Chimiro chaunogona kubata mulabhu yedu kana uchida.
SD-WAN uye SD-Access nzira mbiri dzakasiyana dzevaridzi yekuvaka network. Mune ramangwana, ivo vanofanirwa kubatanidzwa mune imwechete yakavharira network, asi kusvika zvino varikusvika chete. Pfungwa ndeiyi: tora network kubva kuma1990 uye buritsa ese anodiwa zvigamba uye maficha pairi, pasina kumirira kuti ive nyowani yakavhurika mwero mune mamwe makore gumi.
SD-WAN ndeye SDN chigamba kune akagoverwa bhizinesi network. Kutakura kwakaparadzana, kutonga kwakaparadzana, saka kutonga kunorerutswa.
Pros - nzira dzese dzekutaurirana dzinoshandiswa zvakanyanya, kusanganisira iyo yekuchengetedza. Pane kufambiswa kwemapakiti kune maapplication: chii, kuburikidza neipi chiteshi uye neinonyanya kukosha. Maitiro akareruka ekutumira mapoinzi matsva: pachinzvimbo chekuburitsa config - kungotsanangura kero yeCisco server muInternet yakakura, KROK data center kana mutengi, uko magadzirirwo anotorwa zvakananga kune yako network.
SD-Access (DNA) ndiyo otomatiki yenzvimbo manejimendi manejimendi: kumisikidza kubva pane imwe nzvimbo, masvikiro, mushandisi-ane hushamwari nzvimbo. Muchokwadi, imwe network inovakwa neimwe yekufambisa padanho reprotocol pamusoro peyako, uye kuenderana nenetiweki yekare kunovimbiswa pamiganhu yeperimeter.
Tichabatawo neizvi pasi apa.
Ikozvino mamwe maratidziro pamabhenji ekuyedza mulabhu yedu, kuti inotaridzika sei uye inoshanda sei.
Ngatitangei neSD-WAN. Zvinhu zvakakosha:
- Kurerutsa kutumirwa kwemapoinzi matsva (ZTP) - inofungidzirwa kuti iwe neimwe nzira unodyisa poindi kero yeseva nezvirongwa. Iyo poindi inogogodza pairi, inogamuchira iyo config, inoiburitsa kunze uye inobatidza mune yako control panel. Izvi zvinoita kuti Zero-Touch Provisioning (ZTP). Kuti uendese mudziyo wekupedzisira, injinjiniya yetiweki haidi kuenda kune saiti. Chinhu chikuru ndechekubatidza mudziyo nenzira kwayo pane saiti uye kubatanidza tambo dzese kwairi, ipapo midziyo ichabatana neiyo system pachayo. Unogona kurodha zvigadziriso kuburikidza neDNS mibvunzo mugore remutengesi kubva kune yakabatana USB drive, kana unogona kuvhura hyperlink kubva palaptop yakabatana kune mudziyo kuburikidza neWi-Fi kana Ethernet.
- Kurerutsa kwemaitiro network manejimendi - gadziriso kubva kumatemplate, marongero epasirese, akarongedzerwa nechepakati kwemapazi mashanu, angangoita 5. Zvese kubva panzvimbo imwe. Kuti udzivise rwendo rurefu - iri nyore sarudzo yekudzokera otomatiki kune yakapfuura kumisikidzwa.
- Chishandiso-chikamu chetraffic manejimendi - kuve nechokwadi chemhando uye nguva dzose kuvandudzwa kwemasaini ekushandisa. Mitemo inogadziriswa uye yakatenderedzwa nechepakati (hapana chikonzero chekunyora uye kugadzirisa mamepu enzira kune yega yega router, sepakutanga). Unogona kuona kuti ndiani anotumira chii, kupi.
- Network segmentation. Yakazvimiririra yakasarudzika VPNs pamusoro pese zvivakwa, imwe neimwe iine yayo nzira. Nekutadza, traffic pakati pavo yakavharwa, unogona kuvhura mukana chete kune anonzwisisika marudzi etraffic mune inonzwisisika network node, semuenzaniso, kupfuudza zvese kuburikidza nehombe firewall kana proxy.
