Mothandizidwa ndi chidutswa chamatsenga ichi cha Cisco ACI script, mutha kukhazikitsa maukonde mwachangu.
Fakitale ya network ya Cisco ACI data center yakhalapo kwa zaka zisanu, koma HabrΓ© sananene kalikonse za izo, kotero ndinaganiza zokonza pang'ono. Ndikuwuzani pazomwe ndakumana nazo, momwe zimagwiritsidwira ntchito komanso komwe zili ndi chokwatula.
Ndi chiyani ndipo chinachokera kuti?
Pofika nthawi yomwe ACI (Application Centric Infrastructure) idalengezedwa mu 2013, ochita nawo mpikisano anali kupita patsogolo pazachikhalidwe cha ma data center network kuchokera kumbali zitatu nthawi imodzi.
Kumbali imodzi, mayankho a "m'badwo woyamba" a SDN kutengera OpenFlow adalonjeza kuti ma network azitha kusinthika komanso otsika mtengo nthawi imodzi. Lingaliro linali losuntha kupanga zisankho zomwe zimachitidwa ndi pulogalamu yosinthana ndi eni kupita kwa woyang'anira wapakati.
Woyang'anira uyu atha kukhala ndi masomphenya amodzi a chilichonse chomwe chimachitika ndipo, kutengera izi, amakonza zida zamasinthidwe onse pamlingo wa malamulo opangira mafunde ena.
Kumbali ina, njira zolumikizirana maukonde zidapangitsa kuti zitheke kukhazikitsa kulumikizana kofunikira ndi mfundo zachitetezo popanda kusintha kulikonse pamanetiweki, kupanga ma tunnel a mapulogalamu pakati pa makamu okhazikika. Chitsanzo chodziwika bwino cha njira iyi chinali Nicira, yomwe panthawiyo inali itapezedwa kale ndi VMWare kwa $ 1,26 biliyoni ndikuyambitsa VMWare NSX yamakono. Piquancy ina ya izi idawonjezedwa ndikuti omwe adayambitsa Nicira anali anthu omwewo omwe adayimilira kale pa chiyambi cha OpenFlow, akunena kuti kuti amange fakitale ya data center. .
Ndipo potsiriza, tchipisi chosinthira chomwe chilipo pamsika wotseguka (chomwe chimatchedwa silicon yamalonda) chafika pamlingo wokhwima pomwe chakhala chiwopsezo chenicheni kwa opanga ma switch achikhalidwe. Ngati kale aliyense wogulitsa paokha kupanga tchipisi kwa masiwichi ake, ndiye m'kupita kwa nthawi, tchipisi kwa opanga lachitatu chipani, makamaka Broadcom, anayamba kuchepetsa mtunda ndi tchipisi ogulitsa mawu a ntchito, ndipo kuposa iwo mu mawu a chiΕ΅erengero cha mtengo / ntchito. Choncho, ambiri ankakhulupirira kuti masiku a masiwichi pa tchipisi kapangidwe awo anawerengedwa.
ACI yakhala "asymmetric response" ya Cisco (mochuluka, kampani yake ya Insieme, yomwe inakhazikitsidwa ndi antchito ake akale) kwa zonsezi.
Kodi pali kusiyana kotani ndi OpenFlow?
Pankhani yogawa ntchito, ACI ndiyosiyana ndi OpenFlow.
Muzomangamanga za OpenFlow, wowongolera ali ndi udindo wolemba malamulo atsatanetsatane (mayendedwe)
mu hardware ya masiwichi onse, ndiko kuti, mu maukonde lalikulu, akhoza kukhala ndi udindo kusunga ndi, chofunika kwambiri, kusintha makumi mamiliyoni a zolemba pa mazana a mfundo maukonde, kotero ntchito yake ndi kudalirika kukhala botolo mu a. kukhazikitsa kwakukulu.
ACI imagwiritsa ntchito njira yosinthira: inde, palinso wowongolera, koma masinthidwewo amalandira mfundo zolengeza zapamwamba kuchokera kwa iwo, ndipo chosinthiracho chimangopanga tsatanetsatane wa zoikamo zinazake mu hardware. Wowongolera akhoza kuyambiranso kapena kuzimitsidwa palimodzi, ndipo palibe choipa chomwe chidzachitike pa intaneti, kupatula, ndithudi, kusowa kwa ulamuliro panthawi ino. Chosangalatsa ndichakuti, pali zochitika mu ACI momwe OpenFlow ikugwiritsidwabe ntchito, koma kwanuko mkati mwa omwe ali ndi pulogalamu ya Open vSwitch.
