ProHoster > Ibhulogi > Ulawulo > Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

I-SDSM iphelile, kodwa umnqweno ongalawulekiyo wokubhala uhlala.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Kangangeminyaka emininzi, umzalwana wethu wayekhathazwa kukwenza umsebenzi wesiqhelo, eqhawuka iminwe ngaphambi kokuba alale yaye engalali ngenxa yokusilela ebusuku.
Kodwa amaxesha obumnyama aya ekupheleni.

Ngeli nqaku ndiza kuqala uthotho malunga nendlela kum i-automation ibonwa.
Endleleni, siya kuqonda izigaba zokuzenzekelayo, ukugcina izinto eziguquguqukayo, ukuyila ngokusemthethweni, i-RestAPI, i-NETCONF, i-YANG, i-YDK kwaye siya kwenza iinkqubo ezininzi.
Kum kuthetha ukuba a) ayisiyo nyaniso yenjongo, b) ayikho ngokungathandabuzekiyo indlela engcono kakhulu, c) uluvo lwam, nangona ngexesha lentshukumo ukusuka kwinqaku lokuqala ukuya kwinqaku lokugqibela, linokutshintsha - ukunyaniseka, ukusuka kwinqanaba loyilo ukuya upapasho, ndibhale kwakhona yonke into kabini.

Iziqulatho

  1. Iinjongo
    1. Uthungelwano lufana nesidalwa esinye
    2. Uvavanyo loqwalaselo
    3. Uguqulelo
    4. Ukubeka iliso kunye nokuziphilisa kweenkonzo

  2. Iindlela
    1. Inkqubo yoluhlu
    2. Inkqubo yokulawula indawo ye-IP
    3. Inkqubo yenkcazo yenkonzo yothungelwano
    4. Indlela yokuqalisa isixhobo
    5. Imodeli yokumisela umthengisi-agnostic
    6. Ujongano lomqhubi olukhethekileyo
    7. Inkqubo yokuhambisa ulungelelwaniso kwisixhobo
    8. CI / CD
    9. Inkqubo yogcino kunye nokukhangela ukutenxa
    10. Inkqubo yokubeka iliso

  3. isiphelo

Ndiza kuzama ukuqhuba iADSM ngendlela eyahlukileyo kancinane kwi-SDSM. Amanqaku amakhulu, aneenkcukacha, amanani aya kuqhubeka ebonakala, kwaye phakathi kwabo ndiya kupapasha amanqaku amancinci avela kumava emihla ngemihla. Ndiza kuzama ukulwa nokuthanda ukugqibelela apha kwaye ndingakhothi ngamnye kubo.

Hayi indlela ehlekisa ngayo ukuba okwesibini kufuneka uhambe ngendlela efanayo.

Ekuqaleni kwafuneka ndibhale amanqaku malunga namanethiwekhi ngokwam ngenxa yokuba ayengekho kwiRuNet.

Ngoku andikwazanga ukufumana uxwebhu olubanzi oluya kucwangcisa iindlela zokuzenzekelayo kunye nokuhlalutya ubuchwephesha obungasentla usebenzisa imizekelo elula esebenzayo.

Ndisenokuba andilunganga, ngoko ke nceda unikeze amakhonkco kwimithombo eluncedo. Nangona kunjalo, oku akuyi kuguqula ukuzimisela kwam ukubhala, kuba eyona njongo iphambili kukufunda into ethile ngokwam, kwaye ukwenza ubomi bube lula kwabanye yibhonasi emnandi ephatha imfuza yokwabelana ngamava.

Siya kuzama ukuthatha iziko ledatha le-LAN DC eliphakathi kwaye sisebenze sonke iskim esizenzekelayo.
Ndiza kube ndisenza ezinye izinto phantse okokuqala ngqa kunye nawe.

Andiyi kuba yimvelaphi kwiingcamango kunye nezixhobo ezichazwe apha. UDmitry Figol unento entle kakhulu ijelo elinemisinga kwesi sihloko.
Amanqaku aya kudibana nabo kwiinkalo ezininzi.

