Huyero hweAmazon Web Services network inzvimbo makumi matanhatu nepfumbamwe pasirese mumatunhu makumi maviri nemaviri: USA, Europe, Asia, Africa neAustralia. Imwe neimwe nzvimbo ine inosvika 69 nzvimbo dzedata - Data Processing Centers. Imwe neimwe nzvimbo yedata ine zviuru kana mazana ezviuru zvemaseva. Iyo network inogadzirwa nenzira yekuti zvese zvisingafungidzike kubuda zvinotariswa. Semuenzaniso, matunhu ese akaparadzaniswa kubva kune mumwe nemumwe, uye nzvimbo dzekusvikika dzakapatsanurwa pamusoro pemadaro emakiromita akati wandei. Kunyangwe iwe ukacheka tambo, sisitimu inochinja kune backup chiteshi, uye kurasikirwa kweruzivo kunosvika kune mashoma data pakiti. Vasily Pantyukhin achataura pamusoro pemamwe misimboti yakavakirwa pane network uye kuti yakagadziridzwa sei.
Vasily Pantyukhin akatanga ari Unix administrator mumakambani e.ru, akashanda pane hombe Sun Microsystem hardware kwemakore 6, uye akaparidza data-centric nyika kwemakore 11 paEMC. Yakangoshanduka ikava makore ega, ndokuzoenda kune veruzhinji. Iye zvino, semugadziri weAmazon Web Services, anopa zano rehunyanzvi kubatsira kurarama nekuvandudza mugore reAWS.
Muchikamu chakapfuura cheAWS trilogy, Vasily akanyura mukugadzirwa kwemaseva emuviri uye kuyera dhatabhesi. Makadhi eNitro, tsika yeKVM-yakavakirwa hypervisor, Amazon Aurora dhatabhesi - nezve izvi zvese muzvinyorwa "" Verenga kuti uwane mamiriro kana kuona hurukuro.
Ichi chikamu chinotarisa kunetiweki kuyera, imwe yeakanyanya kuomarara masisitimu muAWS. Iko kushanduka kubva kune flat network kuenda kuVirtual Private Cloud uye dhizaini yayo, masevhisi emukati eBlackfoot neHyperPlane, dambudziko remuvakidzani ane ruzha, uye pakupedzisira - chiyero chetiweki, musana uye tambo dzemuviri. Pamusoro peizvi zvose pasi pekucheka.
Disclaimer: zvese zviri pasi apa maonero aVasily uye anogona kusapindirana nechinzvimbo cheAmazon Web Services.
Network kuyera
Gore reAWS rakavambwa muna 2006. Network yake yaive yechinyakare - ine flat structure. Huwandu hwemakero epachivande hwaive hwakajairika kune vese vanoroja makore. Paunenge uchitanga mutsva chaiwo muchina, iwe wakagamuchira netsaona inowanikwa IP kero kubva pane ino renji.
Iyi nzira yaive nyore kuita, asi yakaganhurira kushandiswa kwegore. Kunyanya, zvaive zvakaoma kugadzira zvigadziriso zvakasanganiswa izvo zvakabatanidza zvakavanzika network pasi uye muAWS. Dambudziko rainyanya kunetsa raive rekupindirana kwekero dzeIP.
Virtual Yakavanzika Gore
Gore rakaratidza kuti raidiwa. Nguva yasvika yekufunga nezve scalability uye mukana wekushandiswa kwayo nemakumi emamiriyoni evaroja. Iyo flat network yave chipingamupinyi chikuru. Naizvozvo, isu takafunga nezve nzira yekuparadzanisa vashandisi kubva kune mumwe kune mumwe kune network pamwero kuti vagone kuzvimiririra kusarudza IP siyana.
Ndechipi chinhu chekutanga chinouya mupfungwa kana iwe uchifunga nezve network yekuzviparadzanisa nevamwe? Zvirokwazvo VLANs ΠΈ VRF - Virtual Routing uye Forwarding.
