Panguva yekunyora chinyorwa ichi, kutsvaga pane yakakurumbira basa saiti yemutsara wekuti "Network Engineer" yakadzosa nzvimbo dzinosvika mazana matatu muRussia yese. Kuenzanisa, kutsvaga kwemutsara wekuti "system administrator" kunodzosera nzvimbo dzinosvika zviuru zviviri nemazana mashanu, uye "DevOps injiniya" - ingangoita mazana masere.
Izvi zvinoreva here kuti manetwork haachadikanwa munguva dzeanokunda makore, Docker, Kubernetes uye ubiquitous yeruzhinji Wi-Fi?
Ngatitarisei (c)
Ngatijairane. Ini ndinonzi Alexey, uye ndiri networker.
Ndanga ndave ndichibatanidzwa mumanetiweki kweanopfuura makore gumi uye ndanga ndichishanda neakasiyana * nix masisitimu kweanopfuura makore gumi nemashanu (ndaive nemukana wekuita tinker neLinux uye FreeBSD). Ndakashanda mune telecom operators, makambani makuru anoonekwa se "bhizinesi", uye nguva pfupi yadarika ndanga ndichishanda mu "vadiki uye vane ushingi" fintech, uko makore, devops, kubernetes uye mamwe mazwi anotyisa anozoita kuti ini nevandinoshanda navo tishaye basa. . Rimwe zuva. Zvingava.
disclaimer: "Muhupenyu hwedu, hazvisi zvose nguva dzose uye kwose kwose, asi chimwe chinhu, dzimwe nguva munzvimbo" (c) Maxim Dorofeev.
Zvese zvakanyorwa pazasi zvinogona uye zvinofanirwa kutariswa semaonero emunhu emunyori, izvo zvisingatauri kuti ichokwadi chekupedzisira, kana kunyange chidzidzo chakazara. Vese mavara ndeekunyepedzera, zvese masanganesa ndeemwe.
Kugamuchirwa kunyika yangu.
Ndekupi kwaungatosangana nema network?
1. Telecom operators, makambani ebasa uye vamwe vanobatanidza. Zvese zviri nyore pano: network kwavari ibhizinesi. Ivo vanogona kutengesa zvakananga kubatana (vashandisi) kana kupa masevhisi ekutanga / kuchengetedza vatengi vavo network.
Pane ruzivo rwakawanda pano, asi kwete mari yakawanda (kunze kwekunge iwe uri mutungamiriri kana mutengesi akabudirira maneja). Uye zvakadaro, kana iwe uchida network, uye iwe uchangotanga rwendo rwako, basa rekutsigira vamwe vasina kunyanyokura mushandisi, kunyangwe ikozvino, richava nzvimbo yakanaka yekutanga (mune federal zvinhu zvese zvakanyorwa, uye ipapo. inzvimbo diki yekusika). Zvakanaka, nyaya dzekuti iwe unogona kukura sei kubva kuinjiniya ari pabasa mumakore mashoma kusvika kune C-level maneja zvakare ari echokwadi, kunyangwe zvisingaite, nekuda kwezvikonzero zviri pachena. Pane nguva dzose kudiwa kwevashandi, nokuti kuchinja kunoitika. Izvi zvakanaka uye zvakaipa panguva imwe chete - panogara paine vacancies, kune rumwe rutivi - kazhinji vanonyanya kushanda / vakangwara vanokurumidza kubva kune kukwidziridzwa kana kune dzimwe nzvimbo, "zvinodziya".