I-LAN DC ine-4 DCs, malunga ne-250 yokutshintsha, isiqingatha se-router kunye nesibini somlilo.
Hayi i-Facebook, kodwa ngokwaneleyo ukwenza ukuba ucinge nzulu malunga ne-automation.
Kukho, nangona kunjalo, uluvo lokuba ukuba unesixhobo esingaphezulu kwe-1, i-automation sele ifuneka.
Enyanisweni, kunzima ukucinga ukuba nabani na ngoku unokuphila ngaphandle kwepakethi yemibhalo yamadolo.
Nangona ndivile ukuba kukho iiofisi apho iidilesi ze-IP zigcinwe kwi-Excel, kwaye nganye kwiiwaka zezixhobo zenethiwekhi ziqwalaselwe ngesandla kwaye zinoqwalaselo lwayo olulodwa. Oku, ewe, kunokugqithiswa njengobugcisa bale mihla, kodwa iimvakalelo zobunjineli ngokuqinisekileyo ziya kukhubeka.

Iinjongo

Ngoku siza kuseka ezona njongo zingabonakaliyo:

  • Uthungelwano lufana nesidalwa esinye
  • Uvavanyo loqwalaselo
  • Uguqulelo lombuso womnatha
  • Ukubeka iliso kunye nokuziphilisa kweenkonzo

Kamva kweli nqaku siza kujonga iindlela esiza kuzisebenzisa, kwaye ngokulandelayo, siza kujonga iinjongo kunye neendlela ngokweenkcukacha.

Uthungelwano lufana nesidalwa esinye

Ibinzana elichazayo loluhlu, nangona xa uqala ukukhangwa lisenokungabonakali libaluleke kangako: siya kuqwalasela inethiwekhi, hayi izixhobo zomntu ngamnye.
Kwiminyaka yakutshanje, sibone utshintsho kugxininiso ekuphatheni inethiwekhi njengento enye, kungoko I-Software Defined Networking, IiNethiwekhi eziqhutywa nenjongo ΠΈ IiNethiwekhi ezizimeleyo.
Emva kwayo yonke loo nto, izicelo zifuna ntoni kwihlabathi jikelele kwinethiwekhi: unxibelelwano phakathi kwamanqaku A kunye no-B (kakuhle, ngamanye amaxesha +B-Z) kunye nokuhlukaniswa kwezinye izicelo kunye nabasebenzisi.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Kwaye ke umsebenzi wethu kolu luhlu ukwakha inkqubo, ukugcina ubumbeko lwangoku inethiwekhi yonke, esele ihlanjululwe kwi-configuration yangempela kwisixhobo ngasinye ngokuhambelana nendima kunye nendawo yayo.
Inkqubo ulawulo lomsebenzi womnatha luthetha ukuba ukwenza utshintsho siqhagamshelane nayo, kwaye yona, ngokulandelelana, ibala imeko efunwayo yesixhobo ngasinye kwaye siyiqwalasele.
Ngale ndlela, sicutha ukufikelela kwezandla kwi-CLI ukuya kuthi ga kwi-zero - naluphi na utshintsho kwiisethingi zesixhobo okanye kuyilo lwenethiwekhi kufuneka lwenziwe lube sesikweni kwaye lubhalwe - kwaye emva koko lugqithiselwe kwizinto eziyimfuneko zothungelwano.

Oko kukuthi, umzekelo, ukuba sigqibe ekubeni ukusukela ngoku ukutshintshwa kwe-rack eKazan kufuneka kubhengeze amanethiwekhi amabini endaweni yesinye, thina.

  1. Okokuqala sibhala utshintsho kwiinkqubo
  2. Ukuvelisa uqwalaselo ekujoliswe kulo zonke izixhobo womnatha
  3. Siqalisa inkqubo yokuhlaziya uqwalaselo lwenethiwekhi, ebala oko kufuneka kususwe kwi-node nganye, into eyongezayo, kwaye izisa iinqununu kwisimo esifunwayo.

