ProHoster > Blog > Utongi > Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Kubva Nyamavhuvhu 2017, Cisco payakawana Viptela, tekinoroji huru yakapihwa kuronga mabhizinesi akagoverwa network yave. Cisco SD-WAN. Kwemakore matatu apfuura, tekinoroji yeSD-WAN yakapfuura nemushanduko dzakawanda, zvese zvemhando uye huwandu. Nekudaro, mashandiro acho akawedzera zvakanyanya uye rutsigiro rwakaonekwa pane classic ma routers eiyo nhevedzano Cisco ISR 1000, ISR 4000, ASR 1000 uye Virtual CSR 1000v. Panguva imwecheteyo, vazhinji vatengi veCisco uye vanobatana vanoramba vachishamisika: ndeupi musiyano uripo pakati peCisco SD-WAN uye nzira dzakatojairika dzakabva pamatekinoroji akadai Cisco DMVPN ΠΈ Cisco Performance Routing uye misiyano iyi yakakosha sei?

Pano isu tinofanira kukurumidza kuita chengetedzo kuti isati yasvika SD-WAN muCisco portfolio, DMVPN pamwe nePfR vakaumba chikamu chakakosha mukuvaka. Cisco IWAN (Yakangwara WAN), iyo zvakare yaive yakatangira ye-yakazara-yakazara SD-WAN tekinoroji. Pasinei nekufanana kwezvose zviri kuitwa mabasa ari kugadziriswa uye nzira dzekuagadzirisa, IWAN haina kumbobvira yawana mwero we automation, kuchinjika uye scalability inodiwa kune SD-WAN, uye nekufamba kwenguva, kusimudzira kweIWAN kwakadzikira zvakanyanya. Panguva imwecheteyo, matekinoroji anoumba IWAN haasati aenda, uye vatengi vazhinji vanoramba vachiashandisa zvinobudirira, kusanganisira pamidziyo yemazuva ano. Nekuda kweizvozvo, mamiriro anonakidza amuka - iyo yakafanana Cisco midziyo inokutendera iwe kuti usarudze yakanyatsokodzera WAN tekinoroji (yekirasi, DMVPN+PfR kana SD-WAN) zvinoenderana nezvinodiwa uye zvinotarisirwa nevatengi.

Chinyorwa ichi hachina chinangwa chekuongorora zvakadzama ese maficha eCisco SD-WAN uye DMVPN matekinoroji (ane kana asina Performance Routing) - kune huwandu hukuru hwemagwaro aripo uye zvinhu zveizvi. Basa guru nderekuedza kuongorora misiyano yakakosha pakati peiyi tekinoroji. Asi tisati taenderera mberi nekukurukura kusiyana uku, ngatirangarirei muchidimbu michina pachayo.

Chii chinonzi Cisco DMVPN uye nei ichidikanwa?

Cisco DMVPN inogadzirisa dambudziko resimba (= scalable) yekubatanidza yebazi iri kure kunetiweki yehofisi yepakati yebhizinesi kana uchishandisa mhando dzekupokana dzenzira dzekutaurirana, kusanganisira iyo Internet (= ine encryption yenzira yekutaurirana). Nehunyanzvi, izvi zvinoonekwa nekugadzira yakavharika network yeL3 VPN kirasi mune point-to-multipoint mode ine inonzwisisika topology ye "Star" mhando (Hub-n-Spoke). Kuti uite izvi, DMVPN inoshandisa musanganiswa weanotevera matekinoroji:

  • IP nzira
  • Multipoint GRE tunnels (mGRE)
  • Inotevera Hop Resolution Protocol (NHRP)
  • IPSec Crypto profiles

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Ndeapi mabhenefiti makuru eCisco DMVPN achienzaniswa neyekare routing uchishandisa MPLS VPN chiteshi?

  • Kugadzira iyo interbranch network, zvinokwanisika kushandisa chero nzira dzekutaurirana - chero chinhu chinogona kupa IP kubatana pakati pematavi kwakakodzera, nepo traffic ichave yakavharidzirwa (pazvinenge zvichidikanwa) uye yakaenzana (pazvinogoneka)
  • Iyo topology yakanyatsobatanidzwa pakati pemapazi inogadzirwa otomatiki. Panguva imwecheteyo, kune static tunnels pakati pepakati uye kure matavi, uye ane simba tunnel painoda pakati pematavi ari kure (kana paine traffic)
  • Iwo ma routers ebazi repakati uye ari kure ane dhizaini yakafanana kusvika kune IP kero dzeiyo interfaces. Nekushandisa mGRE, hapana chikonzero chekugadzirisa wega makumi, mazana, kana kunyange zviuru zvematanho. Nekuda kweizvozvo, yakanaka scalability ine dhizaini chaiyo.

Chii chinonzi Cisco Performance Routing uye nei ichidikanwa?

Paunenge uchishandisa DMVPN pane interbranch network, mumwe mubvunzo wakanyanya kukosha unoramba usina kugadziriswa - maitiro ekuongorora zvine simba mamiriro eimwe neimwe yeDMVPN migero yekutevedzera zvinodiwa netraffic yakakosha kusangano redu uye, zvakare, zvichibva pakuongorora kwakadaro, zvine simba kuita. chisarudzo chekugadzirisa nzira? Icho chokwadi ndechekuti DMVPN muchikamu ichi inosiyana zvishoma kubva kune yekirasi routing - chakanakisa chingaitwe kugadzirisa maQoS maitiro anozobvumidza iwe kukoshesa traffic munzira inobuda, asi hapana nzira yekufunga nezve mamiriro nzira yose panguva imwe kana imwe.

