ProHoster > Ibhulogi > Ulawulo > Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ukusukela ngo-Agasti 2017, xa uCisco wafumana iViptela, itekhnoloji ephambili enikezelweyo yokuququzelela uthungelwano lwamashishini asasazwayo iye yaba. Cisco SD-WAN. Kwiminyaka emi-3 edlulileyo, itekhnoloji ye-SD-WAN idlule kwiinguqu ezininzi, zombini umgangatho kunye nobungakanani. Ke, ukusebenza kwandiswe kakhulu kwaye inkxaso ivele kwii-router zakudala zolu chungechunge I-Cisco ISR 1000, ISR 4000, ASR 1000 kunye ne-Virtual CSR 1000v. Kwangaxeshanye, abathengi abaninzi beCisco kunye namaqabane ayaqhubeka ezibuza: yintoni umahluko phakathi kweCisco SD-WAN kunye neendlela esele ziqhelekile ezisekelwe kubuchwephesha obufana ne Cisco DMVPN ΠΈ Cisco Performance Routing kwaye ibaluleke kangakanani le yantlukwano?

Apha kufuneka ngokukhawuleza senze ugcino ukuba ngaphambi kokufika kwe-SD-WAN kwipotfoliyo yeCisco, i-DMVPN kunye ne-PfR yenze inxalenye ephambili kwi-architecture. UCisco IWAN (Ukrelekrele WAN), eyathi yona yaba ngumanduleli weteknoloji ye-SD-WAN epheleleyo. Ngaphandle kokufana okuqhelekileyo kwemisebenzi yomibini esonjululwe kunye neendlela zokuyicombulula, i-IWAN ayizange ifumane inqanaba lokuzenzekelayo, ukuguquguquka kunye nokulinganisa okuyimfuneko kwi-SD-WAN, kwaye ngokuhamba kwexesha, uphuhliso lwe-IWAN lwehla kakhulu. Ngelo xesha, iteknoloji eyenza i-IWAN ayizange ihambe, kwaye abathengi abaninzi baqhubeka besebenzisa ngempumelelo, kubandakanywa nezixhobo zanamhlanje. Ngenxa yoko, kuye kwavela imeko enomdla - izixhobo zeCisco ezifanayo zikuvumela ukuba ukhethe iteknoloji ye-WAN efanelekileyo kakhulu (i-classic, i-DMVPN + PfR okanye i-SD-WAN) ngokuhambelana neemfuno kunye nokulindela kwabathengi.

Inqaku alizimisele ukuhlalutya ngokweenkcukacha zonke iimpawu zeCisco SD-WAN kunye ne-DMVPN teknoloji (kunye okanye ngaphandle kweNdlela yokuSebenza) - kukho isixa esikhulu samaxwebhu akhoyo kunye nezixhobo zale nto. Owona msebenzi uphambili kukuzama ukuvavanya umahluko ophambili phakathi kobu buchwepheshe. Kodwa ngaphambi kokuba siqhubele phambili sixoxa ngalo mahluko, makhe sikhumbule ngokufutshane ezo teknoloji ngokwazo.

Yintoni iCisco DMVPN kwaye kutheni ifuneka?

I-Cisco DMVPN isombulula ingxaki ye-dynamic (= scalable) uxhulumaniso lwenethiwekhi yesebe ekude kwinethiwekhi ye-ofisi ephakathi yeshishini xa usebenzisa iintlobo ezingabonakaliyo zeendlela zonxibelelwano, kuquka i-Intanethi (= nge-encryption yeshaneli yonxibelelwano). Ngobuchwephesha, oku kuqondwa ngokudala uthungelwano oluluqilima lwe-L3 ye-VPN yeklasi kwimowudi ye-point-to-multipoint kunye ne-topology enengqiqo yohlobo lwe-"Star" (Hub-n-Spoke). Ukufezekisa oku, i-DMVPN isebenzisa indibaniselwano yezi teknoloji zilandelayo:

  • IP umzila
  • Iitonela ezininzi ze-GRE (mGRE)
  • I-Next Hop Resolution Protocol (NHRP)
  • Iiprofayili ze-IPSec Crypto

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Zeziphi iingenelo eziphambili zeCisco DMVPN xa kuthelekiswa nendlela yakudala usebenzisa amajelo e-MPLS VPN?

  • Ukudala inethiwekhi ye-interbranch, kunokwenzeka ukusebenzisa nawaphi na amajelo onxibelelwano - nantoni na enokubonelela nge-IP uxhumano phakathi kwamasebe afanelekileyo, ngelixa i-traffic iya kubhalwa ngekhowudi (apho kuyimfuneko) kunye nokulinganisela (apho kunokwenzeka)
  • Itopology edityaniswe ngokupheleleyo phakathi kwamasebe yenziwa ngokuzenzekelayo. Kwangaxeshanye, kukho iitonela ezimile phakathi kwesebe eliphakathi kunye nelikude, kunye neetonela eziguquguqukayo ezifunwa phakathi kwamasebe akude (ukuba kukho itrafikhi)
  • Iirotha zesebe eliphakathi kunye nelikude linobumbeko olufanayo ukuya kwiidilesi ze-IP zojongano. Ngokusebenzisa i-mGRE, akukho mfuneko yokumisela amashumi, amakhulu, okanye amawaka etonela. Ngenxa yoko, i-scalability ehloniphekileyo kunye noyilo oluchanekileyo.

Yintoni iCisco Performance Routing kwaye kutheni ifuneka?

Xa usebenzisa i-DMVPN kwinethiwekhi yesebe, omnye umbuzo obaluleke kakhulu uhlala ungasonjululwanga - njani ukuvavanya ngamandla imeko nganye yeetonela zeDMVPN ukuthotyelwa kweemfuno zetrafikhi ezibalulekileyo kumbutho wethu kwaye, kwakhona, ngokusekwe kuvavanyo olunjalo, ukwenza ngamandla. Isigqibo sokubuyisela umzila? Inyani yeyokuba i-DMVPN kule nxalenye ihluke kancinci kwindlela yakudala - eyona nto ingcono enokwenziwa kukuqwalasela iindlela zeQoS eziza kukuvumela ukuba ubeke phambili i-traffic kwicala eliphumayo, kodwa ayinakukwazi ukuthathela ingqalelo imeko ye-QoS. yonke indlela ngexesha elinye okanye elinye.

