ProHoster > Blog > Utongi > Maitiro ekutora kutonga kune yako network network. Chitsauko chechipiri. Kuchenesa uye Zvinyorwa

Maitiro ekutora kutonga kune yako network network. Chitsauko chechipiri. Kuchenesa uye Zvinyorwa

Ichi chinyorwa ndechechipiri munhevedzano yezvinyorwa "Maitiro ekutora kutonga kwetiweki yako zvivakwa." Zviri mukati mezvinyorwa zvese munhevedzano uye zvinongedzo zvinogona kuwanikwa pano.

Maitiro ekutora kutonga kune yako network network. Chitsauko chechipiri. Kuchenesa uye Zvinyorwa

Chinangwa chedu panguva ino ndechekuunza kurongeka kune zvinyorwa uye kugadzirisa.
Pakupera kweichi chiitiko, iwe unofanirwa kuve neinodiwa seti yezvinyorwa uye network yakagadziriswa zvinoenderana navo.

Iye zvino isu hatisi kuzotaura nezve kuchengetedza ongororo - iyi ichava nyaya yechikamu chechitatu.

Dambudziko rekupedzisa basa rakapihwa panguva ino, hongu, rinosiyana zvakanyanya kubva kune kambani kuenda kune imwe kambani.

Mamiriro akanaka ndeapi

  • network yako yakagadzirwa zvinoenderana neprojekti uye une seti yakazara yemagwaro
  • yakaitwa mukambani yako shanduko yekutonga uye manejimendi maitiro zve network
  • Zvinoenderana nemaitiro aya, une magwaro (kusanganisira ese madhayagiramu anodiwa) anopa ruzivo rwakakwana nezvemamiriro ezvinhu aripo.

Muchiitiko ichi, basa rako riri nyore. Iwe unofanirwa kudzidza zvinyorwa uye kuongorora zvese shanduko dzakaitwa.

Mumamiriro ezvinhu akaipisisa, iwe uchava nazvo

  • network yakagadzirwa pasina purojekiti, isina hurongwa, pasina kubvumidzwa, nemainjiniya asina mwero wakakwana wezvidzidzo,
  • nenyonganiso, shanduko dzisina kunyorwa, ine "marara" akawanda uye suboptimal mhinduro

Zviri pachena kuti mamiriro ako pane imwe nzvimbo pakati, asi zvinosuruvarisa, pachiyero ichi chepamusoro - zvakanyanya kuipa, pane mukana mukuru wekuti iwe uchave pedyo nekuguma kwakaipisisa.

Muchiitiko ichi, iwe uchadawo kukwanisa kuverenga pfungwa, nokuti iwe uchafanira kudzidza kunzwisisa izvo "vakagadziri" vaida kuita, kudzorera pfungwa dzavo, kupedza izvo zvisina kupera uye kubvisa "marara".
Uye, hongu, iwe uchafanirwa kugadzirisa zvikanganiso zvavo, shandura (padanho rino zvishoma sezvinobvira) dhizaini uye shandura kana kugadzira zvakare zvirongwa.

Ichi chinyorwa hachimbotauri kuti chakakwana. Pano ini ndichatsanangura chete misimboti yakajairika uye kutarisa kune mamwe matambudziko akajairika anofanira kugadziriswa.

Seti yemagwaro

Ngatitange nemuenzaniso.

Pazasi pane mamwe magwaro anowanzo kugadzirwa kuCisco Systems panguva yekugadzira.

CR - Zvinodiwa neMutengi, zvinodiwa nevatengi (tekinoroji yakatarwa).
Inogadzirwa pamwe chete nemutengi uye inosarudza zvinodiwa netiweki.

HLD - Yakakwira Level Dhizaini, yepamusoro-yepamusoro dhizaini yakavakirwa panetiweki zvinodiwa (CR). Gwaro rinotsanangura uye rinoruramisa sarudzo dzekuvaka dzakatorwa (topology, maprotocol, sarudzo yehardware,...). HLD haina ruzivo rwekugadzira, senge mainterfaces uye IP kero inoshandiswa. Zvakare, iyo chaiyo hardware kumisikidzwa haina kukurukurwa pano. Asi, gwaro iri rakaitirwa kutsanangura akakosha ekugadzira pfungwa kune tekinoroji manejimendi yemutengi.

LLD - Yakaderera Level Dhizaini, yakaderera-chikamu dhizaini yakavakirwa padanho repamusoro dhizaini (HLD).
Inofanira kunge iine ruzivo rwese rwunodiwa kuita chirongwa, senge ruzivo rwekuti ungabatanidza sei uye kugadzirisa michina. Iri ndiro gwara rakazara rekushandisa dhizaini. Gwaro iri rinofanirwa kupa ruzivo rwakakwana rwekuitwa kwaro kunyangwe nevashandi vasina hunyanzvi.

