ProHoster > Blog > Utongi > Smart Ethernet Switch yePlanet Earth

Smart Ethernet Switch yePlanet Earth

Smart Ethernet Switch yePlanet Earth
"Unogona kugadzira mhinduro (kugadzirisa dambudziko) munzira dzinoverengeka, asi iyo inodhura zvakanyanya uye/kana nzira yakakurumbira haisi iyo inonyanya kushanda!

Preamble

Anenge makore matatu apfuura, mukuita kugadzira iri kure modhi yenjodzi data kupora, ndakasangana nechimwe chipingamupinyi icho chisina kucherechedzwa pakarepo - kushaikwa kweruzivo nezvemitsva yepakutanga mhinduro dzetiweki virtualization munharaunda masosi. 

Iyo algorithm yeiyo yakagadziridzwa modhi yakarongwa seizvi: 

  1. Mushandisi ari kure akandibata, ane komputa yakamboramba kubhowa, achiratidza meseji "system disk haina kuonekwa / isina kurongeka," inotakura iyo uchishandisa hupenyu USB. 
  2. Munguva yebasa rebhoti, sisitimu inozvibatanidza kune yakachengeteka yakavanzika yenzvimbo network, iyo mukuwedzera kune pachayo ine nzvimbo yebasa yemaneja, mune iyi kesi laptop, uye node yeNAS. 
  3. Ndobva ndabatanidza - kungave kudzoreredza disk partitions, kana kubvisa data kubva ipapo.

Pakutanga, ndakashandisa iyi modhi ndichishandisa sevha yeVPN pane router yemuno mune network iri pasi pesimba rangu, ipapo paVDS yakarenda. Asi, sezvinowanzoitika uye maererano nemutemo wekutanga waChisholm, kana kunaya, network yeInternet provider ichaenda pasi, ipapo kukakavara pakati pemasangano emabhizimisi kuchaita kuti mupi webasa arasikirwe ne "simba".

Naizvozvo, ndakasarudza kutanga ndagadzira izvo zvakakosha izvo chishandiso chinodiwa chinofanira kusangana. Yekutanga ndeye decentralization. Chechipiri, kupihwa kuti ndine akati wandei ehupenyu USBs, imwe neimwe ine yakaparadzana yega network. Zvakanaka, chechitatu, kukurumidza kubatanidza kunetiweki yezvishandiso zvakasiyana uye manejimendi akareruka, kusanganisira kana Laptop yangu ikawirawo kune mutemo wataurwa pamusoro apa.

Zvichienderana neizvi uye ndapedza mwedzi miviri nehafu pakutsvaga kunoshanda kwesarudzo dzinoverengeka dzisina kunyatsokodzera, ini, panjodzi yangu uye nenjodzi, ndakafunga kuyedza chimwe chishandiso kubva pakutanga chandisingazive panguva iyoyo chainzi ZeroTier. Izvo zvandisina kuzozvidemba gare gare.

Munguva yezororo reGore Idzva, ndichiedza kunzwisisa kana mamiriro ezvinhu ane zvirimo achinja kubva panguva iyoyo isingakanganwiki, ndakaita ongororo yakasarudzika yekuwanikwa kwezvinyorwa nezvenyaya iyi, ndichishandisa Habr sesosi. Pamubvunzo we "ZeroTier" mumitsva yekutsvaga pane zvinyorwa zvitatu chete zvinozvitaura, uye hapana kana chimwe chine katsanangudzo kapfupi. Uye izvi zvisinei nekuti pakati pavo pane dudziro yechinyorwa chakanyorwa nemuvambi weZeroTier, Inc. pachake. - Adam Ierymenko.

Mhedzisiro yacho yaiodza moyo uye yakandikurudzira kuti nditange kutaura nezveZeroTier zvakadzama, kuchengetedza "vatsvaki" vemazuva ano kubva pakufamba nenzira imwechete yandakatora.

Saka uri chii?

Mugadziri anoisa ZeroTier seyakangwara Ethernet switch yepasi. 

"Iyo yakagoverwa network hypervisor yakavakirwa pamusoro peiyo cryptographically yakachengeteka yepasirese peer-to-peer (P2P) network. Chishandiso chakafanana neyekambani SDN switch, yakagadzirirwa kuronga chaiwo network pamusoro peaya epanyama, ese emuno neepasirese, nekugona kubatanidza chero application kana mudziyo. "

Iyi ndiyo yakawanda yerondedzero yekushambadzira, ikozvino nezve tekinoroji maficha.

