Nhasi ini ndichakuudza nezve kuti zano rekugadzira nyowani yemukati network yekambani yedu rakauya sei uye rakaitwa. Chinzvimbo chemanejimendi ndechekuti iwe unofanirwa kuzviitira iwe pachako purojekiti yakafanana neyemutengi. Kana tikazviitira isu pachedu zvakanaka, tinogona kukoka mutengi toratidza kuti izvo zvatinomupa zvinoshanda uye zvinoshanda sei. Nokudaro, takaswedera pakuvandudzwa kwechirevo chetiweki itsva yehofisi yeMoscow zvakanyatsonaka, tichishandisa kutenderera kwakazara kwekugadzira: kuongororwa kwezvido zvedhipatimendi β kusarudzwa kwekugadzirisa kwekugadzirisa β dhizaini β kushandiswa β kuedza. Saka ngatitangei.
Kusarudza Technical Solution: Mutant Sanctuary
Maitiro ekushanda pane yakaoma otomatiki sisitimu parizvino inotsanangurwa zvakanyanya muGOST 34.601-90 "Automated system. Matanho eKusikaβ, saka takashanda zvinoenderana nazvo. Uye nechekare pamatanho ekuumbwa kwezvinodiwa uye kusimudzira pfungwa, takasangana nematambudziko ekutanga. Masangano emaprofiles akasiyana-siyana - mabhangi, makambani einishuwarenzi, vanogadzira software, nezvimwewo - nekuda kwemabasa avo uye zviyero, vanoda mamwe marudzi emambure, ayo chaiwo akajeka uye akaenzana. Zvisinei, izvi hazvishande nesu.
Sei?
Jet Infosystems ikambani yakakura yakasiyana-siyana yeIT. Panguva imwecheteyo, dhipatimendi redu rekutsigira remukati idiki (asi rinodada), rinovimbisa kushanda kweakakosha masevhisi uye masisitimu. Iyo kambani ine zvikamu zvakawanda zvinoita mabasa akasiyana: aya akati wandei ane simba outsourcing zvikwata, uye-mumba vanogadzira mabhizinesi masisitimu, uye kuchengetedzwa kwemashoko, uye vagadziri vekombuta masisitimu - kazhinji, chero angave. Naizvozvo, mabasa avo, masisitimu uye chengetedzo marongero zvakare akasiyana. Izvo, sezvaitarisirwa, zvakagadzira matambudziko mukuita kwekuongorora kwezvinodiwa uye kumira.
Pano, semuenzaniso, idhipatimendi rekusimudzira: vashandi varo vanonyora uye bvunzo kodhi yenhamba huru yevatengi. Kazhinji pane kudikanwa kwekukurumidza kuronga nharaunda dzebvunzo, uye kutaura chokwadi, hazvigoneke nguva dzose kugadzira zvinodiwa zvepurojekiti yega yega, kukumbira zviwanikwa uye kuvaka yakaparadzana bvunzo nharaunda zvinoenderana nemirairo yese yemukati. Izvi zvinopa mamiriro ezvinhu ekuda kuziva: rimwe zuva muranda wako anozvininipisa akatarisa mukamuri yevagadziri uye akawana pasi petafura basa reHadoop rinoshanda zvakanaka rematafura makumi maviri, iro rakanga rakabatana zvisingatsananguriki kune network yakajairika. Handifungi kuti zvakakodzera kujekesa kuti dhipatimendi reIT rekambani harina kuziva nezvekuvapo kwayo. Mamiriro ezvinhu aya, semamwe mazhinji, aikonzeresa kuti panguva yekugadzirwa kweprojekiti, izwi rekuti "mutant reserve" rakazvarwa, richitsanangura mamiriro eiyo hofisi yemoyo murefu.
Kana kuti heino mumwe muenzaniso. Nguva nenguva, bhenji rekuyedza rinomiswa mukati medhipatimendi. Izvi ndizvo zvakaitika naJira uye Confluence, iyo yakashandiswa zvishoma neSoftware Development Center mune mamwe mapurojekiti. Mushure menguva yakati, mamwe madhipatimendi akadzidza nezvezviwanikwa izvi zvinobatsira, akazviongorora, uye pakupera kwa2018, Jira naConfluence vakatama kubva pachinzvimbo che "toyi yevagadziri vepurogiramu" kuenda pa "zviwanikwa zvekambani." Iye zvino muridzi anofanirwa kupihwa kune aya masisitimu, SLAs, yekuwana / ruzivo kuchengetedza marongero, backup marongero, kutarisa, mitemo yenzira yekukumbira kugadzirisa matambudziko inofanirwa kutsanangurwa - kazhinji, hunhu hwese hwakazara ruzivo system hunofanirwa kunge huripo. .