Chimwe chinhu, semuenzaniso, IP kero, AS manhamba, yemuviri switching scheme (cabling), inogona "kuiswa kunze" mumagwaro akasiyana, senge. NIP (Network Implementation Plan).

Kuvakwa kwetiweki kunotanga mushure mekusikwa kwemagwaro aya uye kunoitika zvakanyatsoenderana navo uye zvino inotariswa nemutengi (bvunzo) yekutevedzera dhizaini.

Ehe, vasanganisi vakasiyana, vatengi vakasiyana, uye nyika dzakasiyana dzingave nezvinodiwa zvakasiyana zvezvinyorwa zveprojekiti. Asi ini ndoda kunzvenga maformalism ndofunga nyaya yacho pane kwayo. Iyi nhanho haisi yekugadzira, asi pamusoro pekuisa zvinhu zvakarongeka, uye tinoda seti yakakwana yezvinyorwa (dhayagiramu, matafura, tsanangudzo ...) kuti tipedze mabasa edu.

Uye mumaonero angu, pane imwe mhedziso shoma, pasina izvo hazvigoneke kunyatso kudzora network.

Aya ndiwo magwaro anotevera:

  • dhiyagiramu (log) yekuchinja kwemuviri (cabling)
  • network dhayagiramu kana dhayagiramu ine yakakosha L2/L3 ruzivo

Dhiyagiramu yekuchinja yemuviri

Mune mamwe makambani madiki, basa rine chekuita nekuiswa kwemidziyo uye kuchinja kwemuviri (cabling) ibasa revanjiniya venetiweki.

Muchiitiko ichi, dambudziko rinogadziriswa nechikamu chinotevera.

  • shandisa tsananguro pane iyo interface kutsanangura zvakabatana nazvo
  • zvekutonga zvivhare ese asina kubatana network emidziyo ports

Izvi zvinokupa iwe mukana, kunyangwe pakaitika dambudziko nekubatanidza (kana cdp kana lldp isingashande pane iyi interface), kukurumidza kuona kuti chii chakabatana nechiteshi ichi.
Iwe unogona zvakare kuona zviri nyore kuti ndeapi madoko akagarwa uye ndeapi emahara, ayo anodiwa pakuronga makubatanidza emidziyo mitsva yetiweki, maseva kana nzvimbo dzekushandira.

Asi zviri pachena kuti ukatadza kuwana midziyo iyi, unozotadzawo kuwana ruzivo urwu. Uye zvakare, nenzira iyi haungakwanise kurekodha ruzivo rwakakosha sekuti rudzii rwemidziyo, mashandisiro emagetsi, mangani madoko, ndeapi rack ari mukati, ndeapi mapaneru aripo uye kupi (munei rack / patch panel. ) akabatana. Naizvozvo, mamwe magwaro (kwete chete tsananguro pamidziyo) achiri kubatsira zvakanyanya.

Iyo yakanakira sarudzo ndeye kushandisa zvikumbiro zvakagadzirirwa kushanda nerudzi urwu rweruzivo. Asi iwe unogona kuzviganhurira iwe kumatafura akareruka (semuenzaniso, muExcel) kana kuratidza ruzivo rwaunofunga kuti rwakafanira muL1/L2 dhayagiramu.

Zvinokosha!

Injiniya yemambure, hongu, anogona kunyatsoziva kuomesesa uye zviyero zveSCS, marudzi emaraki, marudzi emagetsi asingachinjiki, chii chinotonhora uye chinopisa nzira, maitiro ekuita grounding yakakodzera ... sezvaanogona. ziva fizikisi yezvikamu zvekutanga kana C ++. Asi munhu anofanira kuramba achinzwisisa kuti zvese izvi haisi nzvimbo yake yeruzivo.

Naizvozvo, itsika yakanaka kuve nemadhipatimendi akazvitsaurira kana vanhu vakazvipira kugadzirisa matambudziko ane chekuita nekuisa, kubatana, kuchengetedza michina, pamwe nekuchinja kwemuviri. Kazhinji kune data nzvimbo iyi inzvimbo yedata mainjiniya, uye yehofisi ibasa-dhesiki.

Kana kupatsanurwa kwakadaro kuchipihwa mukambani yako, saka nyaya dzekutema matanda harisi basa rako, uye iwe unogona kuzviganhurira wega kutsananguro pane interface uye kuvharika kwekutonga kwezvikepe zvisina kushandiswa.

Network diagrams

Iko hakuna nzira yepasirese yekudhirowa madhayagiramu.

