SD-WAN uye DNA kubatsira maneja: zvivakwa zvezvivakwa uye maitiro

Chimiro chaunogona kubata mulabhu yedu kana uchida.

SD-WAN uye SD-Access nzira mbiri dzakasiyana dzevaridzi yekuvaka network. Mune ramangwana, ivo vanofanirwa kusanganiswa kuita imwe overlay network, asi parizvino vari kuswedera pedyo. Pfungwa ndeiyi: isu tinotora network kubva kuma1990 uye tinoburitsa ese anodiwa zvigamba uye maficha pairi, pasina kumirira kuti ive nyowani yakavhurika mwero mune mamwe makore gumi.

SD-WAN ndeye SDN chigamba kune akagoverwa bhizinesi network. Kutakura kwakaparadzana, kutonga kwakaparadzana, saka kutonga kunorerutswa.

Pros - nzira dzese dzekutaurirana dzinoshandiswa zvakanyanya, kusanganisira iyo yekuchengetedza. Pane kufambiswa kwemapakiti kune maapplication: chii, kuburikidza neipi chiteshi uye neinonyanya kukosha. Maitiro akareruka ekuisa mapoinzi matsva: pachinzvimbo chekuburitsa gadziriso, ingo tsanangura kero yeCisco server paInternet hombe, CROC data centre kana mutengi, uko magadzirirwo akananga kunetiweki yako anotorwa kubva.

SD-Access (DNA) ndeye otomatiki yemuno network manejimendi: kumisikidza kubva pane imwe pfungwa, masvikiro, nyore nzvimbo. Muchokwadi, imwe network inovakwa neyakasiyana yekufambisa padanho reprotocol pamusoro peyako, uye kuenderana neanetiweki ekare kunovimbiswa pamiganhu yeperimeter.

Tichabatawo neizvi pasi apa.

Ikozvino mamwe maratidziro pamabhenji ekuyedza mulabhu yedu, kuti inotaridzika sei uye inoshanda sei.

Ngatitangei neSD-WAN. Main features:

• Kurerutsa kwekutumira mapoinzi matsva (ZTP) - inofungidzirwa kuti iwe neimwe nzira unodyisa poindi nekero yeseva ine zvigadziriso. Iyo poindi inogogodza pairi, inogamuchira iyo config, inoimonera kumusoro uye inosanganisirwa pane yako control panel. Izvi zvinoita kuti Zero-Touch Provisioning (ZTP). Kuti uendese nzvimbo yekupedzisira, injinjiniya yetiweki haidi kuenda kune saiti. Chinhu chikuru ndechekubatidza mudziyo nenzira kwayo pasaiti uye kubatanidza tambo dzese kwairi, ipapo michina yacho inozobatana nehurongwa. Unogona kudhawunirodha configs kuburikidza neDNS mibvunzo mugore remutengesi kubva kune yakabatana USB drive, kana unogona kuvhura hyperlink kubva palaptop yakabatana kune mudziyo kuburikidza neWi-Fi kana Ethernet.
• Kurerutsa kwemaitiro network manejimendi - config kubva matemplate, pasi rose marongero, centrally configured kuti angangoita mashanu mapazi, angangoita 5. Zvese kubva panzvimbo imwe. Kuti udzivise rwendo rurefu, pane yakanakira sarudzo yekudzokera otomatiki kune yakapfuura config.
• Chishandiso-chikamu chetraffic manejimendi - kuve nechokwadi chemhando uye inoenderera mberi application siginecha zvigadziriso. Mitemo inogadziriswa uye yakatenderedzwa nechepakati (hapana chikonzero chekunyora nekugadzirisa mamepu enzira kune yega yega router, sepakutanga). Iwe unogona kuona kuti ndiani ari kutumira chii, kupi uye chii.
• Network segmentation. Yakazvimiririra yakasarudzika VPNs pamusoro pezvese zvivakwa - imwe neimwe iine yayo nzira. Nekumisikidza, traffic pakati pavo yakavharwa; iwe unogona kuvhura mukana chete kune anonzwisisika mhando dzetraffic mune inonzwisisika network node, semuenzaniso, kupfuura zvese kuburikidza nehombe firewall kana proxy.
• Kuonekwa kweiyo network yemhando yenhoroondo - maitiro ekushandisa nemachaneti. Inobatsira kwazvo pakuongorora nekugadzirisa mamiriro ezvinhu kunyangwe vashandisi vasati vatanga kugamuchira zvichemo pamusoro pekusagadzikana kushanda kwemaapplication.
• Kuonekwa mumatanho - akakosha mari here, vari vaviri vakasiyana vanoshanda vanouya kunzvimbo yako, kana kuti vari kunyatso pfuura nenetiweki imwe chete uye kudzikisira / kudonha panguva imwe chete.
• Kuonekwa kwegore mashandisirwo uye kutungamira traffic kuburikidza nedzimwe nzira dzakavakirwa pairi (Cloud Onramp).
• Chimwe chidimbu chehardware chine router uye firewall (kunyanya, NGFW). Zvimedu zvishoma zvehardware zvinoreva kuti zvakachipa kuvhura bazi idzva.

