Muzvikamu zviviri zvakapfuura (, ) takatarisa misimboti payakavakirwa fekitari yetsika itsva, uye takataura nezvekutama kwemabasa ose. Iye zvino yave nguva yekutaura nezve server fekitori.
Pakutanga, isu takanga tisina chero yakaparadzana server masisitimu: maseva switch akabatana kune imwechete musimboti seyekugovera mushandisi switch. Kupinda kwekutonga kwakaitwa pachishandiswa virtual network (VLANs), VLAN routing yakaitwa pane imwe nguva - pamusimboti (maererano nemusimboti. ).
Old network zvivakwa
Panguva imwe chete nenetiweki yehofisi itsva, takafunga kuvaka kamuri nyowani sevha uye fekitori itsva yakaparadzana yayo. Yakazove idiki (matatu maseva makabati), asi mukutevedzera ese canon: yakaparadzana musimboti pane CE8850 switch, yakazara meshed (muzongoza-shizha) topology, pamusoro peiyo rack (ToR) CE6870 switch, akaparadzana peya. zvema switch ekubatanidza netiweki yese (border mashizha). Muchidimbu, mincemeat yakakwana.
Network yefekitari nyowani server
Isu takasarudza kusiya server SCS tichifarira kubatanidza maseva zvakananga kuToR switch. Sei? Isu tatova nemakamuri maviri evhavha akavakwa achishandisa server SCS, uye takaona kuti izvi ndezvi:
- kusagadzikana kushandisa (kwakawanda kubatanidzwazve, iwe unofanirwa kunyatso gadziridza tambo yetambo);
- inodhura maererano nenzvimbo inogarwa nemapatch panels;
- iri chipingamupinyi pazvinenge zvichidikanwa kuwedzera kukurumidza kwekubatanidza kwemaseva (semuenzaniso, chinja kubva ku1 Gbit/s kusanganisa pamusoro pemhangura kuenda ku10 Gbit/s pamusoro pe optical).
Pakutamira kune imwe fekitori sevha, takaedza kubva pakubatanidza maseva nekumhanya kwe1 Gbit / s uye takazviganhurira kune gumi Gbit interfaces. Anenge ese maseva ekare asingakwanisi kuita izvi akave akaitwa, uye mamwe akabatanidzwa kuburikidza negigabit transceivers kune gumi gigabit ports. Isu takaita masvomhu uye takasarudza kuti zvaizova zvakachipa pane kuvamisira gigabit switch dzakasiyana.
ToR inochinja
Zvakare mukamuri yedu nyowani sevha, takaisa akaparadzana kunze-kwe-bhendi manejimendi (OOM) switch ine 24 ports, imwe paraki. Pfungwa iyi yakave yakanaka kwazvo, asi pakanga pasina madoko akakwana, nguva inotevera isu tichaisa OOM switch ine 48 ports.
Isu tinobatanidza nzvimbo dzekubatira kure manejimendi emaseva akadai seILO, kana iBMC muHuawei terminology, kune network yeOOM. Kana sevha yakarasikirwa nekubatana kwayo kukuru kune network, zvino zvinokwanisika kuisvika kuburikidza neiyi interface. Zvakare, kudzora nzvimbo dzeToR switch, tembiricha sensors, UPS control interfaces uye zvimwe zvakafanana zvishandiso zvakabatana neOOM switch. Iyo OOM network inowanikwa kuburikidza neyakasiyana firewall interface.
OOM Network Connection
Pairing server uye mushandisi network
Mufekitori yetsika, maVRF akaparadzana anoshandiswa kune zvinangwa zvakasiyana - zvekubatanidza nzvimbo dzevashandisi, vhidhiyo yekutarisa masisitimu, multimedia masisitimu mumakamuri emisangano, ekuronga mastand nenzvimbo dzedemo, nezvimwe.
Imwe seti yeVRF yakagadzirwa mufekitori yeseva:
- Kubatanidza maseva akajairwa panoiswa masevhisi emakambani.
- VRF yakaparadzana, mukati mayo maseva ane mukana kubva paInternet anoiswa.
- VRF yakaparadzana yemaseva edatabase anongowanikwa nemamwe maseva (semuenzaniso, maseva ekushandisa).
- Kuparadzanisa VRF kune yedu mail system (MS Exchange + Skype yeBhizinesi).
Saka isu tine seti yeVRF padivi remushandisi fekitori uye seti yeVRF padivi pesevha fekitori. Maseti ese ari maviri akaiswa pane corporate firewall (FW) masumbu. MEs akabatana nemuganhu switch (mashizha emuganho) eese machira evhavha uye jira remushandisi.
Kupindirana mafekitori kuburikidza INI - fizikisi
Kubatanidza mafekitori kuburikidza neME - logic
Kutama kwacho kwakafamba sei?
Munguva yekutama, takabatanidza mafekitori matsva uye ekare sevha padanho rekubatanidza data, kuburikidza nematanda enguva pfupi. Kuti titame maseva ari mune chaiyo VLAN, takagadzira yakaparadzana bhiriji domain, iyo yaisanganisira iyo VLAN yekare server fekitori uye VXLAN yefekitori nyowani sevha.
Iyo gadziriso inotaridzika seizvi, mitsetse miviri yekupedzisira iri kiyi:
bridge-domain 22
vxlan vni 600022
evpn
route-distinguisher 10.xxx.xxx.xxx:60022
vpn-target 6xxxx:60022 export-extcommunity
vpn-target 6xxxx:60022 import-extcommunity
interface Eth-Trunk1
mode lacp-static
dfs-group 1 m-lag 1
interface Eth-Trunk1.1022 mode l2
encapsulation dot1q vid 22
bridge-domain 22
Kutama kwe virtual machines
Zvadaro, uchishandisa VMware vMotion, michina chaiyo muVLAN iyi yakatamiswa kubva kune yekare hypervisors (vhezheni 5.5) kuenda kune mitsva (vhezheni 6.5). Panguva imwecheteyo, maseva ehardware akaitwa virtualized.
Paunoedza kudzokororaGadzira iyo MTU pachine nguva uye tarisa mafambiro emapaketi makuru "kuguma kusvika kumagumo".
Mune yekare server network, takashandisa VMware vShield virtual firewall. Sezvo VMware isingachatsigire chishandiso ichi, takachinja kubva kuvShield kuenda kune hardware firewalls panguva imwe chete isu takatamira kupurazi idzva.
Mushure mekunge pakanga pasina maseva akasara mune imwe VLAN pane network yekare, takachinja nzira. Kare, yaiitwa pamusimboti wekare, wakavakwa uchishandisa Collapsed Backbone tekinoroji, uye mune itsva server fekitori takashandisa Anycast Gateway tekinoroji.
Kuchinja nzira
Mushure mekushandura nzira yeVLAN chaiyo, yakabviswa kubva pabhiriji domain uye yakabviswa kubva muhunde pakati pekare uye itsva network, kureva, yakatamira zvachose kune itsva server factory. Saka, takatama nezve 20 VLANs.
Saka isu takagadzira network nyowani, sevha nyowani uye itsva virtualization purazi. Mune chimwe chezvinyorwa zvinotevera tichataura pamusoro pezvatakaita neWi-Fi.
Maxim Klochkov
Senior consultant wenetwork audit uye yakaoma mapurojekiti boka
Network Solutions Center
"Jet Infosystems"
Source: www.habr.com