Chinonyanya kukosha ndechekuti madhayagiramu anofanirwa kupa nzwisiso yekuti traffic ichayerera sei, kuburikidza nei zvine musoro uye zvemuviri zvinhu zvetiweki yako.

Nezvinhu zvenyama tinoreva

  • midziyo inoshanda
  • interfaces / zviteshi zvemichina inoshanda

Under logic -

  • zvine musoro zvishandiso (N7K VDC, Palo Alto VSYS, ...)
  • VRF
  • VaVilan
  • subinterfaces
  • tunnels
  • nzvimbo
  • ...

Zvakare, kana network yako isiri yekutanga, ichave nezvikamu zvakasiyana.
Somuenzaniso

  • data center
  • internet
  • WAN
  • kuwana kure
  • hofisi LAN
  • DMZ
  • ...

Hungwaru kuve nemadhayagiramu akati wandei anopa iwo mufananidzo muhombe (mafambiro anoita traffic pakati pezvikamu zvese izvi) uye tsananguro yakadzama yechikamu chimwe nechimwe.

Sezvo mumanetiweki emazuva ano panogona kunge paine akawanda ane musoro akaturikidzana, ingangove yakanaka (asi isingakodzeri) nzira yekugadzira matunhu akasiyana kune akasiyana akaturikidzana, semuenzaniso, kana iri nzira yekupfuura iyi inogona kunge iri matunhu anotevera:

  • kufukidza
  • L1/L2 pasi pasi
  • L3 underlay

Ehe, iyo inonyanya kukosha dhizaini, pasina izvo zvisingagoneke kunzwisisa pfungwa yedhizaini yako, ndiyo dhizaini yekufambisa.

Routing scheme

Pashoma, dhizaini iyi inofanirwa kuratidza

  • ndeapi maprotocol ekufambisa anoshandiswa uye kupi
  • ruzivo rwekutanga nezve routing protocol marongero (nzvimbo/AS nhamba/router-id/…)
  • kugovanisa kunoitika pamidziyo ipi?
  • uko kusefa uye kuunganidza nzira kunoitika
  • default nzira ruzivo

Zvakare, iyo L2 chirongwa (OSI) inowanzo batsira.

L2 chirongwa (OSI)

Dhiagiramu iyi inogona kuratidza ruzivo runotevera:

  • chii VLANs
  • izvo zviteshi zviri trunk ports
  • izvo zviteshi zvakaunganidzwa kuita ether-channel (chiteshi chiteshi), virtual port chiteshi
  • ndeapi maSTP maprotocol anoshandiswa uye pane zvipi zvishandiso
  • basic STP marongero: midzi / midzi backup, STP mutengo, chiteshi chepamusoro
  • mamwe maSTP marongero: BPDU gadhi / sefa, mudzi murindi…

Yakajairika dhizaini kukanganisa

Muenzaniso wenzira yakaipa yekuvaka network.

Ngatitorei muenzaniso wakapfava wekuvaka iri nyore hofisi LAN.

Kuva neruzivo rwekudzidzisa telecom kuvadzidzi, ndinogona kutaura kuti chero mudzidzi ari pakati pesemesita yechipiri ane ruzivo rwakakosha (sechikamu chekosi yandakadzidzisa) yekumisikidza hofisi iri nyore LAN.

Chii chakanyanya kuoma nezve kubatanidza switch kune mumwe nemumwe, kumisikidza maVLAN, SVI nzvimbo dzekupindirana (munyaya yeL3 switch) uye kumisikidza static routing?

Zvose zvichashanda.

Asi panguva imwecheteyo, mibvunzo ine chekuita ne

  • chengetedzo
  • reserved
  • network kuwedzera
  • kubereka
  • throughput
  • kuvimbika
  • ...

Nguva nenguva ndinonzwa chirevo chekuti hofisi LAN chimwe chinhu chiri nyore uye ini ndinowanzonzwa izvi kubva kune mainjiniya (nemaneja) vanoita zvese asi network, uye vanotaura izvi nechivimbo zvekuti usashamisika kana iyo LAN ichave. yakagadzirwa nevanhu vasina kukwana kudzidzira uye ruzivo uye ichaitwa nemhosho dzakafanana dzandichatsanangura pazasi.

Zvakajairwa L1 (OSI) Kugadzira Zvikanganiso

  • Kana, zvakadaro, iwe uriwo mutoro weSCS, saka imwe yenhaka isingafadzi yaungagashira ndeye kusangwarira uye nekusafunga-kunze kwekuchinja.