Zvikamu uye zvivakwa zveSD-WAN mhinduro

Midziyo yekugumisa ndeye WAN routers, inogona kunge iri hardware kana virtual.

Orchestrators chishandiso chekutarisira network. Iwo akagadziridzwa ane yekupedzisira mudziyo paramita, traffic routing marongero, uye kuchengetedza kushanda. Iwo anokonzeresa configs anotumirwa otomatiki kuburikidza netiweki yekudzora kune node. Mukufanana, orchestrator inoteerera kunetiweki uye inotarisisa kuwanikwa kwemidziyo, zviteshi, nzira dzekutaurirana, uye kurodha.

Zvishandiso zveAnalytics. Ivo vanoita mishumo zvichienderana nedata rakaunganidzwa kubva kumagumo emidziyo: nhoroondo yemhando yemachaneli, network application, node kuwanikwa, nezvimwe.

Vatongi vane basa rekushandisa marongero ekufambisa traffic kune network. Analogue yavo yepedyo mumatanho echinyakare inogona kunzi BGP Route Reflector. Mitemo yepasi rose inogadziriswa nemutungamiriri muorchestrator inoita kuti vatongi vachinje kuumbwa kwematafura avo ekufambisa uye kutumira ruzivo rwakagadziridzwa kumagumo emidziyo.

Chii chinopihwa neIT sevhisi kubva kuSD-WAN:

1. Iyo backup chiteshi inogara ichishandiswa (kwete isina kuita). Zvinoita zvakachipa nekuti unogona kutenga maviri mashoma akakora chiteshi.
2. Kuchinja otomatiki kwetraffic application pakati pezviteshi.
3. Administrator nguva: unogona kugadzira network pasi rose, pane kukambaira nepakati pega ega hardware ine configs.
4. Speed ​​​​yekusimudza matavi matsva. Akareba zvikuru.
5. Kudzikira zvishoma paunenge uchitsiva midziyo yakafa.
6. Kurumidza kugadzirisa zvakare network kune masevhisi matsva.

Bhizinesi rinowanei kubva kuSD-WAN:

1. Yakavimbiswa kushanda kwebhizinesi zvikumbiro pane yakagoverwa network, kusanganisira neyakavhurika Internet nzira. Zviri pamusoro bhizimisi kufanotaura.
2. Tsigiro yekukurumidza yezvikumbiro zvebhizinesi idzva mhiri kwese kugoverwa network, zvisinei nehuwandu hwemapazi. Ndezvekumhanya kwebhizinesi.
3. Kurumidza uye kwakachengeteka kubatana kwemapazi mune chero nzvimbo dziri kure uchishandisa chero yekubatanidza matekinoroji (Internet iri kwese kwese, asi mitsara yakakoswa uye VPN haisi). Izvi ndezvekushanduka kwebhizinesi pakusarudza nzvimbo.
4. Iyi inogona kunge iri purojekiti ine kuendesa uye kutumwa, kana inogona kunge iri sevhisi
   nemari yemwedzi nemwedzi kubva kukambani yeIT, telecom opareta kana gore opareta. Chero zvakakunakira.

Mabhenefiti ebhizinesi eSD-WAN anogona kunge akasiyana zvachose, semuenzaniso, mumwe mutengi akatiudza kuti maneja wepamusoro akagamuchira chikumbiro chemutsetse wakananga nevashandi vese vekambani ine zviuru zvakawanda uye kugona kuendesa zvirimo.