▍Kernel: 

ZeroTier Network Hypervisor inomira-yega network virtualization injini inoteedzera network yeEthernet, yakafanana neVXLAN, pamusoro peiyo pasi rose encrypted peer-to-peer (P2P) network.

Iwo maprotocol anoshandiswa muZeroTier ndeekutanga, kunyangwe akafanana muchitarisiko kuVXLAN neIPSec uye ane maviri akapatsanurwa, asi ane hukama akaturikidzana: VL1 neVL2.

β†’ Batanidza kune zvinyorwa

▍VL1 ibasa rekufambisa-kune-peer (P2P) yekutakura, rudzi rwe "virtual cable".

"Nzvimbo yepasi rose yedata inoda 'wadhiropu yepasi rose' yekubhejera."

Mune akajairwa network, L1 (OSI Layer 1) inoreva tambo chaidzo kana maredhiyo asina waya anotakura data uye epanyama transceiver mudziyo machipi anoigadzirisa nekuideredza. VL1 ndeye peer-to-peer (P2P) network inoita chinhu chimwe chete, ichishandisa encryption, authentication, uye mamwe maitiro etiweki kuronga tambo dzakakwana sezvinodiwa.

Uyezve, inoita izvi otomatiki, nekukurumidza uye pasina kubatanidzwa kwemushandisi kuvhura iyo itsva ZeroTier node.

Kuti uite izvi, VL1 yakarongeka zvakafanana kune iyo domain name system. Pamwoyo wetiweki pane boka revanowanikwa zvakanyanya midzi maseva, ane basa rakafanana nereDNS mudzi zita maseva. Parizvino, iwo makuru (mapuraneti) midzi maseva ari pasi pesimba remugadziri - ZeroTier, Inc. uye anopiwa sevhisi yemahara. 

Nekudaro, zvinokwanisika kugadzira midzi midzi maseva (luns) iyo inobvumidza iwe ku:

  • kuderedza kuvimba neZeroTier, Inc. zvivakwa; Batanidza kune zvinyorwa
  • kuwedzera kubereka kuburikidza nekuderedza kunonoka; 
  • ramba uchishanda semazuva ese kana internet yarasika.

Pakutanga, node dzinotangwa pasina kubatana kwakananga kune mumwe nemumwe. 

Wezera wega wega paVL1 ane yakasarudzika 40-bit (10 hexadecimal) ZeroTier kero, iyo, kusiyana neIP kero, identifier yakavharidzirwa isina ruzivo rwenzira. Kero iyi inoverengerwa kubva kuruzhinji rwevanhu/yakavanzika makiyi maviri. Kero yenode, kiyi yeruzhinji, uye kiyi yakavanzika pamwechete zvinoumba kuzivikanwa kwayo.

Member ID: df56c5621c  
            |
            ZeroTier address of node

Kana iri encryption, ichi chikonzero chechinyorwa chakasiyana.

β†’ Batanidza kune zvinyorwa

Kumisikidza kutaurirana, vezera vanotanga kutumira mapaketi "kumusoro" muti wemidzi maseva, uye sezvo mapaketi aya anofamba nemunetiweki, anotanga kusikwa zvisina tsarukano kwenzira dzemberi munzira. Muti unogara uchiedza "kudonha wega" kuitira kuti uzvigadzirise kune mepu yenzira yaunochengeta.

Iyo nzira yekumisikidza peer-to-peer yekubatanidza ndeiyi inotevera:

Smart Ethernet Switch yePlanet Earth

  1. Node A inoda kutumira pakiti kuNode B, asi sezvo isingazive nzira yakananga, inoitumira kumusoro kuNode R (mwedzi, midzi yemushandisi).
  2. Kana node R ine chinongedzo chakananga nenode B, inoendesa packet ipapo. Zvikasadaro, inotumira packet kumusoro kwerwizi isati yasvika kumidzi yepuraneti. Midzi yepuraneti inoziva nezve node dzese, saka packet inozopedzisira yasvika node B kana iri online.
  3. Node R inotumirawo meseji inonzi "rendezvous" kune node A, ine mazano ekuti ingasvika sei node B. Zvichakadaro, midzi midzi, iyo inoendesa pakiti kune node B, inotumira "rendezvous" ichizivisa nezvekuti inogona sei. kusvika node A.
  4. Node A neB vanogashira mameseji avo uye vanoedza kutumira mameseji ebvunzo kune mumwe nemumwe mukuyedza kutyora chero NAT kana mafirewall akasangana munzira. Kana izvi zvichishanda, ipapo kubatana kwakananga kunotangwa, uye mapaketi haachadzokeri shure uye mberi.

