Π Ndakatsanangura network automation framework. Sekureva kwavamwe vanhu, kunyangwe iyi yekutanga nzira yedambudziko yakatogadzirisa mimwe mibvunzo. Uye izvi zvinondifadza zvikuru, nokuti chinangwa chedu mukutenderera hachisi kuvhara Ansible nePython zvinyorwa, asi kuvaka hurongwa.
Iyo imwechete hurongwa inogadzirisa kurongeka kwatichaita nemubvunzo.
Uye network virtualization, iyo iyi nyaya yakatsaurirwa, haina kunyanya kuenderana neiyo ADSM musoro, kwatinoongorora otomatiki.
Asi ngatizvitarisei nerimwe divi.
Masevhisi mazhinji anga achishandisa network imwechete kwenguva yakareba. Munyaya ye telecom operator, iyi 2G, 3G, LTE, Broadband uye B2B, somuenzaniso. Munyaya yeDC: yekubatanidza kune vatengi vakasiyana, Internet, block storage, chinhu chekuchengetedza.
Uye masevhisi ese anoda kuparadzaniswa kubva kune mumwe nemumwe. Aya ndiwo maratidziro akaita ma network overlay.
Uye ese masevhisi haadi kumirira kuti munhu agadzirise iwo nemaoko. Aya ndiwo maratidziro akaita orchestrators neSDN.
Maitiro ekutanga ekurongeka otomatiki etiweki, kana kuti chikamu chayo, chave chichitorwa uye chaitwa munzvimbo dzakawanda: VMWare, OpenStack, Google Compute Cloud, AWS, Facebook.
Ndizvo zvatichabata nazvo nhasi.
Zviri mukati
- zvikonzero
- Terminology
- Underlay - network network
- Overlay - virtual network
- Kufukidzira neToR
- Overlay kubva kumuenzi
- Kushandisa Tungsten Fabric semuenzaniso
- Kukurukurirana mukati memuchina mumwe chete wemuviri
- Kukurukurirana pakati peVMs iri pamashini akasiyana emuviri
- Buda kunyika yekunze
- FAQ
- mhedziso
- Useful links
zvikonzero
Uye sezvo tiri kutaura pamusoro peizvi, zvakakodzera kutaura zvinodikanwa zve network virtualization. Kutaura zvazviri, izvi hazvina kutanga nezuro.
Iwe wakambonzwa kanopfuura kamwe chete kuti network yagara iri yakanyanya inert chikamu chechero system. Uye izvi ndezvechokwadi mupfungwa dzose. Iyo network ndiyo hwaro hwezvinhu zvese, uye kuita shanduko pairi kwakaoma - masevhisi haazvishivirire kana network yadzikira. Kazhinji, kubvisa node imwe chete kunogona kutora chikamu chikuru chekushandisa uye kukanganisa vatengi vazhinji. Ichi ndicho chikonzero nei timu yetiweki ichigona kuramba chero shanduko - nekuti ikozvino inoshanda neimwe nzira (tingasatomboziva kuti sei), asi pano iwe unofanirwa kugadzirisa chimwe chinhu chitsva, uye hazvizivikanwe kuti zvichakanganisa sei network.
Kuti usamirire kuti manetwork aise VLAN uye kuti asanyorese masevhisi pane imwe neimwe network node, vanhu vakauya nepfungwa yekushandisa overlays - overlay network - ayo ane akasiyana siyana: GRE, IPinIP, MPLS, MPLS L2/L3VPN, VXLAN, GENEVE, MPLSoverUDP, MPLSoverGRE, nezvimwe.
Chikumbiro chavo chiri muzvinhu zviviri zviri nyore:
- Manodhi ekupedzisira chete ndiwo anogadziriswa-nodhi dzekufambisa hadzidi kubatwa. Izvi zvinonyanya kumhanyisa maitiro, uye dzimwe nguva zvinokutendera iwe kusabvisa zvachose network network yedhipatimendi kubva pakuunza masevhisi matsva.
- Mutoro wacho wakavanzwa mukati memisoro - manodhi ekufambisa haafanire kuziva chero chinhu pamusoro payo, nezvekutaura kune vanogamuchira, kana nezve nzira dzeiyo overlay network. Izvi zvinoreva kuti iwe unofanirwa kuchengetedza ruzivo rushoma mumatafura, izvo zvinoreva kushandisa iri nyore / yakachipa mudziyo.
Mune ino isiri yakazara-yakazara nyaya, ini handironge kuongorora zvese zvinogoneka matekinoroji, asi kuti nditsanangure hurongwa hwekushanda kwemambure epamusoro muDCs.
Iyo yese nhevedzano inotsanangura dhata data ine mitsara yeakafanana racks umo imwechete sevha midziyo yakaiswa.
Ichi chishandiso chinomhanyisa chaiwo michina / midziyo / serverless inoshandisa masevhisi.