Kwangaxeshanye, senza utshintsho ngesandla kuphela kwinyathelo lokuqala.

Uvavanyo loqwalaselo

Yaziwaukuba i-80% yeengxaki zenzeke ngexesha lokutshintsha koqwalaselo - ubungqina obungathanga ngqo bokuthi ngexesha leeholide zoNyaka omtsha yonke into idla ngokuzola.
Ndizibonele ngokwam amaxesha amaninzi okuhla kwehlabathi ngenxa yempazamo yomntu: umyalelo ongalunganga, uqwalaselo lwenziwa kwisebe elingalunganga, uluntu lwalibala, iMPLS yadilizwa kwihlabathi jikelele kwi-router, iziqwenga ezintlanu zehardware zacwangciswa, kodwa impazamo ayikhange ibekho. kwaphawulwa ngowesithandathu, iinguqulelo ezindala ezenziwe ngomnye umntu zenziwa . Kukho itoni yeemeko.

Ukuzenzekelayo kuya kusivumela ukuba senze iimpazamo ezimbalwa, kodwa kwinqanaba elikhulu. Ngale ndlela awukwazi isitena kungekhona nje isixhobo esinye, kodwa inethiwekhi yonke ngexesha elinye.

Ukususela kwixesha elidlulileyo, ootatomkhulu bethu bahlola ukuchaneka kweenguqu ezenziwe ngeso elibukhali, iibhola zetsimbi kunye nokusebenza kwenethiwekhi emva kokuba zikhutshwe.
Abo tatomkhulu umsebenzi wabo ukhokelele kwixesha lokuphumla kunye nelahleko eyintlekele bashiye inzala encinci kwaye kufuneka bafe ngokuhamba kwexesha, kodwa indaleko yinkqubo ecothayo, kwaye ke ayinguye wonke umntu osavavanya utshintsho kwilabhoratri kuqala.
Nangona kunjalo, phambili kwinkqubela phambili ngabo baye bazenzekelayo inkqubo yokuvavanya uqwalaselo kunye nesicelo sayo esongezelelweyo kwinethiwekhi. Ngamanye amazwi, ndiboleke inkqubo yeCI/CD (Ukudityaniswa ngokuqhubekayo, ukusasazwa ngokuqhubekayo) ukusuka kubaphuhlisi.
Kwelinye lamacandelo siza kujonga indlela yokuphumeza oku usebenzisa inkqubo yolawulo lwenguqulelo, mhlawumbi iGithub.

Nje ukuba uqhelane nombono wenethiwekhi ye-CI / CD, ngobusuku indlela yokujonga uqwalaselo ngokuyisebenzisa kuthungelwano lwemveliso iya kubonakala ngathi kukungazi kwangaphambili kwexesha eliphakathi. Kufana nokubetha intloko yemfazwe ngehamile.

Ukuqhubekeka kwezinto eziphilayo malunga inkqubo ulawulo womnatha kunye CI/CD iba inguqulelo epheleleyo yoqwalaselo.

Uguqulelo

Siya kucinga ukuba naluphi na utshintsho, nokuba luncinci kakhulu, nakwisixhobo esinye esingabonakaliyo, inethiwekhi yonke isuka kwelinye ilizwe ukuya kwelinye.
Kwaye sisoloko singenzi myalelo kwisixhobo, sitshintsha imeko yenethiwekhi.
Ngoko ke masibize ezi nguqulelo zamazwe?

Masithi inguqulelo yangoku yi-1.0.0.
Ngaba idilesi ye-IP ye-Loopback interface kwenye yeeToRs itshintshile? Le yinguqulelo encinci kwaye iya kubalwa 1.0.1.
Siye sahlaziya imigaqo-nkqubo yokungenisa imizila kwi-BGP - ngokungqongqo ngakumbi - sele i-1.1.0
Sagqiba ekubeni silahle IGP kwaye ukutshintshela BGP kuphela - oku sele lutshintsho kuyilo radical - 2.0.0.