ACI imamangidwa kwathunthu pamayendedwe ophatikizika a VXLAN, koma imaphatikizapo zoyendera za IP monga gawo limodzi la yankho. Cisco adatcha izi kuti "zophatikizika" mawu. Monga malo omaliza opangira ma ACI, nthawi zambiri, masiwichi a fakitale amagwiritsidwa ntchito (amachita izi pa liwiro la ulalo). Othandizira sakuyenera kudziwa chilichonse chokhudza fakitale, encapsulation, etc., komabe, nthawi zina (mwachitsanzo, kulumikiza makamu a OpenStack), magalimoto a VXLAN akhoza kubweretsedwa kwa iwo.
Zowonjezera zimagwiritsidwa ntchito mu ACI osati kungopereka kulumikizana kosinthika kudzera pamaneti oyendera, komanso kusamutsa ma metainformation (amagwiritsidwa ntchito, mwachitsanzo, kugwiritsa ntchito mfundo zachitetezo).
Chips kuchokera ku Broadcom m'mbuyomu adagwiritsidwa ntchito ndi Cisco muzosintha zamtundu wa Nexus 3000. M'banja la Nexus 9000, lotulutsidwa mwapadera kuti lithandizire ACI, mtundu wosakanizidwa unakhazikitsidwa poyamba, womwe umatchedwa Merchant +. Kusinthaku kunagwiritsa ntchito chip chatsopano cha Broadcom Trident 2 ndi chothandizira chopangidwa ndi Cisco, chomwe chimagwiritsa ntchito matsenga onse a ACI. Mwachiwonekere, izi zinapangitsa kuti zitheke kufulumizitsa kutulutsidwa kwa mankhwalawa ndi kuchepetsa mtengo wamtengo wapatali wa kusintha kwa mlingo pafupi ndi zitsanzo zomwe zimangotengera Trident 2. Njirayi inali yokwanira zaka ziwiri kapena zitatu zoyambirira za ACI zoperekedwa. Panthawiyi, Cisco yapanga ndikukhazikitsa m'badwo wotsatira wa Nexus 9000 pa tchipisi tokha ndi magwiridwe antchito komanso mawonekedwe, koma pamtengo womwewo. Zolemba zakunja zokhudzana ndi kuyanjana mu fakitale zimasungidwa kwathunthu. Panthawi imodzimodziyo, kudzazidwa kwamkati kwasintha kotheratu: chinachake monga refactoring, koma chitsulo.
Momwe Cisco ACI Architecture Imagwirira Ntchito
Muzosavuta, ACI imamangidwa pa topology ya Klose network, kapena, monga amanenera nthawi zambiri, Spine-Leaf. Zosintha zamtundu wa msana zitha kukhala ziwiri (kapena chimodzi, ngati sitisamala za kulolerana kolakwa) mpaka zisanu ndi chimodzi. Chifukwa chake, ochulukirapo a iwo, amakulitsa kulolerana kolakwika (kutsika kwa bandwidth ndi kudalirika kutsika pakachitika ngozi kapena kukonza kwa Spine imodzi) komanso magwiridwe antchito onse. Malumikizidwe onse akunja amapita ku masinthidwe amasamba: awa ndi ma seva, ndi ma docking ndi maukonde akunja kudzera pa L2 kapena L3, ndikulumikiza olamulira a APIC. Kawirikawiri, ndi ACI, osati kusinthika kokha, komanso kusonkhanitsa ziwerengero, kuyang'anira kulephera, ndi zina zotero - chirichonse chimachitika kudzera mu mawonekedwe a olamulira, omwe ali ndi atatu omwe ali ndi machitidwe akuluakulu.
Simuyenera kulumikizidwa ndi masinthidwe ndi kontrakitala, ngakhale kuyambitsa maukonde: wowongolera yekha amazindikira masiwichi ndikusonkhanitsa fakitale kuchokera kwa iwo, kuphatikiza makonda a ma protocol onse autumiki, chifukwa chake, ndikofunikira kwambiri lembani manambala amtundu wa zida zomwe zimayikidwa pakukhazikitsa, kuti pambuyo pake musaganize kuti ndi switch iti yomwe ili ndi rack. Kuti muthane ndi mavuto, ngati kuli kofunikira, mutha kulumikizana ndi masiwichi kudzera pa SSH: amapanganso malamulo a Cisco wamba mosamala kwambiri.
Mkati, fakitale imagwiritsa ntchito zoyendera za IP, kotero palibe Mtengo Wotambasula ndi zoopsa zina zakale mmenemo: maulalo onse amakhudzidwa, ndipo kugwirizanitsa ngati kulephera kumathamanga kwambiri. Magalimoto mu nsalu amafalitsidwa kudzera mu tunnels zochokera ku VXLAN. Ndendende, Cisco palokha imayitana iVXLAN encapsulation, ndipo imasiyana ndi VXLAN nthawi zonse chifukwa minda yosungidwa pamutu wapaintaneti imagwiritsidwa ntchito potumiza zidziwitso zautumiki, makamaka za ubale wamagalimoto ku gulu la EPG. Izi zimakuthandizani kuti mugwiritse ntchito malamulo ogwirizana pakati pa magulu muzipangizo, pogwiritsa ntchito manambala awo mofanana ndi maadiresi omwe amagwiritsidwa ntchito m'ndandanda wamba wofikira.