Terminology
Muchiuno server Ini ndichatumidza chirongwa chinoshandisa sevha yedivi revatengi-server kutaurirana.
Michina yemuviri mumaraki inonzi maseva kwete tichadaro.
Muchina wenyama - x86 komputa yakaiswa muraki. Izwi rinonyanya kushandiswa mushanyi. Ndizvo zvatichazvidaidza kuti "ΠΌΠ°ΡΠΈΠ½Π°"kana mushanyi.
Hypervisor - Chishandiso chinomhanya pamushini wenyama unoteedzera zviwanikwa izvo Virtual Machines inomhanya. Dzimwe nguva mumabhuku neInternet izwi rekuti "hypervisor" rinoshandiswa serimwe izwi rekuti "host".
Virtual muchina - sisitimu yekushandisa inomhanya pamushini wenyama pamusoro pe hypervisor. Kwatiri mukutenderera uku, hazvina basa kuti uri muchina chaiwo here kana kuti chigaba chete. Ngatifonere "VMΒ«
Tenant ipfungwa yakakura yandichatsanangura muchinyorwa chino sevhisi yakaparadzana kana mutengi akaparadzana.
Multi-tenancy kana multitenancy - kushandiswa kwechishandiso chimwe chete nevatengi / masevhisi akasiyana. Panguva imwecheteyo, kuparadzaniswa kwevatengi kubva kune mumwe kune mumwe kunowanikwa nekuda kwechishandiso chivakwa, uye kwete kuburikidza neakasiyana anomhanya zviitiko.
ToR - Pamusoro peiyo Rack switch - switch yakaiswa mune rack iyo yese michina yemuviri yakabatana.
Pamusoro peiyo ToR topology, vanopa vakasiyana vanodzidzira End of Row (EoR) kana Pakati peRow (kunyangwe iyo yekupedzisira iri kushomeka kushoma uye ini handisati ndaona iyo MoR chidimbu).
Underlay network kana iyo yepasi network kana underlay ndiyo yenyama network network: switch, routers, tambo.
Overlay network kana overlay network kana overlay - chaiyo network yematanho anomhanya pamusoro peiyo yenyama.
L3 jira kana IP jira -Kugadzirwa kunoshamisa kwevanhu kunobvumidza iwe kudzivirira kudzokorora STP uye kudzidza TRILL yekubvunzurudza. Pfungwa umo iyo network yese kusvika padanho rekuwana inongori L3, isina maVLAN uye, nekudaro, yakakura yakawedzera nhepfenyuro domains. Tichatarisa kuti izwi rekuti "fekitori" rinobva kupi muchikamu chinotevera.
SDN -Software Inotsanangurwa Network. Kashoma kuda sumo. Nzira yekubata manejimendi uko shanduko kune network haiitwe nemunhu, asi nechirongwa. Kazhinji zvinoreva kufambisa Kudzora Ndege kupfuura yekupedzisira network zvishandiso kune controller.
NFV - Network Function Virtualization - virtualization yetiweki zvishandiso, zvichiratidza kuti mamwe mabasa etiweki anogona kuitiswa muchimiro chemichina chaiyo kana midziyo kuti ikurumidze kuita masevhisi matsva, kuronga Service Chaining uye yakapusa yakatwasuka scalability.
VNF -Virtual Network Basa. Chaiyo virtual mudziyo: router, switch, firewall, NAT, IPS/IDS, nezvimwe.
Ini zvino ndave kurerutsa tsananguro yacho nemaune kune imwe nzira yekushandisa, kuti ndisanyanya kuvhiringa muverengi. Kuti uwane kuverenga kune kufunga, ndinomuendesa kuchikamu . Pamusoro pezvo, Roma Gorge, anotsoropodza chinyorwa ichi nekuda kwekusarongeka, anovimbisa kunyora imwe nyaya yakaparadzana nezve server uye network virtualization tekinoroji, zvakadzama uye nekuteerera kune zvakadzama.
Mazhinji network nhasi anogona kukamurwa zvakajeka kuita zvikamu zviviri:
Underlay - network yemuviri ine gadziriso yakagadzikana.
Kupfuuridza -kubvisa pamusoro pe Underlay yekuzviparadzanisa nevamwe.
Izvi ndezvechokwadi kune nyaya yeDC (iyo yatichaongorora munyaya ino) uye yeISP (iyo yatisingazoongorore, nokuti yakatove. ) Nemabhizinesi network, hongu, mamiriro akati siyanei.
Mufananidzo wakatarisa pane network:
Underlay
Underlay ndeyemuviri network: hardware switch uye tambo. Midziyo iri pasi pevhu inoziva kusvika kumichina yemuviri.
Inovimba neakajairwa maprotocol uye matekinoroji. Zvisiri zvishoma nekuti zvishandiso zvehardware kusvika nhasi zvinoshanda pane proprietary software isingatenderi kuronga chip kana kuita zvayo mapuroteni; saizvozvo, kuenderana nevamwe vatengesi uye kumira kunodiwa.
