Zvitsva zveIT zvivakwa zveRussia Post data center

Ndine chokwadi chekuti vese vaverengi veHabr vakamboodha zvinhu kubva kuzvitoro zvepamhepo kunze kwenyika vobva vaenda kunogamuchira mapasuru kuhofisi yePost yeRussia. Unogona here kufungidzira chiyero chebasa iri, kubva pakuona kwekuronga zvinhu? Wedzerai nhamba yevatengi nenhamba yekutenga kwavo, fungidzira mepu yenyika yedu yakakura, uye pairi pane anopfuura zviuru makumi mana emahofisi epositi ... Nenzira, muna 40, Russian Post yakagadziriswa 2018 mamiriyoni epasi rose mapasuru.

Muchikamu chino tichakuudza kuti inyaya dzipi dzakatarisana naPochta uye kuti LANIT Integration timu yakazvigadzirisa sei, ichigadzira hurongwa hutsva hweIT hwenzvimbo dzedata.

Imwe yemazuva ano logistics nzvimbo dzeRussia Post
 

Pamberi pechirongwa

Nekuda kwekuwedzera kwakanyanya kwehuwandu hwepasuru kubva kuzvitoro zvekune dzimwe nyika muChina, Western Europe neNorth America, mutoro pazvivakwa zvekutakura zveRussia Post wakawedzera. Naizvozvo, nzvimbo dzechizvarwa chitsva dzekutakura zvinhu dzakavakwa, dzinoshandisa michina yemhando yepamusoro. Vanoda rubatsiro kubva kune computing infrastructure.

Iyo data center zvivakwa zvaive zvechinyakare uye hazvina kupa mashandiro anodiwa uye kuvimbika mukushanda kwemabhizinesi eruzivo masisitimu. Zvakare, Russian Post yakaona kushomeka kwesimba rekombuta kuvhura masevhisi matsva.
 

Customer data centers uye matambudziko avo

Russian Post data nzvimbo dzinoshanda zvinopfuura 40 zvivakwa uye 000 nharaunda madhipatimendi. Nzvimbo dzedata dzinoshandisa akawanda e85/XNUMX bhizinesi masevhisi, kusanganisira e-commerce masevhisi.

Nhasi, mabhizinesi anoshandisa masisitimu ekuchengetedza, kuongorora uye kugadzirisa data hombe. Kune masisitimu akadaro, kushandiswa kwehungwaru hwekugadzira uye muchina kudzidza algorithms kunoita basa rakakosha. Nhasi, imwe yemakesi akanyanya kukosha kune bhizinesi kusimudzira manejimendi ekuyerera kwelogistics uye nekumhanyisa basa revatengi mumapositi mahofisi.

Pamberi pekutanga kwepurojekiti yemazuva ano, pakanga paine anenge zviuru zvitatu zvemichina munzvimbo huru uye yekuchengetedza data data, huwandu hweruzivo rwakachengetwa rwakapfuura 3000 petabytes. Nzvimbo dze data dzaive neyakaomesesa traffic routing chimiro chakabatana nekukamura muzvikamu zvakasiyana zvinoenderana nemazinga ekuchengetedza.

Nekuvandudzwa kwezvikumbiro uye nekuunzwa kwemasevhisi matsva, iyo iripo bandwidth yetiweki michina mu data data yave isina kukwana. Shanduko kuenda kune inopindirana nekumhanya kutsva kwaidiwa: 10 Gbit/s, pachinzvimbo che1 Gbit/s pakuwana uye 40 Gbit/s padanho repakati, nekuzara kwakazara kwemidziyo uye nzira dzekutaurirana.

Dhipatimendi rekuchengetedza ruzivo rakagamuchira chinodiwa chekugovera zvivakwa muzvikamu zvine yakakwira ruzivo rwekuchengetedza traffic uye manyorerwo (PN - Private Network uye DMZ - Demilitarized Zone). Traffic yakapfuura nepamafirewall (FWUs) yaisada kusefa. VRF pama switch haina kushandiswa kune iyi traffic. Mitemo pa firewall yaive suboptimal (makumi ezviuru emitemo munzvimbo yega yega data).

Kutama kusina musono kwemashini chaiwo (VMs) pakati penzvimbo dzedata uchichengetedza IP kero uye nzira yakakwana yetraffic pakati pezvikamu, kusanganisira iyo corporate data network (CDN), zvaisaita.

MSTP yakashandiswa kuchengetedza; mamwe madoko akavharwa (inopisa yekumira). Iyo yakakosha uye yekuwana switch haina kusanganiswa kuita failover cluster, uye interface aggregation (LAG) haina kushandiswa.

Nekuuya kwenzvimbo yechitatu yedata, chivakwa chitsva uye chigadziriso chemidziyo chaidiwa kuti ushandise mhete pakati penzvimbo dze data (EVPN yakarongwa).

Pakanga pasina pfungwa yakabatana yekuvandudza nzvimbo dze data, yakanyorwa muchimiro chepurojekiti uye yakabvumiranwa nemadhipatimendi ese emutengi. Mapepa ekushanda etiweki aripo akange asina kukwana uye ekare.
 