Kwaye yintoni enokuyenza ukuba umjelo uthotywa ngokuyinxenye kwaye kungekhona ngokupheleleyo - indlela yokufumanisa nokuvavanya oku? I-DMVPN ngokwayo ayikwazi ukwenza oku. Ukuqwalasela ukuba iziteshi ezidibanisa amasebe zinokudlula kubaqhubi be-telecom abahluke ngokupheleleyo, besebenzisa itekhnoloji eyahlukileyo ngokupheleleyo, lo msebenzi uba yinto encinci kakhulu. Kwaye kulapho iteknoloji yeCisco Performance Routing isiza khona, ngelo xesha yayisele idlule kwizigaba ezininzi zophuhliso.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Umsebenzi weCisco Performance Routing (emva koku iPfR) yehla ekulinganisa ubume beendlela (iitonela) zetrafikhi esekelwe kwiimetriki eziphambili ezibalulekileyo kwizicelo zenethiwekhi - latency, latency variation (jitter) kunye nokulahleka kwepakethi (ipesenti). Ukongezelela, i-bandwidth esetyenzisiweyo inokulinganiswa. Le milinganiselo yenzeke ngokusondeleyo kwixesha langempela ngokusemandleni kwaye ngokufanelekileyo, kwaye umphumo wale milinganiso uvumela i-router esebenzisa i-PfR ukuba yenze izigqibo malunga nesidingo sokutshintsha umzila wale nto okanye uhlobo lwetrafikhi.

Ke, umsebenzi wodibaniso lweDMVPN/PfR unokuchazwa ngokufutshane ngolu hlobo lulandelayo:

  • Vumela umthengi ukuba asebenzise nawaphi na amajelo onxibelelwano kwinethiwekhi ye-WAN
  • Qinisekisa owona mgangatho uphezulu unokwenzeka wezicelo ezibalulekileyo kula matshaneli

Yintoni iCisco SD-WAN?

I-Cisco SD-WAN iteknoloji esebenzisa indlela ye-SDN yokudala nokusebenza kwenethiwekhi ye-WAN yombutho. Oku ngokukodwa kuthetha ukusetyenziswa kwezinto ezibizwa ngokuba ngabalawuli (izinto zesoftware), ezibonelela nge-orchestration ephakathi kunye noqwalaselo oluzenzekelayo lwazo zonke iinxalenye zesisombululo. Ngokungafaniyo ne-canonical SDN (i-Clean Slate style), i-Cisco SD-WAN isebenzisa iindidi ezininzi zabalawuli, nganye eyenza indima yayo - oku kwenziwa ngenjongo ukwenzela ukubonelela nge-scalability engcono kunye ne-geo-redundancy.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Kwimeko ye-SD-WAN, umsebenzi wokusebenzisa naziphi na iintlobo zamajelo kunye nokuqinisekisa ukusebenza kwezicelo zoshishino zihlala zifana, kodwa kwangaxeshanye, iimfuno zokuzenzekelayo, ukulinganisa, ukhuseleko kunye nokuguquguquka kwenethiwekhi enjalo yandisa.

Ingxoxo yeeyantlukwano

Ukuba ngoku siqala ukuhlalutya iyantlukwano phakathi kobu buchwepheshe, baya kuwela kolunye lwezi ndidi zilandelayo:

  • Umahluko wokwakha - ihanjiswa njani imisebenzi kumacandelo ahlukeneyo esisombululo, intsebenziswano yamacandelo anjalo ihlelwe njani, kwaye oku kuchaphazela njani amandla kunye nokuguquguquka kwethekhnoloji?
  • Ukusebenza - yintoni enye iteknoloji enokuyenza engenakukwazi ukuyenza enye? Yaye ngaba ngokwenene ibaluleke ngolo hlobo?

Ziziphi iiyantlukwano zezakhiwo kwaye zibalulekile?

Nganye kwezi teknoloji zineenxalenye ezininzi "ezihambayo" ezingafaniyo kuphela kwiindima zabo, kodwa kunye nendlela abasebenzisana ngayo. Indlela le migaqo icingelwa ngayo kwaye ubuxhakaxhaka besisombululo bumisela ngokuthe ngqo ubungakanani bayo, ukunyamezela iimpazamo kunye nokusebenza kakuhle.

Makhe sijonge kwiinkalo ezahlukeneyo zoyilo ngokweenkcukacha ezithe vetshe:

Idatha-inqwelomoya – inxalenye yesisombululo esinoxanduva lokuhambisa i-traffic yomsebenzisi phakathi komthombo kunye nommkeli. I-DMVPN kunye ne-SD-WAN ziphunyezwa ngokubanzi ngokufanayo kwiirutha ngokwazo ngokusekelwe kwiitonela ze-Multipoint GRE. Umahluko yindlela iseti eyimfuneko yeeparamitha zala matonela enziwa ngayo:

  • Π² DMVPN/PfR luluhlu olukhethekileyo lwemigangatho emibini yoluhlu lweendawo ezineNkwenkwezi okanye iHub-n-Spoke topology. Ukucwangciswa okuzinzileyo kwe-Hub kunye nokubophelela okumileyo kwe-Spoke kwi-Hub kuyafuneka, kunye nokusebenzisana nge-NHRP protocol ukwenza uqhagamshelwano lwe-data-plane. Ngenxa yoko, ukwenza utshintsho kwi-Hub kunzima kakhuluenxulumene, umzekelo, ekutshintsheni/ukudibanisa amajelo amatsha eWAN okanye ukutshintsha iparameters zezikhoyo.
  • Π² I-SD-WAN ngumzekelo oguquguqukayo ngokupheleleyo wokubona iiparamitha zetonela ezifakiweyo ezisekelwe kwinqwelomoya yolawulo (i-OMP protocol) kunye ne-orchestration-plane (intsebenziswano kunye nomlawuli we-vBond wokubhaqwa komlawuli kunye nemisebenzi ye-NAT ejikelezayo). Kule meko, nayiphi na i-toplogies ephezulu ingasetyenziswa, kubandakanywa ne-hierarchical. Kwi-toploji yetonela esekiweyo, ulungelelwaniso oluguquguqukayo lwe-logical topology kumntu ngamnye VPN(VRF) lunokwenzeka.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ukulawula-inqwelomoya -imisebenzi yotshintshiselwano, ukuhluza kunye nokuguqulwa kwendlela kunye nolunye ulwazi phakathi kwamacandelo esisombululo.