2. Conditional "bhizinesi". Hazvina mhosva kuti basa rake guru rine chekuita neIT here kana kuti kwete. Chinhu chikuru ndechekuti ine dhipatimendi rayo reIT, iyo inovimbisa kushanda kwekambani yemukati masisitimu, kusanganisira network mumahofisi, nzira dzekutaurirana kumapazi, nezvimwe. Mabasa einjiniya wetiweki mumakambani akadaro anogona kuitwa "chikamu-nguva" nesystem administrator (kana network network iri diki kana inobatwa nekontrakta yekunze), uye nyanzvi yetiweki, kana iripo, inogona nguva imwechete tarisa telephony uye SAN (hapana chakanaka). Vanobhadhara zvakasiyana - zvinoenderana zvakanyanya nekubudirira kwebhizinesi, saizi yekambani uye chimiro. Ndakashanda nemakambani uko maCisco masisitimu aigara "akaiswa mumadhiramu", uye nemakambani uko network yakavakwa kubva kune tsvina, tsvimbo uye tepi yebhuruu, uye maseva haana kumbogadziridzwa (zvisina basa kutaura, hapana zvakachengetwa zvakapihwa kana) . Pane zvishoma ruzivo pano, uye zvinenge zviri munharaunda yeakasimba mutengesi-kiya, kana "maitiro ekugadzira chimwe chinhu pasina." Ini pachangu, ndakazviona zvichifinha, kunyangwe vanhu vazhinji vachizvifarira - zvese zvinoyerwa uye zvinofanotaurwa (kana tiri kutaura nezvemakambani makuru), "dorakha-bahato", nezvimwe. Kamwe chete pagore, mumwe mutengesi mukuru anoti vauya neimwe mega-super-duper sisitimu ichaita otomatiki zvese izvozvi uye vese vatariri vehurongwa uye network vanogona kuparadzirwa, vachisiya vaviri vachidzvanya mabhatani mune yakanaka interface. Chokwadi ndechekuti, kunyangwe tikaregeredza mutengo wemhinduro, ma network haazoendi chero kupi kubva ipapo. Hongu, pamwe panzvimbo yekoni pachava zvakare newebhu interface (asi kwete chidimbu chehardware, asi yakakura sisitimu inodzora makumi nemazana ezvimedu zvehardware), asi ruzivo rwe "mabatiro anoita zvinhu zvese mukati" zvicharamba zvakadaro. kudiwa.
3. Makambani echigadzirwa, purofiti inobva mukusimudzirwa (uye, kazhinji, kushanda) kweimwe software kana chikuva - ichocho chigadzirwa. Kazhinji ivo vadiki uye vane hunyanzvi, vachiri kure nehukuru hwemabhizinesi uye kurongeka kwavo. Iko pano kuti iwo ma devops mamwechete, cubers, dockers uye mamwe mazwi anotyisa anowanikwa en masse, izvo zvinozoita kuti network uye network mainjiniya ive isina kufanira rudiment.
Ko networker yakasiyana sei kubva kune system administrator?
Mukunzwisisa kwevanhu kwete kubva kuIT - hapana. Vese vari vaviri vanotarisa pachiratidziro chitema vonyora zvitsinga, dzimwe nguva vachituka chinyararire.
Mukunzwisisa kwevagadziri - pamwe nenzvimbo yezvidzidzo. Vatariri veSistimu vanotungamira maseva, network network inodzora switch uye ma routers. Dzimwe nguva hutungamiri hwakaipa, uye zvinhu zvose zvinowira pasi kune wese. Zvakanaka, kana pane chimwe chinhu chinoshamisa, ma network anewo mhosva. Kungoti fuck iwe, ndosaka.
Kutaura zvazviri, musiyano mukuru ndiyo nzira yekushanda. Zvichida, iri pakati pevanetiweki pane vazhinji vatsigiri ve "Kana ikashanda, usaite!" Sezvo mutemo, chimwe chinhu chinogona kuitwa (mukati memutengesi mumwe) nenzira imwe chete; iyo yese gadziriso yebhokisi iri ipapo muchanza cheruoko rwako. Mutengo wekukanganisa wakakwira, uye dzimwe nguva wakakwira zvakanyanya (semuenzaniso, iwe uchafanirwa kufamba mazana emakiromita kuti utangezve router, uye panguva ino zviuru zvevanhu vanenge vasina kutaurirana - mamiriro akajairika kune telecom opareta) .
Sekuona kwangu, ndosaka mainjiniya etiweki, kune rumwe rutivi, achikurudzirwa zvakanyanya kugadzikana kwetiweki (uye shanduko ndiyo muvengi mukuru wekugadzikana), uye chechipiri, ruzivo rwavo rwunoenda zvakanyanya mukudzika kupfuura muhupamhi (iwe hauite. inoda kukwanisa kumisikidza akawanda emadhimoni akasiyana, iwe unofanirwa kuziva matekinoroji uye kuita kwavo kubva kune yakasarudzika michina inogadzira). Ndosaka maneja wehurongwa akatsvaga nzira yekunyoresa vlan paCisco system haasati ave networker. Uye hazvigoneke kuti achakwanisa kutsigira zvinobudirira (pamwe nekugadzirisa) network yakanyanya kana kushoma.