- Kuonekwa munhoroondo yekuita network - mashandisiro akaita maapplication nemachaneli. Inobatsira kwazvo pakuongorora nekugadzirisa mamiriro ezvinhu kunyangwe vashandisi vasati vatanga kunyunyuta nezve kusagadzikana kwekuita kwekushandisa.
- Kuonekwa nemachaneli - akakosha mari here, ita vaviri vakasiyana vanoshanda vanouya kwauri pasaiti, kana kuti vanonyatso pfuura nenetiweki imwechete uye kusvibisa / kudonha panguva imwe chete.
- Kuonekwa kwegore mashandisirwo uye kutungamira traffic kuburikidza nedzimwe nzira dzakavakirwa pairi (Cloud Onramp).
- Chimwe chidimbu chehardware chine router uye firewall (kunyanya, NGFW). Zvishoma hardware zvinoreva kuti zvakachipa kuendesa bazi idzva.
Zvikamu uye zvivakwa zveSD-WAN mhinduro
Midziyo yekugumisa ndeye WAN routers, inogona kunge iri hardware kana virtual.
Orchestrators chishandiso chekutarisira network. Ivo vanogadzirisa magumo emidziyo parameter, traffic routing marongero, uye kuchengetedza kushanda. Configs inogamuchirwa iyo inotumirwa otomatiki kuburikidza netiweki yekudzora kune node. Mukufanana, orchestrator inoteerera kunetiweki uye inotarisisa kuwanikwa kwemidziyo, zviteshi, nzira dzekutaurirana, uye kurodha.
Zvishandiso zveAnalytics. Ivo vanogadzira mishumo yakavakirwa padhata yakaunganidzwa kubva kumidziyo yekupedzisira: nhoroondo yemhando yechiteshi, mashandisirwo etiweki, kuwanikwa kwenode, nezvimwe.
Vatongi vane basa rekushandisa marongero ekufambisa traffic kune network. Analogue yavo yepedyo mumatanho echinyakare ndiyo BGP Route Reflector. Mitemo yepasi rose inogadziriswa nemutungamiriri muorchestrator inoita kuti vatongi vachinje kuumbwa kwematafura avo ekufambisa uye kutumira ruzivo rwakagadziridzwa kumagumo emidziyo.
Chii chinopihwa neIT sevhisi kubva kuSD-WAN:
- Iyo backup chiteshi inogara ichishandiswa (kwete isina kuita). Iyo yakachipa, sezvo maviri matete chiteshi anogona kubvumidzwa.
- Kuchinja otomatiki kwetraffic application pakati pezviteshi.
- Nguva yeMutungamiriri: unogona kugadzira network pasi rose, pachinzvimbo chekukambaira uchitenderedza chidimbu chega chega chehardware chine configs.
- Kumhanya kwemapazi matsva kunowedzera zvakanyanya.
- Kudzikira zvishoma paunenge uchitsiva midziyo yakafa.
- Kurumidza kugadzirisa zvakare network kune masevhisi matsva.
Bhizinesi rinowanei kubva kuSD-WAN:
- Yakavimbiswa kushanda kwebhizinesi zvikumbiro pane yakagoverwa network, kusanganisira neyakavhurika Internet nzira. Izvi ndezvekufanotaura kwebhizinesi.
- Rutsigiro rwepakarepo rwemabhizinesi matsva maapplication mukati mese network yakagoverwa, zvisinei nehuwandu hwemapazi. Izvi ndezvekumhanya kwebhizinesi.
- Kurumidza uye kwakachengeteka kubatana kwemapazi munzvimbo dziri kure uchishandisa chero tekinoroji yekubatanidza (Internet iri kwese kwese, asi mitsara yakatsaurirwa uye VPN haisi). Izvi ndezvekushanduka kwebhizinesi pakusarudza nzvimbo.
- Iyi inogona kunge iri purojekiti ine kuendesa uye kutumwa, kana inogona kunge iri sevhisi.
nemari yemwedzi nemwedzi kubva kukambani yeIT, telecom opareta kana gore opareta. Chero zvakakunakira.