Sezvineiwo, hazvina kushanda. VLAN ID ingori gumi nemaviri mabhiti, ayo anotipa chete 12 ega zvikamu. Kunyangwe ma switch makuru anogona kushandisa huwandu hwe4096-1 zviuru zveVRF. Kushandisa VRF neVLAN pamwe chete kunotipa mamirioni mashoma mashoma. Izvi hazvina kukwana kumakumi emamiriyoni evaroja, imwe neimwe inofanirwa kukwanisa kushandisa akawanda subnets.
Isu hatigonewo kutenga nhamba inodiwa yemabhokisi makuru, semuenzaniso, kubva kuCisco kana Juniper. Pane zvikonzero zviviri: inopenga inodhura, uye isu hatidi kuve patsitsi dzekusimudzira kwavo uye nekugadzirisa marongero.
Pane mhedziso imwe chete - ita yako mhinduro.
Muna 2009 takazivisa VPC - Virtual Yakavanzika Gore. Iro zita rakanamatira uye ikozvino vazhinji vanopa makore vanorishandisawo.
VPC ndeyechokwadi network SDN (Software Defined Network). Isu takasarudza kusagadzira akakosha maprotocol pamazinga eL2 neL3. Iyo network inomhanya pane yakajairwa Ethernet uye IP. Zvekutapurirana pamusoro petiweki, chaiyo muchina traffic yakavharirwa mune yedu yedu protocol wrapper. Inoratidza chitupa ndecheVPC yemuroja.
Inonzwika nyore. Nekudaro, kune akati wandei akakomba matambudziko ehunyanzvi anoda kukurirwa. Semuenzaniso, kupi uye sei kuchengetedza data pamepu chaiyo MAC/IP kero, VPC ID uye inoenderana nemuviri MAC/IP. Pachiyero cheAWS, iyi tafura hombe inofanirwa kushanda nekunonoka kuwana kunonoka. Zvikonzero izvi sevhisi yekugadzira mepu, iyo inopararira muchidimbu chakatetepa mumambure.
Mumichina yechizvarwa chitsva, encapsulation inoitwa nemakadhi eNitro padanho rehardware. Mune zviitiko zvekare, encapsulation uye decapsulation ndeye software-yakavakirwa.
Ngatione kuti zvinoshanda sei mune zvakajairika. Ngatitange neiyo L2 level. Ngatifungei kuti tine virtual muchina ne IP 10.0.0.2 pane muviri server 192.168.0.3. Inotumira data kune chaiwo muchina 10.0.0.3, inogara pa192.168.1.4. Chikumbiro cheARP chinogadzirwa uye chinotumirwa kune network Nitro kadhi. Kuti zvive nyore, isu tinofungidzira kuti ese ari maviri muchina anogara mune imwechete "yebhuruu" VPC.
Mepu inotsiva kero yekwakabva neyayo uye inoendesa mberi iyo ARP furemu kune sevhisi yemepu.
Iyo mepu sevhisi inodzosa ruzivo rwakakosha pakufambisa pamusoro peL2 yemuviri network.
Iyo Nitro kadhi mumhinduro yeARP inotsiva iyo MAC pane network network nekero muVPC.
Kana tichiendesa data, tinoputira zvine musoro MAC uye IP muVPC wrapper. Isu tinofambisa zvese izvi pamusoro petiweki yemuviri tichishandisa yakakodzera sosi uye kwekuenda IP Nitro makadhi.
Muchina wenyama unoitirwa pasuru unoita cheki. Izvi zvinodiwa kudzivirira mukana wekero spoofing. Muchina uyu unotumira chikumbiro chakakosha kune sevhisi yemepu uye unobvunza: "Kubva muchina wenyama 192.168.0.3 ndagamuchira pakiti inoitirwa 10.0.0.3 muVPC yebhuruu. Ari pamutemo here?
Sevhisi yemepu inotarisa tafura yekugovera zviwanikwa uye inobvumira kana kuramba kuti pakiti ipfuure. Muzviitiko zvese zvitsva, kumwe kusimbiswa kunoiswa mumakadhi eNitro. Hazvibviri kuzvinzvenga kunyange nedzidziso. Naizvozvo, spoofing kune zviwanikwa mune imwe VPC hazvishande.