Asi nei uchida networker kana uine hoster?
Kuti uwane mari yekuwedzera (uye kana iwe uri mutengi akakura uye anodiwa, pamwe kunyangwe yemahara, "seshamwari"), mainjiniya epa data anogadzirisa ma switch ako kuti aenderane nezvido zvako, uye pamwe nekukubatsira iwe kumisikidza BGP interface nevapeji. (kana iwe uine yako subnet ye IP kero yekuzivisa).
Dambudziko guru nderekuti data data haisi yako IT department, ikambani yakaparadzana ine chinangwa chekuita purofiti. Kusanganisira pamutengo wako semutengi. Iyo data data inopa racks, inovapa magetsi uye kutonhora, uye inopawo imwe "default" yekubatanidza kuInternet. Zvichienderana nehurongwa uhu, iyo data data inogona kugamuchira midziyo yako (colocation), kuhaya sevha kwauri (yakatsaurirwa sevha), kana kupa sevhisi inogadziriswa (semuenzaniso, OpenStack kana K8s). Asi bhizinesi renzvimbo yedata (kazhinji) harisi kutonga kwevashandisi vezvivakwa, nekuti maitiro aya anonyanya kushanda, asina kunaka otomatiki (uye mune yakajairwa data data zvese zvinogoneka ndezve otomatiki), zvakabatana zvakatonyanya (mutengi wega wega. munhu wega) uye kazhinji azere nekunyunyuta ("unondiudza sevha yakamiswa, asi iko zvino yapunzika, imhosva yako !!! 111"). Nokudaro, kana muchengeti akakubatsira nechimwe chinhu, achaedza kuita kuti zvive nyore uye zviri nyore sezvinobvira. Nekuti kuita zvakaoma hakubatsiri, zvirinani kubva pakuona kwemitengo yevashandi veinjiniya yeiyi hoster imwechete (asi mamiriro akasiyana, ona disclaimer). Izvi hazvirevi kuti mugadziri achaita zvose zvakaipa. Asi hachisi chokwadi chekuti achaita chaizvo zvawaida chaizvo.
Zvingaita sekuti chinhu chacho chiri pachena, asi kakawanda mukuita kwangu ndakasangana nechokwadi chokuti makambani akatanga kuvimba nemupi wavo wekutambira zvishoma pane zvavanofanira, uye izvi hazvina kutungamira kune chero chinhu chakanaka. Ini ndaifanira kutsanangura kwenguva yakareba uye zvakadzama kuti hapana kana SLA imwe chete yaizovhara kurasikirwa kubva panguva yekuderera (pane zvisizvo, asi kazhinji zvakanyanya, ZVAKANAKA kudhura kune mutengi) uye kuti mugadziri haatomboziva nezve zviri kuitika mukati. zvivakwa zvevatengi (kunze kwezviratidziro zvakanyanya). Uye mugadziri haakugadzirire backups zvakare. Mamiriro acho anotonyanya kuipa kana iwe uine anopfuura mumwe hoster. Kana pane dambudziko pakati pavo, zvirokwazvo havazozive kwauri kuti chii chakashata.
Chaizvoizvo, vavariro pano dzakangofanana nekusarudza "mu-imba admin timu vs outsource". Kana njodzi dzichiverengwa, hutano hunogutsa, uye bhizinesi harina hanya, wadii kuedza. Nekune rimwe divi, iyo network ndeimwe yeanonyanya kukosha maseru ezvivakwa, uye hazvina kukosha kuisiya kune vekunze vakomana kana iwe uchitotsigira zvese zvimwe iwe pachako.
Muzviitiko zvipi panodiwa networker?