Mabhenefiti ebhizinesi eSD-WAN anogona kunge akasiyana zvachose, semuenzaniso, mumwe mutengi akatiudza kuti maneja wepamusoro akakumbira mutsara wakananga nevashandi vese vekambani ine zviuru zvakawanda uye kugona kuendesa zvirimo.
Kwatiri, kwaive "kushanda kwemauto." Panguva iyoyo, takanga tava kugadzirisa dambudziko rekusimudzira KSPD. Uye kana isu tikanzwisisa kuti isu tinofanirwa kugadziridza michina, uye tekinoroji stack yafambira mberi, nei tichifanira kugadziridza matekinoroji mamwe chete nemasevhisi kana tikakwanisa kuenda mberi.
SD-WAN yakaiswa pa-saiti ne enikeis. Izvi zvakakosha kumapazi ari kure, uko panogona kunge pasina yakajairika admin. Itumire netsamba, iti: "Batanidza tambo 1 mubhokisi 1, tambo 2 mubhokisi 2, uye usazvisanganisa! Usazvisanganisa, #@$@%!" Uye kana vakasazvisanganisa, iyo mudziyo pachayo inobatanidza kune yepakati sevha, inotora uye inoshandisa magadzirirwo ayo, uye iyi hofisi inova chikamu chekambani yakachengeteka network. Zvakanaka kana iwe usinga fanire kufamba uye zviri nyore kupembedza mubhajeti.
Uye heino dhizaini yekumira:
Mimwe mienzaniso yezvirongwa:
Policy - mitemo yepasi rose yekutarisira traffic. Kugadzirisa mutemo.
Activate traffic management policy.
Misa gadziriso yeakakosha mudziyo paramita (IP kero, DHCP madziva).
Application Performance Monitoring Screenshots
Zvekushandisa zvemufu.
Details for Office365.
Zveku-prem application. Nehurombo, hatina kukwanisa kuwana chero zvikumbiro zvine zvikanganiso pachimire yedu (FEC Recovery rate iri zero kwese kwese).
Pamusoro pezvo, kuita kwematanho ekufambisa data.
Ndeipi hardware inotsigirwa paSD-WAN
1. Hardware mapuratifomu:
- Cisco vEdge routers (yaimbova Viptela vEdge) inoshandisa Viptela OS.
- Integrated Services Router (ISR) 1 uye 000 akatevedzana ma routers anomhanya IOS XE SD-WAN.
- Aggregation Services Router (ASR) 1 Series inoshandisa IOS XE SD-WAN.
2. Virtual mapuratifomu:
- Cloud Services Router (CSR) 1v inoshandisa IOS XE SD-WAN.
- vEdge Cloud Router inoshandisa Viptela OS.
Virtual mapuratifomu anogona kuiswa paCisco x86 computing mapuratifomu akadai se Enterprise Network Compute System (ENCS) 5 Series, Unified Computing System (UCS), uye Cloud Services Platform (CSP) 000 Series. Virtual mapuratifomu anogona zvakare kumhanya pane chero x5 chishandiso chinoshandisa hypervisor seKVM kana VMware ESi.
Maitiro ekuburitsa mudziyo mutsva
Rondedzero yemidziyo ine rezinesi yekutumirwa inotorwa kubva kune smart account muCisco kana kurodha se CSV faira. Ini ndichaedza kuwana mamwe mascreenshots gare gare, isu hatina chero michina mitsva yekutumirwa izvozvi.
Kutevedzana kwematanho mudziyo unofamba nawo kana waiswa.
Maitiro ekuburitsa mudziyo mutsva / gadziriso yekuendesa nzira
Isu tinonyoresa zvishandiso muSmart Account.
Unogona kurodha CSV faira, kana rimwe nerimwe:
Zadza mudziyo parameters:
Tevere, muvManage, tinowiriranisa iyo data neiyo Smart Account. Chishandiso ichi chinoonekwa pane rondedzero:
Mune yekudonha-pasi menyu yakatarisana nemudziyo, tinya Gadzira Bootstrap Configuration
uye tinowana yekutanga config:
Iyi config inoda kupihwa kune mudziyo. Nzira iri nyore ndeyekubatanidza flash drive nefaira rakachengetwa rakanzi ciscosd-wan.cfg kune mudziyo. Paunotanga, mudziyo uchatsvaga iyi faira.