Kwatiri kwaiva “kushanda kwechiuto.” Panguva iyoyo, takanga tava kugadzirisa dambudziko rekuvandudza CSPD. Uye kana isu tichinzwisisa kuti isu, pamusimboti, tinoda kuita mukugadziridzwa kwemidziyo, uye tekinoroji stack yafambira mberi, nei tichifanira kuita mukugadziridza matekinoroji mamwe chete nemasevhisi kana tikakwanisa kutora danho rinopfuura.

SD-WAN yakaiswa pane saiti naEnikey. Izvi zvakakosha kumapazi ari kure, uko panogona kunge pasina maneja akajairika. Tumira netsamba, iti: “Batanidza tambo 1 mubhokisi 1, tambo 2 mubhokisi 2, uye musaisanganisa! Usavhiringike, #@$@%! Uye kana vakasazvisanganisa, iyo mudziyo pachayo inotaurirana neyepakati sevha, inotora uye inoshandisa magadzirirwo ayo, uye iyi hofisi inova chikamu chekambani yakachengeteka network. Zvakanaka kana usinga fanire kufamba uye zviri nyore kupembedza mubhajeti yako.

Heino dhizaini yestand:

Mimwe mienzaniso yekugadzirisa:

Policy - mitemo yepasi rose yekugadzirisa traffic. Kugadzirisa mutemo.

Activate traffic control policy.

Misa gadziriso yeakakosha mudziyo paramita (IP kero, DHCP madziva).

Screenshots yekutarisisa kuita kwekushandisa

Zvekushandisa zvemufu.

Details for Office365.

Zveku-prem application. Nehurombo, hatina kukwanisa kuwana maapplication aine zvikanganiso pastand yedu (FEC Recovery rate iri zero kwese kwese).

Uyezve - kuita kwematanho ekufambisa data.

Ndeipi hardware inotsigirwa paSD-WAN

1. Hardware mapuratifomu:

• Cisco vEdge routers (yaimbova Viptela vEdge) inoshandisa Viptela OS.
• 1 uye 000 akatevedzana Integrated Services Routers (ISRs) inoshandisa IOS XE SD-WAN.
• Aggregation Services Router (ASR) 1 yakatevedzana inoshandisa IOS XE SD-WAN.

2. Virtual mapuratifomu:

• Cloud Services Router (CSR) 1v inoshandisa IOS XE SD-WAN.
• vEdge Cloud Router inoshandisa Viptela OS.

Virtual platforms inogona kuiswa paCisco x86 computing platforms, seEnterprise Network Compute System (ENCS) 5 series, Unified Computing System (UCS), uye Cloud Services Platform (CSP) 000 series. Virtual platforms inogonawo kushanda pane chero x5 device uchishandisa hypervisor yakadai seKVM kana VMware ESi.

Kuti mudziyo mutsva unofamba sei

Rondedzero yemidziyo ine rezinesi yekutumirwa inotorwa kubva kuCisco smart account kana kurodha sefaira reCSV. Ini ndichaedza kuwana mamwe mascreenshots gare gare, izvozvi hatina zvishandiso zvitsva zvekuisa.

Kutevedzana kwematanho mudziyo unofamba nawo kana waiswa.

Iyo itsva mudziyo / gadziriso yekuendesa nzira inoburitswa

Isu tinowedzera zvishandiso kuSmart Account.

Unogona kudhawunirodha CSV faira, kana kuti unogona kudhawunirodha rimwe panguva:

Zadza mudziyo parameters:

Tevere, muvManage tinowiriranisa iyo data neiyo Smart Account. Chishandiso ichi chinoonekwa pane rondedzero:

Mune yekudonha-pasi menyu yakatarisana nemudziyo, tinya Gadzira Bootstrap Configuration
uye tora yekutanga config:

Iyi config inofanirwa kupihwa kune mudziyo. Nzira iri nyore ndeyekubatanidza flash drive nefaira rakachengetwa rakanzi ciscosd-wan.cfg kune mudziyo. Paunotanga, mudziyo uchatsvaga iyi faira.

Mushure mekugamuchira iyo yekutanga kumisikidzwa, mudziyo uchakwanisa kusvika kune orchestrator uye ugamuchire yakazara gadziriso kubva ipapo.