Zvadaro tichataura zvakananga nezvemakambani echikafu emazuva ano. Nevashandisi uye bhizinesi, zvese zviri pachena, kuwedzera kana kubvisa - zvishoma zvachinja ipapo mumakore achangopfuura, uye ma network aidiwa ipapo, uye anodiwa izvozvi. Asi neavo "vadiki uye vane ushingi" zvinhu hazvina kunyatsojeka. Kazhinji vanoisa zvivakwa zvavo zvese mumakore, saka ivo havatombodi chaizvo maadmins - kunze kweiyo admins yemakore mamwe chete iwayo, hongu. Zvivako, kune rumwe rutivi, zviri nyore mukugadzirwa kwayo, kune rumwe rutivi, inogadzirwa zvakanaka (inogoneka / puppet, terraform, ci / cd ... zvakanaka, unoziva). Asi kunyange pano pane mamiriro ezvinhu apo iwe haugone kuita pasina network mainjiniya.
Muenzaniso 1, yekare
Ngatiti kambani inotanga nesevha imwe ine yeruzhinji IP kero, iyo iri munzvimbo yedata. Ipapo kune maviri maseva. Zvadaro zvakawanda ... Nokukurumidza kana kuti gare gare, pachava nekudiwa kwehutano hwepachivande pakati pemaseva. Nekuti "yekunze" traffic inoganhurwa zvese nebandwidth (hapana kupfuura 100Mbit / s semuenzaniso) uye nehuwandu hwekurodha / kurodha pamwedzi (akasiyana mahodhi ane mitero yakasiyana, asi bandwidth kune kunze kwenyika kazhinji inodhura zvakanyanya kupfuura a. private network).
Iyo hoster inowedzera mamwe makadhi etiweki kumaseva uye anoasanganisira iwo mukuchinja kwavo mune yakaparadzana vlan. Nzvimbo "yakafuratira" yenzvimbo inoonekwa pakati pemaseva. Comfortable!
Huwandu hwemaseva huri kukura, uye traffic pane yakavanzika network iri kukura zvakare - backups, kudzokorora, nezvimwe. Iyo hoster inopa kukufambisa iwe mune akasiyana switch kuti usakanganise nevamwe vatengi, uye ivo vasakukanganisa iwe. Iyo hoster inoisa dzimwe switch uye neimwe nzira inodzigadzirisa - kazhinji, ichisiya imwe flat network pakati pesevha dzako. Zvese zvinoshanda nemazvo, asi pane imwe nguva matambudziko anotanga: kunonoka pakati pevatenzi nguva nenguva kunowedzera, matanda anonyunyuta nezveakawandisa arp mapakeji pasekondi, uye panguva yekuongorora pentester yakabira network yako yese yemuno, ichipwanya sevha imwe chete.
Chii chaunofanira kuita?
Gurai network muzvikamu - vlans. Gadzirisa yako kero mune yega yega vlan, sarudza gedhi rinoendesa traffic pakati pemanetiweki. Gadzirisa acl pagedhi kudzikamisa kupinda pakati pezvikamu, kana kutoisa imwe firewall padyo.
Muenzaniso 1, wakaenderera
Masevha akabatana neLAN netambo imwe. Maswichi mumaraki akabatana neimwe nzira, asi kana paine tsaona mune imwe rack, mamwe matatu ari padyo anodonha. Zvirongwa zviripo, asi pane kusahadzika pamusoro pekukosha kwavo. Sevha yega yega ine kero yayo yeruzhinji, iyo inopihwa neaiti uye yakasungirirwa kune rack. Avo. Kana uchifambisa sevha, kero inofanira kuchinjwa.
Chii chaunofanira kuita?
Batanidza maseva uchishandisa LAG (Link Aggregation Boka) netambo mbiri kune switch mune rack (idzo dzinodawo kuve dzisina basa). Chengetedza hukama pakati pema racks, shandura iwo kurudzi rwe "nyeredzi" (kana ikozvino fashoni CLOS), kuitira kuti kurasikirwa kweimwe rack kusakanganisa vamwe. Sarudza "central" racks umo network core ichave iripo uye uko mamwe racks achabatanidzwa. Panguva imwecheteyo, isa hurukuro yeruzhinji muhurongwa, tora kubva kune hoster (kana kubva kuRIR, kana zvichibvira) subnet, iyo iwe pachako (kana kuburikidza nehoster) inozivisa kunyika.
