Mhoroi, zita rangu ndinonzi Kostya Kramlich, ndiri mutungamiriri anotungamira weVirtual Private Cloud division paYandex.Cloud. Ndiri kushanda pane network chaiyo, uye, sezvaungafungidzira, mune ino chinyorwa ini ndichataura nezve Virtual Private Cloud (VPC) mudziyo muzhinji uye chaiyo network kunyanya. Uye iwe unozoonawo kuti sei isu, ivo vanogadzira sevhisi, tichikoshesa mhinduro kubva kuvashandisi vedu. Asi zvinhu zvekutanga kutanga.
Chii chinonzi VPC?
Mazuva ano, kune dzakasiyana siyana sarudzo dzekutumira masevhisi. Ndine chokwadi chekuti mumwe munhu achiri kuchengeta sevha pasi pedhesiki remutungamiriri, kunyangwe ndichivimba kuti nyaya dzakadai dziri kuita shoma.
Iye zvino masevhisi ari kuyedza kuenda kumakore eruzhinji, uye apa ndipo pavanosangana neVPC. VPC chikamu chegore reruzhinji rinobatanidza mushandisi, zvivakwa, chikuva uye mamwe masimba pamwechete, chero kwavanenge vari, muCloud yedu kana kupfuura. Panguva imwecheteyo, VPC inokutendera kuti udzivise kufumura hunyanzvi uhu kuInternet zvisina basa; ivo vanoramba vari mukati metiweki yako yega.
Iyo chaiyo network inotaridzika sei kubva kunze
NeVPC tinoreva, kutanga kwezvose, network overlay uye network masevhisi, akadai VPNaaS, NATaas, LBaas, etc. Uye izvi zvese zvinoshanda pamusoro pekukanganisa-kushivirira network network, iyo yakatokurukurwa. pano paHabrΓ©.
Ngatitarisei zvakanyanya kune virtual network uye chimiro chayo.
Ngatitarisei nzvimbo mbiri dziripo. Isu tinopa chaiyo network - yatakadaidza VPC. Muchokwadi, inotsanangura iyo yakasarudzika nzvimbo yeako "grey" kero. Mukati mesetiweki yega yega, une hutongi hwakazara pamusoro penzvimbo yemakero iwe yaunogona kupa kune komputa zviwanikwa.
Iyo network ndeyepasi rose. Panguva imwecheteyo, inofungidzirwa pane imwe neimwe yenzvimbo dziripo muchimiro chechinhu chinonzi Subnet. Pa Subnet yega yega unopa CIDR yehukuru 16 kana pasi. Imwe neimwe nzvimbo inowanikwa inogona kuva neinopfuura chimwe chete chakadaro, uye panogara paine nzira dzakajeka pakati pavo. Izvi zvinoreva kuti zviwanikwa zvako zvese mukati meVPC imwechete zvinogona "kutaura" kune mumwe nemumwe, kunyangwe zviri munzvimbo dzakasiyana dzekuwanikwa. "Taurirana" pasina mukana weInternet, kuburikidza nematanho edu emukati, "tichifunga" kuti vari mukati meiyo yakavanzika network.
Dhiagiramu iri pamusoro inoratidza mamiriro akajairwa: maVPC maviri anopindirana pane imwe nzvimbo mumakero avo. Zvose zvinogona kuva zvako. Semuenzaniso, imwe yekusimudzira, imwe yekuyedza. Panogona kunge paine vashandisi vakasiyana - mune iyi kesi hazvina basa. Uye VPC yega yega ine muchina mumwe chete.
Ngatiite kuti chirongwa chiwedzere. Iwe unogona kuita imwe chaiyo muchina ubatanidze kune akati wandei Subnets kamwechete. Uye kwete kungodaro, asi mune akasiyana virtual network.
Panguva imwecheteyo, kana iwe uchida kufumura michina paInternet, izvi zvinogona kuitwa kuburikidza neAPI kana UI. Kuti uite izvi, unofanirwa kugadzirisa shanduro yeNAT ye "grey", kero yemukati, mu "chena" - kero yeruzhinji. Iwe haugone kusarudza "chena" kero; inopihwa zvisina tsarukano kubva kune yedu kero dziva. Paunongomira kushandisa yekunze IP, inodzokera kudziva. Iwe unongobhadhara chete nguva yaunoshandisa "chena" kero.
