Nerubatsiro rwechimedu chemashiripiti cheCisco ACI script, unogona kukurumidza kuseta network.
Iyo network fekitori yeCisco ACI data center yave iripo kwemakore mashanu, asi HabrΓ© haana chaakataura nezvazvo, saka ndakasarudza kugadzirisa zvishoma. Ini ndichakuudza kubva pane zvangu zvandakaona kuti chii, chinoshandiswa chii uye kuti ine raki kupi.
Chii uye chakabva kupi?
Pakazosvika nguva ACI (Application Centric Infrastructure) yakaziviswa muna 2013, vakwikwidzi vakanga vachifambira mberi nenzira dzechinyakare kune data data network kubva kumativi matatu kamwechete.
Kune rimwe divi, "chizvarwa chekutanga" SDN mhinduro dzakavakirwa paOpenFlow yakavimbisa kuita kuti network iwedzere kushanduka uye yakachipa panguva imwe chete. Pfungwa yaive yekufambisa kuita sarudzo yagara ichiitwa neproprietary switch software kune yepakati controller.
Uyu mutongi aizova nechiratidzo chimwe chete chezvose zvinoitika uye, zvichibva pane izvi, aizoronga hardware yekuchinja kwese pamwero wemitemo yekugadzirisa kuyerera kwakananga.
Kune rimwe divi, overlay network mhinduro dzakaita kuti zvikwanise kuita inodiwa yekubatanidza uye chengetedzo marongero pasina chero shanduko mune yemuviri network zvachose, kuvaka software tunnel pakati pevakagadziridzwa mauto. Muenzaniso unonyanya kuzivikanwa weiyi nzira waive Nicira, uyo panguva iyoyo akange atotengwa neVMWare nemadhora 1,26 bhiriyoni uye akapa mukana weiyo VMWare NSX. Imwe piquancy yemamiriro ezvinhu yakawedzerwa nenyaya yekuti co-muvambi waNicira vaive vanhu vakafanana vakambomira pamavambo eOpenFlow, izvozvi vachiti kuti vavake fekitori yedata. .
Uye pakupedzisira, kushandura machipisi anowanikwa pamusika wakavhurika (inonzi vatengesi nesilicon) vasvika padanho rekukura kwavave kutyisidzira chaiko kune vagadziri vechinyakare switch. Kana pakutanga mutengesi wega wega akazvimiririra akagadzira machipisi ekuchinja kwayo, zvino nekufamba kwenguva, machipisi kubva kune vechitatu-bato vagadziri, kunyanya kubva kuBroadcom, vakatanga kudzikisa chinhambwe nevatengesi machipisi maererano nemabasa, uye vakapfuura iwo maererano nemutengo / kuita reshiyo. Naizvozvo, vazhinji vakatenda kuti mazuva ekuchinja machipisi echigadzirwa chavo akaverengerwa.
ACI yave Cisco's "asymmetric response" (kunyanya, kambani yayo yeInsieme, yakavambwa nevaimbova vashandi vayo) kune zvese zviri pamusoro.
Ndeupi musiyano neOpenFlow?
Panyaya yekugovera mabasa, ACI ndiyo inopesana neOpenFlow.
MuOpenFlow architecture, mutongi ane basa rekunyora yakadzama mitemo (inoyerera)
mu Hardware yezvese switch, ndiko kuti, mune yakakura network, inogona kuve nebasa rekuchengetedza uye, zvinonyanya kukosha, kushandura makumi emamiriyoni ezvinyorwa pamazana emapoinzi mumambure, saka kuita kwayo uye kuvimbika kunova bhodhoro mu kushandiswa kukuru.
ACI inoshandisa nzira yekudzokera kumashure: hongu, kune zvakare mutongi, asi ma switch anogashira epamusoro-danho rekuzivisa marongero kubva kwairi, uye switch yacho pachayo inoita kupa kwavo mune mamwe magadzirirwo ezvakananga muhardware. Iyo controller inogona kudzoserwa kana kudzimwa zvachose, uye hapana chakaipa chichaitika kune network, kunze kwekunge, chokwadi, kushaikwa kwekutonga panguva ino. Sezvineiwo, kune mamiriro muACI umo OpenFlow ichiri kushandiswa, asi munharaunda mukati memugadziri weOpen vSwitch programming.