Uye chii chaunofanira kuita kana chiteshi ichidzikisira zvishoma uye kwete zvachose - maitiro ekuona uye kuongorora izvi? DMVPN pachayo haigone kuita izvi. Tichifunga kuti nzira dzinobatanidza matavi dzinogona kupfuura nepakati dzakasiyana zvachose telecom opareta, vachishandisa akasiyana tekinoroji, basa iri rinova risiri-diki zvakanyanya. Uye apa ndipo apo Cisco Performance Routing tekinoroji inouya kuzonunura, iyo panguva iyoyo yakanga yatopfuura nematanho akati wandei ebudiriro.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Basa reCisco Performance Routing (pano PfR) rinouya pasi pakuyera mamiriro emakwara (tunnel) etraffic zvichienderana nemakiyi metrics akakosha kune network application - latency, latency variation (jitter) uye kurasikirwa kwepakeji (muzana). Uyezve, iyo inoshandiswa bandwidth inogona kuyerwa. Zviyero izvi zvinoitika padhuze nenguva chaiyo sezvinobvira uye zvine musoro, uye mhedzisiro yezviyero izvi inobvumira router inoshandisa PfR kuita sarudzo zvine simba pamusoro pekudikanwa kwekuchinja nzira yeiyi kana iyo mhando yetraffic.

Saka, basa remubatanidzwa weDMVPN/PfR rinogona kutsanangurwa muchidimbu seizvi:

  • Bvumira mutengi kushandisa chero nzira dzekutaurirana paWAN network
  • Ita shuwa yemhando yepamusoro inogoneka yeakakosha maapplication pane aya chiteshi

Chii chinonzi Cisco SD-WAN?

Cisco SD-WAN tekinoroji inoshandisa iyo SDN maitiro kugadzira nekushandisa sangano reWAN network. Izvi zvinonyanya kureva kushandiswa kweanonzi ma controllers (software elements), izvo zvinopa centralized orchestration uye otomatiki gadziriso yezvose zvinogadzirisa zvikamu. Kusiyana necanonical SDN (Yakachena Slate maitiro), Cisco SD-WAN inoshandisa akati wandei marudzi evatongi, imwe neimwe inoita basa rayo - izvi zvakaitwa nemaune kuitira kupa zvirinani scalability uye geo-redundancy.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Panyaya yeSD-WAN, basa rekushandisa chero mhando dzematanho uye kuona kushanda kwebhizinesi zvikumbiro zvinoramba zvakangofanana, asi panguva imwe chete, izvo zvinodiwa zve automation, scalability, chengetedzo uye kuchinjika kweiyo network inowedzera.

Hurukuro yekusiyana

Kana isu tikatanga ikozvino kuongorora mutsauko uripo pakati peiyi tekinoroji, inowira mune imwe yeanotevera mapoka:

  • Misiyano yeArchitectural - mabasa anogovaniswa sei muzvikamu zvakasiyana zvemhinduro, kupindirana kwezvikamu zvakadaro kwakarongwa sei, uye izvi zvinokanganisa sei kugona uye kushanduka kwehunyanzvi?
  • Kushanda - chii chinogona kuita imwe tekinoroji iyo isingagone? Uye zvakakosha here zvakadaro?

Ndeipi misiyano yezvivakwa uye yakakosha?

Imwe neimwe yeiyi tekinoroji ine "zvikamu zvinofamba" zvakawanda izvo zvinosiyana kwete chete mumabasa avo, asiwo mumabatiro avanoita kune mumwe nemumwe. Mafungiro aya misimboti zvakanaka sei uye akajairwa mechanics emhinduro anotarisisa scalability yayo, kukanganisa kushivirira uye kugona kwese.

Ngatitarisei pane zvakasiyana-siyana zvezvivakwa mune zvakadzama:

Data-ndege - chikamu chemhinduro inokonzeresa kufambisa traffic yevashandisi pakati penzvimbo neanogamuchira. DMVPN uye SD-WAN inoshandiswa kazhinji zvakafanana pamarouter pachawo zvichienderana neMultipoint GRE tunnel. Musiyano ndewekuti iyo inodiwa seti yemaparamita ematanho aya inoumbwa sei:

  • Π² DMVPN/PfR inzvimbo yakasarudzika yematanho maviri emanodhi ane Nyeredzi kana Hub-n-Spoke topology. Kugadziriswa kwakasimba kweHub uye kusungirirwa kwakamira kweSpoke kuHub kunodiwa, pamwe nekudyidzana kuburikidza neNHRP protocol kuumba data-ndege yekubatanidza. Naizvozvo, kuita shanduko kuHub zvakanyanya kuomazvine hukama, semuenzaniso, kushandura / kubatanidza mitsva yeWAN kana kushandura maparamita earipo.
  • Π² SD WAN imodhi ine simba rakazara rekuona maparamendi ematani akaiswa akavakirwa pakudzora-ndege (OMP protocol) uye orchestration-ndege (kudyidzana nevBond controller yekuona controller uye NAT traversal mabasa). Muchiitiko ichi, chero superimposed topology inogona kushandiswa, kusanganisira hierarchical. Mukati meiyo yakasimudzwa pamusoro petunnel tunnel topology, inochinjika kumisikidzwa yeiyo inonzwisisika topology mune yega yega VPN(VRF) inogoneka.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Kudzora-ndege - mabasa ekutsinhana, kusefa uye kugadziridzwa kwenzira uye rumwe ruzivo pakati pezvigadziriso zvikamu.