Izvo zvakare zvinogoneka kupa muchina Internet kuwana uchishandisa NAT muenzaniso. Iwe unogona kuendesa traffic kune yako muenzaniso kuburikidza neiyo static routing tafura. Isu takapa nyaya yakadai nekuti vashandisi dzimwe nguva vanoida, uye isu tinoziva nezvazvo. Saizvozvo, mune yedu dhairekitori yemifananidzo pane yakanyatso kugadzirirwa NAT mufananidzo.
Asi kunyangwe paine mufananidzo wakagadzirwa-wakagadzirwa weNAT, kumisikidzwa inogona kuve yakaoma. Isu takanzwisisa kuti kune vamwe vashandisi iyi haisiyo yakanyanya kunaka sarudzo, saka mukupedzisira takaita kuti zvikwanise kugonesa NAT yeinodiwa Subnet nekudzvanya kumwe chete. Iyi ficha ichiri kuvharwa yekuona, uko iri kuedzwa nerubatsiro rwenhengo dzenharaunda.
Iyo chaiyo network inoshanda sei kubva mukati
Mushandisi anodyidzana sei nevirtual network? Iyo network inotarisa kunze neAPI yayo. Mushandisi anouya kuAPI uye anoshanda nenyika inotarirwa. Kuburikidza neAPI, mushandisi anoona kuti zvese zvinofanirwa kurongeka uye kugadziridzwa, iye achiona chimiro, iyo chaiyo nyika inosiyana sei kubva kune inodiwa. Uyu ndiwo mufananidzo wemushandisi. Chii chiri kuitika mukati?
Isu tinonyora mamiriro anodiwa muYandex Database uye enda kunogadzirisa zvikamu zvakasiyana zveVPC yedu. Iyo yekuvharira network muYandex.Cloud yakavakirwa pahwaro hwezvinhu zvakasarudzwa zveOpenContrail, iyo ichangobva kunzi Tungsten Fabric. Network masevhisi anoitwa pane imwechete CloudGate chikuva. Pa CloudGate, takashandisawo akati wandei akavhurika sosi zvikamu: GoBGP yekubata ruzivo rwekutonga, pamwe neVPP yekushandisa software router inomhanya pamusoro peDPDK yedata nzira.
Tungsten Fabric inotaurirana neCloudGate kuburikidza neGoBGP. Inotaurira zviri kuitika mumambure epamusoro. CloudGate, zvakare, inobatanidza mavhairasi network kune mumwe nemumwe uye neInternet.
Zvino ngatitarisei kuti chaiyo network inogadzirisa sei scalability uye nyaya dzekuwanikwa. Ngationei nyaya iri nyore. Kune imwe nzvimbo inowanikwa uye maviri maVPC akagadzirwa mairi. Isu takatumira imwe Tungsten Fabric muenzaniso, uye ine akati wandei makumi ezviuru zvetiweki. Manetiweki anotaurirana neCloudGate. CloudGate, sezvatakambotaura, inovimbisa kubatana kwavo kune mumwe nemumwe uye neInternet.
Ngatiti yechipiri Availability Zone inowedzerwa. Inofanira kukundikana zvachose yakasununguka kubva kune yekutanga. Naizvozvo, isu tinofanirwa kuisa yakaparadzana Tungsten Fabric muenzaniso munzvimbo yechipiri inowanikwa. Iyi ichave yakaparadzana sisitimu inobata pamusoro uye inoziva zvishoma nezve yekutanga system. Uye chitarisiko chekuti yedu chaiyo network ndeyepasirese, kutaura zvazviri, inogadzira yedu VPC API. Iri ndiro basa rake.
VPC1 yakamepurwa kuAvailability Zone B kana Kuwanikwa Zone B ine zviwanikwa zvinonamira muVPC1. Kana pasina zviwanikwa kubva kuVPC2 munzvimbo inowanikwa B, isu hatigadzirise VPC2 munzvimbo ino. Zvakare, sezvo zviwanikwa kubva kuVPC3 zviripo chete munharaunda B, VPC3 haipo munharaunda A. Zvese zviri nyore uye zvine musoro.