Tevere, iyo data inotumirwa kune chaiyo muchina wainoitirwa.
Iyo sevhisi yemepu inoshandawo seanonzwisisika router yekufambisa data pakati pemashini chaiwo mune akasiyana ma subnet. Zvese zviri conceptually zviri nyore, ini handisi kuzoenda mune zvakadzama.
Zvinoitika kuti kana uchitumira pakiti yega yega, maseva anotendeukira kune sevhisi yemepu. Nzira yekugadzirisa sei kunonoka kusingadzivisiki? Caching, ehe saizvozvo.
Runako nderekuti haufanire kuvhara tafura hombe yese. Sevha yemuviri inobata chaiwo michina kubva kune ishoma nhamba yeVPC. Iwe unongoda cache ruzivo nezve maVPC aya. Kuendesa data kune mamwe maVPC mune "default" gadziriso haisati iri pamutemo. Kana kushanda kwakadai seVPC-peering kuchishandiswa, ipapo ruzivo pamusoro peVPCs rinoenderana rinowedzerwa mu cache.
Isu takaronga kuendesa data kuVPC.
Blackfoot
Chii chekuita mumamiriro ezvinhu apo traffic inoda kuendeswa kunze, semuenzaniso kuInternet kana kuburikidza neVPN pasi? Anotibatsira kunze uko Blackfoot -AWS yemukati sevhisi. Inogadzirwa nechikwata chedu chekuSouth Africa. Ndosaka sevhisi yakatumidzwa zita repenguin inogara kuSouth Africa.
Blackfoot decapsulates traffic uye inoita zvinodiwa nayo. Data inotumirwa kuInternet sezvairi.
Iyo data yakabviswa uye yakaputirwa zvakare muIPsec kana uchishandisa VPN.
Paunenge uchishandisa Direct Connect, traffic inoiswa uye inotumirwa kune yakakodzera VLAN.
HyperPlane
Iri ibasa remukati rekudzora kuyerera. Mazhinji masevhisi etiweki anoda kuongororwa data flow inoti. Semuyenzaniso, kana uchishandisa NAT, kuyerera kwekudzora kunofanirwa kuve nechokwadi chekuti yega yega IP:yekusvika pachiteshi chengarava ine yakasarudzika inobuda chiteshi. Panyaya yemubharanzi NLB - Network Load Balancer, kuyerera kwedata kunofanirwa kugara kuchitungamirwa kune imwechete yakanangana nemashini muchina. Security Mapoka is stateful firewall. Inotarisisa traffic inouya uye inovhura pachena madoko ekubuda kwepaketi kuyerera.
Mune gore reAWS, kutapurirana latency zvinodiwa zvakakwira zvakanyanya. Ndosaka HyperPlane yakakosha pakuita kwenetwork yese.
Hyperplane yakavakirwa paEC2 chaiyo muchina. Hapana mashiripiti apa, manomano chete. Chinonyengera ndechekuti aya machina chaiwo ane RAM hombe. Ma Operations ari transaction uye anoitwa mundangariro chete. Izvi zvinokutendera kuti uwane kunonoka kwemakumi chete emamicroseconds. Kushanda nedhisiki kwaizouraya kugadzirwa kwese.
Hyperplane ndiyo yakagoverwa sisitimu yenhamba hombe yemashini akadaro EC2. Muchina wega wega chaiwo une bandwidth ye5 GB/s. Munharaunda yese yedunhu network, izvi zvinopa zvinoshamisa terabits yebandwidth uye inobvumira kugadzirisa mamiriyoni ekubatanidza pasekondi.
HyperPlane inoshanda chete nehova. VPC packet encapsulation iri pachena zvachose kwairi. Kusagadzikana mune ino yemukati sevhisi kwaizoramba kuchidzivirira kuparadzaniswa kweVPC kubva pakutyorwa. Iwo mazinga ari pasi apa ane basa rekuchengetedza.