  • Π² DMVPN/PfR -Iqhutywa kuphela phakathi kwe-Hub kunye ne-Spoke routers. Utshintshiselwano ngokuthe ngqo ngolwazi lwendlela phakathi kweeSpokes akunakwenzeka. Ngenxa yoko, Ngaphandle kwe-Hub esebenzayo, i-control-plane kunye nedatha-plane ayikwazi ukusebenza, ebeka iimfuno ezongezelelweyo zokufumaneka okuphezulu kwi-Hub engenakuhlala ihlangatyezwa.
  • Π² I-SD-WAN Ulawulo-inqwelomoya ayinakwenziwa ngokuthe ngqo phakathi kweerotha-unxibelelwano lwenzeka ngokwesiseko seprotocol ye-OMP kwaye ngokuyimfuneko luqhutywa ngohlobo olulodwa olulodwa lomlawuli we-vSmart, obonelela ngamathuba okulinganisa, ugcino lwe-geo kunye nolawulo oluphakathi umthwalo wophawu. Olunye uphawu lweprotocol ye-OMP kukuchasana okubalulekileyo kwilahleko kunye nokuzimela kwisantya sonxibelelwano kunye nabalawuli (ngaphakathi kwemida efanelekileyo, ngokuqinisekileyo). Ekuvumela ngokulinganayo ukuba ubeke abalawuli be-SD-WAN kumafu kawonkewonke okanye abucala kunye nokufikelela kwi-Intanethi.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ipolisi-inqwelomoya - inxalenye yesisombululo esinoxanduva lokuchaza, ukusabalalisa kunye nokusebenzisa imigaqo-nkqubo yolawulo lwezithuthi kwinethiwekhi esasazwayo.

  • I-DMVPN - inqunyelwe ngokufanelekileyo ngumgangatho wenkonzo (QoS) imigaqo-nkqubo elungiselelwe ngabanye kwi-router nganye nge-CLI okanye i-Prime Infrastructure templates.
  • DMVPN/PfR – Imigaqo-nkqubo ye-PfR yenziwe kwi-router yoMlawuli oyiNtloko (i-MC) ephakathi nge-CLI kwaye emva koko isasazwe ngokuzenzekelayo kwii-MC zesebe. Kule meko, iindlela ezifanayo zokudlulisa umgaqo-nkqubo zisetyenziswa njenge-data-plane. Akunakwenzeka ukwahlula ukutshintshiselana kwemigaqo-nkqubo, ulwazi lomzila kunye nedatha yomsebenzisi. Ukusasazwa komgaqo-nkqubo kufuna ubukho boqhagamshelwano lwe-IP phakathi kwe-Hub kunye ne-Spoke. Kule meko, umsebenzi we-MC unako, ukuba kuyimfuneko, udibaniswe ne-router ye-DMVPN. Kuyenzeka (kodwa akufuneki) ukusebenzisa i-Prime Infrastructure templates ukuveliswa komgaqo-nkqubo kwindawo enye. Into ebalulekileyo kukuba umgaqo-nkqubo wenziwa kwihlabathi jikelele kuthungelwano ngendlela efanayo - Imigaqo-nkqubo yomntu ngamnye yecandelo ngalinye ayixhaswanga.
  • I-SD-WAN – ulawulo lwezithuthi kunye nomgangatho wemigaqo-nkqubo yeenkonzo zimiselwa kwindawo ephakathi ngojongano lwemizobo yeCisco vManage, efikelelekayo nakwi-Intanethi (ukuba kuyimfuneko). Zisasazwa ngeendlela zokubonisa ngokuthe ngqo okanye ngokungathanga ngqo ngabalawuli be-vSmart (kuxhomekeke kuhlobo lomgaqo-nkqubo). Abaxhomekekanga kwi-data-plane uxhumano phakathi kwee-routers, kuba sebenzisa zonke iindlela ezikhoyo zetrafikhi phakathi komlawuli kunye nomzila.

    Kumacandelo ahlukeneyo womnatha, kunokwenzeka ukuqulunqa imigaqo-nkqubo eyahlukeneyo ngokuguquguqukayo - ububanzi bomgaqo-nkqubo bunqunywe ngamanqaku amaninzi ahlukeneyo anikezelwe kwisisombululo - inombolo yesebe, uhlobo lwesicelo, ulwalathiso lwendlela, njl.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Iokhestra-plane - iindlela ezivumela amacandelo ukuba abonane ngokuguquguqukayo, ukuqwalasela nokulungelelanisa ukusebenzisana okulandelayo.

  • Π² DMVPN/PfR Ukufunyanwa okufanayo phakathi kwee-routers kusekelwe kuqwalaselo olungatshintshiyo lwezixhobo zeHub kunye noqwalaselo oluhambelanayo lwezixhobo ze-Spoke. Ukufunyanwa kwe-Dynamic kwenzeka kuphela kwi-Spoke, ebika iiparamitha zoqhagamshelo lwe-Hub kwisixhobo, esithi sona siqwalaselwe kwangaphambili nge-Spoke. Ngaphandle koqhagamshelo lwe-IP phakathi kwe-Spoke kunye nobuncinci be-Hub enye, akunakwenzeka ukwenza nokuba yi-data-plane okanye i-control-plane.
  • Π² I-SD-WAN i-orchestration yamacandelo esisombululo kwenzeka kusetyenziswa isilawuli se-vBond, apho icandelo ngalinye (ii-router kunye nabalawuli be-vManage/vSmart) kufuneka baqale baseke uqhagamshelwano lwe-IP.

    Ekuqaleni, amacandelo awazi malunga neeparamitha zoqhagamshelo zomnye nomnye - kuba zifuna i-orchestrator ye-vBond ephakathi. Umgaqo jikelele umi ngolu hlobo lulandelayo - icandelo ngalinye kwisigaba sokuqala lifunda (ngokuzenzekelayo okanye ngokwezibalo) kuphela malunga neeparamitha zoqhagamshelwano kwi-vBond, emva koko i-vBond yazisa i-router malunga ne-vManage kunye ne-vSmart controllers (efunyenwe ngaphambili), eyenza kube nokwenzeka ukuseka ngokuzenzekelayo. yonke imidibaniso efunekayo yomqondiso.