  • Π² DMVPN/PfR - inoitwa chete pakati peHub neSpoke routers. Kuchinjana kwakananga kweruzivo rwekufambisa pakati peSpokes hazvigoneke. Naizvozvo, Pasina Hub inoshanda, iyo yekudzora-ndege uye data-ndege haigone kushanda, iyo inoisa zvimwe zvekuwanikwa kwepamusoro zvinodiwa paHub izvo zvisingagone kuitika nguva dzose.
  • Π² SD WAN - Kudzora-ndege haimboitirwe zvakananga pakati pemarouters - kupindirana kunoitika pahwaro hweOMP protocol uye kunoitwa kuburikidza neyakasiyana yakasarudzika mhando yevSmart controller, iyo inopa mukana wekuenzanisa, geo-kuchengetera uye nepakati kutonga kweiyo. chiratidzo mutoro. Chimwe chinhu cheOMP protocol kuramba kwayo kwakanyanya kurasikirwa uye kusununguka kubva pakumhanya kwechiteshi chekutaurirana nevatongi (mukati memiganho inonzwisisika, hongu). Izvo zvakaenzana zvinokutendera iwe kuti uise SD-WAN controller mumakore eruzhinji kana akavanzika nekuwana kuburikidza neInternet.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Policy-ndege - chikamu chemhinduro ine chekuita nekutsanangura, kugovera uye kushandisa marongero ekutungamira kwetraffic pane network yakagoverwa.

  • DMVPN - inonyatso kuganhurirwa nemhando yebasa (QoS) marongero akagadzirirwa ega pane yega yega router kuburikidza neCLI kana Prime Infrastructure templates.
  • DMVPN/PfR -PfR marongero anoumbwa pane yepakati Master Controller (MC) router kuburikidza neCLI uye yobva yagovaniswa otomatiki kumabazi MC. Muchiitiko ichi, nzira dzakafanana dzekufambisa dzinoshandiswa seye data-ndege. Iko hakuna mukana wekuparadzanisa kuchinjana kwemitemo, ruzivo rwekufambisa uye data yemushandisi. Kushambadzira kwePolisi kunoda kuvepo kweIP yekubatanidza pakati peHub neSpoke. Muchiitiko ichi, basa reMC rinogona, kana zvichidiwa, kusanganiswa neDMVPN router. Zvinogoneka (asi hazvidiwi) kushandisa Prime Infrastructure templates yepakati pekugadzira mutemo. Chinhu chakakosha ndechekuti iyo mutemo inoumbwa pasi rose mukati metiweki nenzira imwechete - Maitiro ega ega ega ega ega haatsigirwe.
  • SD WAN -Kutungamira kwetraffic uye mhando yemitemo yebasa inotemerwa nechepakati kuburikidza neCisco vManage graphical interface, inowanikwa zvakare kuburikidza neInternet (kana zvichidikanwa). Iwo anogoverwa kuburikidza nemasaini ekusainira nzira zvakananga kana zvisina kunanga kuburikidza neVSmart controllers (zvichienderana nerudzi rwemutemo). Ivo havatsamiri pane data-ndege yekubatanidza pakati pe routers, nekuti shandisa nzira dzese dziripo dzetraffic pakati pemutongi uye router.

    Kune akasiyana network masegment, zvinogoneka kuchinjika kuumba marongero akasiyana - chiyero chepolicy chinotemerwa nevakawanda vakasarudzika vanopihwa mumhinduro - nhamba yebazi, rudzi rwemashandisirwo, nzira yetraffic, nezvimwe.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Orchestration-ndege - nzira dzinobvumira zvikamu kuti zvionekwe zvine simba, zvigadzirise uye zvigadzirise kupindirana kunotevera.

  • Π² DMVPN/PfR Kuwanikwa kwakabatana pakati pemarouter kwakavakirwa pakumisikidzwa kwakamira kweHub zvishandiso uye nekumisikidzwa kunoenderana kweSpoke zvishandiso. Kuwanikwa kweDynamic kunoitika chete kune Spoke, iyo inoshuma yayo Hub yekubatanidza paramita kune mudziyo, iyo inozogara yakagadziriswa neSpoke. Pasina IP yekubatanidza pakati peSpoke uye ingangoita imwe Hub, hazvigoneke kuumba ingave data-ndege kana yekudzora-ndege.
  • Π² SD WAN kurongeka kwezvikamu zvemhinduro kunoitika uchishandisa vBond controller, iyo chikamu chimwe nechimwe (marouta uye vManage/vSmart controllers) chinofanira kutanga chamisa IP yekubatanidza.

    Pakutanga, izvo zvinoumba hazvizivi nezve hukama hweumwe neumwe - nekuda kweizvi vanoda vBond intermediary orchestrator. Nheyo yakajairika ndeiyi inotevera - chikamu chega chega muchikamu chekutanga chinodzidza (otomatiki kana statically) chete nezve ekubatanidza paramita kune vBond, ipapo vBond inozivisa router nezve vManage uye vSmart controllers (yakawanikwa kare), izvo zvinoita kuti zvikwanise kumisa otomatiki. zvese zvinodikanwa zvekusaina zvinongedzo.

    Danho rinotevera nderekuti router itsva idzidze nezve mamwe ma router pane network kuburikidza neOMP kutaurirana ne vSmart controller. Nekudaro, iyo router, isina kutanga yaziva chero chinhu nezve network parameter, inokwanisa kunyatsoona otomatiki nekubatanidza kune controller uyezve inozviona otomatiki uye kugadzira kubatana nemamwe ma router. Muchiitiko ichi, maparameter ekubatanidza ezvikamu zvose pakutanga haazivikanwi uye anogona kuchinja panguva yekushanda.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Kutungamira-ndege - chikamu chemhinduro chinopa centralized manejimendi uye kutarisa.