Ngatimbozamai zvishoma tione mashandiro anoita munhu ari muY.Cloud. Chinhu chikuru chandinoda kucherechedza ndechekuti vese vanogamuchira vakagadzirwa zvakafanana. Isu tinoita shuwa kuti chete hushoma hunodiwa hwesevhisi hunomhanya pane Hardware; zvimwe zvese zvinomhanya pamashini chaiwo. Isu tinovaka epamusoro-odha masevhisi anoenderana neakakosha masevhisi, uye zvakare tinoshandisa Cloud kugadzirisa mamwe matambudziko einjiniya, semuenzaniso, sechikamu cheKuenderera Kubatanidzwa.
Kana tikatarisa mumwe munhu anotambira, tinogona kuona kuti pane zvinhu zvitatu zvinomhanya muhost OS:
- Komputa ndicho chikamu chine basa rekugovera zviwanikwa zvekombuta pane iyo host.
- VRouter chikamu cheTungsten Fabric, iyo inoronga kuvharika, ndiko kuti, iyo tunnel mapaketi kuburikidza nepasi.
- VDisks zvimedu zvekuchengetedza virtualization.
Uye zvakare, chaiwo michina inomhanyisa masevhisi: Cloud zvivakwa masevhisi, masevhisi epuratifomu uye kugona kwevatengi. Kugona kwevatengi uye masevhisi epuratifomu anogara achienda kune yakavharika kuburikidza neVRouter.
Infrastructure masevhisi anogona kubaya mukati mekuvharira, asi kazhinji ivo vanoda kushanda muiyo underlay. Ivo vakanamira mukati meiyo underlay vachishandisa SR-IOV. Muchokwadi, isu tinocheka kadhi kuita chaiwo makadhi etiweki (chaiyo mabasa) uye toasundira mumakina ezvivakwa chaiwo kuti asarasikirwe nekuita. Semuyenzaniso, iwowo CloudGate inotangwa seimwe yeaya magadzirirwo chaiwo emuchina.
Zvino zvatatsanangura mabasa epasi rose eiyo chaiyo network uye dhizaini yezvakakosha zvikamu zvegore, ngatitarisei kuti chaizvo zvikamu zvakasiyana zveiyo virtual network zvinodyidzana sei.
Isu tinosiyanisa zvikamu zvitatu muhurongwa hwedu:
- Config Plane - inoisa iyo inotarirwa mamiriro eiyo system. Izvi ndizvo zvinogadziriswa nemushandisi kuburikidza neAPI.
- Kudzora Ndege - inopa mushandisi-inotsanangurwa semantics, ndiko kuti, inounza mamiriro eData Plane kune zvakatsanangurwa nemushandisi muConfig Plane.
- Data Plane - inogadzirisa zvakananga mapaketi evashandisi.
Sezvandambotaura pamusoro, zvese zvinotanga nemushandisi kana wemukati wepuratifomu sevhisi kuuya kuAPI uye kutsanangura imwe nzvimbo inotarirwa.
Iyi nyika inonyorerwa pakarepo kuYandex Database, inodzorera ID yeasynchronous operation kuburikidza neAPI, uye inotanga michina yedu yemukati kuti ibudise hurumende yaidiwa nemushandisi. Magadzirirwo emabasa anoenda kune SDN controller uye uudze Tungsten Fabric izvo zvinoda kuitwa mukuvharika. Semuenzaniso, vanochengeta zviteshi, virtual network, nezvimwe zvakadaro.
Iyo Config Plane muTungsten Fabric inorodha iyo inodiwa mamiriro kune iyo Kudzora Ndege. Kuburikidza nazvo, Config Plane inotaurirana nevaridzi, ichivaudza izvo chaizvo zvichange zvichiitika pavari munguva pfupi iri kutevera.
Zvino ngationei kuti system yacho inotaridzika sei pane vanogamuchira. Muchina chaiwo une imwe network adapta yakavharirwa muVRouter. VRouter iTungsten Fabric core module inotarisa pamapaketi. Kana pachitova nekuyerera kweimwe pakiti, module inoigadzirisa. Kana pasina kuyerera, module inoita inodaidzwa kuti punting, ndiko kuti, inotumira pakiti kuusermod process. Maitiro acho anopatsanura pakiti uye anopindura kwairi pachayo, seDHCP neDNS, kana kuudza VRouter zvekuita nayo. VRouter inogona kubva yagadzirisa pakiti.