Zvese izvi zvinogona kuitwa ne "akajairika" system maneja asina ruzivo rwakadzama rwemanetiweki? Handina chokwadi. Ko muridzi achaita izvi here? Zvichida zvichadaro, asi iwe unozoda yakadzama yakatsanangurwa tekinoroji yakatarwa, iyo mumwe munhu anozodawo kudhirowa. wobva watarisa kuti zvese zvaitwa nemazvo.
Muenzaniso 2: Cloud
Ngatiti iwe une VPC mune rimwe gore reruzhinji. Kuti uwane mukana kubva kuhofisi kana pa-prem chikamu chezvivakwa kune network yemuno mukati meVPC, unofanirwa kugadzirisa chinongedzo kuburikidza neIPSec kana chiteshi chakatsaurirwa. Kune rimwe divi, IPSec yakachipa, nekuti hapana chikonzero chekutenga imwe hardware; unogona kuseta mugero pakati pesevha yako ine kero yeruzhinji uye gore. Asi - kunonoka, kuita kushoma (sezvo chiteshi chinofanirwa kuvharwa), pamwe nekubatanidza kusingatariswe (sezvo kuwana kuri kuburikidza neInternet yenguva dzose).
Chii chaunofanira kuita?
Simudza chinongedzo kuburikidza nechiteshi chakazvitsaurira (semuenzaniso, AWS inoidaidza kuti Direct Connect). Kuti uite izvi, tsvaga shamwari inoshanda iyo inokubatanidza iwe, sarudza pane yekubatanidza nzvimbo iri padyo newe (newe kune opareta uye opareta kune gore), uye, pakupedzisira, isa zvese kumusoro. Zvinoita here kuita zvese izvi pasina network mainjiniya? Chokwadi hongu. Asi nzira yekugadzirisa nayo pasina iye kana matambudziko haachanyatsojeka.
Panogonawo kunge paine matambudziko nekuwanikwa pakati pemakore (kana uine multicloud) kana matambudziko nekunonoka pakati pematunhu akasiyana, nezvimwe. Ehe, ikozvino maturusi mazhinji akaonekwa anowedzera kujeka kwezviri kuitika mugore (iyo yakafanana Maziso Ane Chiuru), asi aya ese maturusi einjiniya wetiweki, uye kwete kutsiva iye.
Ini ndaigona kudhirowa gumi nemaviri mimwe mienzaniso yakadai kubva pakuita kwangu, asi ndinofunga zviri pachena kuti timu, kutanga kubva kune imwe nhanho yekuvandudzwa kwezvivakwa, inofanirwa kuve nemunhu (zvichida anopfuura mumwechete) anoziva mashandiro anoita network uye anogona kugadzirisa. network zvishandiso uye kugadzirisa matambudziko kana amuka. Nditendei, achava nechimwe chinhu chokuita
Chii chinofanira kuziva networker?
Izvo hazvina kudikanwa zvachose (uye kunyangwe, dzimwe nguva, zvinokuvadza) kune network injinjini yekubata chete netiweki uye hapana chimwe chinhu. Kunyangwe isu tisingatarise sarudzo ine zvivakwa zvinogara zvakazara mugore reruzhinji (uye, chero zvingataurwa nemunhu, zviri kuramba zvichizivikanwa), uye tora, semuenzaniso, pazvivakwa kana makore akavanzika, uko. pa "CCNP-level ruzivo chete" "Iwe hausi kuzoenda.
Pamusoro pe, muchokwadi, ma network - kunyangwe kuchingori nzvimbo isingaperi yekudzidza, kunyangwe iwe uchingotarisa pane imwe chete nzvimbo (vanopa network, mabhizinesi, nzvimbo dzedata, Wi-Fi ...)
Ehe, vazhinji venyu mucharangarira Python uye imwe "network otomatiki", asi izvi zvinongodiwa, asi kwete mamiriro akakwana. Kuti injiniya yetiweki "ibudirire kujoinha timu," anofanirwa kukwanisa kutaura mutauro mumwechete nevagadziri uye vaanoshanda navo / devs. Zvinorevei?