Asi mumwe munhu akaita seGoogle anogona kukwanisa kugadzira yavo switch uye kusiya maprotocol anogamuchirwa. Asi LAN_DC haisi Google.
Underlay inoshanduka kashoma nekuti basa rayo nderekutanga IP yekubatanidza pakati pemichina yemuviri. Underlay hapana chaanoziva nezve masevhisi, vatengi, kana maroja ari kumhanya pamusoro payo - inongoda kuendesa pasuru kubva kune mumwe muchina kuenda kune mumwe.
Underlay inogona kuva seizvi:
- IPv4+OSPF
- IPv6+ISIS+BGP+L3VPN
- L2+TRILL
- L2+STP
Iyo Underlay network inogadziriswa nenzira yechinyakare: CLI/GUI/NETCONF.
Nemaoko, zvinyorwa, zvekushandisa zvekushandisa.
Chinyorwa chinotevera munhevedzano chichapihwa kune underlay mune zvakadzama.
Kupfuuridza
Kufukidzira ndeyechokwadi network yematani akatambanudzwa pamusoro pe Underlay, inobvumira maVM emumwe mutengi kutaurirana, uku ichipa kuparadzaniswa nevamwe vatengi.
Iyo data yemutengi yakavharirwa mune mamwe tunneling misoro yekutapurirana pamusoro peruzhinji network.
Saka maVM emutengi mumwechete (sevhisi imwe) anogona kutaurirana kuburikidza neOverlay, pasina kana kuziva nzira iyo packet inotora.
Kufukidzira kunogona kuve, semuenzaniso, sezvandambotaura pamusoro:
- GRE mugero
- VXLAN
- EVPN
- L3VPN
- GENEVA
Iyo overlay network inowanzo gadziriswa uye inochengetwa kuburikidza nepakati controller. Kubva pairi, iyo gadziriso, Kudzora Ndege uye Data Plane inounzwa kune zvishandiso zvinofamba uye zvakavharira mutengi traffic. Zvishoma Ngatitarisei izvi nemienzaniso.
Ehe, iyi ndiyo SDN mune yayo yakachena fomu.
Pane nzira mbiri dzakasiyana dzekuronga iyo Overlay network:
- Kufukidzira neToR
- Overlay kubva kumuenzi
Kufukidzira neToR
Kufukidzira kunogona kutanga pane yekuwana switch (ToR) yakamira murack, sezvinoitika, semuenzaniso, mune yejira reVXLAN.
Iyi inguva-yakaedzwa maitiro paISP network uye vese vatengesi vemidziyo yetiweki vanoitsigira.
Nekudaro, mune iyi kesi, iyo ToR switch inofanirwa kukwanisa kupatsanura akasiyana masevhisi, zvichiteerana, uye manejimendi maneja anofanira, kusvika pamwero wakati, kushandira pamwe neanoona muchina manejimendi uye kuita shanduko (zvisinei otomatiki) pakugadziriswa kwemidziyo. .
Pano ini ndichaendesa muverengi kune chinyorwa nezve shamwari yedu yekare .
Muizvi nzira dzekuvaka DC network ine EVPN VXLAN jira inotsanangurwa zvakadzama.
Uye kuti uwedzere kunyudzwa muchokwadi, unogona kuverenga bhuku raTsiska .
Ndinocherechedza kuti VXLAN ingori nzira yekuvhara uye kumisa tunnels kunogona kuitika kwete paToR, asi pamubati, sezvinoitika munyaya yeOpenStack, somuenzaniso.
Nekudaro, jira reVXLAN, uko kuvharika kunotanga paToR, ndeimwe yeakamisikidzwa pamusoro petiweki dhizaini.
Overlay kubva kumuenzi
Imwe nzira ndeyekutanga uye kumisa tunnel pane ekupedzisira mauto.
Muchiitiko ichi, network (Underlay) inoramba iri nyore uye yakasimba sezvinobvira.
Uye muenzi wacho anoita zvese zvinodiwa encapsulation.
Izvi zvechokwadi zvinoda kumhanyisa yakakosha application pane vanogamuchira, asi zvakafanira.
Chekutanga, kumhanyisa mutengi pamushini weLinux kuri nyore kana, ngatiti, kunyangwe zvinogoneka, paunenge uchichinja iwe ungangozofanira kutendeukira kune SDN mhinduro, izvo zvinouraya pfungwa yevakawanda-vatengesi.
Kechipiri, iyo ToR switch mune iyi kesi inogona kusiiwa yakapusa sezvinobvira, zvese kubva pakuona kweiyo Kudzora Ndege uye Data Plane. Chokwadi, saka hazvidi kutaurirana neiyo SDN controller, uye zvakare haidi kuchengetedza network / maARPs eese macustomer akabatana - zvakakwana kuziva iyo IP kero yemuchina wenyama, iyo inorerutsa zvakanyanya switching. routing tables.