Imwe neimwe yezvikamu zvedu zvakare incubator inokura zvigadzirwa zvayo. Vamwe vacho vanofa padanho rekusimudzira, vamwe isu tinoshandisa tichishanda pamapurojekiti, nepo vamwe vachitora midzi vova mhinduro dzakadzokororwa dzatinotanga kuzvishandisa isu nekutengesa kune vatengi. Kune imwe neimwe yehurongwa hwakadaro, inodikanwa kuve neyayo network nharaunda, kwainozokura pasina kupindirana nemamwe masisitimu, uye pane imwe nguva inogona kubatanidzwa mune yekambani hupfumi.
Pamusoro pebudiriro, tine yakakura kwazvo nevashandi vanopfuura mazana mashanu, vakaumbwa kuita zvikwata zvemutengi wega wega. Ivo vanobatanidzwa mukuchengetedza network uye mamwe masisitimu, kutarisa kure, kugadzirisa zvichemo, zvichingodaro. Ndokunge, zvivakwa zveSC ndizvo, zvivakwa zvemutengi wavari kushanda naye izvozvi. Hunhu hwekushanda nechikamu ichi chetiweki ndechekuti nzvimbo dzavo dzekushandira kambani yedu dzine chikamu chekunze, uye chikamu chemukati. Naizvozvo, kune SC takashandisa nzira inotevera - kambani inopa dhipatimendi rinoenderana netiweki uye zvimwe zviwanikwa, tichifunga nezvenzvimbo dzekushanda dzemadhipatimendi aya sekubatana kwekunze (nekuenzanisa nemapazi uye vashandisi vari kure).
Highway dhizaini: isu tiri mushandisi (kushamisika)
Mushure mekuongorora huipi hwese, takaona kuti takanga tichiwana network yevanofambisa nhare mukati mehofisi imwe, uye takatanga kuita zvinoenderana.
Isu takagadzira core network nerubatsiro rweiyo chero yemukati, uye mune ramangwana zvakare kunze, mutengi anopiwa nebasa rinodiwa: L2 VPN, L3 VPN kana yenguva dzose L3 routing. Mamwe madhipatimendi anoda kuchengetedzwa kweInternet, nepo mamwe achida kuwana kwakachena pasina firewall, asi panguva imwe chete kudzivirira zviwanikwa zvedu zvemakambani uye core network kubva kune yavo traffic.
Isu "takapedzisa SLA" zvisina kurongwa nechikamu chimwe nechimwe. Mukuwirirana nayo, zviitiko zvose zvinomuka zvinofanira kubviswa mukati meimwe nguva, yakafanobvumirana nguva yenguva. Zvinodiwa nekambani kune network yayo zvakazove zvakaomarara. Iyo yakanyanya nguva yekupindura kune chiitiko muchiitiko chekutadza kwefoni uye email yaive maminetsi mashanu. Iyo nguva yekudzoreredza mashandiro etiweki panguva yekutadza kwakajairika haipfuuri miniti.
Sezvo isu tine mutakuri-giredhi network, unogona chete kubatana kwairi mukunyatsoenderana nemitemo. Zvikamu zvebasa zvinoisa marongero uye zvinopa masevhisi. Ivo havatombode ruzivo nezve kubatanidzwa kweakananga maseva, chaiwo michina uye nzvimbo dzekushandira. Asi panguva imwecheteyo, nzira dzekudzivirira dzinodiwa, nekuti hapana kubatana kumwechete kunofanirwa kudzima network. Kana loop yakasikwa netsaona, vamwe vashandisi havafanire kuona izvi, ndiko kuti, mhinduro yakakwana kubva kune network inodiwa. Chero ani zvake telecom opareta anogara achigadzirisa zvakafanana zvinoita kunge zvakaoma mukati meiyo core network. Inopa sevhisi kune vakawanda vatengi vane zvakasiyana zvinodiwa uye traffic. Panguva imwecheteyo, vanyoreri vakasiyana havafanirwe kuwana kusagadzikana kubva kune traffic yevamwe.