    Inyathelo elilandelayo lelokuba i-router entsha ifunde malunga nezinye iirutha kwinethiwekhi ngonxibelelwano lwe-OMP kunye nomlawuli we-vSmart. Ngaloo ndlela, i-router, ngaphandle kokuqala ukwazi nantoni na malunga neeparitha zenethiwekhi, iyakwazi ukubona ngokuzenzekelayo kwaye idibanise kubalawuli kwaye iphinde ibone ngokuzenzekelayo kwaye ifake uqhagamshelwano kunye nezinye ii-routers. Kule meko, iiparameters zokudityaniswa kwawo onke amacandelo awaziwa ekuqaleni kwaye zinokutshintsha ngexesha lokusebenza.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ulawulo-inqwelomoya – inxalenye yesisombululo esibonelela ngolawulo olusembindini kunye nokubeka iliso.

  • DMVPN/PfR – akukho sisombululo sikhethekileyo solawulo-moya sinikwayo. Kwisiseko esizenzekelayo kunye nokubeka iliso, iimveliso ezifana neCisco Prime Infrastructure zingasetyenziswa. Umzila ngamnye unamandla okulawulwa ngomgca womyalelo we-CLI. Ukudibanisa kunye neenkqubo zangaphandle nge-API azinikezelwanga.
  • I-SD-WAN – konke ukusebenzisana rhoqo kunye nokubekw' esweni kwenziwa embindini kusetyenziswa ujongano lwegraphical yesilawuli se-vManage. Zonke iimpawu zesisombululo, ngaphandle kokukhetha, ziyafumaneka ukuze ziqwalaselwe ngokusebenzisa i-vManage, kunye nelayibrari ye-REST API ebhalwe ngokupheleleyo.

    Zonke izicwangciso zenethiwekhi ye-SD-WAN kwi-vManage yehla kwizakhiwo ezibini eziphambili - ukubunjwa kweetemplates zesixhobo (Isifanekiso seSixhobo) kunye nokuqulunqwa komgaqo-nkqubo omisela ingqiqo yokusebenza kwenethiwekhi kunye nokulungiswa kwetrafikhi. Ngexesha elifanayo, i-vManage, ukusasaza umgaqo-nkqubo owenziwe ngumlawuli, ikhetha ngokuzenzekelayo ukuba yiyiphi inguqu kunye neziphi izixhobo zomntu ngamnye / abalawuli ekufuneka benziwe, okwandisa kakhulu ukusebenza kunye nokunciphisa isisombululo.

    Ngokusebenzisa ujongano lwe-vManage, kungekuphela nje uqwalaselo lweCisco SD-WAN isisombululo esikhoyo, kodwa kunye nokubeka iliso ngokupheleleyo kwimeko yazo zonke iinxalenye zesisombululo, ukuya kuthi ga kwimo yangoku yeemetrics zetonela ngalinye kunye nezibalo malunga nokusetyenziswa kwezicelo ezahlukeneyo. ngokusekelwe kuhlalutyo lweDPI.

    Nangona i-centralization yentsebenziswano, onke amacandelo (abalawuli kunye nee-routers) nabo banomgca womyalelo we-CLI osebenza ngokupheleleyo, oyimfuneko kwinqanaba lokuphunyezwa okanye kwimeko engxamisekileyo yokuxilongwa kwendawo. Kwimo yesiqhelo (ukuba kukho umjelo womqondiso phakathi kwamacandelo) kwii-routers, umgca womyalelo ufumaneka kuphela kwi-diagnostics kwaye awufumaneki ukwenza utshintsho lwendawo, oluqinisekisa ukhuseleko lwendawo kunye nomthombo kuphela weenguqu kwinethiwekhi enjalo vManage.

Ukhuseleko oluDityanisiweyo - apha asifanele sithethe kuphela malunga nokukhuselwa kwedatha yomsebenzisi xa ihanjiswa phezu kwamajelo avulekileyo, kodwa kunye nokhuseleko olupheleleyo lwenethiwekhi ye-WAN esekelwe kwi-teknoloji ekhethiweyo.

  • Π² DMVPN/PfR Kuyenzeka ukubethela idatha yomsebenzisi kunye neeprothokholi zokubonisa. Xa usebenzisa iimodeli ezithile ze-router, imisebenzi ye-firewall kunye nokuhlolwa kwe-traffic, i-IPS/IDS ziyafumaneka ezongezelelweyo. Kuyenzeka ukwahlula iinethiwekhi zesebe usebenzisa iVRF. Kuyenzeka ukuqinisekisa (into enye) iiprothokholi zolawulo.

    Kule meko, i-router ekude ithathwa njengento ethembekileyo yenethiwekhi ngokungagqibekanga - i.e. iimeko zokuthomalalisa ngokomzimba kwezixhobo zomntu kunye nethuba lokufikelela okungagunyaziswanga kuzo azicingelwanga okanye zithathelwe ingqalelo akukho zingqinisiso ezimbini zamacandelo esisombululo, kwimeko yothungelwano olusasazwa ngokwejografi; inokuthwala imingcipheko eyongezelelweyo ebalulekileyo.

  • Π² I-SD-WAN ngokufaniswa ne-DMVPN, ukukwazi ukubethela idatha yomsebenzisi kunikezelwa, kodwa ngokukhuselwa kwenethiwekhi okwandisiweyo kakhulu kunye nemisebenzi ye-L3 / VRF yecandelo (i-firewall, i-IPS / i-IDS, i-URL yokucoca, i-DNS filtering, i-AMP / TG, i-SASE, i-TLS / i-SSL proxy, njl) d.). Ngexesha elifanayo, ukutshintshiselana kwezitshixo ze-encryption zenziwa ngokufanelekileyo ngokusebenzisa abalawuli be-vSmart (kunokuba ngokuthe ngqo), ngokusebenzisa iziteshi zomqondiso ezisele zisekwe ezikhuselwe yi-DTLS/TLS encryption esekelwe kwizatifikethi zokhuseleko. Olunye luqinisekisa ukhuseleko lotshintshiselwano olunjalo kwaye luqinisekisa ukulinganisa okungcono kwesisombululo ukuya kumashumi amawaka ezixhobo kuthungelwano olufanayo.