Muchikamu cheADSM, ini ndinosarudza nzira yekuputira kubva kumugadziri - tobva tangotaura nezvazvo uye isu hatidzoke kufekitori yeVXLAN.
Zviri nyore kutarisa mienzaniso. Uye sechidzidzo chekuyedza isu tichatora OpenSource SDN chikuva OpenContrail, yava kuzivikanwa se .
Pakupera kwechinyorwa ini ndichapa dzimwe pfungwa pakuenzanisa neOpenFlow uye OpenvSwitch.
Kushandisa Tungsten Fabric semuenzaniso
Muchina wega wega wenyama une vRouter - chaiyo router inoziva nezve network yakabatana nayo uye kuti ndevapi vatengi vavari - chaizvo PE router. Kune mutengi wega wega, inochengetedza tafura yenzira yega (verenga VRF). Uye vRouter inonyatsoita Overlay tunneling.
Zvimwe zvishoma nezve vRouter iri pamagumo echinyorwa.
VM yega yega iri pane hypervisor yakabatana kune vRouter yemuchina uyu kuburikidza .
pombi - Terminal Access Point - inotaridzika muLinux kernel inobvumira kupindirana kwetiweki.
Kana kune akati wandei ma network kuseri kwevRouter, ipapo iyo chaiyo interface inogadzirwa kune yega yega, iyo iyo IP kero inopihwa - ichave yakasarudzika kero yegedhi.
Manetiweki ese emutengi mumwe anoiswa mune imwe VRF (tafura imwe), dzakasiyana - mune dzakasiyana.
Ini ndichaita chirevo pano kuti hazvisi zvese zviri nyore, uye ndichatumira muverengi anobvunza kusvika kumagumo echinyorwa..
Kuitira kuti vRouters vagone kutaurirana, uye saizvozvo maVM ari kumashure kwavo, vanotsinhana ruzivo rwenzira kuburikidza. SDN controller.
Kuti uende kunze kwenyika, kune nzvimbo yekubuda kubva kune matrix - chaiyo network gedhi VNGW - Virtual Network GateWay (nguva yangu).
Zvino ngatitarisei mienzaniso yekutaurirana - uye pachava nekujeka.
Kukurukurirana mukati memuchina mumwe chete wemuviri
VM0 inoda kutumira pakiti kuVM2. Ngatifungei ikozvino kuti iyi ndeye mutengi mumwechete VM.
Data Plane
- VM-0 ine yakasarudzika nzira kune yayo eth0 interface. Pasuru inotumirwa ikoko.
Iyi interface eth0 yakanyatso kubatanidzwa kune chaiyo router vRouter kuburikidza neTAP interface tap0. - vRouter inoongorora kuti ndeipi interface iyo pakiti yakauya, ndiko kuti, ndeyapi mutengi (VRF) uye inotarisa kero yemugamuchiri netafura yekufambisa yemutengi uyu.
- Mushure mekuona kuti anogamuchira pamushini mumwe chete ari pane imwe chiteshi, vRouter inongotumira pakiti kwairi pasina mimwe misoro - pane iyi kesi, vRouter yatove nerekodhi yeARP.
Muchiitiko ichi, packet haina kupinda muhutano hwepanyama - inotungamirirwa mukati mevRouter.
Kudzora Ndege
Kana iyo chaiyo muchina inotanga, iyo hypervisor inoiudza:
- Yake IP kero.
- Iyo yakasarudzika nzira ndeye vRouter's IP kero pane ino network.
Iyo hypervisor inoshuma kune vRouter kuburikidza neiyo yakakosha API:
- Izvo zvaunoda kuti ugadzire virtual interface.
- Ndeupi rudzi rwevirtual network yainoda (VM) kugadzira?
- Ndeipi VRF (VN) yekuisungira kwairi.
- A static ARP yekupinda yeiyi VM - iyo interface iri kuseri kwayo IP kero uye iyo MAC kero yainodyidzana nayo.
Zvakare, iyo chaiyo yekudyidzana maitiro inorerutswa nekuda kwekunzwisisa pfungwa.
Nekudaro, vRouter inoona ese maVM emumwe mutengi pamushini wakapihwa seyakabatana zvakananga network uye inogona kufamba pakati pavo pachayo.
Asi VM0 neVM1 ndezvevatengi vakasiyana uye, maererano, vari mumatafura akasiyana evRouter.
Kuti vanogona kutaurirana zvakananga zvinoenderana neiyo vRouter marongero uye netiweki dhizaini.
Semuenzaniso, kana vese vatengi 'VMs vachishandisa kero dzeruzhinji, kana NAT ikaitika pavRouter pachayo, ipapo nzira yakananga kuvRouter inogona kuitwa.