Ngexesha elifanayo, ii-DCs ezahlukeneyo zinokuba neenguqu ezahlukeneyo - inethiwekhi iphuhliswa, izixhobo ezitsha zifakwe, amanqanaba amatsha e-spines ayongezwa kwindawo ethile, kungekhona kwabanye, njl.

phezu uguqulelo lwesemantic siza kuthetha kwinqaku elahlukileyo.

Ndiyaphinda-naluphi na utshintsho (ngaphandle kwemiyalelo yokulungisa iimpazamo) luhlaziyo lwenguqulelo. Abalawuli mabaziswe ngako nakuphi na ukutenxa kolu guqulelo lwangoku.

Kusebenza okufanayo ekuguquleni umva utshintsho - oku akuyikukhansela imiyalelo yokugqibela, oku akuyiyo i-rollback usebenzisa inkqubo yokusebenza yesixhobo - oku kuzisa inethiwekhi yonke kwinguqulo entsha (endala).

Ukubeka iliso kunye nokuziphilisa kweenkonzo

Lo msebenzi wokuzibonakalisa ufikelele kwinqanaba elitsha kwiinethiwekhi zanamhlanje.
Amaxesha amaninzi, ababoneleli-nkonzo abakhulu bathatha indlela yokuba inkonzo engaphumelelanga kufuneka ilungiswe ngokukhawuleza kakhulu kwaye kuphakanyiswe entsha, endaweni yokucinga ukuba kwenzeke ntoni na.
"Kakhulu" kuthetha ukuba kufuneka uqatywe ngesisa macala onke ngokubeka iliso, okuya kuthi kwimizuzwana embalwa kubonwe ukutenxa okuncinci kwisiqhelo.
Kwaye apha iimethrikhi eziqhelekileyo, ezinjengokulayisha ujongano okanye ukufumaneka kwendawo, akusanele. Ukubekw' esweni kwabo ngezandla ligosa elijongene nomsebenzi akwanelanga nako.
Izinto ezininzi kufuneka zibekho Ukuziphilisa β€” izibane zokugada zijike zabomvu saza saya kuthambisa iplantain ngokwethu apho ibibuhlungu khona.

Kwaye apha asijongi kuphela izixhobo ezizimeleyo, kodwa kunye nempilo yenethiwekhi yonke, zombini ibhokisi emhlophe, eqondakalayo, kunye nebhokisi emnyama, enzima kakhulu.

Yintoni esiya kuyidinga ukuze siphumeze izicwangciso zamabhongo ngolo hlobo?

  • Yiba noluhlu lwazo zonke izixhobo kwinethiwekhi, indawo yazo, iindima, iimodeli, iinguqulelo zesoftware.
    kazan-leaf-1.lmu.net, Kazan, igqabi, Juniper QFX 5120, R18.3.
  • Yiba nenkqubo yokuchaza iinkonzo zenethiwekhi.
    IGP, BGP, L2/3VPN, Policy, ACL, NTP, SSH.
  • Ukwazi ukuqalisa isixhobo.
    Igama lomamkeli, Mgmt IP, Mgmt Indlela, Abasebenzisi, RSA-Izitshixo, LLDP, NETCONF
  • Qwalasela isixhobo kwaye uzise ulungelelwaniso kuguqulelo olufunekayo (kuquka oludala).
  • Uqwalaselo lovavanyo
  • Ngamaxesha athile jonga ubume bazo zonke izixhobo zokutenxa kwezi zangoku kwaye unike ingxelo kubani.
    Ngobusuku, umntu uthe cwaka wongeza umthetho kwi-ACL.
  • Beka esweni ukusebenza.

Iindlela

Kuvakala kuntsonkothile ngokwaneleyo ukuqalisa ukubola iprojekthi ibe ngamacandelo.