Ma tunnel amalola kuti magawo onse a L2 ndi L3 magawo (ie VRF) atambasulidwe kudzera mumayendedwe amkati a IP. Pankhaniyi, chipata chosasinthika chimagawidwa. Izi zikutanthauza kuti chosinthira chilichonse chimakhala ndi udindo wowongolera magalimoto omwe amalowa munsalu. Pankhani ya kayendetsedwe ka magalimoto, ACI ndi yofanana ndi nsalu ya VXLAN / EVPN.
Ngati ndi choncho, pali kusiyana kotani? Zina zonse!
Kusiyana koyamba komwe mumakumana ndi ACI ndi momwe ma seva amalumikizidwa ndi netiweki. Mu maukonde achikhalidwe, kuphatikiza kwa ma seva onse akuthupi ndi makina enieni amapita ku VLAN, ndipo china chilichonse chimavina kuchokera kwa iwo: kulumikizana, chitetezo, ndi zina. Mu ACI, mapangidwe amagwiritsidwa ntchito omwe Cisco amatcha EPG (End-point Group), komwe palibe kothawirako. Kodi ndizotheka kufananiza ndi VLAN? Inde, koma mu nkhani iyi pali mwayi kutaya zambiri zimene ACI amapereka.
Ponena za EPG, malamulo onse olowera amapangidwa, ndipo mu ACI, mfundo ya "mndandanda woyera" imagwiritsidwa ntchito mwachisawawa, ndiko kuti, magalimoto okha amaloledwa, ndimeyi yomwe imaloledwa momveka bwino. Ndiko kuti, tikhoza kupanga magulu a "Web" ndi "MySQL" EPG ndikutanthauzira lamulo lomwe limalola kulankhulana pakati pawo pa doko la 3306. Izi zidzagwira ntchito popanda kumangirizidwa ku maadiresi amtundu komanso ngakhale mkati mwa subnet yomweyo!
Tili ndi makasitomala omwe asankha ACI ndendende chifukwa cha izi, chifukwa amakulolani kuletsa mwayi pakati pa ma seva (anthu enieni kapena akuthupi - zilibe kanthu) popanda kuwakokera pakati pa ma subnets, zomwe zikutanthauza kuti osakhudza ma adilesi. Inde, inde, tikudziwa kuti palibe amene amalemba ma adilesi a IP pamasinthidwe a pulogalamu ndi dzanja, sichoncho?
Malamulo apamsewu mu ACI amatchedwa makontrakitala. Mu mgwirizano woterewu, gulu limodzi kapena angapo kapena magawo ambiri muzofunsira zambiri amakhala wothandizira (mwachitsanzo, ntchito ya database), ena amakhala ogula. Mgwirizanowu ukhoza kungodutsa magalimoto, kapena ukhoza kuchita zinthu zovuta kwambiri, mwachitsanzo, kuwongolera ku firewall kapena balancer, ndikusintha mtengo wa QoS.
Kodi ma seva amalowa bwanji m'magulu awa? Ngati awa ndi ma seva akuthupi kapena china chake chomwe chikuphatikizidwa mu netiweki yomwe ilipo yomwe tidapanga thunthu la VLAN, ndiye kuti muwaike mu EPG, muyenera kuloza doko losinthira ndi VLAN yomwe imagwiritsidwa ntchito pamenepo. Monga mukuwonera, ma VLAN amawonekera pomwe simungathe kuchita popanda iwo.
Ngati ma seva ndi makina enieni, ndiye kuti ndikwanira kutchula malo okhudzana ndi chilengedwe, ndiyeno zonse zidzangochitika zokha: gulu la doko lidzapangidwa (mogwirizana ndi VMWare) kuti ligwirizane ndi VM, ma VLAN ofunikira kapena VXLAN adzapangidwa. adzapatsidwa, adzalembetsedwa pa madoko osinthira ofunikira, etc. Kotero, ngakhale ACI imamangidwa mozungulira maukonde akuthupi, maulumikizidwe a ma seva enieni amawoneka ophweka kusiyana ndi akuthupi. ACI yayamba kale kulumikizidwa ndi VMWare ndi MS Hyper-V, komanso kuthandizira kwa OpenStack ndi RedHat Virtualization. Kuyambira nthawi zina, chithandizo chokhazikika cha nsanja zachidebe chawonekeranso: Kubernetes, OpenShift, Cloud Foundry, pomwe ikukhudza kugwiritsa ntchito mfundo ndi kuwunika, ndiko kuti, woyang'anira ma netiweki amatha kuwona nthawi yomweyo ndi makamu ati omwe akugwira ntchito ndi magulu omwe amagwera.