Mune mamiriro akapesana, zvinokwanisika kuyambuka nzvimbo dzekero - iwe unofanirwa kupfuura nesevha yeNAT kuti uwane kero yeruzhinji - izvi zvakafanana nekuwana kunze network, idzo dzinokurukurwa pazasi.
Kukurukurirana pakati peVMs iri pamashini akasiyana emuviri
Data Plane
- Mavambo akafanana chaizvo: VM-0 inotumira pakiti ine kwainoenda VM-7 (172.17.3.2) panguva yayo.
- vRouter inoigamuchira uye panguva ino inoona kuti kwairi kuenda kune mumwe muchina uye inowanikwa kuburikidza neTunnel0.
- Chekutanga, inorembera MPLS label inozivisa kure kure interface, kuitira kuti kune reverse side vRouter ione pekuisa pakiti iyi pasina kumwe kutariswa.
- Tunnel0 ine kwakabva 10.0.0.2, kwainoenda: 10.0.1.2.
vRouter inowedzera GRE (kana UDP) misoro uye IP nyowani kune yekutanga packet. - Iyo vRouter routing tafura ine default nzira kuburikidza neToR1 kero 10.0.0.1. Ndiko kwaanoitumira.
- ToR1, senhengo ye Underlay network, anoziva (somuenzaniso, kuburikidza neOSPF) kuti ungasvika sei ku10.0.1.2 uye unotumira pakiti munzira. Ziva kuti ECMP inogoneswa pano. Pane maviri anotevera mumufananidzo, uye shinda dzakasiyana dzicharongwa mukati madzo ne hashi. Panyaya yefekitari chaiyo, panogona kunge paine mamwe mana anotevera.
Panguva imwecheteyo, haadi kuziva zviri pasi peiyo yekunze IP musoro. Kureva kuti, pasi peIP panogona kuve nesangweji yeIPv6 pamusoro peMPLS pamusoro peEthernet pamusoro peMPLS pamusoro peGRE pamusoro pechiGiriki.
- Saizvozvo, padivi rekugamuchira, vRouter inobvisa GRE uye, uchishandisa iyo MPLS tag, inonzwisisa kuti ndeipi interface inofanirwa kutumirwa pakiti iyi, inoibvisa uye kuitumira muchimiro chayo chepakutanga kune anogamuchira.
Kudzora Ndege
Paunotanga motokari, chinhu chimwe chete chinoitika sezvinotsanangurwa pamusoro apa.
Uye kuwedzera zvinotevera:
- Kune yega yega mutengi, vRouter inogovera iyo MPLS tag. Iyi ndiyo L3VPN sevhisi label, iyo vatengi vachapatsanurwa mukati memuchina mumwe chete wemuviri.
Muchokwadi, iyo MPLS tag inogara yakagovaniswa zvisingaite nevRouter - mushure mezvose, hazvizivikanwe pachine nguva kuti muchina unongopindirana nemimwe michina kuseri kweiyo vRouter uye izvi zvingangove zvisiri zvechokwadi.
- vRouter inomisikidza chinongedzo neSDN controller uchishandisa iyo BGP protocol (kana yakafanana nayo - kana iri TF, iyi XMPP 0_o).
- Kuburikidza nechikamu ichi, vRouter inoshuma nzira dzekubatanidza network kune SDN controller:
- Network address
- Encapsulation nzira (MPLSoGRE, MPLSoUDP, VXLAN)
- MPLS teki yemutengi
- Yako IP kero se nexthop
- Iyo SDN controller inogamuchira nzira dzakadai kubva kune ese akabatana vRouters uye inoaratidza kune vamwe. Ndiko kuti, inoshanda seRoute Reflector.
Zvimwe chetezvo zvinoitika nenzira yakapesana.
Kufukidzira kunogona kuchinja kanenge miniti yega yega. Izvi ndizvo zvinoitika mumakore eruzhinji, uko vatengi vanogara vachitanga nekuvhara michina yavo chaiyo.
Iyo yepakati controller inotarisira kuomarara kwese kwekuchengetedza iyo gadziriso uye kutarisa switching / routing matafura pavRouter.
Zvichireva kutaura, mutongi anotaurirana nevese vRouters kuburikidza neBGP (kana yakafanana protocol) uye anongoendesa ruzivo rwenzira. BGP, semuenzaniso, yatova neKero-Mhuri yekuendesa iyo encapsulation nzira kana .
Panguva imwecheteyo, kugadziridzwa kweiyo Underlay network hakushanduke munzira ipi neipi, iyo, nenzira, yakanyanya kuoma kuita otomatiki, uye nyore kuputsa nekufamba kusinganzwisisike.
Buda kunyika yekunze
Kune imwe nzvimbo iyo simulation inofanira kupera, uye iwe unofanirwa kubuda iyo chaiyo nyika uchipinda mune chaiyo. Uye iwe unoda payphone gedhi.
