Ongorora hukama huri pakati pechikamu chemufananidzo. Tichadzokera kwavari pazasi.
Pane imwe nguva, iwe unogona kuona kuti yakakura, yakaoma L2-based network inorwara zvisingaite. Chekutanga pane zvese, matambudziko ane chekuita nekugadzirisa BUM traffic uye kushanda kweiyo STP protocol. Chechipiri, chivakwa chacho hachiwanzoshanda. Izvi zvinokonzera matambudziko asingafadzi nenzira yekuderera uye kusagadzikana kubata.
Isu takanga tine mapurojekiti maviri akafanana, apo vatengi vakaongorora zvine hungwaru zvese zvakanaka uye zvakaipira zvesarudzo uye vakasarudza maviri akasiyana epamusoro mhinduro, uye isu takaashandisa.
Paiva nemukana wekuenzanisa kushandiswa. Kwete kushandiswa; tinofanira kutaura nezvazvo mumakore maviri kana matatu.
Saka, chii chinonzi network jira rine overlay network uye SDN?
Chii chekuita nematambudziko ekudzvanya eiyo classical network architecture?
Gore rega rega matekinoroji matsva uye mazano anooneka. Mukuita, kudiwa kwekukurumidzira kwekuvakazve network hakuna kumuka kwenguva yakareba, nekuti kuita zvese nemaoko uchishandisa nzira dzakanaka dzechinyakare zvinogoneka zvakare. Saka ko kana iri makumi maviri nerimwe zana? Mushure mezvose, maneja anofanira kushanda, uye kwete kugara muhofisi yake.
Ipapo boom mukuvakwa kwenzvimbo huru dzedata yakatanga. Zvino zvakava pachena kuti muganho wekusimudzira we classical architecture waive wasvikwa, kwete chete maererano nekuita, kushivirira kukanganisa, uye scalability. Uye imwe yesarudzo dzekugadzirisa matambudziko aya yaive pfungwa yekuvaka yakavharika network pamusoro pemusana wakafambiswa.
Mukuwedzera, nekuwedzera kwehukuru hwema network, dambudziko rekugadzirisa mafekitari akadaro rave rakanyanyisa, semugumisiro weiyo software-defined network solutions yakatanga kuoneka nekukwanisa kugadzirisa yese network network seimwe chete. Uye kana network ichitungamirirwa kubva panzvimbo imwe chete, zviri nyore kuti zvimwe zvikamu zveIT zvigadziriswe zvibatane nazvo, uye maitiro ekudyidzana akadaro ari nyore kuita otomatiki.
Anenge ese makuru anogadzira kwete chete network zvishandiso, asiwo virtualization, ine sarudzo dzemhinduro dzakadaro mune yayo portfolio.
Chasara kuona kuti chii chinokodzera zvinodiwa. Semuyenzaniso, kunyanya makambani makuru ane budiriro yakanaka uye timu inoshanda, mhinduro dzakaiswa kubva kune vatengesi hadzigaro kugutsa zvese zvinodiwa, uye vanotendeukira kukugadzira yavo SD (software yakatsanangurwa) mhinduro. Semuenzaniso, ava ndivo vanopa makore vanogara vachiwedzera huwandu hwemasevhisi anopihwa kune vatengi vavo, uye mhinduro dzakaputirwa hadzingokwanise kuenderana nezvavanoda.
Kune makambani epakati-kati, kushanda kunopiwa nemutengesi nenzira yebhokisi rekugadzirisa zvakakwana mu99 muzana yematambudziko.
Chii chinonzi overlay network?