Kana kubatana kwakananga kusingagone kugadzikiswa, kutaurirana kunoenderera mberi kuburikidza nerelay, uye kuedza kwekubatanidza kwakananga kunoenderera kusvika mhedzisiro yakabudirira yawanikwa. 

VL1 inewo mamwe maficha ekumisikidza yakananga kubatana, kusanganisira kuwanikwa kweLAN nevezera, kufanotaura kwechiteshi chekufamba kwesymmetric IPv4 NAT, uye yakajeka mepu yechiteshi uchishandisa uPnP uye/kana NAT-PMP kana iripo paLAN yemuno.

β†’ Batanidza kune zvinyorwa

▍VL2 iVXLAN-yakafanana neEthernet network virtualization protocol ine SDN manejimendi mabasa. Yakajairika kutaurirana nharaunda yeOS uye maapplication...

Kusiyana neVL1, kugadzira VL2 network (VLANs) uye kubatanidza node kwavari, pamwe nekuzvibata, zvinoda kutora chikamu zvakananga kubva kumushandisi. Anogona kuita izvi achishandisa network controller. Muchidimbu, inguva yeZeroTier node, apo mabasa emutongi anodzorwa nenzira mbiri: kana zvakananga, nekushandura mafaira, kana, sezvinokurudzirwa nemugadziri, achishandisa API yakadhindwa. 

Iyi nzira yekutarisira ZeroTier chaiyo network haina kunyatso kurongeka kune munhuwo zvake, saka kune akati wandei maGUI:
 

  • Imwe kubva kumugadziri ZeroTier, inowanikwa seyeruzhinji gore SaaS mhinduro ine mana ekunyorera zvirongwa, zvinosanganisira zvemahara, asi zvishoma muhuwandu hwezvishandiso zvinotarisirwa uye nhanho yerutsigiro.
  • Yechipiri inobva kumugadziri akazvimiririra, akarerutswa mukushanda, asi inowanikwa seyakavanzika opensource mhinduro yekushandisa pane-nzvimbo kana pane gore zviwanikwa.

VL2 inoshandiswa pamusoro peVL1 uye inotakurwa nayo. Nekudaro, inogara nhaka encryption uye huchokwadi hweiyo VL1 endpoint, uye zvakare inoshandisa ayo asymmetric makiyi kusaina nekusimbisa zvitupa. VL1 inokutendera kuti uite VL2 usinganetseki nezve iripo yemuviri network topology. Ndokureva, matambudziko nekubatanidza uye routing kunyatsoita matambudziko eVL1. Izvo zvakakosha kuti unzwisise kuti hapana kubatana pakati peVL2 virtual network uye VL1 nzira. Zvakafanana neVLAN kuwanda muLAN ine waya, node mbiri dzinogovana akawanda network nhengo dzichangove dziine imwe VL1 (chaiyo tambo) nzira pakati pavo.

Imwe neimwe VL2 network (VLAN) inotaridzwa ne64-bit (16 hexadecimal) ZeroTier network kero, iyo ine 40-bit ZeroTier kero yemutongi uye 24-bit nhamba inozivisa network yakagadzirwa neiyo controller.

Network ID: 8056c2e21c123456
            |         |
            |         Network number on controller
            |
            ZeroTier address of controller

Kana node yabatana netiweki kana kukumbira kugadziridzwa kwetiweki, inotumira meseji yekumisikidza network (kuburikidza neVL1) kune network controller. Iye controller anobva ashandisa iyo node's VL1 kero kuti aiwane panetiweki uye atumire iyo yakakodzera zvitupa, zvitupa, uye ruzivo rwekugadzirisa. Kubva pakuona kweVL2 virtual network, VL1 ZeroTier kero inogona kufungidzirwa senhamba dzechiteshi pane hombe yepasi rose virtual switch.

Zvese zvitupa zvakapihwa netiweki controllers kune nhengo nodes yetiweki yakapihwa inosainwa nekiyi yakavanzika yemutongi kuitira kuti vese vanotora network vazvionese. Iwo madhizaini ane zvitambi zvenguva zvakagadzirwa nemubati, zvichibvumira kuenzanisa pasina kuwana iyo yemuno system yewachi. 