Nzira mbiri dzinoshandiswa:
- A hardware router yakaiswa.
- Mudziyo unotangwa unoshandisa mabasa e router (hongu, kutevera SDN, takasanganawo neVNF). Ngatidaidze kuti gedhi chairo.
Mukana wenzira yechipiri ndeyekuchipa yakatwasuka scalability - hapana simba rakakwana - takatangisa mumwe muchina chaiwo une gedhi. Pane chero muchina wenyama, pasina kutsvaga emahara racks, mayuniti, magetsi anobuda, tenga iyo Hardware pachayo, kutakura iyo, kuiisa, kuishandura, kuigadzirisa, uyezve kuchinja zvinhu zvisina kunaka mairi.
Izvo zvisingabatsiri zvegedhi rechokwadi ndezvekuti yuniti yerouter yemuviri ichiri mirairo yehukuru ine simba kupfuura multi-core virtual muchina, uye software yayo, yakarongedzwa kune yayo yega hardware base, inoshanda zvakanyanya kugadzikana (kwete) Zvakaomawo kuramba chokwadi chekuti Hardware uye software yakaoma inongoshanda, ichingoda kurongeka chete, uku kutanga nekuchengetedza gedhi rechokwadi ibasa revanjiniya vakasimba.
Netsoka imwe chete, gedhi rinotarisa muOverlay virtual network, seyakajairika Virtual Machine, uye inogona kupindirana nemamwe ese maVM. Panguva imwecheteyo, inogona kumisa network yevatengi vese uye, zvichienderana, kuita nzira pakati pavo.
Nerumwe rutsoka rwayo, gedhi rinotarisa mukati meiyo backbone network uye rinoziva nzira yekupinda paInternet.
Data Plane
Ndiko kuti, maitiro anoita seizvi:
- VM-0, yave yakanganisa kune imwechete vRouter, inotumira pakiti ine nzvimbo yekuenda kunze kwenyika (185.147.83.177) kune eth0 interface.
- vRouter inogamuchira pakiti iyi uye inotarisa kumusoro kero yekuenda patafura yenzira - inowana nzira yakasarudzika kuburikidza neVNGW1 gedhi kuburikidza neTunnel 1.
Anoonawo kuti iyi iGRE tunnel ine SIP 10.0.0.2 uye DIP 10.0.255.2, uye anodawo kutanga abatanidza iyo MPLS label yemutengi uyu, iyo VNGW1 inotarisira. - vRouter inorongedza pakiti yekutanga ine MPLS, GRE uye IP misoro mitsva uye inotumira kuToR1 10.0.0.1 nekusagadzika.
- Iyo yepasi network inoendesa pakiti kugedhi VNGW1.
- Iyo VNGW1 gedhi inobvisa iyo GRE neMPLS tunneling misoro, inoona kero yekwainoenda, inobvunza tafura yayo yenzira uye inonzwisisa kuti inonangana kuInternet - kureva, kuburikidza neFull View kana Default. Kana zvichidikanwa, ita shanduro yeNAT.
- Panogona kunge paine yenguva dzose IP network kubva kuVNGW kuenda kumuganhu, izvo zvisingaite.
Panogona kunge paine classic MPLS network (IGP + LDP/RSVP TE), panogona kunge paine jira rekumashure rine BGP LU kana GRE tunnel kubva kuVNGW kuenda kumuganhu kuburikidza neIP network.
Ngazvive izvo, VNGW1 inoita iyo inodiwa encapsulations uye inotumira yekutanga pakiti kumuganhu.
Traffic iri mhiri kwakatarisana inopinda nematanho mamwechete mune yakapesana.
- Muganhu unodonhedza pakiti kuVNGW1
- Anomubvisa hembe, anotarisa kero yemugamuchiri uye anoona kuti anowanikwa kuburikidza neTunnel1 tunnel (MPLSoGRE kana MPLSoUDP).
- Saizvozvo, inonamatira MPLS label, GRE/UDP musoro uye IP itsva uye inotumira kune yayo ToR3 10.0.255.1.
Iyo tunnel yekuenda kero ndiyo IP kero yevRouter kuseri uko iyo inotarirwa VM iri - 10.0.0.2. - Iyo yepasi network inoendesa pakiti kune inodiwa vRouter.
- Iyo yakananga vRouter inoverenga GRE/UDP, inotaridza iyo interface ichishandisa MPLS label uye inotumira isina IP pakiti kune yayo TAP interface ine chekuita ne eth0 yeVM.
Kudzora Ndege
VNGW1 inomisikidza BGP nharaunda ine SDN controller, kubva kwaanowana ruzivo rwese rwenzira nezvevatengi: iyo IP kero (vRouter) iri kuseri kwemutengi, uye iyo MPLS inonyora iyo inozivikanwa nayo.