Ndeipi pfungwa yekuseri kwe overlay network? Chaizvoizvo, iwe unotora yakasarudzika network network uye kuvaka imwe network pamusoro payo kuti uwane mamwe maficha. Kazhinji, tiri kutaura nezve kugovera zvinobudirira mutoro pamidziyo uye mitsara yekutaurirana, zvakanyanya kuwedzera scalability muganho, kuwedzera kuvimbika uye boka rekuchengetedza goodies (nekuda kwechikamu). Uye SDN mhinduro, mukuwedzera kune izvi, inopa mukana weiyo, yakanyanya, yakapusa inochinjika manejimendi uye inoita kuti network ive pachena kune vatengi vayo.
Kazhinji, dai mambure emunharaunda akagadzirwa mu2010s, angadai akataridzika zvakasiyana nezvatakagara nhaka kubva kumauto kuma1970.
Panyaya yetekinoroji yekuvaka machira uchishandisa overlay network, kune parizvino akawanda ekuita kwevatengesi uye Internet RFC mapurojekiti (EVPN+VXLAN, EVPN+MPLS, EVPN+MPLSoGRE, EVPN+Geneve nevamwe). Hongu, kune zviyero, asi kushandiswa kwezviyero izvi nevagadziri vakasiyana kunogona kusiyana, saka kana uchigadzira mafekitari akadaro, zvichiri kukwanisika kusiya zvachose kukiya kwemutengesi chete mudzidziso pamapepa.
Nemhinduro yeSD, zvinhu zvakatonyanya kuvhiringa; mutengesi wega wega ane muono wake. Kune mhinduro dzakazaruka dzakazaruka dzekuti, mune dzidziso, unogona kuzvizadzisa iwe, uye kune dzakavharwa zvachose.
Cisco inopa vhezheni yayo yeSDN yenzvimbo dzedata - ACI. Sezvingatarisirwa, iyi ndeye 100% yakakiyiwa mhinduro maererano nekusarudza network network, asi panguva imwechete iyo yakanyatsobatanidzwa ne virtualization system, containerization, chengetedzo, orchestration, mitoro mitoro, etc. Asi muchidimbu, ichiri a rudzi rwebhokisi dema, pasina mukana wekuwana zvizere kune ese emukati maitiro. Havasi vese vatengi vanobvumirana nesarudzo iyi, sezvo iwe uchinyatsovimba nemhando yekodhi yakanyorwa mhinduro uye kuitiswa kwayo, asi kune rimwe divi, mugadziri ane imwe yeakanakisa tekinoroji rutsigiro munyika uye ane timu yakazvipira yakatsaurirwa chete. kune mhinduro iyi. Cisco ACI yakasarudzwa semhinduro yepurojekiti yekutanga.
Pachirongwa chechipiri, mhinduro yeJuniper yakasarudzwa. Iyo inogadzira zvakare ine yayo SDN yedata data, asi mutengi akasarudza kusaita SDN. Iyo EVPN VXLAN jira pasina kushandiswa kwepakati controller rakasarudzwa setineti yekuvaka tekinoroji.
Ndechei
Kugadzira fekitori inokubvumira kuti uvake nyore scalable, kukanganisa-kushivirira, yakavimbika network. Iyo dhizaini (leaf-spine) inofunga nezvehunhu hwe data data (nzira dzemigwagwa, kuderedza kunonoka uye mabhodhoro mumambure). Mhinduro dzeSD munzvimbo dze data dzinokutendera kuti ugone kubata fekitori yakadaro zviri nyore, nekukurumidza uye nekuchinjika uye nekuibatanidza mu data center ecosystem.
Vatengi vese vari vaviri vaifanira kuvaka nzvimbo dzedhata dzakawandisa kuti vave nechokwadi chekushivirira, uye nekuwedzera, traffic pakati penzvimbo dzedata yaifanira kuvharirwa.
Mutengi wekutanga aive atofunga nezvemachira asina mhinduro senge inogoneka chiyero kunetiweki yavo, asi mukuyedzwa vaive nematambudziko nekuenderana kweSTP pakati pevakawanda vatengesi vehardware. Paiva nenguva dzakadzika dzakakonzera kuti masevhisi aparadze. Uye kune mutengi izvi zvaive zvakakosha.