Pamba, takagadzirisa dambudziko iri nenzira inotevera: isu takavaka musana L3 network ine yakazara redundancy, tichishandisa IS-IS protocol. Iyo network overlay yakavakwa pamusoro peiyo core zvichienderana nehunyanzvi /, uchishandisa routing protocol . Kuti ikurumidze kusangana kwemaprotocol ekufambisa, tekinoroji yeBFD yakashandiswa.
Network chimiro
Mumiyedzo, chirongwa ichi chakazviratidza kuve chakanakisa - kana chero chiteshi kana switch ikabviswa, nguva yekubatanidza haina kupfuura 0.1-0.2 s, mashoma emapaketi anorasika (kazhinji hapana), TCP masesheni haana kubvarurwa, kutaurirana parunhare. hadzina kuvhiringwa.
Underlay Layer - Routing
Overlay Layer - Routing
Huawei CE6870 switch ine VXLAN rezinesi yakashandiswa semadhishi ekugovera. Ichi chishandiso chine mutengo wakanyanya weyero / yemhando, zvichikubvumidza kuti ubatanidze vanyoreri nekukurumidza kwe10 Gbit / s, uye batanidza kumusana pakumhanya kwe40-100 Gbit / s, zvichienderana nematransceivers anoshandiswa.
Huawei CE6870 inochinja
Huawei CE8850 switches yakashandiswa seyakakosha switch. Chinangwa ndechekuendesa traffic nekukurumidza uye nekuvimbika. Hapana midziyo yakabatana kwavari kunze kwekugovera switch, ivo havana chavanoziva nezveVXLAN, saka modhi ine 32 40/100 Gbps ports yakasarudzwa, ine rezinesi rekutanga rinopa L3 nzira uye rutsigiro rweIS-IS uye MP-BGP. protocol .
Iyo yepazasi ndiyo Huawei CE8850 core switch
Padanho rekugadzira, nhaurirano yakatanga mukati mechikwata nezve matekinoroji anogona kushandiswa kushandisa kukanganisa-kushivirira kubatana kune core network node. Hofisi yedu yeMoscow iri muzvivakwa zvitatu, tine makamuri manomwe ekugovera, mune imwe neimwe iyo mbiri Huawei CE7 yekugovera switch yakaiswa (chete maswiti ekuwana akaiswa mumakamuri akati wandei ekugovera). Paunenge uchigadzira iyo network pfungwa, mbiri sarudzo dzekudzosera dzakatariswa:
- Kubatanidzwa kwekugovera maswichi kuita chitunha-chinoshivirira mukamuri yega yega yekubatanidza. Pros: nyore uye nyore kugadzirisa. Kukanganisa: kune mukana wepamusoro wekutadza kweiyo yese stack kana zvikanganiso zvikaitika mune firmware yetiweki zvishandiso ("memory leaks" nezvimwe zvakadaro).
- Nyorera M-LAG uye Anycast gedhi tekinoroji kubatanidza zvishandiso kugovera switch.
Pakupedzisira, takagara pane yechipiri sarudzo. Iyo yakatiomei kugadzirisa, asi yakaratidza mukuita kwayo kuita kwayo uye kuvimbika kwepamusoro.
Ngatitangei kufunga kubatanidza magumo ekupedzisira kune ekugovera switch:
Muchinjikwa
Shanduko yekupinda, sevha, kana chero imwe mudziyo inoda kukanganisa-inoshivirira yekubatanidza inosanganisirwa mune maviri ekugovera switch. M-LAG tekinoroji inopa redundancy padanho rekubatanidza data. Zvinofungidzirwa kuti maviri ekugovera switch anoonekwa kune yakabatana midziyo semudziyo mumwe. Redundancy uye kuyera kuyera kunoitwa uchishandisa iyo LACP protocol.