Muvakidzani ane ruzha
Pachine dambudziko muvakidzani ane ruzha - muvakidzani ane ruzha. Ngatifungei tine 8 nodes. Aya node anogadzirisa kuyerera kwevose vashandisi vegore. Zvese zvinoita kunge zvakanaka uye mutoro unofanirwa kugovaniswa zvakaenzana munzvimbo dzese. Node dzine simba kwazvo uye zvakaoma kuzviremedza.
Asi isu tinovaka zvivakwa zvedu zvichibva pane kunyange zvisingaite zvisingaite.
Mukana wakaderera hazvirevi kuti hazvibviri.
Tinogona kufungidzira mamiriro ezvinhu umo mushandisi mumwe kana vanopfuura vangaburitsa mutoro wakawandisa. Ese maHyperPlane node anobatanidzwa mukugadzirisa mutoro uyu uye vamwe vashandisi vanogona kuwana imwe mhando yekurova kwekuita. Izvi zvinotyora pfungwa yegore, umo maroja asina simba rekupesvedzerana.
Nzira yekugadzirisa sei dambudziko remuvakidzani ane ruzha? Chinhu chokutanga chinouya mupfungwa kugovana. Manodhi edu masere akapatsanurwa zvine musoro kuita 8 shards ye4 nodes imwe neimwe. Iye zvino muvakidzani ane ruzha achavhiringidza chikamu chimwe chete muzvina chevashandisi vose, asi zvichavavhiringidza zvikuru.
Ngatiite zvinhu zvakasiyana. Isu tichagovera chete 3 node kune wega mushandisi.
Iwo manomano ndeekungopa node kune vakasiyana vashandisi. Mumufananidzo uri pazasi, mushandisi webhuruu anopindirana node nemumwe wevamwe vashandisi vaviri - girinhi neorenji.
Ne 8 node uye 3 vashandisi, mukana wemuvakidzani ane ruzha anopindirana nemumwe wevashandisi i54%. Iri nemukana uyu kuti mushandisi weblue achapesvedzera vamwe maroja. Panguva imwecheteyo, chikamu chete chemutoro wayo. Mumuenzaniso wedu, pesvedzero iyi ichave ingangoonekwa neimwe nzira kwete kumunhu wese, asi kune chikamu chimwe chete muzvitatu chevashandisi vese. Izvi zvatova mugumisiro wakanaka.
Nhamba yevashandisi vanozopindirana
Probability in percent
0
18%
1
54%
2
26%
3
2%
Ngatiunzei mamiriro acho pedyo nechokwadi - ngatitorei 100 nodes uye 5 vashandisi pa5 nodes. Muchiitiko ichi, hapana imwe yemanode ichapindirana nemukana we77%.
Nhamba yevashandisi vanozopindirana
Probability in percent
0
77%
1
21%
2
1,8%
3
0,06%
4
0,0006%
5
0,00000013%
Mumamiriro ezvinhu chaiwo, nenhamba huru yeHyperPlane node nevashandisi, iko kunokanganisa kwemuvakidzani ane ruzha kune vamwe vashandisi kushoma. Iyi nzira inonzi kusanganisa sharding - shuffle sharding. Iyo inoderedza kuipa kwakashata kwenode kukundikana.
Mazhinji masevhisi akavakwa pahwaro hweHyperPlane: Network Load Balancer, NAT Gateway, Amazon EFS, AWS PrivateLink, AWS Transit Gateway.
Network scale
Zvino ngatitaure nezve chiyero che network pachayo. YaGumiguru 2019 AWS inopa masevhisi ayo mukati 22 matunhu, uye zvimwe 9 zvakarongwa.
- Dunhu rega rega rine akati wandei Anowanika Zone. Kune makumi matanhatu nemapfumbamwe avo pasi rose.
- Imwe neimwe AZ ine Data Processing Centers. Hapana anopfuura 8 avo pamwe chete.
- Iyo data data inochengeta nhamba huru yemaseva, mamwe anosvika mazana matatu ezviuru.
Zvino ngativei pakati pese izvi, tiwedzere uye tiwane chimiro chinokatyamadza chinoratidza Amazon cloud scale.
