Mune yedu yemunharaunda network aggregation takanga tine mapaya matanhatu eArista DCS-7050CX3-32S switch uye peya imwe yeBrocade VDX 6940-36Q switch. Hazvirevi kuti isu takanyanya kuomeswa neBrocade switch mune ino network, vanoshanda nekuita mabasa avo, asi isu taigadzirira kuzere otomatiki yezvimwe zviito, uye isu takanga tisina hunyanzvi uhu pane idzi switch. Ini ndaidawo kushandura kubva ku40GE interfaces kuenda kune mukana wekushandisa 100GE kuitira kuti ndiite chengetedzo yemakore anotevera 2-3. Saka takasarudza kuchinja Brocade kuti Arista.
Aya ma switch eLAN aggregation switch kune yega yega data data. Distribution switches (yechipiri nhanho yekuunganidza) yakabatana zvakananga kwavari, iyo inotounganidza Yepamusoro-ye-Rack yemuno network inochinja mune racks nemaseva.
Sevha yega yega yakabatana kune imwe kana maviri ekuwana switch. Maswiti ekupinda akabatana kune maviri ekugovera switch (maviri ekugovera switch uye maviri emuviri malink kubva kune yekuwana switch kune akasiyana ekugovera switch anoshandiswa kune redundancy).
Sevha yega yega inogona kushandiswa nemutengi wayo, saka mutengi anopihwa yakaparadzana VLAN. Iyoyo VLAN inozonyoreswa pane imwe sevha yemutengi uyu mune chero rack. Iyo data data ine akati wandei mitsara (PODs), mutsara wega wega racks ine yayo yekugovera switch. Ipapo aya ekugovera switch anobatanidzwa kune aggregation switch.
Vatengi vanogona kuodha sevha mune chero mutsara; hazvigoneke kufanofanotaura kuti sevha ichagoverwa kana kuisirwa mune imwe mutsara mune imwe rack, saka kune anenge mazana maviri nemakumi mashanu eVLAN pane aggregation switch mune yega data data.
Equipment for DCI (Data-Center Interconnect) yakabatana kune aggregation switch. Inogona kuitirwa L2 yekubatanidza (peya yekuchinja inogadzira mugero weVXLAN kune imwe nzvimbo yedata) kana yeL3 yekubatanidza (mbiri MPLS routers).
Sezvandatonyora, kubatanidza maitiro ekugadzirisa magadzirirwo emabasa pamidziyo mune imwe data data, zvaive zvakakodzera kutsiva central aggregation switches. Isu takaisa maswichi matsva padivi peaive aripo, akaasanganisa kuita maviri eMLAG ndokutanga kugadzirira basa. Ivo vakabva vangobatanidzwa kune iripo aggregation switch, zvekuti ivo vaive neyakajairwa L2 domain pane ese maVLAN evatengi.
Tsanangudzo yedunhu
Kuti tizive, ngatipei mazita echinyakare aggregation switch Π1 ΠΈ Π2, itsva - N1 ΠΈ N2. Ngatimbofungidzira kuti mukati POD 1 ΠΈ POD 4 maseva emumwe mutengi anogarwa S1, Mutengi VLAN inoratidzwa nebhuruu. Mutengi uyu ari kushandisa L2 yekubatanidza sevhisi neimwe nzvimbo yedata, saka VLAN yayo inopihwa kune maviri eVXLAN switch.
Mutengi S2 anotambira maseva mukati POD 2 ΠΈ POD 3, Mutengi VLAN inoratidzwa murima rakasvibira. Uyu mutengi anoshandisawo sevhisi yekubatanidza neimwe data data, asi L3, saka VLAN yayo inopihwa kune maviri eL3VPN ma routers.