Isu tinotarisa SD-Access (DNA)

SD-Access inoita kuti zvive nyore kugadzirisa zviteshi uye kodzero dzekuwana dzekubatanidza vashandisi. Izvi zvinoitwa uchishandisa wizards. Port paramita dzakaiswa maererano ne "Administrator", "Accounting", "Printers" mapoka, uye kwete kuVLAN uye IP subnets. Izvi zvinoderedza kukanganisa kwevanhu. Kana, semuenzaniso, kambani ine matavi mazhinji muRussia, asi hofisi yepakati yakawandisa, saka SD-Access inobvumidza iwe kugadzirisa mamwe matambudziko munharaunda. Semuenzaniso, matambudziko akafanana maererano nekugadzirisa dambudziko.

Nekuchengetedza ruzivo, zvakakosha kuti SD-Access inosanganisira kupatsanurwa kwakajeka kwevashandisi nemidziyo mumapoka uye tsananguro yemitemo yekudyidzana pakati pavo, mvumo kune chero mutengi kubatana kune network, uye kupihwa kwe "kodzero dzekuwana" mukati metiweki yese. Kana iwe ukatevera nzira iyi, kutonga kunova nyore.

Maitiro ekutanga emahofisi matsva zvakare akarerutswa nekuda kwePlug-and-Play vamiririri mune switch. Iko hakuna chikonzero chekumhanya uchitenderera-nyika nekoni, kana kutoenda kune saiti zvachose.

Heino mienzaniso yekugadzirisa:

General status.

Zviitiko izvo maneja anofanira kuongorora.

Kurudziro otomatiki pane zvekuchinja muma configs.

Ronga yekubatanidza SD-WAN neSD-Access

Ndakanzwa kuti Cisco ine zvirongwa zvakadaro - SD-WAN uye SD-Access. Izvi zvinofanirwa kudzikisa zvakanyanya hemorrhoids kana uchibata geographical kugoverwa uye emunharaunda CSPDs.

vManage (SD-WAN orchestrator) inotungamirirwa neAPI kubva kuDNA Center (SD-Access controller).

Micro- uye macro-segmentation marongero akaiswa mepu seinotevera:

Padanho repakeji, zvese zvinotaridzika seizvi:

Ndiani anofunga nezvazvo uye chii?

Isu tanga tichishanda paSD-WAN kubva 2016 mune imwe murabhoritari yakasiyana, kwatinoedza mhinduro dzakasiyana dzezvinodiwa zvekutengesa, mabhangi, zvekufambisa uye indasitiri.

Isu tinotaurirana zvakanyanya nevatengi chaivo.

Ndinogona kutaura kuti kutengesa kuri kutoedza nechivimbo SD-WAN, uye vamwe vari kuita izvi nevatengesi (kazhinji neCisco), asi kunewo avo vari kuedza kugadzirisa nyaya yacho pachavo: vari kunyora vhezheni yavo. software iyo yakafanana mukushanda kune SD-WAN.

Wese munhu, neimwe nzira kana imwe, anoda kuwana pakati pekutonga kwese zoo yemidziyo. Iyi ndiyo imwe pfungwa yekutonga kune isiri-yakajairwa kuisirwa uye yakajairwa kune vakasiyana vatengesi uye akasiyana matekinoroji. Zvakakosha kuderedza basa remaoko nokuti, kutanga, inoderedza ngozi yechinhu chevanhu pakugadzirisa michina, uye chechipiri, inosunungura zviwanikwa zvebasa reTI kugadzirisa mamwe matambudziko. Kazhinji, kucherechedzwa kwechido kunobva kunguva refu yekuvandudza nyika. Uye, semuenzaniso, kana mutengesi achitengesa doro, saka inoda kugara ichitaurirana kutengesa. Kugadziridza kana kudzika pasi mukati mezuva kunobata zvakananga mari.

Ikozvino mukutengesa pane kunzwisiswa kwakajeka kweizvo IT mabasa achashandisa SD-WAN:

1. Kukurumidza kutumira (kazhinji kunodiwa paLTE mupi wetambo asati asvika, kazhinji zvinodikanwa kuti poindi nyowani isimudzwe nemutungamiriri muguta kuburikidza neGPC, uye ipapo nzvimbo yacho inongotarisa nekugadzirisa).
2. Centralised management, kutaurirana kwezvinhu zvekunze.
3. Kuderedza mitengo yenharembozha.
4. Akasiyana-siyana ekuwedzera masevhisi (DPI maficha anoita kuti zvikwanise kukoshesa kuendeswa kwetraffic kubva kune zvakakosha maapplication senge marejista emari).
5. Shanda nemachanera otomatiki, kwete nemaoko.