Mushure mekugamuchira iyo yekutanga gadziriso, mudziyo uchakwanisa kusvika kune orchestrator uye ugamuchire yakazara gadziriso kubva ipapo.
Ngatitarisei kuSD-Access (DNA)
SD-Access inorerutsa kumisikidzwa kwemadoko uye kodzero dzekuwana dzekubatanidza mushandisi. Izvi zvinoitwa uchishandisa wizards. Port paramita dzakaiswa maererano nemapoka "Administrator", "Accounting", "Printers", uye kwete kuVLAN uye IP subnets. Izvi zvinoderedza kukanganisa kwakabatana nechinhu chemunhu. Kana, semuenzaniso, kambani ine matavi mazhinji muRussia, uye hofisi yepakati yakawandisa, saka SD-Access inobvumidza iwe kugadzirisa mamwe matambudziko munharaunda. Semuenzaniso, matambudziko akafanana nekugadzirisa dambudziko.
Nekuchengetedza ruzivo, zvakakosha kuti SD-Access itore kupatsanurwa kwakajeka kwevashandisi nemidziyo mumapoka uye tsananguro yemitemo yekudyidzana pakati pavo, mvumo kune chero mutengi wekubatanidza kunetiweki uye nekuona "kodzero dzekuwana" mukati metiweki. Kana iwe ukatevera nzira iyi, kutonga kunova nyore.
Maitiro ekutanga emahofisi matsva zvakare akarerutswa nekuda kwePlug-and-Play vamiririri mune switch. Iko hakuna chikonzero chekumhanya uchitenderedza muchinjiko-unobatanidza nekoni, kana kutoenda kune saiti.
Heano mimwe mienzaniso yekugadzirisa:
General status.
Zviitiko zvinofanirwa kuongororwa nemutungamiriri.
Kurudziro otomatiki pane zvekuchinja muma configs.
SD-WAN Integration Roadmap ine SD-Access
Ndakanzwa kuti Cisco ine zvirongwa zvakadaro - SD-WAN uye SD-Access. Izvi zvinofanirwa kudzikisira zvakanyanya kunetsa kwekutonga kugoverwa kwenzvimbo uye maCSDC emuno.
vManage (SD-WAN orchestrator) inotungamirirwa neAPI kubva kuDNA Center (SD-Access controller).
Micro- uye macro-segmentation marongero akaiswa mepu seinotevera:
Padanho repakeji, zvinoita seizvi:
Ndiani anofunga nezve izvi?
Isu tanga tichishanda neSD-WAN kubva 2016 mune imwe murabhoritari yakasiyana, kwatinoedza mhinduro dzakasiyana dzezvinodiwa zvekutengesa, mabhangi, zvekufambisa uye indasitiri.
Isu tinotaurirana zvakanyanya nevatengi chaivo.
Ndinogona kutaura kuti kutengesa kwave kutoedza nechivimbo SD-WAN, uye vamwe vari kuita izvi nevatengesi (kazhinji neCisco), asi kunewo avo vari kuedza kugadzirisa nyaya yacho pachavo: vari kunyora shanduro yavo yepurogiramu, iyo yakafanana mukushanda kune SD-WAN.
Wese munhu anoda kuuya kune yepakati manejimendi yezvese zoo yemidziyo neimwe nzira. Iyi ndiyo imwe pfungwa yekutonga kune isiri-yakajairwa kuisirwa uye yakajairwa kune vakasiyana vatengesi uye akasiyana matekinoroji. Zvakakosha kuderedza basa rekushanda, nokuti izvi, kutanga, zvinoderedza dambudziko rekukanganisa kwevanhu pakugadzira michina, uye chechipiri, inosunungura zviwanikwa zvebasa reIT kugadzirisa mamwe matambudziko. Kazhinji, kunzwisiswa kwezvinodiwa kunouya kubva kureba kwenguva refu yekuvandudza kutenderera munyika yose. Uye, semuenzaniso, kana kutengesa kunotengesa doro, saka inoda kugara ichitaurirana kutengesa. Iyo yekuvandudza kana kudzika mukati mezuva inobata zvakananga mari.