Tinoda maVLAN evatengi kuti vanzwisise kuti ndeapi matanho ebasa rekutsiva chii chinoitika, iko kukanganisa kwekutaurirana kunoitika, uye kuti ingave nguva yei. Iyo STP protocol haina kushandiswa muchirongwa ichi, sezvo hupamhi hwemuti weiyo munyaya iyi yakakura, uye kuwirirana kweprotocol inokura zvakanyanya nehuwandu hwezvigadzirwa uye hukama pakati pavo.
Zvese zvishandiso zvakabatanidzwa nekaviri zvinongedzo zvinogadzira stack, MLAG pair kana VCS Ethernet jira. Kune maviri eL3VPN ma routers, matekinoroji akadaro haashandiswe, sezvo pasina chikonzero cheL2 redundancy; zvakakwana kuti ivo vane L2 yekubatanidza kune mumwe nemumwe kuburikidza nekuunganidza switch.
Implementation options
Pakuongorora sarudzo dzezvimwe zviitiko, takaona kuti kune nzira dzakati wandei dzekuita basa iri. Kubva pakuzorora kwepasirese pane network yese yemuno, kusvika kudiki chaiko 1-2 sekondi inotyora muzvikamu zvetiweki.
Network, mira! Shandura, dzitsive!
Nzira iri nyore ndeye, hongu, kuzivisa kubhuroka kwekutaurirana kwepasi rose pane ese maPOD uye ese DCI masevhisi uye chinja zvese zvinongedzo kubva kune switch. Π kuma switch N.
Kunze kwekuvhiringidza, nguva yatisingagone kufanotaura nekuvimbika (hongu, tinoziva nhamba yezvibatanidza, asi hatizivi kuti kangani chimwe chinhu chinokanganisa - kubva patambo yakaputsika kana yakakanganiswa yekubatanidza kune yakashata chiteshi kana transceiver. ), isu hatigone kufanotaura kana kureba kwetambo dzechigamba, DAC, AOC, yakabatana neakare switch A, ichave yakakwana kuti isvike kwavari kune itsva switch N, kunyangwe yakamira padivi pavo, asi ichiri zvishoma padivi, uye kana iwo ma transceivers akafanana achashanda /DAC/AOC kubva kuBrocade switch kune Arista switch.
Uye izvi zvese pasi pemamiriro ekumanikidzwa kwakanyanya kubva kune vatengi uye rutsigiro rwehunyanzvi ("Natasha, simuka! Natasha, zvese hazvishande ipapo! Natasha, isu takatonyorera kune technical support, chokwadi! Natasha, vatodonha zvese ! Natasha, vangani zvimwe zvisati zvashanda? Natasha, zvichashanda rinhi?!"). Kunyangwe kunyangwe kusati kwaziviswa kuzorora uye chiziviso kune vatengi, kuwanda kwezvikumbiro panguva yakadai kunovimbiswa.
Mira, 1-2-3-4!
Ko kana tikasazivisa zororo repasi rose, asi nhevedzano yekuvhiringidza kudiki kwekutaurirana kwePOD neDCI masevhisi. Panguva yekuzorora kwekutanga, chinja kune switch N chete POD 1, mune yechipiri - mumazuva mashoma - POD 2, kozoita mamwe mazuva mashoma POD 3, ipapo POD 4β¦[N], ipapo VXLAN inochinja uyezve L3VPN routers.
Nesangano iri rekushandura basa, tinoderedza kuoma kwebasa renguva imwe chete uye kuwedzera nguva yedu yekugadzirisa matambudziko kana chimwe chinhu chikangoerekana chaitika. POD 1 inoramba yakabatana kune mamwe maPOD uye maDCI mushure mekuchinja. Asi basa racho pacharo rinokwevera mberi kwenguva yakareba; panguva yebasa iri munzvimbo yedata, injiniya inofanirwa kuita shanduko yemuviri, uye panguva yebasa (uye basa rakadaro rinoitwa, sekutonga, usiku, kubva 2 kusvika 5 am), kuvapo kweinjiniya wetiweki yepamhepo kunodiwa padanho repamusoro. Asi zvino tinowana kukanganisa kupfupi kwekukurukurirana; sekutonga, basa rinogona kuitwa mukati menguva yehafu yeawa nekuzorora kweanosvika maminetsi maviri (mukuita, kazhinji 2-20 masekondi nemaitiro anotarisirwa emidziyo).