Zvinotarisirwa nevatengi

Chikwata cheprojekiti chakatarisana nemabasa anotevera:

• gadzirira iyo yekuvaka uye yekuvandudza pfungwa yekuvaka network uye server zvivakwa zveyechitatu data data;
• ita ongororo yekushanda yetiweki iripo yemutengi;
• wedzera netiweki musimboti kugona nevanopfuura 1500 10/40 Gbps Ethernet ports munzvimbo yega yega data (4500 zviteshi zvakazara);
• chengetedza kushanda kwemhete pakati pematatu data data nekukwanisa kuwedzera kukurumidza kusvika ku80 Gbit / s muchikamu chega chega kuitira kuti abatanidze zviwanikwa zvekombuta yemutengi kubva kunzvimbo dzakasiyana dze data kuita imwechete IT system;
• ipa 100% yakapetwa kaviri chengetedzo yezvese network zvinhu kuti uwane iyo yakanangwa Uptime padanho re99,995%;
• kuderedza kunonoka kwetraffic pakati pemakina chaiwo kuti akurumidze kuita zvebhizinesi;
• unganidza zviverengero, ongorora uye ita zvinotevera optimization yemitemo yekusefa mumigwagwa yedata (pakutanga paive nemitemo inosvika zviuru makumi masere);
• gadzira dhizaini yekuvaka kuti ive nechokwadi chekutama kusingachinjiki kwemutengi akakosha bhizinesi maapplication kune chero yeatatu data data.

Saka taiva nechimwe chinhu chokugadzirisa.

Zvigadzirwa

Ngatitarisei zvakanyanya kuti ndezvipi midziyo yatakashandisa muchirongwa.

Firewall (NGWF) USG9560:

• kupatsanurwa neVSYS;
• kusvika 720 Gbps;
• kusvika ku720 mamiriyoni panguva imwe chete;
• 8 slots.

 
Router NE40E-X8:

• kusvika ku7,08 Tbit / s Kuchinja Kugona;
• kusvika ku2,880 Mpps Forwarding Performance;
• 8 slots yemakadhi emutsara (LPU);
• kusvika ku10M BGP IPv4 nzira paMPU;
• kusvika ku1500K OSPF IPv4 nzira paMPU;
• kusvika ku3000K - IPv4 FIB (zvichienderana neLPU).

CE12800 Series Switch:

• Device Virtualization: VS (1: 16 virtualization), Cluster Switch System (CSS), Super Virtual Fabric (SVF);
• Network Virtualization: M-LAG, TRILL, VXLAN uye VXLAN bridging, QinQ muVXLAN, EVN (Ethernet Virtual Network);
• kutanga kubva kuVRP V2, EVPN tsigiro inosanganisirwa;
• M-LAG - analogue yevPC (virtual Port Channel) yeCisco Nexus;
• Virtual Spanning Tree Protocol (VSTP) - Inoenderana neCisco PVST.

CE12804

CE12808

Software

Muchirongwa chatakashandisa:

• Shandura yemafirewall gadziriso mafaera kubva kune vamwe vatengesi kuita yekuraira fomati yemidziyo mitsva;
• proprietary zvinyorwa zvekugadzirisa uye kushandura firewall zvigadziriso.

Kuonekwa kwechishanduri chekushandura mafaira ekugadzirisa
 
Scheme yekuronga kutaurirana pakati penzvimbo dzedata (EVPN VXLAN)
 

Nuances yekumisikidza michina

CE12808
 

• EVPN (yakajairwa) pachinzvimbo cheEVN (Huawei proprietary) yekutaurirana pakati penzvimbo dzedata:

  ○ L2 pamusoro peL3 uchishandisa iBGP mundege yeKudzora;
  ○ MAC kudzidziswa uye kushambadzira kwavo kuburikidza neBGP EVPN mhuri (MAC nzira, mhando 2);
  ○ otomatiki kuvaka kweVXLAN tunnels yekutepfenyura / isingazivikanwe unicast traffic (Inosanganisira Multicast Nzira, mhando 3).

• Maviri ekupatsanura modhi paVS:

  ○ zvichibva pazviteshi (port-mode port) kana zvichibva paASIC (port-mode group, ratidza mudziyo port-mepu);
  ○ port split dimension interface 40GE inoshanda CHETE muAdmin VS (zvisinei nechiteshi-modhi).

USG9560
 

• mukana wekuparadzaniswa neVSYS,
• Dynamic routing uye nzira inodonha haigoneke pakati peVSYS!