  • DMVPN/PfR - hapana nyanzvi yekutarisira-ndege mhinduro inopihwa. Zvekutanga otomatiki uye yekutarisa, zvigadzirwa zvakaita seCisco Prime Infrastructure zvinogona kushandiswa. Imwe neimwe router ine kugona kudzorwa kuburikidza neiyo CLI yekuraira mutsara. Kubatanidzwa nekunze masisitimu kuburikidza neAPI hakuna kupihwa.
  • SD WAN -Kudyidzana kwese nguva dzose uye kutarisa kunoitwa nechepakati kuburikidza neiyo graphical interface yevManage controller. Ese maficha emugadziriso, pasina kusarudzika, anowanikwa kuti agadziriswe kuburikidza nevManage, pamwe neakazara rakanyorwa REST API raibhurari.

    Yese SD-WAN network marongero muvManage anouya pasi kune maviri makuru ekuvaka - kuumbwa kwechishandiso templates (Chishandiso Template) uye kuumbwa kwepolicy inotaridza iyo logic yekushanda kwetiweki uye kugadzirisa traffic. Panguva imwecheteyo, vManage, kutepfenyura mutemo wakagadzirwa nemutungamiri, anosarudza otomatiki kuti ndedzipi shanduko uye pane izvo zvigadziriso zvega / zvigadziri zvinoda kuitwa, izvo zvinowedzera zvakanyanya kushanda uye scalability yemhinduro.

    Kuburikidza neiyo vManage interface, kwete chete kumisikidzwa kweCisco SD-WAN mhinduro iripo, asiwo kuzere kutarisa mamiriro ezvese zvikamu zvemhinduro, kusvika kune yazvino mamiriro emetrics ega ega ega uye nhamba dzekushandiswa kweakasiyana maapplication. zvichibva pakuongorora kweDPI.

    Pasinei nepakati pekubatana, zvese zvikamu (ma controller uye ma routers) anewo anoshanda akazara CLI mutsara wekuraira, izvo zvinodiwa padanho rekuita kana pane emergency yekuongororwa kwenzvimbo. Mune yakajairika mode (kana paine chiteshi chechiratidzo pakati pezvikamu) pane ma routers, mutsara wekuraira unowanikwa chete kune diagnostics uye hauwanikwe pakuita shanduko yenzvimbo, iyo inovimbisa kuchengetedzwa kwenzvimbo uye chete sosi yekuchinja munetiweki yakadaro ndeye vManage.

Integrated Security - pano isu hatifanire kutaura chete nezve kuchengetedzwa kwe data remushandisi kana ichiparidzirwa pamusoro pematanho akazaruka, asiwo nezve kuchengetedzwa kwese kweWAN network zvichienderana nehunyanzvi hwakasarudzwa.

  • Π² DMVPN/PfR Izvo zvinogoneka encrypt mushandisi data uye kusaina maprotocol. Paunenge uchishandisa mamwe ma router modhi, firewall inoshanda nekutarisa traffic, IPS/IDS inowanikwawo. Zvinogoneka kupatsanura matavi network uchishandisa VRF. Zvinogoneka kutendesa (one-factor) control protocol.

    Muchiitiko ichi, router iri kure inoonekwa sechinhu chakavimbika chetiweki nekutadza - i.e. nyaya dzekukanganiswa kwemuviri wemidziyo yega yega uye mukana wekusatenderwa kuwana kwavari hazvifungirwe kana kuverengerwa; hapana zviviri-zvinhu kuvimbiswa kwezvikamu zvemhinduro, izvo kana iri nyaya yenzvimbo yakagovaniswa network. inogona kutakura njodzi dzakawedzerwa.

  • Π² SD WAN nekuenzanisa neDMVPN, kugona kuvharidzira data remushandisi kunopihwa, asi nekuwedzera kwakawedzera kuchengetedzwa kwetiweki uye L3/VRF segmentation mabasa (firewall, IPS/IDS, URL kusefa, DNS kusefa, AMP/TG, SASE, TLS/SSL proxy, nezvimwewo) d.). Panguva imwecheteyo, kuchinjana kwemakiyi ekunyorera kunoitwa zvakanyanya kuburikidza nevSmart controllers (panzvimbo pekuti zvakananga), kuburikidza neyakagadzikwa-yakagadzika masaini nzira dzakachengetedzwa neDTLS/TLS encryption yakavakirwa pazvitupa zvekuchengetedza. Izvo zvakare zvinovimbisa kuchengetedzwa kwekutsinhana kwakadaro uye inovimbisa zvirinani scalability yemhinduro kusvika makumi ezviuru zvemidziyo pane imwechete network.

    Zvese zvinongedzo zvinongedzo (controller-to-controller, controller-router) zvinodzivirirwa zvakare zvichibva paDTLS/TLS. Marouters ane zvitupa zvekuchengetedza panguva yekugadzirwa aine mukana wekutsiva / kuwedzera. Huviri-chinhu chechokwadi chinowanikwa kuburikidza nekumanikidzwa uye panguva imwe chete kuzadzikiswa kwemamiriro maviri ekuti router/ controller ishande mune SD-WAN network:

    • Chitupa chekuchengetedza chinoshanda
    • Zvakajeka uye nekuziva kubatanidzwa nemutungamiriri wechikamu chimwe nechimwe mune "chena" runyorwa rwemidziyo inotenderwa.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Misiyano inoshanda pakati peSD-WAN neDMVPN/PfR

Kuenderera mberi nekukurukura kusiyana kwekushanda, zvinofanira kucherechedzwa kuti mazhinji acho ari kuenderera mberi kwezvivakwa - hachisi chakavanzika kuti kana vachigadzira magadzirirwo ekugadzirisa, vagadziri vanotanga kubva kune kugona kwavanoda kuwana pakupedzisira. Ngatitarisei misiyano yakakosha pakati petekinoroji mbiri.