Kuphatikiza pakuphatikizidwa mu gulu linalake la doko, ma seva enieni ali ndi zina zowonjezera: dzina, zikhumbo, ndi zina zotero, zomwe zingagwiritsidwe ntchito ngati njira zowasamutsira ku gulu lina, kunena kuti, VM ikasinthidwa kapena chizindikiro chowonjezera chikuwonekera. izo. Cisco imatcha magulu ang'onoang'ono, ngakhale, makamaka, mapangidwewo omwe amatha kupanga zigawo zambiri zachitetezo mu mawonekedwe a EPGs pa subnet yomweyo ndi gawo laling'ono. Chabwino, wogulitsa amadziwa bwino.
Ma EPG okha ndi omangidwa momveka bwino, osamangirizidwa ku masiwichi enieni, maseva, ndi zina zambiri, kotero mutha kuchita nawo zinthu ndikumanga motengera iwo (mapulogalamu ndi obwereketsa) omwe ndi ovuta kuchita pamanetiweki wamba, monga cloning. Zotsatira zake, tinene kuti ndikosavuta kufananiza malo opangirako kuti mupeze malo oyesera omwe amatsimikizika kuti ndi ofanana ndi malo opanga. Mukhoza kuchita pamanja, koma ndi bwino (komanso zosavuta) kudzera API.
Mwambiri, zowongolera mu ACI sizofanana konse ndi zomwe mumakumana nazo nthawi zambiri
mu maukonde achikhalidwe kuchokera ku Cisco yemweyo: mawonekedwe a mapulogalamu ndi oyambira, ndipo GUI kapena CLI ndi yachiwiri, chifukwa amagwira ntchito kudzera mu API yomweyo. Chifukwa chake, pafupifupi aliyense wokhudzidwa ndi ACI, pakapita nthawi, amayamba kuyang'ana chinthu chomwe chimagwiritsidwa ntchito poyang'anira ndikusintha china chake kuti chigwirizane ndi zosowa zawo. Njira yosavuta yochitira izi ndikuchokera ku Python: pali zida zokonzekera zokonzekera bwino.
Wolonjezedwa tenga
Vuto lalikulu ndilakuti zinthu zambiri mu ACI zimachitika mosiyana. Kuti muyambe kugwira nawo ntchito moyenera, muyenera kuyambiranso. Izi ndizowona makamaka kwa magulu ogwira ntchito pa intaneti mwa makasitomala akuluakulu, kumene akatswiri akhala "akulembera ma VLAN" kwa zaka zambiri popempha. Mfundo yakuti tsopano ma VLAN salinso ma VLAN, ndipo simukusowa kupanga ma VLAN pamanja kuti muyike maukonde atsopano kukhala makamu owoneka bwino, amawomba denga pamaneti achikhalidwe ndikuwapangitsa kumamatira kunjira zodziwika bwino. Tiyenera kukumbukira kuti Cisco anayesa kutsekemera piritsilo pang'ono ndikuwonjezera "NXOS-like" CLI kwa woyang'anira, zomwe zimakulolani kupanga masinthidwe kuchokera ku mawonekedwe ofanana ndi kusintha kwachikhalidwe. Komabe, kuti muyambe kugwiritsa ntchito ACI nthawi zonse, muyenera kumvetsetsa momwe imagwirira ntchito.
Pankhani yamtengo, pamasikelo akulu ndi apakatikati, ma ACI samasiyana kwenikweni ndi maukonde achikhalidwe pazida za Cisco, popeza masiwichi omwewo amagwiritsidwa ntchito kuwamanga (Nexus 9000 imatha kugwira ntchito mu ACI komanso mwachikhalidwe ndipo tsopano yakhala yofunika kwambiri. "workhorse" yama projekiti atsopano a data center). Koma kwa malo opangira data a masinthidwe awiri, kukhalapo kwa owongolera ndi zomangamanga za Spine-Leaf, ndithudi, zimadzimva. Posachedwapa, fakitale ya Mini ACI yawonekera, momwe olamulira awiri mwa atatuwa amasinthidwa ndi makina enieni. Izi zimachepetsa kusiyana kwa mtengo, koma kumakhalabe. Chifukwa chake kwa kasitomala, kusankha kumatsimikiziridwa ndi momwe amasangalalira ndi zida zachitetezo, kuphatikiza ndi virtualization, malo amodzi owongolera, ndi zina zotero.
Source: www.habr.com