Uye kune zvakare cheki yekuteerera - munhu wese anotaura nezvazvo zvakanyanya, asi hapana anozviona sedambudziko. Kuchengeta kuti zvese zvinoshanda nemazvo zvinoshandawo zvakanaka mune iyi paradigm. Vazhinji vanotenda kuti iyo yese network tekinoroji musika ichafamba nenzira iyi.

Mabhangi, IMHO, parizvino ari kuyedza SD-WAN sechinhu chitsva chetekinoroji. Ivo vakamirira kupera kwekutsigirwa kwezvizvarwa zvakapfuura zvemidziyo uye chete ipapo ivo vachachinja. Mabhangi anowanzo kuve neawo akasarudzika mamiriro kuburikidza nematanho ekutaurirana, saka mamiriro azvino eindasitiri haavanetse zvakanyanya. Matambudziko ari pane dzimwe ndege.

Kusiyana nemusika weRussia, SD-WAN iri kuitwa nesimba muEurope. Nzira dzavo dzekukurukurirana dzinodhura, uye naizvozvo makambani eEurope anounza stack yavo kumapoka eRussia. MuRussia, kune kumwe kugadzikana, nekuti mutengo wemachaneti (kunyangwe kana dunhu richidhura zvakapetwa makumi maviri neshanu kupfuura pakati) rinotaridzika zvakajairika uye harimutsi mibvunzo. Gore negore, kune bhajeti risina zvisungo yenzira dzekukurukurirana.

Heino muenzaniso kubva kutsika yenyika, apo kambani yakachengetedza nguva nemari ichishandisa SD-WAN paCisco.

Kune kambani yakadaro - National Instruments. Pane imwe nguva, vakatanga kunzwisisa kuti network yekombiyuta yepasi pose, “yakawanikwa” nokubatanidza nzvimbo 88 pasi rose, yakanga isingashandi. Pamusoro pezvo, kambani yakashaya kugona uye kuita kwemvura yayo inopisa yemumba. Pakanga pasina chiyero pakati pekuenderera mberi kwekambani kukura uye shoma IT bhajeti.

SD-WAN yakabatsira National Instruments kuderedza mutengo weMPLS ne25% (kuchengetedza $450 pakupera kwa2018), kuwedzera bandwidth ne3%.

Nekuda kwekuitwa kweSD-WAN, kambani yakagamuchira yakangwara software-yakatsanangurwa network uye yepakati positi manejimendi kuti iwedzere otomatiki traffic uye kushanda kwekushandisa. Pano apa - Detailed case.

Pano chaipo nyaya inopenga zvachose yekufambisa S7 kune imwe hofisi, apo pakutanga zvese zvakatanga zvakaoma, asi zvinonakidza - zvaive zvakafanira kudzoreredza 1,5 zviuru zviteshi. Asi ipapo chimwe chinhu chakakanganisika uye nekudaro, maadmins akazove ekupedzisira nguva yekupedzisira isati yasvika, paari kunonoka kwese kwakaunganidzwa.

Verenga zvakawanda muChirungu:

• American Banker: Yechishanu Yetatu inodyara mu5-gore network kusimudzira neSD-WAN .
• Kuvaka Cloud SD-WAN kubudirira kuKoch.
• McKesson's SD-WAN Rwendo rweKuchengeta Mutengo .
• SD-WAN Retail PoC & Segmentation: Gap Stores.
• Asi Cisco kudzidza pasi rose pane network mafambiro munyika.

MuchiRussian:

• Pamusoro peCNews.
• Mashandisiro atakaita SD-Access uye nei yaidiwa.
• Network jira reCisco ACI data centre - kubatsira maneja.
• Yakagadzikana chiteshi yakavakirwa pasoftware-yakatsanangurwa SD-WAN network: kugadzirisa matambudziko ekusarudza nzira.
• Yangu email, kana uine chero mibvunzo kana uchida kuyedza mabasa ako panzvimbo yedu, - [email inodzivirirwa].

Source: www.habr.com