Anycast gateway tekinoroji inopa redundancy padanho retiweki. Huwandu hwakakura hweVRF hwakagadzirirwa pane yega yega yekugovera switch (VRF yega yega inoitirwa zvinangwa zvayo - zvakasiyana kune "vanowanzo" vashandisi, zvakasiyana nefoni, zvakasiyana kune akasiyana bvunzo uye budiriro nharaunda, nezvimwewo), uye mune imwe neimwe. VRF ine akati wandei maVLAN akagadziridzwa. Munetiweki yedu, madhizaini ekugovera ndiwo akasarudzika gedhi emidziyo yese yakabatana kwavari. Makero eIP anoenderana neVLAN interfaces akafanana kune ese ari maviri ekugovera switch. Trafiki inofambiswa kuburikidza nekuchinja kuri pedyo.
Zvino ngatitarisei kubatanidza kugovera switch kune kernel:
Kukanganisa kushivirira kunopihwa padanho retiweki uchishandisa IS-IS protocol. Ndokumbira utarise kuti mutsara wekutaurirana weL3 wakasiyana unopihwa pakati pema switch, nekumhanya kwe100G. Panyama, iyi tambo yekutaurirana ndeye Direct Access tambo; inogona kuoneka kurudyi mumufananidzo weHuawei CE6870 switch.
Imwe nzira ingave yekuronga "yakatendeseka" yakabatana zvizere kaviri nyeredzi topology, asi, sezvataurwa pamusoro, isu tine 7 makamuri ekubatanidza muzvivako zvitatu. Saizvozvowo, dai takasarudza "double star" topology, tingadai takada zvakapetwa kaviri "refu-refu" 40G transceivers. Kuchengetwa kwepano kwakakosha zvikuru.
Mazwi mashoma anofanirwa kutaurwa nezvekuti VXLAN neAnycast gedhi tekinoroji zvinoshanda sei pamwechete. VXLAN, pasina kupinda mune zvakadzama, inzira yekutakura mafiramu eEthernet mukati meUDP mapaketi. Iyo loopback interfaces yekugovera switch inoshandiswa senzvimbo yekuenda IP kero yemugero weVXLAN. Imwe neimwe crossover ine ma switch maviri ane akafanana loopback interface kero, saka packet inogona kusvika kune chero yadzo, uye Ethernet furemu inogona kutorwa kubva mairi.
Kana iyo switch ichiziva nezve kwainoenda MAC kero yeiyo yakadzoserwa furemu, iyo furemu ichaunzwa nenzira kwayo kwairi kuenda. Kuve nechokwadi chekuti ese maviri ekugovera switch akaisirwa mumuchinjiko-mumwechete ane ruzivo rwezvese MAC kero "inosvika" kubva kune yekubatidza switch, iyo M-LAG mashandiro ane basa rekuyananisa matafura ekero yeMAC (pamwe neARP. matafura) pane ese maviri switch M-LAG pairi.
Traffic balancing inowanikwa nekuda kwekuvapo mune underlay network yenzira dzinoverengeka kune loopback interfaces yekugovera switch.
Pane mhedziso
Sezvambotaurwa pamusoro apa, panguva yekuedza nekushanda network yakaratidza kuvimbika kwepamusoro (nguva yekudzoreredza yekutadza kwakajairika haipfuuri mazana emamilliseconds) uye kuita kwakanaka - imwe neimwe yepakati-inobatanidza yakabatana kune yakakosha nematanho maviri 40 Gbit / s. Maswiti ekupinda munetiweki yedu akaturikidzana uye akabatana nekugovera switch kuburikidza neLACP/M-LAG ine maviri 10 Gbit/s chiteshi. Chigadziko chinowanzo ine 5 switch ine 48 ports imwe neimwe, uye anosvika gumi ekuwana stacks akabatana nekugovera mune yega yega-yekubatanidza. Nokudaro, musana unopa pamusoro pe10 Mbit / s pamushandisi kunyange pamutengo mukuru wezvinyorwa, izvo panguva yekunyora zvakakwana kune zvose zvatinoshandisa.
Iyo network inokutendera iwe kuti uronge zvisina musono pairing yechero ipi neipi yakabatana michina kuburikidza neL2 uye L3, ichipa kuparadzaniswa kwakazara kwetraffic (iyo inofarirwa neruzivo rwekuchengetedza ruzivo) uye kukanganisa domains (inofarirwa neboka rekushanda).
Muchikamu chinotevera tichakuudza kuti takatamira sei kune network itsva. Ramba wakatarisa!
Maxim Klochkov
Senior consultant wenetwork audit uye yakaoma mapurojekiti boka
Network Solutions Center
"Jet Infosystems"
Source: www.habr.com