Kupfuurirazve, traffic pakati pemashini chaiwo mukati meiyo yakafanana network network inoyerera pachena, haina kutumirwa kuCloudGate. Iwo mahosi anoiswa iwo chaiwo machina anotaurirana zvakananga. Ivo vanochinjisa traffic uye vanoendesa kune mumwe nemumwe kuburikidza neiyo underlay.
Kudzora Mapuraneti anotaurirana kune imwe neimwe munzvimbo dzinowanikwa Nzvimbo kuburikidza neBGP, senge neimwe router. Vanokuudza kuti ndeapi michina yakaiswa kupi, kuitira kuti machina chaiwo mune imwe zone anogona kutaurirana zvakananga nemamwe machina chaiwo.
Kudzora Ndege zvakare inotaurirana neCloudGate. Saizvozvo, inoshuma kupi uye ndeapi mashini chaiwo akaiswa, ndeapi kero dzawo. Izvi zvinokutendera kuti utungamire traffic yekunze uye traffic kubva kumabharari kuenda kwavari.
Traffic inosiya VPC inouya ku CloudGate, munzira yedata, uko VPP nemapulagi edu anokurumidza kutsenga. Ipapo iyo traffic inopfurwa kungave kune mamwe maVPC, kana ekunze, kumucheto ma routers, ayo anogadziriswa kuburikidza neKudzora Plane ye CloudGate pachayo.
Zvirongwa zvenguva yemberi iri pedyo
Kana tikapfupisa zvese zvataurwa pamusoro apa mumitsara mishoma, tinogona kutaura kuti VPC muYandex.Cloud inogadzirisa matambudziko maviri akakosha:
- Inopa kuparadzaniswa pakati pevatengi vakasiyana.
- Inobatanidza zviwanikwa, zvivakwa, masevhisi epuratifomu, mamwe makore uye pane-nzvimbo kuita network imwe chete.
Uye kuti ugadzirise matambudziko aya nemazvo, iwe unofanirwa kuve nechokwadi scalability uye kukanganisa kushivirira pamwero weiyo yemukati dhizaini, izvo ndizvo zvinoitwa neVPC.
Zvishoma nezvishoma, VPC iri kuwana mabasa, tiri kuita zvinhu zvitsva, uye kuedza kuvandudza chimwe chinhu maererano nekureruka kune vashandisi. Mamwe mazano anotaurwa uye anosanganisirwa mune ekutanga runyorwa kutenda kunhengo dzenharaunda yedu.
Iye zvino tine inenge inotevera rondedzero yezvirongwa zvenguva pfupi iri kuuya:
- VPN sevhisi.
- Yakavanzika DNS zviitiko - mifananidzo yekukurumidza kuseta chaiwo mashini ane pre-yakagadzirirwa DNS server.
- DNS sevhisi.
- Internal load balancer.
- Kuwedzera "chena" IP kero pasina kudzoreredza muchina chaiwo.
Balancer uye kugona kushandura IP kero yemuchina wakatogadzirwa wakaiswa mune iyi runyorwa pakukumbira kwevashandisi. Kutaura chokwadi, pasina mhinduro yakajeka tingadai takatora mabasa aya gare gare. Uye saka isu tiri kutoshanda padambudziko nezvekero.
Pakutanga, "chena" IP kero yaigona kungowedzerwa pakugadzira muchina. Kana mushandisi akakanganwa kuita izvi, muchina chaiwo waifanira kugadzirwazve. Izvo zvakafanana zvinoenda pakubvisa iyo yekunze IP kana zvichidikanwa. Nenguva isipi zvinokwanisika kubatidza nekudzima IP yeruzhinji pasina kudzoreredza muchina.
Sunungukai kutaura zvenyu vamwe vashandisi. Iwe unotibatsira kuita kuti Gore rive nani uye kuwana zvakakosha uye zvinobatsira maficha nekukurumidza!
Source: www.habr.com