AppQ (Chikumbiro Hunhu) - mabasa ekuona kunaka kwekufambiswa kwebhizinesi application traffic

Iwo akakosha mabasa etekinoroji ari kutariswa ane chinangwa chekuvandudza ruzivo rwemushandisi zvakanyanya sezvinobvira kana uchishandisa bhizinesi-yakakosha maapplication mune yakagoverwa network. Izvi zvinonyanya kukosha mumamiriro ezvinhu apo chikamu chezvivakwa hachidzorwi neIT kana kuti hachitombovimbisi kubudirira kwekufambisa data.

DMVPN haisi iyo pachayo inopa maitiro akadaro. Izvo zvakanakisa zvinogona kuitwa mune yakasarudzika DMVPN network ndeyekurongedza inobuda traffic nekushandisa uye kuisa pamberi payo kana ichiendeswa kuWAN chiteshi. Sarudzo yemugero weDMVPN inotemerwa mune iyi nyaya chete nekuwanikwa kwayo uye mhedzisiro yekushanda kwenzira dzeprotocol. Panguva imwecheteyo, mamiriro ekupedzisira-kusvika-kumagumo enzira/mugero uye kukanganisa kwayo kungangove kusingatariswe maererano nemametric akakosha akakosha kune network application - kunonoka, kunonoka kusiyanisa (jitter) uye kurasikirwa (% ) Panyaya iyi, kuenzanisa zvakananga DMVPN neSD-WAN maererano nekugadzirisa matambudziko eAppQ kunorasikirwa nerevo yese - DMVPN haigone kugadzirisa dambudziko iri. Paunowedzera Cisco Performance Routing (PfR) tekinoroji mune ino mamiriro, mamiriro ezvinhu anoshanduka uye kuenzanisa neCisco SD-WAN kunowedzera kukosha.

Tisati takurukura kusiyana, heino kukurumidza kutarisa kuti matekinoroji akafanana sei. Saka, ese ari maviri tekinoroji:

  • Iva nemuchina unobvumidza iwe kuti uongorore zvine simba mamiriro eimwe neimwe yakagadzwa mugero maererano nemamwe metrics - padiki, kunonoka, kunonoka kusiyanisa uye kurasikirwa kwepaketi (%).
  • shandisa imwe seti yezvishandiso zvekuumba, kugovera uye kushandisa mitemo yekutonga kwemigwagwa (matongerwo), uchifunga nezvemigumisiro yekuyera mamiriro ezviyero zvakakosha.
  • sarudza traffic traffic pamatanho L3-L4 (DSCP) yeOSI modhi kana neL7 masiginecha ekushandisa zvichienderana neDPI nzira dzakavakirwa muruta.
  • Kune akakosha maapplication, ivo vanokutendera iwe kuti uone inogamuchirika pachikumbaridzo kukosha kwema metrics, mitemo yekufambisa traffic nekukasira, uye mitemo yekudzoreredza traffic kana zvikumbaridzo zvapfuudzwa.
  • Kana vachivharidzira traffic muGRE/IPSec, vanoshandisa iyo yakatogadzirwa indasitiri nzira yekuendesa mukati meDSCP mamaki kune yekunze GRE/IPSEC packet header, iyo inobvumira kuwiriranisa marongero eQoS esangano uye telecom operator (kana paine SLA yakakodzera) .

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

SD-WAN uye DMVPN/PfR end-to-end metrics akasiyana sei?

DMVPN/PfR

  • Ose ari maviri anoshanda uye passive software sensors (Probes) anoshandiswa kuongorora akajairwa tunnel hutano metrics. Anoshanda akavakirwa pamushandisi wemushandisi, iwo anofamba anotevedzera traffic yakadai (isipo).
  • Iko hakuna kunyatso-tuning yenguva uye kudzikisira yekuona mamiriro - iyo algorithm yakagadziriswa.
  • Pamusoro pezvo, kuyerwa kweyakashandiswa bandwidth munzira inobuda inowanikwa. Iyo inowedzera imwe yekuwedzera traffic manejimendi kuchinjika kuDMVPN/PfR.
  • Panguva imwecheteyo, dzimwe nzira dzePfR, kana metrics dzapfuudzwa, dzinotsamira pakusaina mhinduro muchimiro cheTCA (Threshold Crossing Alert) mameseji anofanirwa kubva kumutambi wetraffic akananga kunzvimbo, iyo inozofunga kuti mamiriro akayerwa chiteshi anofanirwa kunge akakwana pakufambisira kweTCA mameseji akadaro. Izvo muzviitiko zvakawanda hazvisi dambudziko, asi zviri pachena hazvigone kuvimbiswa.