Mumuenzaniso mutengi S1 kana mutengi S2 iwe uchafanirwa kunyevera nezve basa nekukanganisa kutaurirana kanenge katatu - kekutanga kuita basa pane imwe POD, mune imwe yemaseva ayo aripo, kechipiri - pane yechipiri, uye kechitatu - apo kushandura michina yeDCI masevhisi.
Kuchinja nzira dzekukurukurirana dzakaunganidzwa
Sei tiri kutaura nezve maitiro anotarisirwa emidziyo, uye nzira dzakaunganidzwa dzinogona kuchinjika uku uchideredza kukanganisa kwekutaurirana? Ngatimbofungidzirai mufananidzo unotevera:
Kune rimwe divi rekubatanidza kune POD yekugovera switch - D1 ΠΈ D2, ivo vanogadzira maviri eMLAG pamwe chete (stack, VCS fekitori, vPC pair), kune rimwe divi kune maviri ma link - Link 1 ΠΈ Link 2 - inosanganisirwa muMLAG maviri echinyakare aggregation switch Π. Kudivi rekuchinja D aggregated interface ine zita Port-chiteshi A, padivi peaggregation switch Π - aggregated interface ine zita Port-chiteshi D.
Aggregated interfaces anoshandisa LACP mukushanda kwavo, kureva, switch pamativi ese anogara achichinjana LACPDU mapaketi pane ese malink kuti ave nechokwadi chekuti zvinongedzo:
- vashandi;
- inosanganisirwa mune imwe peya yemidziyo iri kure kure.
Pakuchinjana mapaketi, packet inotakura kukosha system-id, zvichiratidza mudziyo uko zvinongedzo izvi zvinosanganisirwa. Kune maviri eMLAG (stack, fekitori, nezvimwewo), iyo system-id kukosha kwemidziyo inoumba yakaunganidzwa interface yakafanana. Switch D1 inotumira ku Link 1 kukosha system-id D, uye chinja D2 inotumira ku Link 2 kukosha system-id D.
Swichi Π1 ΠΈ Π2 Ongorora LACPDU mapaketi akagamuchirwa pamusoro peiyo imwe Po D interface uye tarisa kana iyo system-id mairi ichienderana. Kana iyo system-id yakagamuchirwa kuburikidza neimwe link inongoerekana yasiyana kubva pamutengo wekushanda ikozvino, zvino chinongedzo ichi chinobviswa kubva kune yakasanganiswa interface kusvika mamiriro acho agadziriswa. Iye zvino kudivi redu rekuchinja D ikozvino system-id kukosha kubva kune LACP shamwari - A, uye padivi rekuchinja Π - ikozvino system-id kukosha kubva kune LACP shamwari - D.
Kana isu tichida kushandura iyo yakasanganiswa interface, tinogona kuzviita nenzira mbiri dzakasiyana:
Nzira 1 - Nyore
Dzima zvese zvinongedzo kubva kuma switch A. Muchiitiko ichi, nzira yakasanganiswa haishande.
Batanidza zvese zvinongedzo imwe neimwe kune switch N, ipapo LACP inoshanda paramita ichakurukurwa zvakare uye iyo interface ichaumbwa PoD pakuchinja N uye kutapurirana kwehunhu pane zvinongedzo system-id N.
Method 2 - Kuderedza kukanganisa
Bvisa Link 2 kubva pachinja A2. Panguva imwecheteyo, traffic pakati Π ΠΈ D icharamba ichifambiswa zviri nyore pamusoro peimwe yezvibatanidza, izvo zvinoramba zviri chikamu cheiyo aggregated interface.
