opangira ndi kuyang'anira, SD-WAN ikuyembekezeka kupitilira mphamvu za DMVPN/PfR, zomwe zidachokera kuukadaulo wakale ndikudalira kwambiri mzere wamalamulo wa CLI komanso kugwiritsa ntchito kachitidwe ka NMS kozikidwa pa template.
  • Mu SD-WAN, poyerekeza ndi DMVPN, zofunikira zachitetezo zafika pamlingo wosiyana. Mfundo zazikuluzikulu ndi zero trust, scalability ndi kutsimikizika kwazinthu ziwiri.

Malingaliro osavuta awa angapereke malingaliro olakwika kuti kupanga netiweki yozikidwa pa DMVPN/PfR kwasiya kufunikira lero. Izi sizowona kwathunthu. Mwachitsanzo, ngati intaneti imagwiritsa ntchito zida zambiri zakale ndipo palibe njira yosinthira, DMVPN ikhoza kukulolani kuti muphatikize zida "zakale" ndi "zatsopano" mu netiweki imodzi yogawidwa ndi geo yokhala ndi zabwino zambiri zomwe zafotokozedwa. pamwamba.

Kumbali inayi, ziyenera kukumbukiridwa kuti ma routers onse aposachedwa a Cisco corporate otengera IOS XE (ISR 1000, ISR 4000, ASR 1000, CSR 1000v) masiku ano amathandizira njira iliyonse yopangira - njira zonse zapamwamba komanso DMVPN ndi SD-WAN - kusankha kumatsimikiziridwa ndi zosowa zamakono komanso kumvetsetsa kuti nthawi iliyonse, pogwiritsa ntchito zipangizo zomwezo, mukhoza kuyamba kupita ku zipangizo zamakono.

Source: www.habr.com

Kuwonjezera ndemanga