Saizvozvo, iye pachake anozivisa SDN controller yeiyo default nzira ine label yemutengi uyu, achizviratidza seanotevera. Uye ipapo iyi default inosvika kuvRouters.
PaVNGW, kuunganidza nzira kana kushandura kweNAT kunowanzoitika.
Uye kune rimwe divi, inotumira chaizvo iyi yakaunganidzwa nzira kuchikamu ine miganhu kana Route Reflectors. Uye kubva kwavari inogamuchira yakasarudzika nzira kana Full-View, kana chimwe chinhu.
Panyaya ye encapsulation uye traffic exchange, VNGW haina kusiyana nevRouter.
Kana iwe ukawedzera chiyero zvishoma, saka iwe unogona kuwedzera mamwe maturusi etiweki kuVNGWs uye vRouters, senge firewall, kuchenesa traffic kana kupfumisa mapurazi, IPS, zvichingodaro.
Uye nerubatsiro rwekutevedzana kusikwa kweVRF uye kuziviswa chaiko kwenzira, unogona kumanikidza traffic kuti ifambe nenzira yaunoda, iyo inonzi Service Chaining.
Ndokureva kuti, pano zvakare SDN controller inoita seNzira-Reflector pakati peVNGWs, vRouters uye mamwe maturusi etiweki.
Asi kutaura zvazviri, mutongi anoburitsawo ruzivo nezve ACL nePBR (Policy Based Routing), zvichiita kuti traffic yega yega iende zvakasiyana pane yavanoudzwa nenzira.
FAQ
Sei uchiramba uchiita iyo GRE/UDP kutaura?
Zvakanaka, kazhinji, izvi zvinogona kutaurwa kuti zvakanangana neTungsten Fabric - haufanirwe kuzvifunga zvachose.
Asi kana tikaitora, saka TF pachayo, ichiri OpenContrail, yakatsigira ese ari maviri encapsulations: MPLS muGRE uye MPLS muUDP.
UDP yakanaka nekuti muChitubu Port zviri nyore kwazvo encode basa rehashi kubva kune yekutanga IP + Proto + Port mumusoro wayo, izvo zvinokutendera iwe kuita kuenzanisa.
Panyaya yeGRE, maiwe, kune chete ekunze IP uye GRE misoro, iyo yakafanana kune ese akavharirwa traffic uye hapana kutaura kwekuyera - vashoma vanhu vanogona kutarisa zvakadzika mukati mepacket.
Kusvika imwe nguva, marouters, kana vaiziva mashandisiro emagetsi ane simba, vakazviita muMPLSoGRE chete, uye nguva pfupi yadarika ndipo pavakadzidza kushandisa MPLSoUDP. Naizvozvo, isu tinofanirwa kugara tichinyora nezve mukana wekuencapsulations maviri akasiyana.
Mukurongeka, zvakakosha kuziva kuti TF inotsigira zvizere L2 yekubatanidza uchishandisa VXLAN.
Iwe wakavimbisa kudhirowa kufanana neOpenFlow.
Vari kukumbira chaizvo. vSwitch mune imwecheteyo OpenStack inoita zvinhu zvakafanana, uchishandisa VXLAN, iyo, nenzira, inewo UDP musoro.
MuData Plane vanoshanda zvakangofanana; Iyo Yekudzora Ndege inosiyana zvakanyanya. Tungsten Fabric inoshandisa XMPP kuendesa ruzivo rwenzira kuvRouter, nepo OpenStack ichimhanya Openflow.
Unogona here kundiudza zvishoma nezve vRouter?
Yakakamurwa kuita zvikamu zviviri: vRouter Agent uye vRouter Forwarder.
Yekutanga inomhanya muMushandisi Nzvimbo yeiyo host OS uye inotaurirana neSDN controller, kupanana ruzivo nezve nzira, VRFs uye ACLs.
Yechipiri inoshandisa Data Plane - kazhinji muKernel Space, asi inogonawo kumhanya paSmartNICs - makadhi etiweki ane CPU uye yakasiyana programmable switching chip, iyo inokutendera kuti ubvise mutoro kubva kuCPU yemuchina wemuchina, uye ita kuti network ikurumidze uye iwedzere. zvinofanotaurwa.
Chimwe chiitiko chinogoneka ndechekuti vRouter ndeye DPDK application muMushandisi Space.
vRouter Agent inotumira marongero kuvRouter Forwarder.
Chii chinonzi Virtual Network?
Ndakataura pakutanga kwechinyorwa nezveVRF kuti muridzi wega wega akasungirirwa kune yake VRF. Uye kana izvi zvaive zvakakwana pakunzwisisa kwepamusoro kwekushanda kweiyo overlay network, saka pane inotevera iteration inofanirwa kujekesa.