Cisco yanga yatove mutengi wecorporate standard, vakatarisa ACI nedzimwe sarudzo uye vakafunga kuti zvaive zvakakodzera kutora mhinduro iyi. Ini ndaifarira iyo otomatiki yekutonga kubva kune imwe bhatani kuburikidza neayo controller. Masevhisi anogadziriswa nekukurumidza uye anotungamirirwa nekukurumidza. Isu takasarudza kuve nechokwadi chekuvhara traffic nekumhanyisa MACSec pakati peIPN uye SPINE switch. Nekudaro, isu takakwanisa kudzivirira iyo bhodhoro muchimiro che crypto gedhi, chengetedza pavari uye shandisa iyo yakanyanya bandwidth.
Wechipiri mutengi akasarudza a controllerless solution kubva kuJuniper nekuti yavo iripo data centre yaitove nediki yekuisa kuita EVPN VXLAN jira. Asi ipapo yakanga isiri kukanganisa-kushivirira (imwe switch yakashandiswa). Isu takasarudza kuwedzera zvivakwa zveiyo main data data uye kuvaka fekitori munzvimbo yekuchengetedza data. Iyo EVPN yaivepo haina kushandiswa zvizere: VXLAN encapsulation haina kunyatso shandiswa, sezvo mauto ese aive akabatana kune imwe switch, uye ese MAC kero uye / 32 host kero dzaive dzenzvimbo, gedhi ravo raive switch imwechete, pakanga pasina mimwe michina. , kwazvaidiwa kuvaka VXLAN tunnels. Vakasarudza kuve nechokwadi chekuvhara traffic vachishandisa IPSEC tekinoroji pakati pemafirewall (kuita kwefirewall kwaive kwakakwana).
Vakaedzawo ACI, asi vakafunga kuti nekuda kwechivharo chemutengesi, vaizofanira kutenga hardware yakawandisa, kusanganisira kutsiva midziyo mitsva yakatengwa, uye hazvina kuita hupfumi. Hongu, jira reCisco rinobatanidza nezvose, asi zvigadziri zvayo chete zvinogoneka mukati memucheka pachayo.
Kune rimwe divi, sezvatakambotaura, haugone kungosanganisa jira reEVPN VXLAN nechero mutengesi wepedyo, nekuti maitirwo eprotocol akasiyana. Zvakafanana nekuyambuka Cisco neHuawei mune imwe network - zvinoita sekunge zviyero zvakajairika, asi iwe unofanirwa kutamba netamborini. Sezvo iri bhangi, uye bvunzo dzekuenderana dzinogona kunge dzakareba, takaona kuti zvaive nani kutenga kubva kumutengesi mumwechete izvozvi, uye kwete kutakurwa zvakanyanya nekushanda kupfuura izvo zvakakosha.
Chirongwa chekutama
Nzvimbo mbiri dze ACI-yakavakirwa data:
Sangano rekudyidzana pakati pe data data. Iyo Multi-Pod mhinduro yakasarudzwa - yega yega data centre ipodhi. Zvinodiwa pakuyera nehuwandu hwekuchinja uye kunonoka pakati pemapods (RTT isingasviki 50 ms) inotariswa. Zvakasarudzwa kusavaka Multi-Site mhinduro yekurerutsira manejimendi (Multi-Pod mhinduro inoshandisa imwechete manejimendi interface, Multi-Site yaizove nenzvimbo mbiri, kana yaizoda Multi-Site Orchestrator), uye sezvo pasina geographical. kuchengetedzwa kwenzvimbo kwaidiwa.
Kubva pakuona kwekutama masevhisi kubva kuLegacy network, sarudzo yakajeka yakasarudzwa, zvishoma nezvishoma kuendesa maVLAN anoenderana nemamwe masevhisi.