ACI yakavakirwa zvachose paVXLAN-yakavakirwa pamusoro pekutakura, asi inosanganisira yepasi IP yekufambisa sechikamu cheimwe mhinduro. Cisco yakadana iri izwi rekuti "yakabatanidzwa pamusoro". Senzvimbo yekugumisira yekufukidzira muACI, kazhinji, mafekitori ekuchinja anoshandiswa (vanoita izvi nekumhanya kwekubatanidza). Hondo hazvidikanwi kuziva chero chinhu pamusoro pefekitari, encapsulation, nezvimwewo, zvisinei, mune dzimwe nguva (somuenzaniso, kubatanidza OpenStack mauto), VXLAN traffic inogona kuunzwa kwavari.
Kufukidzira kunoshandiswa muACI kwete chete kupa inochinjika yekubatanidza kuburikidza netiweki yekufambisa, asiwo kuendesa metainformation (inoshandiswa, semuenzaniso, kushandisa mitemo yekuchengetedza).
Chips kubva kuBroadcom aimboshandiswa naCisco mune Nexus 3000 akateedzana switch. Iyo switch yakashandisa panguva imwe chete iyo itsva Broadcom Trident 9000 chip uye inopindirana chip yakagadziriswa neCisco, iyo inoshandisa ese mashiripiti eACI. Sezviri pachena, izvi zvakaita kuti zvikwanise kukurumidza kubudiswa kwechigadzirwa uye kuderedza mutengo wekutengesa kune imwe nhanho iri pedyo nemuenzaniso inongobva paTrident 2. Iyi nzira yakanga yakakwana kwemakore maviri kana matatu ekutanga ekutakura kweACI. Munguva ino, Cisco yakagadzira uye yakatanga chizvarwa chinotevera Nexus 2 pamachipisi ayo ane mamwe maitiro uye maficha akaiswa, asi pamutengo mumwe chete. Zvinyorwa zvekunze maererano nekudyidzana mufekitari zvakachengetedzwa zvachose. Panguva imwecheteyo, kuzadza kwemukati kwakachinja zvachose: chimwe chinhu chakafanana nekugadzirisa, asi chesimbi.
Iyo Cisco ACI Architecture Inoshanda
Muchiitiko chakareruka, ACI yakavakirwa pamusoro peiyo topology yeKlose network, kana, sezvavanowanzo kutaura, Spine-Leaf. Spine-level switches inogona kubva kune mbiri (kana imwe, kana isu tisina hanya nekutadza kushivirira) kusvika matanhatu. Saizvozvo, iyo yakawanda yavo, iyo yakakwira kukanganisa kushivirira (iyo yakaderera bandwidth uye kuvimbika kuderedzwa kana njodzi kana kuchengetedza kweimwe Spine) uye kuita kwese. Zvese zvekunze zvinongedzo zvinoenda kune shizha-level switch: aya maseva, uye docking ane ekunze network kuburikidza neL2 kana L3, uye yekubatanidza APIC controllers. Kazhinji, neACI, kwete kungogadzirisa chete, asiwo nhamba yezviverengero, kutarisa kukundikana, uye zvichingodaro - zvose zvinoitwa kuburikidza nekubatana kwevatongi, izvo kune zvitatu mumasikirwo akaenzana.
Iwe haufanirwe kubatanidza kune switch neiyo console, kunyangwe kutanga network: iyo controller pachayo inoona switch uye inounganidza fekitori kubva kwavari, kusanganisira marongero eese mapuroteni ebasa, saka, nenzira, zvakakosha kuti nyora pasi nhamba dzesiriyamu dzemidziyo iri kuiswa panguva yekuiswa, kuitira kuti gare gare haufanirwe kufungidzira kuti ndeipi switch iri mune rack iripo. Kugadzirisa matambudziko, kana zvichidikanwa, unogona kubatana kune switch kuburikidza neSSH: ivo vanogadzira yakajairwa Cisco show mirairo zvakanyatsonaka.
Mukati, fekitari inoshandisa IP yekufambisa, saka hapana Spanning Tree uye zvimwe zvinotyisa zvekare mazviri: zvese zvinongedzo zvinobatanidzwa, uye convergence kana kukanganisa kunokurumidza. Iyo traffic mumucheka inofambiswa kuburikidza nematanho akavakirwa paVXLAN. Zvakanyanya, Cisco pachayo inodaidza iVXLAN encapsulation, uye inosiyana neyakajairwa VXLAN pakuti iyo yakachengetwa minda mumusoro wetiweki inoshandiswa kuendesa ruzivo rwesevhisi, kunyanya nezvehukama hwetraffic kuboka reEPG. Izvi zvinokutendera kuti uite mitemo yekudyidzana pakati pemapoka mumidziyo, uchishandisa nhamba dzawo nenzira imwecheteyo semakero anoshandiswa mune zvakajairika kuwana zvinyorwa.