Kwaye kuya kuba lishumi kubo:

  1. Inkqubo yoluhlu
  2. Inkqubo yokulawula indawo ye-IP
  3. Inkqubo yenkcazo yenkonzo yothungelwano
  4. Indlela yokuqalisa isixhobo
  5. Imodeli yokumisela umthengisi-agnostic
  6. Ujongano lomqhubi olukhethekileyo
  7. Inkqubo yokuhambisa ulungelelwaniso kwisixhobo
  8. CI / CD
  9. Inkqubo yogcino kunye nokukhangela ukutenxa
  10. Inkqubo yokubeka iliso

Oku, ngendlela, ngumzekelo wendlela umbono malunga neenjongo zomjikelezo watshintsha - kwakukho amacandelo ama-4 kwidrafti.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Kumzekeliso ndibonise onke amacandelo kunye nesixhobo ngokwaso.
Amacandelo ahlanganayo ayasebenzisana.
Ibhloko enkulu, ngakumbi ingqalelo kufuneka ihlawulwe kweli candelo.

Icandelo 1: Inkqubo yoluhlu lwempahla

Ngokucacileyo, sifuna ukwazi ukuba zeziphi izixhobo ezikhoyo apho, yintoni eqhagamshelwe kuyo.
Inkqubo yoluhlu lweempahla yinxalenye ebalulekileyo yalo naliphi na ishishini.
Ngokuqhelekileyo, ishishini linenkqubo eyahlukileyo yoluhlu lwezixhobo zenethiwekhi, ezisombulula iingxaki ezithile.
Njengenxalenye yolu ngcelele lwamanqaku, siya kuyibiza i-DCIM - uLawulo lweZiseko zoPhuhliso lweDatha. Nangona igama elithi DCIM ngokwalo, ngokungqongqo, libandakanya okuninzi.

Ngeenjongo zethu, siya kugcina olu lwazi lulandelayo malunga nesixhobo esikuyo:

  • Inombolo yoluhlu
  • Isihloko/Inkcazelo
  • Umzekelo (IHuawei CE12800, Juniper QFX5120, njl.)
  • Iimpawu zophawu (iibhodi, ujongano, njl.)
  • Indima (Igqabi, uMnqonqo, Indlela yoMda, njl.)
  • Indawo (ummandla, isixeko, iziko ledatha, irack, iyunithi)
  • Uqhagamshelwano phakathi kwezixhobo
  • Itopology yenethiwekhi

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Kucace mhlophe ukuba thina ngokwethu sifuna ukuzazi zonke ezi zinto.
Kodwa ngaba oku kuya kunceda ngeenjongo zokuzenzela?
Ngokungathandabuzekiyo.
Ngokomzekelo, siyazi ukuba kwiziko ledatha elinikiweyo kwi-Leaf switches, ukuba yiHuawei, i-ACLs yokucoca i-traffic ethile kufuneka isetyenziswe kwi-VLAN, kwaye ukuba i-Juniper, ngoko kwiyunithi ye-0 ye-interface ebonakalayo.
Okanye kufuneka ukhuphe iseva entsha yeSyslog kuyo yonke imida kulo mmandla.

Kuyo siya kugcina izixhobo zothungelwano olunenyani, umzekelo iirotha ezibambekayo okanye izibonisi zeengcambu. Singongeza iiseva ze-DNS, i-NTP, i-Syslog kwaye ngokubanzi yonke into ngendlela enye okanye enye enxulumene nenethiwekhi.

Icandelo 2: Inkqubo yokulawula indawo ye-IP

Ewe, kwaye namhlanje kukho amaqela abantu abagcina umkhondo wezimaphambili kunye needilesi ze-IP kwifayile ye-Excel. Kodwa indlela yanamhlanje iseyi-database, enesiphelo sangaphambili kwi-nginx/apache, i-API kunye nemisebenzi ebanzi yokurekhoda iidilesi ze-IP kunye nothungelwano olwahlulwe kwii-VRF.
IPAM - Ulawulo lwedilesi ye-IP.