    Zonke izixhumanisi zokubonisa (i-controller-to-controller, isilawuli-router) nazo zikhuselwe ngokusekelwe kwi-DTLS / TLS. Ii-routers zixhotyiswe ngezatifikethi zokhuseleko ngexesha lemveliso kunye nokwenzeka kokutshintshwa / ukwandiswa. Ukuqinisekiswa kwezinto ezimbini kufezekiswa ngokunyanzeliswa kunye nokuzaliseka kwangaxeshanye kweemeko ezimbini ze-router / umlawuli ukuba asebenze kwinethiwekhi ye-SD-WAN:

    • Isiqinisekiso sokhuseleko esisebenzayo
    • Ukubandakanywa okucacileyo kunye nokuqonda ngumlawuli wecandelo ngalinye kuluhlu "olumhlophe" lwezixhobo ezivunyelwe.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Umahluko osebenzayo phakathi kwe-SD-WAN kunye ne-DMVPN/PfR

Ukuqhubela phambili kwingxoxo yeeyantlukwano zokusebenza, kufuneka kuqatshelwe ukuba uninzi lwazo luqhubekeko lwezokwakha - akusiyo imfihlo ukuba xa besenza i-architecture yesisombululo, abaphuhlisi baqala kwizakhono abafuna ukuzifumana ekugqibeleni. . Makhe sijonge eyona yantlukwano ibalulekileyo phakathi kobu buchwepheshe bumbini.

I-AppQ (Umgangatho weSicelo) - imisebenzi yokuqinisekisa umgangatho wokuhanjiswa kwetrafikhi yesicelo seshishini

Imisebenzi ephambili yobuchwephesha obucatshangelwayo ijolise ekuphuculeni amava omsebenzisi kangangoko kunokwenzeka xa usebenzisa izicelo ezibalulekileyo zeshishini kwinethiwekhi esasazwayo. Oku kubaluleke ngakumbi kwiimeko apho inxalenye yesiseko ingalawulwa yi-IT okanye ayiqinisekisi ukudluliselwa kwedatha ngempumelelo.

I-DMVPN ayiziboneleli ngokwayo iindlela ezinjalo. Okona kulungileyo kunokwenziwa kwinethiwekhi ye-DMVPN yakudala kukuhlela itrafikhi ephumayo ngesicelo kwaye uyibeke phambili xa ithunyelwa kwitshaneli ye-WAN. Ukukhethwa kwetonela ye-DMVPN kuchongwa kule meko kuphela ngokufumaneka kwayo kunye nesiphumo sokusebenza kweeprotocol zomzila. Ngexesha elifanayo, imeko yokuphela kwendlela / itonela kunye nokuthotywa kwayo okunokwenzeka okunokwenzeka akuthathelwa ngqalelo ngokwemilinganiselo ephambili ebalulekileyo kwizicelo zenethiwekhi - ukulibaziseka, ukulibaziseka ukuhluka (i-jitter) kunye nelahleko (% ). Kule nkalo, ukuthelekisa ngokuthe ngqo i-DMVPN yakudala kunye ne-SD-WAN malunga nokusombulula iingxaki ze-AppQ ilahlekelwa yiyo yonke intsingiselo-i-DMVPN ayinakuyisombulula le ngxaki. Xa ufaka iteknoloji yeCisco Performance Routing (PfR) kulo mongo, imeko iyatshintsha kwaye ukuthelekiswa neCisco SD-WAN kuba nentsingiselo ngakumbi.

Ngaphambi kokuba sixoxe ngeeyantlukwano, nantsi ukujonga ngokukhawuleza kwindlela itekhnoloji efana ngayo. Ke, zombini itekhnoloji:

  • ube nesixhobo esikuvumela ukuba uvavanye ngokuguquguqukayo imeko yetonela nganye esekiweyo ngokwemiqathango yeemetrics ezithile - ubuncinci, ukulibaziseka, ukulibaziseka kokutshintsha kunye nokulahleka kwepakethi (%).
  • sebenzisa isethi ethile yezixhobo zokwenza, ukusabalalisa kunye nokusebenzisa imithetho yolawulo lwendlela (imigaqo-nkqubo), ngokuqwalasela iziphumo zokulinganisa imeko yeemetriki eziphambili zetonela.
  • hlela i-traffic yesicelo kumanqanaba L3-L4 (DSCP) yemodeli ye-OSI okanye nge-L7 yesicelo sokutyikitya ngokusekelwe kwiindlela ze-DPI ezakhelwe kumzila
  • Kwizicelo ezibalulekileyo, zikuvumela ukuba uqikelele amaxabiso eemetrikhi ezamkelekileyo, imigaqo yokuhambisa itrafikhi ngokungagqibekanga, kunye nemithetho yokuphinda ulandele i-traffic xa amaxabiso e-threshold egqithisiwe.
  • Xa befakela i-traffic kwi-GRE / IPSec, basebenzisa indlela yoshishino esele isekiwe yokudlulisa amanqaku angaphakathi e-DSCP kwi-header yepakethe ye-GRE / IPSEC yangaphandle, evumela ukuvumelanisa imigaqo-nkqubo ye-QoS yombutho kunye nomqhubi we-telecom (ukuba kukho i-SLA efanelekileyo) .

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

I-SD-WAN kunye ne-DMVPN/PfR isiphelo ukuya ekupheleni kweemetrics zahluke njani?

DMVPN/PfR

  • Zombini i-software esebenzayo kunye ne-passive sensors (iiProbes) zisetyenziselwa ukuvavanya i-metrics yezempilo yetonela. Ezisebenzayo zisekwe kwitrafikhi yabasebenzisi, abazenzileyo baxelisa itrafikhi enjalo (ngokungabikho kwayo).
  • Akukho ukulungiswa kakuhle kwexesha kunye neemeko zokubona ukuthotywa - i-algorithm ilungisiwe.
  • Ukongezelela, umlinganiselo we-bandwidth esetyenzisiweyo kwindlela ephumayo iyafumaneka. Okongeza ukuguquguquka kolawulo lwetrafikhi kwi-DMVPN/PfR.
  • Kwangaxeshanye, ezinye iindlela ze-PfR, xa iimetrics zigqithisiwe, zixhomekeke kwingxelo yokubonisa ngendlela ye-TCA ekhethekileyo (i-Threshold Crossing Alert) imiyalezo ekufuneka ivele kumamkeli wendlela eya kumthombo, leyo yona ithatha ukuba imeko amajelo alinganisiweyo kufuneka ubuncinane anele ukusasaza loo miyalezo ye-TCA. Oko kwiimeko ezininzi akuyongxaki, kodwa ngokucacileyo ayinakuqinisekiswa.