Kutama, EPG inoenderana (End-point-group) yakagadzirwa kune yega yega VLAN pafekitori. Kutanga, mambure akatambanudzwa pakati pemambure ekare uye jira pamusoro peL2, zvino mushure mokunge mauto ose akatamiswa, gedhi rakatamirwa kune jira, uye EPG yakapindirana nemambure aripo kuburikidza neL3OUT, apo kuwirirana pakati peL3OUT neEPG. yakatsanangurwa pachishandiswa zvibvumirano. Yakaenzana diagiramu:
Sample chimiro cheakawanda ACI fekitori marongero inoratidzwa mumufananidzo uri pazasi. Iyo yese setup yakavakirwa pane marongero akaiswa mukati memamwe marongero uye zvichingodaro. Pakutanga zvakaoma kuzvinzwisisa, asi zvishoma nezvishoma, sezvinoratidzwa nemaitiro, vatariri vetiweki vanojaira chimiro ichi mukati memwedzi, uye vanotanga kunzwisisa kuti zviri nyore sei.
Kuenzanisa
MuCisco ACI solution, unofanira kutenga mimwe midziyo (yakaparadzana switch yeInter-Pod interaction uye APIC controllers), iyo inoita kuti iwedzere kudhura. Mhinduro yejuniper yaisada kutengwa kwevatongi kana zvishongedzo; Zvaikwanisika kushandisa zvishoma zvigadzirwa zvemutengi zviripo.
Heino EVPN VXLAN machira ekuvaka enzvimbo mbiri dzedata yepurojekiti yechipiri:
NeACI iwe unowana yakagadzirira-yakagadzirwa mhinduro - hapana chikonzero chekufunganya, hapana chikonzero chekugadzirisa. Munguva yekuzivana kwekutanga kwemutengi nefekitari, hapana vagadziri vanodiwa, hapana vanhu vanotsigira vanodiwa kune kodhi uye otomatiki. Zviri nyore kushandisa; akawanda marongero anogona kuitwa kuburikidza ne wizard, iyo isiri nguva dzose yekuwedzera, kunyanya kune vanhu vakajaira mutsara wekuraira. Chero zvazvingaitika, zvinotora nguva kuvakazve huropi pamateki matsva, kune chaiyo yezvirongwa kuburikidza nematongerwo uye kushanda nemazhinji akaiswa marongero. Pamusoro peizvi, zvinonyanya kudiwa kuve nechimiro chakajeka chekutumidza marongero uye zvinhu. Kana chero dambudziko rikamuka mune logic yemutongi, rinogona kugadziriswa chete kuburikidza nerutsigiro rwehunyanzvi.
MuEVPN - console. Kutambura kana kufara. Iyo yakajairika interface kune yekare gadhi. Ehe, kune yakajairwa gadziriso uye madhairekitori. Unotozosvira man'a. Magadzirirwo akasiyana, zvese zviri pachena uye zvakadzama.
Nomuzvarirwo, muzviitiko zvese izvi, kana uchitama, zviri nani kutanga watama kwete iwo anonyanya kukosha masevhisi, semuenzaniso, bvunzo nharaunda, uye ipapo chete, mushure mekubata mabhugi ese, enda kukugadzira. Uye usateerere neChishanu manheru. Iwe haufanirwe kuvimba nemutengesi kuti zvese zvichanaka, zviri nani kuitamba zvakachengeteka.
Iwe unobhadhara zvakanyanya kune ACI, kunyangwe Cisco parizvino iri kusimudzira mhinduro iyi uye inowanzopa yakanaka discounts pairi, asi iwe unochengetedza pakugadzirisa. Kutungamira uye chero otomatiki yeEVPN fekitori isina mutongi inoda kudyara uye mutengo wenguva dzose - kutarisa, otomatiki, kuita masevhisi matsva. Panguva imwecheteyo, kutanga kwekutanga kuACI kunotora 30-40 muzana kureba. Izvi zvinoitika nekuti zvinotora nguva yakareba kugadzira seti yese yemaprofile anodiwa uye marongero anozoshandiswa. Asi sezvo network inokura, nhamba yezvirongwa zvinodiwa inodzikira. Iwe unoshandisa pre-yakagadzirwa marongero, profiles, zvinhu. Iwe unogona kuchinjika kugadzirisa segment uye chengetedzo, nepakati kutonga zvibvumirano zvine basa rekubvumidza kumwe kupindirana pakati peEPGs - huwandu hwebasa hunodonha zvakanyanya.