Zvino, vatengesi vane kunzwisisa kwakajeka kweapi mabasa IT ichashandisa SD-WAN ye:
- Kukurumidza kutumira (kunowanzodiwa paLTE kusati kwasvika mupi wetambo, kazhinji inodiwa kuti poindi nyowani igadzirwe nemutungamiriri muguta pasi pechibvumirano chemutemo wehurumende, uye ipapo nzvimbo yacho yakangotarisa nekuigadzirisa).
- Centralized control, kutaurirana kune mhiri kwemakungwa zvivakwa.
- Kuderedza mutengo we telecom.
- Akasiyana-siyana ekuwedzera masevhisi (DPI maficha anoita kuti zvikwanise kuunza traffic kubva kune yakakosha maapplication senge marejista emari pane zvakakosha).
- Shanda nemachanera otomatiki, kwete nemaoko.
Uye kune zvakare kuyedzwa kwekuteerera - munhu wese anotaura nezvazvo zvakanyanya, asi hapana anozviona sedambudziko. Kuchengeta kuti zvese zvinoshanda nemazvo zvinoshandawo nemazvo mune iyi paradigm. Vazhinji vanotenda kuti iyo yese network tekinoroji musika ichafamba nenzira iyi.
Mabhangi, IMHO, ari kuyedza SD-WAN zvakanyanya sechinhu chitsva chetekinoroji. Ivo vakamirira kupera kwekutsigirwa kwezvizvarwa zvakapfuura zvemidziyo uye chete ipapo ivo vachachinja. Mabhangi anowanzo kuve neawo akasarudzika mamiriro maererano nematanho ekutaurirana, saka mamiriro aripo eindastiri haavanetse zvakanyanya. Zvinetso zviri mune dzimwe nzvimbo.
Kusiyana nemusika weRussia, SD-WAN iri kuitwa nesimba muEurope. Nzira dzavo dzekukurukurirana dzinodhura, uye naizvozvo makambani eEurope anounza stack yavo kumapoka eRussia. MuRussia, kune kumwe kugadzikana, nokuti mari yezviteshi (kunyangwe nzvimbo yacho inodhura ka25 kupfuura pakati) inotaridzika yakajairika uye haimutsi mibvunzo. Gore negore, bhajeti yenzira dzekufambisa mashoko inogoverwa pasina zvisungo.
Heino muenzaniso kubva kutsika yepasirese, apo kambani yakachengetedza nguva nemari nekuda kweSD-WAN paCisco.
Kune kambani yakadaro - National Instruments. Pane imwe nguva, vakatanga kunzwisisa kuti pasi rose computing network, "yakawanikwa" semugumisiro wekubatana kwe88 nzvimbo pasi rose, yakanga isingabatsiri. Mukuwedzera, kambani yakashaya bandwidth uye kushanda kweWAN. Pakanga pasina chiyero pakati pekuenderera mberi kwekambani uye iyo shoma IT bhajeti.
SD-WAN yakabatsira National Instruments kudzikisa mutengo weMPLS ne25% ($450K mukuchengetedza 2018) uku ichiwedzera bandwidth ne3%.
Nekushandisa SD-WAN, kambani yakawana ine hungwaru software-yakatsanangurwa network uye nechepakati pemitemo manejimendi kuti ikwidze otomatiki traffic uye kushanda kwekushandisa. - Detailed case.
nyaya yakapenga zvachose yeS7 ichienda kune imwe hofisi, apo pakutanga zvinhu zvese zvakatanga zvakaoma, asi zvinonakidza - zvaive zvakafanira kudzoreredza 1,5 zviuru zviteshi. Asi ipapo chimwe chinhu chakakanganisika uye nekudaro maadmins akazove ekupedzisira nguva yekupedzisira isati yasvika, paari kunonoka kwese kwakawira.
Verenga zvakawanda muChirungu:
- .
- .
- .
- .
- Asi pane network mafambiro munyika.
MuchiRussian:
- .
- .
- .
- .
- Yangu email, kana uine chero mibvunzo kana uchida kuedza mabasa ako pachigadziko chedu, is mkazakov@croc.ru.
Source: www.habr.com