I-SD-WAN

  • Ukuphonononga ukuphela kokuphela kweemetrics zomgangatho wetonela, iprotocol ye-BFD isetyenziswa kwimodi ye-echo. Kule meko, impendulo ekhethekileyo kwifom ye-TCA okanye imiyalezo efanayo ayifuni - ukuhlukaniswa kwemimandla engaphumeleli kugcinwa. Kananjalo ayifuni ubukho betrafikhi yabasebenzisi ukuvavanya imeko yetonela.
  • Kuyenzeka ukuba ulungelelanise kakuhle ixesha le-BFD ukulawula isantya sokuphendula kunye novakalelo lwe-algorithm ekuthotyweni komjelo wonxibelelwano ukusuka kwimizuzwana emininzi ukuya kwimizuzu.

    Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

  • Ngexesha lokubhala, inye kuphela iseshoni ye-BFD kwitonela ngalinye. Oku kunokubanakho ukudala ubumbumbulu obuncinci kuhlalutyo lobume betonela. Enyanisweni, oku kunokuba ngumda kuphela ukuba usebenzisa uxhulumaniso lwe-WAN olusekelwe kwi-MPLS L2 / L3 VPN kunye ne-QoS SLA evunyelweneyo - ukuba i-DSCP imakishwa ye-BFD traffic (emva kokufakwa kwi-IPSec / GRE) ihambelana nomgca ophambili kakhulu inethiwekhi yomsebenzisi we-telecom, ke oku kunokuchaphazela ukuchaneka kunye nesantya sokubhaqwa kokuthotywa kwetrafikhi ephambili ephantsi. Kwangaxeshanye, kunokwenzeka ukuba utshintshe ukuleyibhelishwa kwe-BFD engagqibekanga ukunciphisa umngcipheko weemeko ezinjalo. Kwiinguqulelo ezizayo zesoftware ye-Cisco SD-WAN, iisetingi ze-BFD ezilungelelanisiweyo zilindeleke, kunye nokukwazi ukusungula iiseshoni ezininzi ze-BFD ngaphakathi kwitonela enye kunye namaxabiso e-DSCP (kwizicelo ezahlukeneyo).
  • Ngaphezu koko, i-BFD ikuvumela ukuba uqikelele ubungakanani bepakethe enkulu enokuhanjiswa ngetonela ethile ngaphandle kokuqhekeka. Oku kuvumela i-SD-WAN ukuba ilungelelanise ngokuguquguqukayo iiparameters ezifana ne-MTU kunye ne-TCP MSS Lungisa ukwenza uninzi lwe-bandwidth ekhoyo kwikhonkco ngalinye.
  • Kwi-SD-WAN, ukhetho lwe-QoS ungqamaniso oluvela kubaqhubi be-telecom luyafumaneka, kungekhona nje kuphela kwi-L3 DSCP imimandla, kodwa isekelwe kumaxabiso e-L2 CoS, anokuveliswa ngokuzenzekelayo kwinethiwekhi yesebe ngezixhobo ezikhethekileyo - umzekelo, i-IP. iifowuni

Zahluke njani izakhono, iindlela zokuchaza nokusebenzisa imigaqo-nkqubo ye-AppQ?

Imigaqo-nkqubo yeDMVPN/PfR:

  • Ichazwe kwi-router yesebe esembindini ngomgca womyalelo we-CLI okanye itemplates zoqwalaselo lwe-CLI. Ukuvelisa iitemplates ze-CLI kufuna ukulungiswa kunye nolwazi lwe-syntax yomgaqo-nkqubo.

    Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

  • Ichazwa kwihlabathi jikelele ngaphandle kokuba nokwenzeka koqwalaselo/utshintsho kwiimfuno zamacandelo enethiwekhi yomntu ngamnye.
  • Ukwenziwa komgaqo-nkqubo osebenzisanayo akubonelelwanga kujongano lomzobo.
  • Ukulandelela utshintsho, ilifa, kunye nokudala iinguqulelo ezininzi zemigaqo-nkqubo yokutshintsha ngokukhawuleza azibonelelwanga.
  • Isasazwe ngokuzenzekelayo kwiirutha zamasebe akude. Kule meko, amajelo onxibelelwano afanayo asetyenziselwa ukuhambisa idatha yomsebenzisi. Ukuba akukho mjelo wonxibelelwano phakathi kwesebe eliphakathi kunye nelikude, ukuhanjiswa / ukutshintshwa kwemigaqo-nkqubo akunakwenzeka.
  • Zisetyenziswa kwi-router nganye kwaye, ukuba kuyimfuneko, ukuguqula umphumo weendlela eziqhelekileyo zokuziphatha, ezinokubaluleka okuphezulu.
  • Kwiimeko apho onke amakhonkco e-WAN esebe afumana ilahleko enkulu yendlela, akukho ndlela zembuyekezo zinikiweyo.

Imigaqo-nkqubo ye-SD-WAN:

  • Ichazwe kwi-vManage GUI nge-interactive template wizard.
  • Ixhasa ukudala imigaqo-nkqubo emininzi, ukukopa, ukufumana ilifa, ukutshintsha phakathi kwemigaqo-nkqubo ngexesha langempela.
  • Ixhasa izicwangciso zomgaqo-nkqubo ngamnye kumacandelo othungelwano ahlukeneyo (amasebe)
  • Zisasazwa kusetyenziswa nayiphi na ishaneli yesignali ekhoyo phakathi komlawuli kunye ne-router kunye / okanye i-vSmart - ayixhomekeke ngokuthe ngqo kwi-data-plane uxhumano phakathi kwee-routers. Oku, ngokuqinisekileyo, kufuna uxhumano lwe-IP phakathi kwe-router ngokwayo kunye nabalawuli.

    Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

  • Kwiimeko xa onke amasebe akhoyo esebe afumana ilahleko enkulu yedatha edlula imigangatho eyamkelekileyo yezicelo ezibalulekileyo, kunokwenzeka ukusebenzisa iindlela ezongezelelweyo ezandisa ukuthembeka kokudluliselwa:
    • I-FEC (uLuleko lwemposiso yokuPhambili) -Isebenzisa ialgorithm ekhethekileyo yokubhalwa kweekhowudi. Xa uhambisa i-traffic ebalulekileyo kumajelo anepesenti enkulu yelahleko, i-FEC inokusebenza ngokuzenzekelayo kwaye ivumela, ukuba kuyimfuneko, ukubuyisela inxalenye elahlekileyo yedatha. Oku kwandisa kancinane i-bandwidth esetyenzisiweyo, kodwa kuphucula kakhulu ukuthembeka.

      Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

    • Ukuphinda-phindwa kwemijelo yedatha - ngaphezu kwe-FEC, umgaqo-nkqubo unokubonelela ngokuphindaphinda ngokuzenzekelayo kwe-traffic yezicelo ezikhethiweyo kwimeko yezinga elibi nakakhulu lelahleko elingenakubuyiselwa yi-FEC. Kule meko, idatha ekhethiweyo iya kuhanjiswa kuzo zonke iitonela ukuya kwisebe elifumanayo kunye nokuphindaphinda okulandelayo (ukulahla iikopi ezongezelelweyo zeepakethi). Umatshini wonyusa kakhulu ukusetyenziswa kwetshaneli, kodwa ukwanyusa kakhulu ukuthembeka kosulelo.

Cisco SD-WAN amandla, ngaphandle analogue ngqo kwi DMVPN/PfR

Uyilo lwesisombululo seCisco SD-WAN kwezinye iimeko kukuvumela ukuba ufumane ubunakho nokuba kunzima kakhulu ukumiliselwa ngaphakathi kweDMVPN/PfR, okanye akunakwenzeka ngenxa yeendleko zomsebenzi ezifunekayo, okanye akunakwenzeka ngokupheleleyo. Makhe sijonge eyona inika umdla kubo:

Ubunjineli beTrafikhi (TE)

I-TE ibandakanya iindlela ezivumela i-traffic ukuba ishiye indlela esemgangathweni eyenziwe yimizila elandelwayo. I-TE isoloko isetyenziselwa ukuqinisekisa ukufumaneka okuphezulu kweenkonzo zenethiwekhi, ngokukwazi ukukhawuleza kunye / okanye ngokukhawuleza ukudlulisa i-traffic ebalulekileyo kwenye indlela yokuhambisa (i-disjoint), ukuze kuqinisekiswe umgangatho ongcono wenkonzo okanye isantya sokubuyisela kwimeko yokusilela. kwindlela ephambili.

Ubunzima bokuphumeza i-TE buxhomekeke kwimfuno yokubala kunye nokugcinwa (jonga) enye indlela kwangaphambili. Kwiinethiwekhi ze-MPLS zabaqhubi be-telecom, le ngxaki isonjululwa kusetyenziswa ubuchwepheshe obufana ne-MPLS Traffic-Engineering kunye nezandiso ze-IGP protocol kunye ne-RSVP protocol. Kutshanje, itekhnoloji yeSegment Routing, elungiselelwe ngakumbi uqwalaselo olusembindini kunye ne-orchestration, iye yanda kakhulu. Kuthungelwano lwakudala lwe-WAN, obu buchwephesha abumelwanga okanye buncitshiswe ekusebenziseni iindlela ze-hop-by-hop ezifana nePolisi-Based Routing (PBR), ekwaziyo ukwenza i-branching traffic, kodwa phumeza oku kumzila ngamnye ngokwahlukileyo - ngaphandle kokuthatha. kwi-akhawunti yemeko iyonke yothungelwano okanye iziphumo ze-PBR kumanyathelo angaphambili okanye alandelayo. Isiphumo sokusebenzisa ezi zikhetho ze-TE ziyadanisa - i-MPLS TE, ngenxa yobunzima boqwalaselo kunye nokusebenza, isetyenziswa, njengomthetho, kuphela kwindawo ebaluleke kakhulu yothungelwano (engundoqo), kwaye i-PBR isetyenziswa kwiirouters ngamnye ngaphandle ukukwazi ukwenza umgaqo-nkqubo we-PBR odibeneyo wenethiwekhi yonke. Ngokucacileyo, oku kusebenza nakwiinethiwekhi ezisekwe kwi-DMVPN.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

I-SD-WAN kulo mba ibonelela ngesisombululo esihle kakhulu esingelula nje ukuseta, kodwa kunye nezikali ezingcono kakhulu. Esi sisiphumo solawulo-indiza kunye nomgaqo-nkqubo wezakhiwo ezisetyenzisiweyo. Ukusebenzisa ipolisi-inqwelomoya kwi-SD-WAN ikuvumela ukuba uchaze umgaqo-nkqubo we-TE ephakathi - yeyiphi itrafikhi enomdla? zeziphi iiVPNs? Ngawaphi amathonela ekuyimfuneko okanye, ngokuchaseneyo, kwalelwe ukwenza enye indlela? Ngapha koko, i-centralization yolawulo lwenqwelomoya olusekwe kubalawuli be-vSmart ikuvumela ukuba uguqule iziphumo zendlela ngaphandle kokubhenela kuseto lwezixhobo zomntu ngamnye - iirutha sele zibona kuphela isiphumo sengqiqo eyenziweyo kwi-interface ye-vManage kwaye idluliselwe ukusetyenziswa vSmart.

Service-chaining

Ukwenza amatyathanga eenkonzo ngumsebenzi onzima nangakumbi kumzila wakudala kunendlela esele ichaziwe ye-Traffic-Engineering. Enyanisweni, kule meko, akufuneki kuphela ukwenza indlela ekhethekileyo yesicelo sothungelwano oluthile, kodwa nokuqinisekisa ukukwazi ukususa i-traffic kwinethiwekhi kwiindawo ezithile (okanye kuzo zonke) zenethiwekhi ye-SD-WAN ukuze iqhutywe ngu. isicelo esikhethekileyo okanye inkonzo (Firewall, Balancing, Caching, Inspection traffic, njl.). Kwangaxeshanye, kuyimfuneko ukuba ukwazi ukulawula imeko yezi nkonzo zangaphandle ukuze kuthintelwe iimeko ezimnyama, kunye neendlela ezivumela ukuba iinkonzo ezinjalo zangaphandle zohlobo olufanayo zibekwe kwiindawo ezahlukeneyo ze-geo. ngokukwazi komsebenzi womnatha ukukhetha ngokuzenzekelayo eyona node yenkonzo ilungileyo yokusetyenzwa kwetrafikhi yesebe elithile . Kwimeko ye-Cisco SD-WAN, oku kulula ukufezekiswa ngokudala umgaqo-nkqubo ofanelekileyo othi "glue" yonke imiba yetsheyini yenkonzo ekujoliswe kuyo ibe yinto enye kwaye itshintshe ngokuzenzekelayo i-data-plane kunye nolawulo-plane logic kuphela apho. kwaye xa kuyimfuneko.

Ngaba iCisco SD-WAN iya kunqumla isebe apho iDMVPN ihleli khona?