Batanidza Link 2 kuti uchinje N2. Pakuchinja N iyo aggregated interface yakatogadzirwa Po DN, uye chinja N2 ichatanga kutumira kuLACPDU system-id N. Panguva ino tinogona kutotarisa kuti switch N2 inoshanda nemazvo netransceiver inoshandiswa Link 2, kuti chiteshi chekubatanidza chapinda muhurumende Up, uye kuti hapana kukanganisa kunoitika pachiteshi chekubatanidza kana uchitumira LACPDUs.
Asi chokwadi chekuti switch D2 ye aggregated interface Po A kubva parutivi Link 2 inogamuchira system-id N kukosha kwakasiyana kubva kune yazvino inoshanda system-id A kukosha, haibvumiri ma switch D kusuma Link 2 chikamu cheaggregated interface Po A. Switch N haigoni kupinda Link 2 mukushanda, sezvo isingagamuchire humbowo hwekushanda kubva kune LACP shamwari yekuchinja D2. Izvo zvinokonzeresa traffic ndeye Link 2 kusapedza.
Uye ikozvino tinodzima Link 1 kubva pakuchinja A1, nokudaro achinyima ma switch Π ΠΈ D kushanda aggregate interface. Saka pane switch side D ikozvino kushanda system-id kukosha kweiyo interface inonyangarika Po A.
Izvi zvinobvumira kuchinja D ΠΈ N bvuma kuchinjanisa system-id AN pamainterfaces Po A ΠΈ Po DN, kuitira kuti traffic itange kufambiswa pamwe nekubatanidza Link 2. Kuputsika munyaya iyi, mukuita, kusvika kumasekonzi maviri.
Uye ikozvino isu tinogona nyore kushandura Link 1 kushandura N1, kudzoreredza kugona uye mwero we interface redundancy Po A ΠΈ Po DN. Kubva kana ichi chinongedzo chakabatana, ikozvino system-id kukosha haichinji kune chero divi, hapana kukanganisa.
Mamwe malink
Asi shanduko inogona kuitwa pasina kuvepo kweinjiniya panguva yekuchinja. Kuti tiite izvi, isu tichada kuisa mamwe malink pakati pekugovera switch pachine nguva D uye itsva aggregation switches N.
Isu tiri kuisa malink matsva pakati peaggregation switch N uye kugovera switch kune ese maPOD. Izvi zvinoda kuodha uye kuisa mamwe matambo tambo, uye nekuisa mamwe matransceivers sezvazviri Nuye mukati D. Tinogona kuita izvi nekuti mune yedu switch D Imwe neimwe POD ine madoko emahara (kana isu tinofanosunungura iwo). Nekuda kweizvozvo, POD yega yega inobatanidzwa neaviri malink kune ekare switch A uye kune itsva switch N.
Pakuchinja D maviri aggregated interfaces akaumbwa - Po A nezvisungo Link 1 ΠΈ Link 2uye Po N - ine zvinongedzo Link N1 ΠΈ Link N2. Panguva ino, isu tinotarisa kwakaringana kubatana kwemainterfaces uye zvinongedzo, mazinga emaziso masaini pamigumo yese yezvisungo (kuburikidza neDDM ruzivo kubva kune switch), isu tinogona kutarisa mashandiro ekubatanidza pasi pemutoro kana kutarisa nyika dze. optical masaini uye transceiver tembiricha kwemazuva akati wandei.
Traffic ichiri kutumirwa kuburikidza neiyo interface Po A, uye interface Po N mari hapana traffic. Izvo zvigadziriso pane interfaces ndeizvi:
Interface Port-channel A
Switchport mode trunk
Switchport allowed vlan C1, C2
Interface Port-channel N
Switchport mode trunk
Switchport allowed vlan noneD switch, sekutonga, inotsigira sesheni-yakavakirwa gadziriso shanduko; chinja mamodheru ane basa iri anoshandiswa. Saka isu tinokwanisa kushandura marongero ePo A uye Po N interfaces mune imwe nhanho:
Configure session
Interface Port-channel A
Switchport allowed vlan none
Interface Port-channel N
Switchport allowed vlan C1, C2
CommitIpapo kuchinja kwekugadzirisa kuchaitika nokukurumidza zvakakwana, uye kuputsa kuchaita, mukuita, kusapfuura 5 seconds.