SD WAN

  • Kuongorora kwekupedzisira-kusvika-kumagumo kweakajairwa tunnel state metrics, iyo BFD protocol inoshandiswa mune echo modhi. Muchiitiko ichi, mhinduro yakakosha muchimiro cheTCA kana mameseji akafanana haidiwe - kuparadzaniswa kwemadomasi ekukundikana kunochengetwa. Izvo zvakare hazvidi kuvepo kwevashandisi traffic kuti vaongorore tunnel mamiriro.
  • Izvo zvinokwanisika kugadzirisa-tuna BFD timers kudzora kumhanya kwekupindura uye kunzwisiswa kwegorgorithm kusvika pakuderedzwa kweiyo nzira yekutaurirana kubva kumasekonzi akati wandei kusvika kumaminetsi.

    Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

  • Panguva yekunyora, pane chikamu chimwe chete cheBFD mumugero wega wega. Izvi zvingangoita kuti zvigadzirise zvishoma granularity mukuongororwa kwetunnel state. Muchokwadi, izvi zvinogona kungove mhedziso kana iwe ukashandisa WAN yekubatanidza yakavakirwa paMPLS L2/L3 VPN ine yakabvumiranwa QoS SLA - kana iyo DSCP yekumaka yeBFD traffic (mushure mekuvharirwa muIPSec/GRE) inoenderana neiyo yepamusoro-yekutanga mutsara mu. iyo telecom opareta network, zvino izvi zvinogona kukanganisa iko kurongeka uye nekumhanya kwekudzikisirwa kwekuona kune yakaderera-inonyanya kukosha traffic. Panguva imwecheteyo, zvinogoneka kushandura iyo default BFD kunyora kuti kuderedze njodzi yemamiriro akadaro. Mushanduro dzenguva yemberi dzeCisco SD-WAN software, mamwe magadzirirwo eBFD anotarisirwa, pamwe nekukwanisa kuvhura akawanda maBFD zvikamu mukati memugero mumwechete uine DSCP kukosha (yekushandisa kwakasiyana).
  • BFD zvakare inobvumidza iwe kuti ufungidzire yakakura saizi yepakiti inogona kufambiswa kuburikidza neimwe nzira pasina kupatsanuka. Izvi zvinobvumira SD-WAN kuti igadzirise zvine simba paramita seMTU uye TCP MSS Gadzirisa kuti uwane zvakanyanya bandwidth iripo pane yega link.
  • MuSD-WAN, sarudzo yeQoS synchronization kubva kune telecom operators inowanikwawo, kwete chete yakavakirwa paL3 DSCP minda, asi zvakare yakavakirwa paL2 CoS kukosha, iyo inogona kugadzirwa otomatiki mubazi network nemichina yakasarudzika - semuenzaniso, IP. mafoni

Ko kugona, nzira dzekutsanangura nekushandisa maAppQ marongero akasiyana sei?

DMVPN/PfR Zvitengo:

  • Inotsanangurwa pane yepakati bazi router (s) kuburikidza neCLI command line kana CLI kumisikidza matemplate. Kugadzira CLI templates kunoda kugadzirira uye ruzivo rwepolicy syntax.

    Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

  • Inotsanangurwa pasi rose pasina mukana wekugadziriswa kwega / shanduko kune zvinodiwa zvega yega network segment.
  • Interactive policy generation haina kupihwa mugraphical interface.
  • Kutsvaga shanduko, nhaka, uye kugadzira akawanda mavhezheni ezvirongwa zvekukurumidza kuchinja hazvina kupihwa.
  • Yakagoverwa otomatiki kumarouter emapazi ari kure. Muchiitiko ichi, nzira dzekutaura dzakafanana dzinoshandiswa sekutumira data remushandisi. Kana pasina nzira yekukurukurirana pakati pebazi repakati uye riri kure, kugovera / kuchinja kwemitemo hakugoneki.
  • Iwo anoshandiswa pane yega yega router uye, kana zvichidikanwa, shandura mhedzisiro yeakajairwa routing mapuroteni, aine yepamusoro pekutanga.
  • Kune zviitiko apo zvese bazi WAN zvinongedzo zvinosangana nekurasikirwa kukuru kwetraffic, hapana nzira dzekubhadhara dzakapihwa.

SD-WAN Mitemo:

  • Inotsanangurwa muvManage GUI kuburikidza neiyo interactive template wizard.
  • Inotsigira kugadzira akawanda marongero, kutevedzera, kutora nhaka, kushandura pakati pezvirongwa munguva chaiyo.
  • Inotsigira marongero emunhu ega ega kune akasiyana network zvikamu (mapazi)
  • Izvo zvinogoverwa uchishandisa chero iripo chiratidzo chiteshi pakati pemutongi uye router uye/kana vSmart - hazvibvi zvakananga pane data-ndege yekubatanidza pakati pemarouta. Izvi, hongu, zvinoda IP yekubatanidza pakati peiyo router pachayo nevatongi.

    Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

  • Kune zviitiko apo matavi ese aripo ebazi akawana kurasikirwa kwakakosha kwedata kunodarika zvikumbaridzo zvinogamuchirika zvemashandisirwo akakosha, zvinokwanisika kushandisa dzimwe nzira dzinowedzera kuvimbika kwekutapurirana:
    • FEC (Forward Error Correction) - inoshandisa yakakosha redundant coding algorithm. Kana uchitumira traffic yakakosha pamusoro pezviteshi zvine chikamu chakakura chekurasikirwa, FEC inogona kushandiswa otomatiki uye inobvumira, kana zvichidikanwa, kudzorera chikamu chakarasika che data. Izvi zvishoma zvinowedzera kushandiswa kwekufambisa bandwidth, asi zvakanyanya kunatsiridza kuvimbika.

      Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

    • Kudzokororwa kwe data streams -Kuwedzera kune FEC, mutemo unogona kupa otomatiki kudzokorora kwetraffic yezvikumbiro zvakasarudzwa muchiitiko chekurasikirwa kwakanyanya kusingakwanise kubhadharwa neFEC. Muchiitiko ichi, iyo data yakasarudzwa ichafambiswa kuburikidza nematanho ese akananga kubazi rinogamuchira nekutevera de-duplication (kudonhedza mamwe makopi emapaketi). Iyo michina inowedzera zvakanyanya kushandiswa kwechiteshi, asi zvakare inowedzera zvakanyanya kutapurirana kuvimbika.

Cisco SD-WAN kugona, isina akananga analogues muDMVPN/PfR

Mavakirwo eCisco SD-WAN mhinduro mune dzimwe nguva inokutendera iwe kuti uwane hunyanzvi hungave hwakanyanya kuoma kuita mukati meDMVPN/PfR, kana zvisingaite nekuda kwemitengo yevashandi inodiwa, kana zvisingaite zvachose. Ngatitarisei zvinonyanya kunakidza kwavari:

Traffic-Engineering (TE)

TE inosanganisira masisitimu anobvumira traffic kuti ibude munzira yakajairwa inoumbwa nemaprotocol enzira. TE inowanzo shandiswa kuve nechokwadi chekuwanikwa kwakanyanya kwemasevhisi etiweki, kuburikidza nekukwanisa kukurumidza uye / kana kufambisa kufambisa traffic yakakosha kune imwe nzira (disjoint) yekufambisa nzira, kuitira kuve nechokwadi chemhando yepamusoro yebasa kana kukurumidza kupora kana watadza. munzira huru.

Kuomerwa kwekuita TE kuri mukudiwa kwekuverenga nekuchengetedza (tarisa) imwe nzira pamberi. MuMPLS network yevafambisi venhare, dambudziko iri rinogadziriswa pachishandiswa matekinoroji akadai seMPLS Traffic-Engineering ine mawedzero eiyo IGP protocol uye RSVP protocol. Zvakare nguva pfupi yadarika, Segment Routing tekinoroji, iyo yakanyanya optimized kumisikidzwa yepakati uye orchestration, yave kuwedzera mukurumbira. Muchinyakare WAN network, matekinoroji aya haawanzo kumiririrwa kana kuderedzwa kusvika pakushandiswa kwehop-by-hop masisitimu sePolicy-Based Routing (PBR), inokwanisa kuita branching traffic, asi ita izvi pane yega yega router zvakasiyana - pasina kutora. mukufunga nezvesese mamiriro etiweki kana PBR mhedzisiro mumatanho apfuura kana anotevera. Mhedzisiro yekushandisa idzi sarudzo dzeTE inoodza mwoyo - MPLS TE, nekuda kwekuoma kwekugadzirisa uye kushanda, inoshandiswa, sekutonga, chete muchikamu chakakosha chetiweki (core), uye PBR inoshandiswa pamunhu wega routers pasina. kugona kugadzira yakabatana PBR mutemo kunetiweki yese. Zviripachena, izvi zvinoshandawo kune DMVPN-based network.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

SD-WAN mune izvi inopa yakanyanya kunaka mhinduro iyo isiri nyore kugadzirisa chete, asiwo zviyero zviri nani. Izvi zvinokonzerwa nekutonga-ndege uye mitemo-ndege architectures inoshandiswa. Kuita mutemo-ndege muSD-WAN inokutendera iwe kutsanangura nepakati TE mutemo - ndeipi traffic inofadza? yeVPNs ipi? Kuburikidza neapi ma node/tunnels pazvinofanirwa kana, neimwe nzira, kurambidzwa kugadzira imwe nzira? Nekudaro, iyo centralization yekutonga-ndege manejimendi yakavakirwa pavSmart controllers inobvumidza iwe kuti uchinje routing mhinduro pasina kushandisa marongero ega ega mudziyo - ma routers atoona chete mhedzisiro ye logic iyo yakagadzirwa muvManage interface uye kuendeswa kuti ishandiswe kune. vSmart.

Service-chaining

Kugadzira sevhisi cheni ibasa rinotonyanya kushanda mukirasi yenzira kupfuura iyo yakatotsanangurwa Traffic-Engineering meshini. Chokwadi, mune iyi kesi, zvinodikanwa kwete chete kugadzira nzira yakakosha yeimwe network application, asi zvakare kuve nechokwadi chekugona kubvisa traffic kubva kunetiweki pane dzimwe (kana ese) node dzeSD-WAN network kuti igadziriswe. chishandiso chakakosha kana sevhisi (Firewall, Bancing, Caching, Inspection traffic, nezvimwewo). Panguva imwecheteyo, zvinodikanwa kuti ukwanise kudzora mamiriro eaya masevhisi ekunze kuitira kudzivirira dema-holing mamiriro, uye nzira dzinodiwa zvakare dzinobvumira akadaro ekunze masevhisi emhando imwechete kuiswa munzvimbo dzakasiyana dze geo. nekugona kwetiweki kusarudza otomatiki iyo yakanyanya kunaka sevhisi node yekugadzirisa traffic yerimwe bazi. Panyaya yeCisco SD-WAN, izvi zviri nyore kuwana nekugadzira iyo yakakodzera yepakati mutemo iyo "inonamira" ese maficha eiyo inotangwa sevhisi cheni kuita imwechete uye inoshandura otomatiki data-ndege uye kutonga-ndege mantiki chete uko. uye pazvinenge zvakakodzera.

Ko Cisco SD-WAN ichacheka bazi panogara DMVPN?