Ukukwazi ukwenza inkqubo yokusasazwa kwe-geo yeendlela ezikhethiweyo zezicelo kulandelelwano oluthile kwizinto ezikhethekileyo (kodwa ezingahambelani nenethiwekhi ye-SD-WAN ngokwayo) izixhobo mhlawumbi ngowona mboniso ucacileyo wezinto ezilungileyo zeCisco SD-WAN ngaphezu kweklasikhi. itekhnoloji kunye nezinye izisombululo ze-SD ezizezinye -WAN ezivela kwabanye abavelisi.

Uba yintoni umphumo?

Ngokucacileyo, zombini i-DMVPN (kunye okanye ngaphandle kweNdlela yokuSebenza) kunye neCisco SD-WAN ekugqibeleni nisombulule iingxaki ezifanayo kakhulu ngokunxulumene nenethiwekhi esasazwayo ye-WAN yombutho. Kwangaxeshanye, umahluko omkhulu wokwakha kunye nokusebenza kwitekhnoloji yeCisco SD-WAN ikhokelela kwinkqubo yokusombulula ezi ngxaki. kwelinye inqanaba lomgangatho. Ukushwankathela, sinokuqaphela lo mahluko ulandelayo ubalulekileyo phakathi kwe-SD-WAN kunye ne-DMVPN/PfR itekhnoloji:

  • I-DMVPN/PfR ngokusetyenziswa ngokubanzi kwetekhnoloji evavanyiweyo ngexesha lokwakha iinethiwekhi ze-VPN ezingaphezulu kwaye, ngokwemigaqo yedatha-moya, ziyafana neteknoloji ye-SD-WAN yanamhlanje, nangona kunjalo, kukho inani lemida kwindlela yoqwalaselo olusisinyanzelo lwe-static. yee-routers kunye nokukhethwa kwe-topology kukhawulelwe kwi-Hub-n-Spoke. Ngakolunye uhlangothi, i-DMVPN/PfR inomsebenzi othile ongekafumaneki ngaphakathi kwe-SD-WAN (sithetha nge-BFD yesicelo ngasinye).
  • Kwinqwelomoya yolawulo, itekhnoloji iyahluka ngokusisiseko. Uthathela ingqalelo inkqubo esembindini yeendlela zokusayina, i-SD-WAN ivumela, ngokukodwa, ukunciphisa kakhulu imimandla engaphumeleliyo kunye "nokudibanisa" inkqubo yokuhambisa i-traffic yomsebenzisi ukusuka kwintsebenziswano yesignali - ukungabikho kwexeshana kwabalawuli akuchaphazeli ukukwazi ukusasaza i-traffic yabasebenzisi. . Ngelo xesha, ukungafumaneki kwesikhashana kwanoma yiyiphi isebe (kubandakanywa nephakathi) ayichaphazeli nangayiphi na indlela ukukwazi kwamanye amasebe ukusebenzisana kunye nabalawuli.
  • Uyilo lokuqulunqa kunye nokusetyenziswa kwemigaqo-nkqubo yolawulo lwezithuthi kwimeko ye-SD-WAN nayo iphezulu kunaleyo kwi-DMVPN/PfR - ukugcinwa kwe-geo kuphunyezwe ngcono kakhulu, akukho nxibelelwano kwi-Hub, kukho amathuba amaninzi okuhlawula. -imigaqo-nkqubo yokulungisa, uluhlu lweemeko zolawulo lwezithuthi oluphunyeziweyo nalo lukhulu kakhulu.
  • Inkqubo ye-orchestration yesisombululo nayo yahluke kakhulu. I-DMVPN ithatha ubukho beeparamitha ezaziwa ngaphambili ekufuneka zibonakaliswe ngandlela-thile kuqwalaselo, nto leyo ethintela ukuguquguquka kwesisombululo kunye nokwenzeka kotshintsho oluguquguqukayo. Ngapha koko, i-SD-WAN isekwe kwiparadigm yokuba ngexesha lokuqala loqhagamshelo, i-router "ayazi nto" malunga nabalawuli bayo, kodwa iyazi "ngubani onokubuza" - oku kwanele kungekuphela nje ukuseka unxibelelwano ngokuzenzekelayo. abalawuli, kodwa nokwenza ngokuzenzekelayo itopology yedatha-yenqwelomoya eqhagamshelwe ngokupheleleyo, enokuthi emva koko iqwalaselwe/itshintshwe kusetyenziswa imigaqo-nkqubo.
  • Ngokubhekiselele kulawulo oluphakathi, ukuzenzekelayo kunye nokubeka iliso, i-SD-WAN ilindeleke ukuba idlule amandla e-DMVPN/PfR, eye yavela kubuchwepheshe be-classical kwaye ithembele kakhulu kumgca womyalelo we-CLI kunye nokusetyenziswa kweenkqubo ze-NMS ezisekelwe kwi-template.
  • Kwi-SD-WAN, xa kuthelekiswa ne-DMVPN, iimfuno zokhuseleko ziye zafikelela kwinqanaba elisemgangathweni. Imigaqo ephambili yi-zero trust, scalability kunye nokuqinisekiswa kwezinto ezimbini.

Ezi zigqibo zilula zinokunika ingcamango engalunganga yokuba ukudala inethiwekhi esekelwe kwi-DMVPN/PfR ilahlekelwe kuko konke ukubaluleka namhlanje. Oku ngokuqinisekileyo akuyonyani ngokupheleleyo. Ngokomzekelo, kwiimeko apho inethiwekhi isebenzisa izixhobo ezininzi ezidlulileyo kwaye akukho ndlela yokuyibuyisela endaweni yayo, i-DMVPN inokuvumela ukuba udibanise izixhobo "ezidala" kunye "ezintsha" kwinethiwekhi enye esasazwa nge-geo kunye neenzuzo ezininzi ezichazwe. ngaphezulu.

Ngakolunye uhlangothi, kufuneka kukhunjulwe ukuba zonke iirouter zeCisco zangoku ezisekelwe kwi-IOS XE (ISR 1000, ISR 4000, ASR 1000, CSR 1000v) namhlanje zixhasa nayiphi na indlela yokusebenza - zombini umzila weklasi kunye ne-DMVPN kunye ne-SD-WAN - ukhetho lumiselwa iimfuno zangoku kunye nokuqonda ukuba nangaliphi na ixesha, usebenzisa izixhobo ezifanayo, unokuqala ukuqhubela phambili kwi-teknoloji ephezulu.

umthombo: www.habr.com

Yongeza izimvo