Tunnels inobvumira zvose L2 zvikamu uye L3 zvikamu (kureva VRF) kuti zvitambanudzwe kuburikidza nemukati IP yekufambisa. Muchiitiko ichi, gedhi rekutanga rinogoverwa. Izvi zvinoreva kuti imwe neimwe switch ine basa rekufambisa traffic ichipinda mumucheka. Panyaya ye traffic flow logic, ACI yakafanana neVXLAN/EVPN jira.
Kana zvakadaro, ndezvipi zvakasiyana? Zvimwe zvese!
Musiyano wekutanga waunosangana nawo neACI ndeyekuti maseva akabatana sei kune network. Mumagariro echinyakare, kuisirwa kwemasevha ese emuviri uye chaiwo michina inoenda kuVLANs, uye zvimwe zvese zvinotamba kubva kwavari: kubatana, chengetedzo, nezvimwe. MuACI, dhizaini inoshandiswa iyo Cisco inodana EPG (End-point Group), kubva iyo. hakuna kwaungaenda. Kunyangwe zvichibvira kuenzanisa neVLAN? Hongu, asi munyaya iyi pane mukana wekurasikirwa nezvakawanda izvo ACI inopa.
Nezve EPG, mitemo yose yekuwana inogadzirwa, uye muACI, "white list" nheyo inoshandiswa nekusingaperi, kureva kuti, motokari chete inobvumirwa, iyo nzira inobvumirwa zvakajeka. Ndiko kuti, tinogona kugadzira mapoka e "Web" uye "MySQL" EPG uye kutsanangura mutemo unobvumira kutaurirana pakati pavo chete pachiteshi 3306. Izvi zvichashanda pasina kusungirirwa kune network kero uye kunyange mukati me subnet imwechete!
Tine vatengi vakasarudza ACI chaizvo nekuda kwechinhu ichi, sezvo ichikubvumidza iwe kurambidza kupinda pakati pesevha (chaiyo kana chemuviri - hazvina basa) pasina kuvazvuva pakati pema subnets, zvinoreva kuti usingabatanidze kero. Hongu, hongu, tinoziva kuti hapana anonyora kero dzeIP mukugadzirisa kwekushandisa neruoko, handiti?
Mitemo yetraffic muACI inonzi zvibvumirano. Muchibvumirano chakadaro, rimwe kana mamwe mapoka kana mazinga mune akawanda-tier application anova mupi webasa (ti, sevhisi yedatabase), vamwe vanova mutengi. Chibvumirano chinogona kungopfuura traffic, kana inogona kuita chimwe chinhu chinonyangadza, semuenzaniso, kutungamira kune firewall kana balancer, uye zvakare shandura kukosha kweQoS.
Maseva anopinda sei mumapoka aya? Kana aya ari maseva emuviri kana chimwe chinhu chinosanganisirwa munetiweki iripo yatakagadzira trunk yeVLAN, saka kuti uiise muEPG, iwe uchafanirwa kunongedza kune switch port uye VLAN inoshandiswa pairi. Sezvauri kuona, maVLAN anooneka kwausingakwanise kuita pasina iwo.
Kana maseva ari mashini chaiwo, saka zvakakwana kutaura kune yakabatana virtualization nharaunda, uye ipapo zvese zvichaitika zvega: boka rechiteshi richagadzirwa (maererano neVMWare) kubatanidza iyo VM, iyo inodiwa VLAN kana VXLAN ichagadzirwa. kugoverwa, ivo vachanyoreswa pane zvinodiwa switch ports, etc. Saka, kunyange zvazvo ACI yakavakirwa kumativi ehutano hwemuviri, zvisungo zvemaseva chaiwo zvinotarisa zviri nyore kudarika zvepanyama. ACI yatove neyakavakirwa-mukati yekubatanidza neVMWare uye MS Hyper-V, pamwe nerutsigiro rweOpenStack uye RedHat Virtualization. Kubva pane imwe nguva zvichienda mberi, yakavakirwa-mukati tsigiro yemapuratifomu emidziyo yakaonekwa zvakare: Kubernetes, OpenShift, Cloud Foundry, nepo zvine chekuita nekushandiswa kwemitemo uye kutarisa, kureva kuti, maneja maneja anogona kuona nekukurumidza kuti ndeapi mapodhi anoshanda paari uye. mapoka api avanowira.