Zvinyorwa zvinopihwa kuvaridzi vazvo chete zvobva zvatumirwa kune vezera ravo vanoda kutaurirana nemamwe ma node pane network. Izvi zvinobvumira network kuti ikwire kusvika kuhukuru hukuru pasina chikonzero chekuchengeta huwandu hukuru hwezvitupa pane node kana kugara uchibata network controller.

ZeroTier network inotsigira multicast kugovera kuburikidza neyakapusa kuburitsa / kunyoresa system.

β†’ Batanidza kune zvinyorwa

Kana node ichida kugashira kutepfenyura kwakawanda kune rimwe boka rekugovera, inoshambadzira hunhengo muboka iro kune dzimwe nhengo dzetiweki yairi kutaurirana uye kune network controller. Kana node ichida kutumira multicast, panguva imwe chete inowana cache yayo yezvazvino zvinyorwa uye nguva nenguva inokumbira mamwe mabhuku.

Nhepfenyuro (Ethernet ff: ff: ff: ff: ff: ff) inobatwa seboka remitambo yakawanda iyo vatori vechikamu vose vanonyoresa. Inogona kuvharwa padanho retiweki kuderedza traffic kana isingadiwi. 

ZeroTier inotevedzera chaiyo Ethernet switch. Chokwadi ichi chinotibvumira kuita kubatanidza akagadzirwa chaiwo network nemamwe Ethernet network (wired LAN, WiFi, virtual backplane, etc.) padanho rekubatanidza data - uchishandisa bhiriji reEthernet rakajairika.

Kuita sebhiriji, mutongi wetiweki anofanirwa kudoma munhu anotambira saizvozvo. Ichi chirongwa chinoitwa nekuda kwezvikonzero zvekuchengetedza, sezvo akajairwa network mauto asingatenderwe kutumira traffic kubva kune imwe sosi kunze kweMAC kero yavo. Node dzakasarudzwa semabhiriji anoshandisawo yakasarudzika modhi ye multicast algorithm, iyo inopindirana navo zvakanyanya uye zvine hukasha panguva yekunyoreswa kweboka uye kudzokorora kwese kutepfenyura traffic uye zvikumbiro zveARP. 

Iyo switch zvakare ine kugona kugadzira veruzhinji uye ad-hoc network, QoS michina uye network mitemo edhita.

▍ Node:

ZeroTier One ibasa rinoshanda pamalaptops, desktops, servers, virtual machines uye midziyo inopa kubatanidza kune virtual network kuburikidza ne virtual network port, yakafanana neVPN mutengi. 

Kana sevhisi yangoiswa uye yatangwa, unogona kubatana kune chaiwo network uchishandisa 16-manhamba kero. Netiweki yega yega inoratidzika senge chiteshi chetiweki pane sisitimu, inoita seyakajairwa Ethernet port.

ZeroTier Imwe iripo kune inotevera OS uye masisitimu.

OS:

  • Microsoft Windows - MSI installer x86/x64
  • MacOS - PKG installer
  • Apple iOS - App Store
  • Android - Play Store
  • Linux - DEB/RPM
  • FreeBSD - FreeBSD package

NAS:

  • Synology NAS
  • QNAP NAS
  • WD MyCloud NAS

Vamwe:

  • Docker - docker faira
  • OpenWRT - chiteshi chenharaunda
  • App embedding - SDK (libzt)

Kupfupisa zvese zviri pamusoro, ndaizoona kuti ZeroTier chishandiso chakanakisa uye chinokurumidza chekubatanidza zviwanikwa zvako zvemuviri, zvepamhepo kana zvegore kuita network yakajairika yenzvimbo, nekugona kuipatsanura kuita maVLAN uye kusavapo kwechinhu chimwe chekutadza. .

Ndizvo zvechikamu chedzidziso muchimiro chechinyorwa chekutanga nezve ZeroTier yeHabr - pamwe ndizvo zvese! Muchinyorwa chinotevera, ndinoronga kuratidzira mukuita kusikwa kweiyo chaiyo network network yakavakirwa paZeroTier, uko VDS ine yakavanzika yakavhurika sosi GUI template ichashandiswa se network controller. 

Vanodiwa vaverengi! Iwe unoshandisa ZeroTier tekinoroji mumapurojekiti ako? Kana zvisiri, ndeapi maturusi aunoshandisa kubatanidza zviwanikwa zvako?

Smart Ethernet Switch yePlanet Earth

Source: www.habr.com

Voeg