Ini ndaizoisawo semhando yeL1 zvikanganiso zvine chekuita nezviwanikwa zvemidziyo inoshandiswa, semuenzaniso,

  • bandwidth isina kukwana
  • TCAM isina kukwana pamidziyo (kana kusashandisa kwayo)
  • kusakwana kuita (kazhinji kwakabatana nemafirewalls)

Zvakajairwa L2 (OSI) Kugadzira Zvikanganiso

Kazhinji, kana pasina kunzwisiswa kwakanaka kwemashandiro eSTP uye kuti ndeapi matambudziko ainounza nawo, ma switch akabatana zvine mutsindo, ane default marongero, pasina kuwedzera STP tuning.

Somugumisiro, tinowanzova nezvinotevera

  • hombe STP network dhayamita, izvo zvinogona kutungamira kune nhepfenyuro yemadutu
  • STP mudzi ichatemwa zvisina tsarukano (zvichienderana neMac kero) uye nzira yetraffic ichave yakaderera
  • zviteshi zvakabatana kune vanotambira hazvizogadziriswe semupendero (portfast), izvo zvinozotungamira kune STP kuverengera kana uchidzima / kudzima zviteshi zvekupedzisira.
  • iyo network haizopatsanurwe padanho reL1 / L2, semhedzisiro yekuti matambudziko nechero switch (semuenzaniso, simba rakawandisa) zvinotungamira mukuverengerwa kweiyo STP topology uye kumisa traffic muVLANs ese pane ese switch (kusanganisira iyo imwe yakakosha kubva pakuona kwekuenderera mberi sevhisi segment)

Mienzaniso yezvikanganiso muL3 (OSI) dhizaini

Mamwe mashoma akajairika zvikanganiso zvevanovice network:

  • Kuwanzo shandiswa (kana kushandisa chete) kweiyo static routing
  • kushandiswa kwe suboptimal routing protocol kune yakapihwa dhizaini
  • suboptimal logical network segmentation
  • kushandiswa kwakaderera kwenzvimbo yekero, iyo isingatenderi nzira yekuunganidza
  • hapana nzira dzekuchengetedza
  • hapana chengetedzo yekusarudzika gedhi
  • asymmetric routing paunenge uchivakazve nzira (inogona kuve yakakosha mune yeNAT / PAT, statefull firewalls)
  • matambudziko neMTU
  • kana nzira dzichivakwa patsva, traffic inopinda nedzimwe nzvimbo dzekuchengetedza kana mamwe mafirewall, izvo zvinoita kuti traffic iyi idonhe.
  • urombo topology scalability

Maitiro ekuongorora maitiro ekugadzira

Kana tichitaura nezve optimality / isiri-optimality, isu tinofanirwa kunzwisisa kubva pakuona kwemaitiro atinogona kuongorora izvi. Pano, kubva pamaonero angu, ndiwo akanyanya kukosha (asi kwete ese) maitiro (uye tsananguro ine chekuita nemaprotocol ekufambisa):

  • scalability
    Semuenzaniso, iwe unosarudza kuwedzera imwe data data. Zviri nyore sei kuzviita?
  • nyore kushandisa (managability)
    Zviri nyore uye zvakachengeteka sei shanduko dzekushanda, sekuzivisa grid nyowani kana nzira dzekusefa?
  • kuwanikwa
    Ndeipi muzana yenguva iyo system yako inopa iyo inodiwa nhanho yebasa?
  • security
    Ko data inofambiswa yakachengeteka zvakadii?
  • Π¦Π΅Π½Π°

Shanduko

Nheyo yakakosha padanho rino inogona kuratidzwa nenzira yekuti "usakuvadza."
Nokudaro, kunyange kana iwe usingabvumirani zvachose nekugadzirwa uye kushandiswa kwakasarudzwa (kugadzirisa), haisi nguva dzose inokurudzirwa kuita shanduko. Nzira inonzwisisika ndeyekuyera matambudziko ese akaonekwa zvichienderana nematanho maviri:

  • dambudziko iri rinogona kugadziriswa nyore sei
  • ane ngozi yakawanda sei?

Chokutanga pane zvose, zvakakosha kubvisa izvo zvino zvinoderedza chiyero chebasa rinopiwa pasi pezinga rinogamuchirwa, somuenzaniso, zvinetso zvinotungamirira pakurasikirwa kwepakiti. Wobva wagadzirisa izvo zviri nyore uye zvakachengeteka kugadzirisa mukudzikira kurongeka kwekuoma kwenjodzi (kubva padanho repamusoro-njodzi dhizaini kana nyaya dzekugadzirisa kune dzakaderera-njodzi).

Kuda kuita zvinhu nenzira yakakwana panguva ino kunogona kukuvadza. Hunza iyo dhizaini kune inogutsa mamiriro uye synchronize network kumisikidza zvinoenderana.

Source: www.habr.com

Voeg