CE12804
 
Yese Active GW (VRRP Master/Master/Master) ine MAC VRRP kusefa pakati penzvimbo dzedata
 
acl number 4000
  rule 5 deny source-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 10 deny destination-mac 0000-5e00-0100 ffff-ffff-ff00
  rule 15 permit
 
interface Eth-Trunk1
  traffic-filter acl 4000 outbound

Scheme yekudyidzana kwezviwanikwa pakati penzvimbo dzedata (VXLAN EVPN uye Yese Active GW)
 

Matambudziko eprojekiti

Chinetso chikuru kwaive kudiwa kwekutsigira maapplication aripo uchishandisa komputa zvivakwa. Mutengi wacho aiva nemafomu anopfuura zana akasiyana, mamwe acho akanyorwa anenge makore gumi apfuura. Semuenzaniso, kana yeYandex iwe unogona nyore kudzima mazana akawanda emagetsi emagetsi pasina kukuvadza kumagumo evashandisi, saka muRussia Post nzira yakadaro inoda kuvandudzwa kwehuwandu hwemashandisirwo kubva pakutanga uye shanduko mumagadzirirwo emabhizinesi eruzivo masisitimu. Isu takagadzirisa matambudziko akamuka panguva yekutama uye optimization process padanho rekuongororwa pamwe kweiyo computing infrastructure. Ese tekinoroji matekinoroji matsva kune bhizinesi (senge EVPN) akaedzwa kwekutanga murabhoritari.
 

Mapurojekiti abuda

Chikwata cheprojekiti chaisanganisira nyanzvi "LANIT-Kubatanidzwa", mutengi uye vanobatana navo mukushanda kwekombuta zvigadzirwa. Zvikwata zvakatsaurirwa zvekutsigira kubva kune vatengesi (Check Point uye Huawei) zvakaumbwawo. Basa racho rakatora makore maviri. Izvi ndizvo zvakaitwa panguva iyi.

• Zano rekuvandudza network yenzvimbo dzedata, Corporate Data Network (CDTN) uye mhete pakati penzvimbo dzedata yakagadziriswa uye yakabvumiranwa nemadhipatimendi ese evatengi.
• Kuwanikwa kwesevhisi kwawedzera. Izvi zvakacherechedzwa nebhizinesi remutengi uye zvakakonzera kuwedzera kwakanyanya kwetraffic nekuda kwekuunzwa kwemasevhisi matsva.
• Mitemo inopfuura 40 yakatamiswa uye yakagadziridzwa kubva kuFWSM/ASA kuenda kuUSG 000. Mamiriro akasiyana eASA paUGG 9560 akasanganiswa kuita imwe chengetedzo-mitemo.
• Kubuda kwe data center ports kwakawedzerwa kubva ku1G kusvika ku10/40G kuburikidza nekushandiswa kweCE12800/CE6850. Izvi zvakaita kuti zvibvire kubvisa interface yakawandisa uye kurasikirwa kwemapaketi.
• Carrier-giredhi marouters NE40E-X8 akavhara zvizere zvinodiwa zvemutengi data center uye data data centre, tichifunga nezveramangwana bhizinesi rekusimudzira.
• Zvikumbiro zvitsva zvisere zvakakumbirwa kuUSG 9560. Pakati peizvi, zvinomwe zvakatoitwa uye zvakabatanidzwa mune shanduro yezvino yeVRP. 1 FR - yekushandisa muHuawei R&D. Iri isere-chassis cluster ine kugona kugadzirisa iyo inodiwa mashandiro ekugadzirisa kuwiriranisa pasina seshi kuwiriranisa. Izvo zvinodikanwa kana kunonoka kwetraffic kune imwe yedata data yakanyanya kwazvo (Adler - Moscow 1300 km munzira huru uye 2800 km munzira yekuchengetedza).

Iyo purojekiti haina analogues ichienzaniswa nemamwe makambani eposvo eRussia.

Kuvandudzwa kweiyo network network yenzvimbo dzedata kwakavhura mikana mitsva yebhizinesi kuvandudza masevhisi edhijitari.

• Kupa yako account account uye mobile application kune vanhu uye masangano epamutemo.
• Kubatanidzwa nezvitoro zvemagetsi kupa mabasa ekutumira zvinhu.
• Kuzadzika - kuchengetwa kwezvinhu, kuumbwa uye kuendeswa kwemirairo kubva kuzvitoro zvemagetsi.
• Kuwedzera maodha ekutora mapoinzi, kusanganisira kushandisa affiliate network.
• Gwaro rinokosha zviri pamutemo rinoyerera nemamwe mapato. Izvi zvichabvisa kunonoka uye kunodhura kutumira mapepa mapepa.
• Kugamuchirwa kwemavara akanyoreswa mufomu yemagetsi nekutumira zvese zvemagetsi uye nepepa fomu (nekudhindwa kwezvinhu zviri padyo sezvinobvira kune wekupedzisira anogamuchira). Sevhisi yemagetsi akanyoreswa mavara pane yeruzhinji masevhisi portal.
• Platform yekupa telemedicine masevhisi.
• Kugamuchira kwakareruka uye kunyoreswa kutumira tsamba dzakanyoreswa uchishandisa nyore siginecha yemagetsi.
• Digitalization yepositi hofisi network.
• Kugadziridzwazve kwega-sevhisi masevhisi (terminals uye parcel terminals).
• Kugadzirwa kwepuratifomu yedhijitari yekutonga iyo courier sevhisi uye nyowani nharembozha yevatengi sevhisi vatengi.

Huya ushande nesu!

• Corporate Infrastructure Injiniya
• Tungamira Linux/DevOps Engineer

Source: www.habr.com