Iyi nzira inotibvumira kupedzisa basa rose rekugadzirira pachine nguva, kuita zvese zvinodiwa cheki, kuronga basa nevatori vechikamu mukuita, kufanotaura zvakadzama zviito zvekugadzirwa kwebasa, pasina ndege dzekugadzira apo "zvese zvakakanganisika. ,β uye iva nepurogiramu yokudzokera kugadziriro yakapfuura. Kushanda zvinoenderana nechirongwa ichi kunoitwa neinjiniya yetiweki pasina kuvepo kweinjiniya yedata data pane saiti uyo anoita shanduko.
Izvo zvakakoshawo nenzira iyi yekuchinja ndeyekuti zvese zvitsva zvinongedzo zvakatotariswa pamberi. Zvikanganiso, kuiswa kwezvisungo muyuniti, kurodha zvisungo - ruzivo rwese rwunodiwa rwatova muhurongwa hwekutarisa, uye izvi zvakatodhirowa pamepu.
D-Day
POD
Isu takasarudza nzira isinganyanyorwadza yekuchinja yevatengi uye isinganyanyi kutarisana ne "chimwe chinhu chakashata" mamiriro ane mamwe malink. Saka isu takachinjira ese maPOD kune matsva ekubatanidza aggregation muhusiku hushoma.
Asi chasara kushandura michina inopa masevhisi eDCI.
L2
Panyaya yemidziyo inopa L2 yekubatanidza, isu hatina kukwanisa kuita basa rakafanana nemamwe malink. Pane zvikonzero zvinenge zviviri zveizvi:
- Kushaikwa kwemahara madoko ekumhanya kunodiwa paVXLAN switch.
- Kushaikwa kwesesheni yekumisikidza shanduko yekushanda pane VXLAN switch.
Hatina kushandura zvinongedzo "imwe panguva" nekuzorora chete tichibvumirana pane itsva system-id pair, sezvo isu takanga tisina 100% chivimbo chekuti maitiro acho achaitika nemazvo, uye bvunzo murabhoritari yakaratidza kuti iyo nyaya kana "chimwe chinhu chisina kumira zvakanaka," isu tichiri kuwana kukanganiswa kwekubatanidza, uye chakanyanya kushata hachisi chevatengi vane L2 yekubatanidza nedzimwe nzvimbo dzedata, asi kazhinji kune vese vatengi veiyi data data.
Isu takaita basa rekunyepedzera nguva isati yasvika pakuchinja kubva kuL2 chiteshi, saka huwandu hwevatengi vakakanganiswa nebasa paVXLAN switch yaive yatove kakawanda isingasviki gore rapfuura. Nekuda kweizvozvo, takasarudza kukanganisa kutaurirana kuburikidza neiyo L2 yekubatanidza sevhisi, chero isu tikaramba tichichengetedza mashandiro akajairika emunharaunda network masevhisi mune imwe data data. Mukuwedzera, iyo SLA yebasa iri inopa mukana wekuita basa rakarongwa nekukanganisa.
L3
Nei takakurudzira kuti munhu wese achinje kuL3VPN pakuronga masevhisi eDCI? Chimwe chezvikonzero kugona kuita basa pane imwe yeruta inopa iyi sevhisi, ichingodzikisa nhanho yekudzokera kuN + 0, pasina kukanganisa kutaurirana.
Ngatitarisei zvakanyanya chirongwa chekupa rubatsiro. Musevhisi iyi, chikamu cheL2 chinoenda kubva kumasevha evatengi chete kuenda kuL3VPN Selectel ma routers. Iyo network yevatengi inomiswa pane ma routers.