Iko kugona kugadzira geo-yakagovaniswa kugadziridzwa kwetraffic yemhando dzakasarudzwa dzekushandisa mune imwe kutevedzana pane yakasarudzika (asi isina hukama neiyo SD-WAN network pachayo) midziyo ingangove iri pachena ratidziro yezvakanakira Cisco SD-WAN pamusoro pekirasi. matekinoroji uye kunyangwe dzimwe nzira dzeSD mhinduro -WAN kubva kune vamwe vanogadzira.

Chii mumagumo?

Zviripachena, ese ari maviri DMVPN (ine kana isina Performance Routing) uye Cisco SD-WAN pakupedzisira kugadzirisa matambudziko akafanana chaizvo maererano nekugoverwa kweWAN network yesangano. Panguva imwecheteyo, misiyano yakakosha yekuvaka uye inoshanda muCisco SD-WAN tekinoroji inotungamira kukugadzirisa matambudziko aya. kune imwe nhanho yemhando. Kupfupisa, tinogona kucherechedza zvinotevera mutsauko unotevera pakati peSD-WAN neDMVPN/PfR matekinoroji:

  • DMVPN/PfR mune yakajairika kushandisa nguva-yakaedzwa matekinoroji ekuvaka pamusoro peVPN network uye, maererano nedata-ndege, yakafanana neyazvino SD-WAN tekinoroji, zvisinei, pane akati wandei anogumira muchimiro chekumanikidza static kumisikidza. ye routers uye kusarudzwa kwematopology kunogumira kuHub-n-Spoke. Kune rimwe divi, DMVPN/PfR ine mamwe maitiro ayo asati awanikwa mukati meSD-WAN (tiri kutaura nezve-per-application BFD).
  • Mukati mekudzora-ndege, matekinoroji anosiyana zvakanyanya. Tichifunga nezvepakati pekugadziriswa kwemasaina emaprotocol, SD-WAN inobvumira, kunyanya, kutetepa zvakanyanya kutadza madomasi uye "decouple" maitiro ekufambisa mushandisi traffic kubva mukusaina kupindirana - kusawanikwa kwenguva pfupi kwevatongi hakukanganise kugona kuendesa mushandisi traffic. . Panguva imwecheteyo, kusavapo kwekanguva kwebazi chero ripi zvaro (kusanganisira nechepakati) hakuiti nenzira ipi zvayo kukwanisa kukwanisa kwemamwe matavi kushamwaridzana kune mumwe nemumwe uye vatongi.
  • Iyo dhizaini yekugadzira uye kushandiswa kweiyo traffic manejimendi ekutonga mune iyo SD-WAN zvakare yakakwirira kune iyo muDMVPN/PfR - geo-reservation inoitwa zvirinani, hapana chinongedzo kuHub, kune mimwe mikana yefaindi. -tuning policy, runyoro rwekuitwa kwetraffic manejimendi mamiriro akakura zvakare.
  • Iyo solution orchestration process zvakare yakasiyana zvakanyanya. DMVPN inotora kuvepo kweiyo yaimbozivikanwa paramita iyo inofanirwa kuratidzwa neimwe nzira mukugadzirisa, izvo zvinomisa kuchinjika kwemhinduro uye mukana wekuchinja kwakasimba. Nekudaro, SD-WAN yakavakirwa pane paradigm yekuti panguva yekutanga yekubatanidza, iyo router "haina chainoziva" nezve vatongi vayo, asi inoziva "waunogona kubvunza" - izvi zvakakwana kwete kungozvimisira kutaurirana. ivo vanodzora, asi zvakare kuti vagadzire otomatiki yakabatana yakazara data-ndege topology, iyo inogona kubva yagadziriswa inogadziriswa / kuchinjwa uchishandisa marongero.
  • Panyaya yekutonga kwepakati, otomatiki uye kutarisa, SD-WAN inotarisirwa kupfuura kugona kweDMVPN/PfR, iyo yakashanduka kubva kumhando yepamusoro tekinoroji uye ichivimba zvakanyanya pamutsetse wemirairo weCLI uye kushandiswa kwematemplate-based NMS masisitimu.
  • MuSD-WAN, zvichienzaniswa neDMVPN, zvinodiwa zvekuchengetedza zvasvika padanho rakasiyana remhando. Misimboti mikuru ndeye zero kuvimba, scalability uye maviri-chinhu chechokwadi.

Idzi mhedziso dzakareruka dzinogona kupa fungidziro isiriyo yekuti kugadzira network yakavakirwa paDMVPN/PfR yakarasa kukosha kwese nhasi. Chokwadi ichi hachisi chokwadi zvachose. Semuenzaniso, mumamiriro ezvinhu apo network inoshandisa michina yakawanda yechinyakare uye pasina nzira yekuitsiva, DMVPN inogona kukubvumira kuti ubatanidze "yekare" uye "itsva" zvishandiso mune imwechete geo-yakagoverwa network ine akawanda mabhenefiti anotsanangurwa. kumusoro.

Kune rimwe divi, zvinofanirwa kuyeukwa kuti ese aripo eCisco corporate routers akavakirwa paIOS XE (ISR 1000, ISR 4000, ASR 1000, CSR 1000v) nhasi anotsigira chero maitiro ekushandisa - ese ari maviri echinyakare routing uye DMVPN uye SD-WAN - sarudzo inotarirwa nezvido zvazvino uye kunzwisisa kuti chero nguva, uchishandisa midziyo yakafanana, unogona kutanga kuenda kune yakawedzera tekinoroji.

Source: www.habr.com

Voeg