- kukwanisa kwete kungoshanda muLinux semushandisi, asiwo kuitungamira, zvirinani padanho resysadmin-jun: isa iyo inodiwa software, tangazve sevhisi yakakundikana, nyora iri nyore systemd-unit.
- Nzwisisa (zvishoma mumashoko akajairwa) kuti network stack inoshanda sei muLinux, mashandiro anoita network muma hypervisors uye midziyo (lxc / docker / kubernetes).
- Ehe, kugona kushanda neanonzwisisika/chef/puppet kana imwe SCM system.
- Mutsetse wakasiyana unofanirwa kunyorwa nezve SDN uye network yemakore akavanzika (semuenzaniso, TungstenFabric kana OpenvSwitch). Ichi ndicho chimwe chikamu chikuru chezivo.
Muchidimbu, ndakatsanangura yakajairika T-chimiro nyanzvi (sezvo zviri fashoni kutaura ikozvino). Zvinoita senge hapana chitsva, asi zvichibva paruzivo rwekubvunzurudza, havasi vese mainjiniya etiweki vanogona kuzvirumbidza neruzivo rwemisoro miviri kubva pane iri pamusoro. Mukuita, kushaikwa kweruzivo "mune minda yakabatana" kunoita kuti zviome zvakanyanya kwete chete kutaurirana nevaunoshanda navo, asiwo kunzwisisa zvinodiwa izvo bhizinesi rinoisa pane network, seyakaderera-chikamu cheiyo purojekiti. Uye pasina kunzwisisa uku, zvinowedzera kuoma kudzivirira maonero ako uye "kutengesa" kune bhizinesi.
Kune rimwe divi, tsika imwechete ye "kunzwisisa mashandiro anoita sisitimu" inopa network mukana wakanaka kwazvo pamusoro peakasiyana "generalists" vanoziva nezve tekinoroji kubva kuzvinyorwa paHabrΓ© / yepakati uye kutaura paTeregiramu, asi vasina kana ruzivo rwekuita sei. misimboti inoita izvi kana kuti software inoshanda pairi? Uye ruzivo rwemamwe mapatani, sezvinozivikanwa, zvinobudirira kutsiva ruzivo rwezvinhu zvakawanda.
Mhedziso, kana kuti TL; DR
- Mutariri wetiweki (senge DBA kana VoIP mainjiniya) inyanzvi ine chimiro chakatetepa (kusiyana nesystem administrator/devs/SRE), iyo inoda iyo isingamuke nekukasira (uye inogona kusamuka kwenguva yakareba, chokwadi) . Asi kana zvikaitika, hazvigone kutsiviwa nehunyanzvi hwekunze (outsource kana vakajairwa-chinangwa vatariri, "vanotarisirawo network"). Chinotonyanya kusiririsa ndechekuti kudiwa kwenyanzvi dzakadai kudiki, uye, zvine mamiriro, mukambani ine 800 programmers uye 30 devops/administrator, panogona kunge paine ma network maviri chete anoita basa rakanaka nemabasa avo. Avo. musika waive uye wakanyanya, mudiki, uye nemuhoro wakanaka - kunyangwe kushoma.
- Nekune rimwe divi, network yakanaka munyika yemazuva ano haifanire kuziva chete network pachayo (uye maitiro ekugadzirisa magadzirirwo awo), asiwo kuti masisitimu anoshanda uye software inomhanya pamusoro peaya network inodyidzana sei navo. Pasina izvi, zvichave zvakanyanya kuoma kunzwisisa izvo vamwe vako vari kukumbira kwauri uye kuburitsa (nemusoro) zvishuwo zvako / zvaunoda kwavari.
- Iko hakuna gore, ingori komputa yemumwe munhu. Iwe unofanirwa kunzwisisa kuti kushandisa yeruzhinji / yakavanzika makore kana masevhisi eanopa mupi "anoitira zvese kwauri pane turnkey hwaro" haichinje chokwadi chekuti application yako ichiri kushandisa network, uye matambudziko nayo anozokanganisa kushanda kwe. chikumbiro chako. Sarudzo yako ndipo pachange paine nzvimbo yehunyanzvi, inova ine mutoro kune network yepurojekiti yako.
Source: www.habr.com