Sevha yega yega yemutengi, semuenzaniso. S2 ΠΈ S3 mumufananidzo uri pamusoro, vane yavo yakavanzika IP kero - 10.0.0.2/24 paS2 server ΠΈ 10.0.0.3/24 paS3 server. Kero 10.0.0.252/24 ΠΈ 10.0.0.253/24 yakapihwa naSelectel kune ma routers L3VPN-1 ΠΈ L3VPN-2, zvichiteerana. IP kero 10.0.0.254/24 iVRRP VIP kero paSelectel routers.
Unogona kudzidza zvakawanda nezve L3VPN sevhisi mu blog yedu.
Pamberi pekuchinja, zvese zvaitaridzika senge padhayagiramu:
Marouter maviri L3VPN-1 ΠΈ L3VPN-2 akanga akabatanidzwa kune yekare aggregation switch Π. Iyo tenzi yeVRRP VIP kero 10.0.0.254 ndiyo router L3VPN-1. Iyo ine yepamusoro yepamusoro yekero iyi kupfuura router L3VPN-2.
unit 1006 {
description C2;
vlan-id 1006;
family inet {
address 10.0.0.252/24 {
vrrp-group 1 {
priority 200;
virtual-address 10.100.0.254;
preempt {
hold-time 120;
}
accept-data;
}
}
}
}Iyo S2 server inoshandisa gedhi 10.0.0.254 kutaurirana nemaseva mune dzimwe nzvimbo. Saka, kubvisa iyo L3VPN-2 router kubva kunetiweki (zvechokwadi, kana ikatanga kubviswa kubva kuMPLS domain) haikanganisi kubatana kwemaseva emutengi. Panguva ino, dunhu redundancy level rinongoderedzwa.
Mushure meizvi tinogona kubatanidza zvakachengeteka router L3VPN-2 kune maviri ekuchinja N. Lay links, shandura transceivers. Iyo router's logical interfaces, iyo iyo kushanda kwevatengi masevhisi kunoenderana, yakavharwa kusvikira yasimbiswa kuti zvese zviri kushanda sezvazvinofanira.
Mushure mekutarisa zvinongedzo, ma-transceivers, mazinga echiratidzo, uye mazinga ekukanganisa pane mainterfaces, iyo router inoiswa mukushanda, asi yatobatanidzwa kune nyowani nyowani.
Zvadaro, tinoderedza kukosha kweVRRP kweL3VPN-1 router, uye VIP address 10.0.0.254 inotamirwa kuL3VPN-2 router. Aya mabasa anoitwa zvakare pasina kukanganisa kutaurirana.
Kuendesa VIP kero 10.0.0.254 kune router L3VPN-2 inokubvumira kudzima router L3VPN-1 pasina kukanganisa kwekutaurirana kune mutengi uye kuibatanidza kune itsva peya yeaggregation switch N.
Zvichida kana kusadzorera VRRP VIP kuL3VPN-1 router ndeimwe mubvunzo, uye kunyange kana yakadzorerwa, inoitwa pasina kukanganisa kubatana.
Total
Mushure mematanho ese aya, isu takanyatso kutsiva eggregation switch mune imwe yedata data, uku tichideredza kukanganisa kwevatengi vedu.
Chasara kuputsa. Kubviswa kwekuchinja kwekare, kubviswa kwezvisungo zvekare pakati pekuchinja A uye D, kubviswa kwema transceivers kubva pane izvi zvinongedzo, kururamisa kwekutarisa, kururamisa dhayagiramu yetiweki muzvinyorwa uye kuongorora.
Tinogona kushandisa switch, transceivers, chigamba tambo, AOC, DAC yakasara mushure mekuchinja mune mamwe mapurojekiti kana kune mamwe machinjiro akafanana.
"Natasha, takachinja zvese!"
Source: www.habr.com