MuEVPN, unofanirwa kugadzirisa mudziyo wega wega mufekitori, mukana wekukanganisa wakakura.
Nepo ACI yainonoka kuita, EVPN yakatora kanenge kaviri kureba kuti igadzirise. Kana iri nyaya yeCisco iwe unogona kugara uchidaidza injiniya yekutsigira uye kubvunza nezve network seyakazara (nokuti yakafukidzwa semhinduro), zvino kubva kuJuniper Networks unotenga hardware chete, uye ndizvo zvakavharwa. Mapasuru asiya mudziyo here? Zvakanaka, ok, ipapo matambudziko ako. Asi iwe unogona kuvhura mubvunzo nezve sarudzo yekugadzirisa kana network dhizaini - uye ipapo ivo vanokupa zano rekutenga basa rehunyanzvi, kune imwe mari yekuwedzera.
Tsigiro yeACI inotonhorera kwazvo, nekuti yakaparadzana: timu yakaparadzana inogara nekuda kweizvi. Kunewo nyanzvi dzinotaura chiRussian. Nhungamiro yakadzama, mhinduro dzakafanotemerwa. Vanotarisa uye vanopa zano. Vanokurumidza kusimbisa dhizaini, iyo inowanzokosha. Juniper Networks inoita chinhu chimwe chete, asi zvishoma nezvishoma (taive neizvi, zvino zvinofanirwa kunge zviri nani maererano nerunyerekupe), izvo zvinokumanikidza kuti uite zvese wega uko mugadziri wemhinduro anogona kupa zano.
Cisco ACI inotsigira kubatanidzwa ne virtualization uye containerization masisitimu (VMware, Kubernetes, Hyper-V) uye nechepakati manejimendi. Inowanikwa netiweki uye masevhisi ekuchengetedza - kuenzanisa, firewalls, WAF, IPS, nezvimwewo ... Zvakanaka micro-segmentation kunze kwebhokisi. Mumhinduro yechipiri, kubatanidzwa netiweki masevhisi imhepo, uye zviri nani kukurukura maforamu pamberi neavo vakaita izvi.
Mugumisiro
Panyaya yega yega, zvinodikanwa kuti usarudze mhinduro, kwete chete zvichienderana nemutengo wemidziyo, asi zvinodikanwa zvakare kufunga nezvekuwedzera mari yekushandisa uye matambudziko makuru ayo mutengi ari kutarisana nawo iye zvino, uye ndezvipi zvirongwa ipapo. ndeyekuvandudza kweiyo IT infrastructure.
ACI, nekuda kwekuwedzera midziyo, yaidhura zvakanyanya, asi mhinduro yakagadzirira-yakagadzirwa pasina kudikanwa kwekuwedzera kupedzisa; mhinduro yechipiri yakanyanya kuoma uye inodhura maererano nekushanda, asi yakachipa.
Kana iwe uchida kukurukura kuti ingaite marii kuita jira retiweki pane vatengesi vakasiyana, uye rudzii rwekuvaka runodiwa, unogona kusangana uye kutaura. Isu tinokupa zano mahara kudzamara wawana yakaomesesa sketch yezvivakwa (yaunokwanisa kuverenga nayo mabhajeti), kutsanangurwa kwakadzama, hongu, kwatobhadharwa.
Vladimir Klepche, makambani network.
Source: www.habr.com