Kune akawanda optical link pakati peAvailability Zones uye data center. Mune rimwe rematunhu edu makuru, 388 chiteshi chakagadzirirwa chete kutaurirana kweAZ pakati peumwe neumwe nenzvimbo dzekutaurirana nemamwe matunhu (Transit Centers). Pakazara izvi zvinopa kupenga 5000 Tbit.
Backbone AWS yakavakirwa zvakananga uye yakagadziridzwa yegore. Tinozvivaka pamatanho 100 GB / s. Isu tinovadzora zvachose, kunze kwematunhu muChina. Traffic haina kugovaniswa nemitoro yemamwe makambani.
Ehe, isu hatisi isu chete mupi wegore ane yakavanzika backbone network. Makambani makuru uye akawanda ari kutevera nzira iyi. Izvi zvinosimbiswa nevaongorori vakazvimiririra, semuenzaniso kubva .
Girafu inoratidza kuti chikamu chevanopa zvemukati uye gore vanopa chiri kukura. Nekuda kweizvi, chikamu cheInternet traffic yevanopa musana chiri kuramba chichiderera.
Ndichatsanangura kuti sei izvi zvichiitika. Pakutanga, masevhisi mazhinji ewebhu aiwanikwa uye aidyiwa zvakananga kubva paInternet. Mazuva ano, maseva akawanda uye akawanda ari mugore uye anowanikwa kuburikidza CDN - Content Distribution Network. Kuti uwane sosi, mushandisi anoenda neInternet chete kune iri pedyo CDN PoP - Point of Presence. Kazhinji kazhinji pane imwe nzvimbo iri pedyo. Ipapo inosiya iyo veruzhinji Internet uye inobhururuka nepakati yakavanzika musana mhiri kweAtlantic, semuenzaniso, uye yakananga kune sosi.
Ndinoshamisika kuti Indaneti ichachinja sei mumakore e10 kana maitiro aya achienderera mberi?
Nzira dzemuviri
Masayendisiti haasati awana nzira yekuwedzera kukurumidza kwechiedza muUniverse, asi ivo vakafambira mberi zvikuru mumitoo yekuiparadzira kuburikidza neoptical fiber. Isu parizvino tinoshandisa 6912 fiber tambo. Izvi zvinobatsira kukwirisa zvakanyanya mutengo wekuiswa kwavo.
Mune mamwe matunhu tinofanira kushandisa tambo dzakakosha. Semuyenzaniso, mudunhu reSydney tinoshandisa tambo dzine jira rakakosha kurwisa majuru.
Hapana anodzivirirwa kubva mumatambudziko uye dzimwe nguva nzira dzedu dzinokuvadzwa. Mufananidzo uri kurudyi unoratidza tambo dzemaziso mune imwe yenzvimbo dzeAmerica dzakabvarurwa nevashandi vekuvaka. Somugumisiro wetsaona, 13 chete data packets yakarasika, izvo zvinoshamisa. Kamwe zvakare - 13 chete! Iyo sisitimu yakanyatso kuchinjika kune backup chiteshi - chiyero chiri kushanda.
Isu takamhanya kuburikidza nemamwe eAmazon makore masevhisi uye matekinoroji. Ndinovimba kuti une imwe pfungwa yehukuru hwemabasa ayo mainjiniya edu anofanira kugadzirisa. Ini pachangu, ndinoona izvi zvichinakidza kwazvo.
Ichi chikamu chekupedzisira che trilogy kubva kuna Vasily Pantyukhin nezve AWS mudziyo. IN zvikamu zvinotsanangura server optimization uye dhatabhesi kuyera, uye mukati - serverless mabasa uye Firecracker.
pamusoro munaNovember Vasily Pantyukhin achagovera zvitsva zveAmazon device. Iye nezve zvikonzero zvekukundikana uye dhizaini yeakagoverwa masisitimu kuAmazon. Gumiguru 24 achiri kugona tikiti nemutengo wakanaka, uye bhadhara gare gare. Takakumirirai paHighLoad++, huya tikurukure!
Source: www.habr.com