Pamusoro pekuverengerwa mune rimwe boka rechiteshi, maseva chaiwo ane zvimwe zvivakwa: zita, hunhu, nezvimwe, izvo zvinogona kushandiswa senzira yekuzviendesa kune rimwe boka, toti, kana VM yatumidzwa zita kana imwe tag inoonekwa mukati. it. Cisco inodaidza aya madiki-segmentation mapoka, kunyangwe, zvakakura, dhizaini pachayo nekugona kugadzira akawanda ekuchengetedza zvikamu muchimiro cheEPGs pane imwecheteyo subnet zvakare iri diki-segmentation. Zvakanaka, mutengesi anoziva zviri nani.
EPGs pachezvawo zvigadziriso zvine musoro, zvisina kusungirirwa kune chaidzo switch, maseva, nezvimwe, saka iwe unogona kuita zvinhu navo uye nekuvaka zvichibva pazviri (zvikumbiro uye maroja) izvo zvakaoma kuita mune zvakajairika network, senge cloning. Nekuda kweizvozvo, ngatitii zviri nyore kwazvo kuumba nharaunda yekugadzira kuitira kuti uwane nharaunda yekuyedza iyo yakavimbiswa kufanana neyakagadzirwa nharaunda. Iwe unogona kuzviita nemaoko, asi zviri nani (uye zviri nyore) kuburikidza neAPI.
Kazhinji, iyo yekutonga logic muACI haina kutombofanana nezvaunowanzo kusangana nazvo
mumatanho echinyakare kubva kune imwecheteyo Cisco: iyo software interface ndiyo yekutanga, uye iyo GUI kana CLI ndeyechipiri, sezvo ivo vanoshanda kuburikidza neiyo API imwechete. Naizvozvo, anenge munhu wese anobatanidzwa mu ACI, mushure mechinguva, anotanga kufambisa iyo chinhu modhi inoshandiswa kune manejimendi uye otomatiki chimwe chinhu kuti chikwane zvavanoda. Nzira iri nyore yekuita izvi inobva kuPython: kune maturusi akagadzirira-akagadzirirwa ayo.
Promised rake
Dambudziko guru nderekuti zvinhu zvakawanda muACI zvinoitwa zvakasiyana. Kuti utange kushanda nayo zvakajairika, unofanirwa kudzidzira zvakare. Izvi ndezvechokwadi kunyanya kune zvikwata zvekushanda kwetiweki muvatengi vakakura, uko mainjiniya anga "achiraira maVLAN" kwemakore pakukumbira. Icho chokwadi chekuti maVLAN hachisiri maVLAN, uye haufanire kugadzira maVLAN neruoko kuti uise ma network matsva muvatambi vakabatikana, inoputira denga kubva kune echinyakare network uye inoita kuti vanamatire kune yavanoziva nzira. Izvo zvinofanirwa kucherechedzwa kuti Cisco yakaedza kutapira piritsi zvishoma uye yakawedzera "NXOS-yakafanana" CLI kune controller, iyo inokutendera iwe kuti uite configuration kubva kune interface yakafanana neyechinyakare switch. Asi zvakadaro, kuti utange kushandisa ACI kazhinji, unofanirwa kunzwisisa kuti inoshanda sei.
Panyaya yemutengo, pazvikero zvakakura uye zvepakati, ma ACI network haatombosiyana kubva kune echinyakare network paCisco midziyo, sezvo machinjiro akafanana anoshandiswa kuvavaka (Nexus 9000 inogona kushanda muACI uye mune yechinyakare modhi uye yave ikozvino huru. "workhorse" yemapurojekiti matsva epa data). Asi kune data nzvimbo dzema switch maviri, kuvapo kwevatongi uye Spine-Leaf architecture, hongu, vanoita kuti vanzwe. Munguva pfupi yapfuura, fekitori yeMini ACI yakaonekwa, umo vaviri vevatatu vatongi vanotsiviwa nemashini chaiwo. Izvi zvinoderedza mutsauko mumutengo, asi unoramba uripo. Saka kune mutengi, sarudzo inotaridzwa nekuwanda kwaanofarira mune zvekuchengetedza maficha, kubatanidzwa ne virtualization, imwe pfungwa yekutonga, zvichingodaro.
Source: www.habr.com