Kazhinji, mune virtualization maitiro, iyo Virtual Network entity (iwe unogona kufunga iri zita rakakodzera) inounzwa zvakasiyana kubva kune vatengi / maroja / chaiwo michina - chinhu chakazvimirira zvachose. Uye iyi Virtual Network inogona kutobatanidzwa kuburikidza nekupindirana kune mumwe muroja, kune mumwe, kune maviri, kana kupi zvako. Saka, semuenzaniso, Service Chaining inoshandiswa apo traffic inoda kupfuudzwa nedzimwe node mukutevedzana kunodiwa, nekungogadzira nekubatanidza Virtual Networks mukutevedzana kwakaringana.
Naizvozvo, sekudaro, hapana kunyorerana kwakananga pakati peVirtual Network neanoroja.
mhedziso
Iyi ndiyo tsananguro yepamusoro-soro yekushanda kweinetiweki chaiyo ine overlay kubva kune iyo host uye SDN controller. Asi zvisinei kuti ipuratifomu ipi yaunosarudza nhasi, ichashanda nenzira yakafanana, ingave VMWare, ACI, OpenStack, CloudStack, Tungsten Fabric kana Juniper Contrail. Ivo vanozosiyana mumhando dze encapsulations uye misoro, maprotocol ekuendesa ruzivo kupedzisa network zvishandiso, asi musimboti wesoftware-inogadziriswa overlay network inoshanda pamusoro peiyo iri nyore uye static underlay network icharamba yakafanana.
Tinogona kutaura kuti nhasi SDN yakavakirwa pane yakavharika network yakunda munda wekugadzira yakavanzika gore. Nekudaro, izvi hazvireve kuti Openflow haina nzvimbo munyika yanhasi - inoshandiswa muOpenStacke uye mune imwecheteyo VMWare NSX, sekuziva kwangu, Google inoishandisa kumisikidza network yepasi pevhu.
Pazasi ini ndapa zvinongedzo kune zvimwe zvakadzama zvinhu kana iwe uchida kudzidza nyaya yacho zvakadzama.
Uye zvakadini neUnderlay yedu?
Asi kazhinji, hapana. Haana kuchinja nzira yose. Zvese zvaanoda kuita panyaya yekufukidzira kubva kumugadziri ndeyekuvandudza nzira uye maARPs sezvo vRouter/VNGW inoonekwa uye inonyangarika uye inotakura mapaketi pakati pavo.
Ngatigadzire rondedzero yezvinodiwa kune Underlay network.
- Kugona kushandisa imwe mhando yenzira yekufambisa, mumamiriro edu ezvinhu - BGP.
- Iva nehupamhi bandwidth, zviri nani pasina kunyoreswa, kuitira kuti mapaketi asarasikirwe nekuda kwekuremerwa.
- Kutsigira ECMP chikamu chakakosha chejira.
- Kukwanisa kupa QoS, kusanganisira zvinhu zvinonyengera seECN.
- Kutsigira NECONF hwaro hweramangwana.
Ndakapa nguva shoma shoma pano kubasa reUnderlay network pachayo. Izvi zvinodaro nekuti gare gare munhevedzano ini ndichatarisa pazviri, uye isu tichangobata pamusoro Overlay mukupfuura.
Zviripachena, ndiri kudzikamisa zvakanyanya isu tese nekushandisa semuenzaniso DC network yakavakirwa mufekitori yeCloz ine yakachena IP nzira uye yakavharika kubva kumuenzi.
Nekudaro, ndine chivimbo chekuti chero network ine dhizaini inogona kutsanangurwa mune yakarongeka mazwi uye otomatiki. Zvingori kuti chinangwa changu pano ndechekunzwisisa nzira dzekuita otomatiki, uye kwete kuvhiringa munhu wese nekugadzirisa dambudziko mune yakajairika fomu.
Sechikamu cheADSM, Roman Gorge neni tinoronga kuburitsa imwe nyaya yakaparadzana nezve virtualization yesimba rekombuta uye kudyidzana kwayo netiweki virtualization. Ramba uchibatana.
Useful links
- .
- . Maawa matanhatu nezve Yandex.Cloud, iyo zvakare inovhara iyo chaiyo network paTF.
- .
- . Iyo inotaura nezve iyo yese DC network, kusanganisira Underlay, Overlay, maitiro kune akawanda-homing uye manejimendi.
Ndatenda
- - aimbove mutambi weiyo linkmeup podcast uye ikozvino inyanzvi mumunda wemapuratifomu emakore. Kune makomendi nekugadzirisa. Zvakanaka, takamirira chinyorwa chake chakadzama nezve virtualization munguva pfupi iri kutevera.
- - wandinoshanda naye uye nyanzvi mumunda weiyo virtual network development. Kune makomendi nekugadzirisa.
- - wandinoshanda naye uye nyanzvi mumunda weTungsten Fabric. Kune makomendi nekugadzirisa.
- - illustrator linkmeup. Pamusoro peKDPV.
- Alexander Limonov. Kune iyo "automato" meme.
Source: www.habr.com