Ngeenjongo zethu, siya kugcina olu lwazi lulandelayo kuyo:

  • IVLAN
  • I-VRF
  • Uthungelwano/iiSubnethi
  • Iidilesi ze-IP
  • Iidilesi zokubophelela kwizixhobo, uthungelwano kwiindawo kunye neenombolo zeVLAN

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Kwakhona, kucacile ukuba sifuna ukuqiniseka ukuba xa sinikezela ngedilesi ye-IP entsha kwi-Loopback ye-ToR, asiyi kukhubeka kwinto yokuba sele yabelwe umntu. Okanye ukuba sisebenzise isimaphambili esifanayo kabini kwiziphelo ezahlukeneyo zothungelwano.
Kodwa oku kunceda njani kwi-automation?
Ilula.
Sicela isimaphambili kwinkqubo kunye nendima yeLoopbacks, equlethe iidilesi ze-IP ezifumanekayo zokwabiwa - ukuba zifunyenwe, sabela idilesi, ukuba akunjalo, sicela ukwakhiwa kwesiqalo esitsha.
Okanye xa usenza ubumbeko lwesixhobo, sinokufumanisa kwindlela enye apho iVRF ujongano kufuneka ibekwe khona.
Kwaye xa uqala umncedisi omtsha, i-script ingena kwinkqubo, ifumanisa ukuba yeyiphi iswitshi yomncedisi, yeyiphi izibuko kwaye yeyiphi i-subnet eyabelwe ujongano - kwaye iya kwabela idilesi yomncedisi kuyo.

Oku kuphakamisa umnqweno wokudibanisa i-DCIM kunye ne-IPAM kwisistim enye ukuze ungaphindi imisebenzi kwaye unganikezeli amaqumrhu amabini afanayo.
Nantso into esiya kuyenza.

Icandelo 3. Inkqubo yokuchaza iinkonzo zenethiwekhi

Ukuba iisistim ezimbini zokuqala zigcina iinguqu ezisafuna ukusetyenziswa ngandlela ithile, ngoko eyesithathu ichaza indima yesixhobo ngasinye ukuba kufuneka iqwalaselwe njani.
Kufanelekile ukwahlula iindidi ezimbini ezahlukeneyo zeenkonzo zenethiwekhi:

  • Iziseko zophuhliso
  • Umxhasi.

Eyangaphambili yenzelwe ukubonelela ngoqhagamshelwano olusisiseko kunye nolawulo lwesixhobo. Ezi ziquka i-VTY, i-SNMP, i-NTP, i-Syslog, i-AAA, iiprothokholi zendlela, i-CoPP, njl.
Le yokugqibela iququzelela inkonzo yomthengi: MPLS L2/L3VPN, GRE, VXLAN, VLAN, L2TP, njl.
Kakade ke, kukwakho namatyala omda - apho ukubandakanya MPLS LDP, BGP? Ewe, kwaye iiprothokholi zomzila zingasetyenziselwa abathengi. Kodwa oku akubalulekanga.

Zombini ezi ndidi zeenkonzo zibolisiwe zaba zizinto zokuqala:

  • ujongano olubonakalayo nolwengqiqo (ithegi/anteg, mtu)
  • Iidilesi ze-IP kunye neeVRF (IP, IPv6, VRF)
  • Ii-ACLs kunye nemigaqo-nkqubo yokucwangcisa izithuthi
  • Iiprothokholi (IGP, BGP, MPLS)
  • Imigaqo-nkqubo yomzila (uluhlu lwesimaphambili, uluntu, izihlungi ze-ASN).
  • Iinkonzo eziluncedo (SSH, NTP, LLDP, Syslog...)
  • njl.

Siza kuyenza njani kanye le nto, andiyazi okwangoku. Siza kujonga kuyo kwinqaku elahlukileyo.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Ukuba sisondele kancinane ebomini, ngoko sinokuyichaza loo nto
Utshintsho lweLeaf kufuneka lube neeseshoni ze-BGP nazo zonke iiswitshi ze-Spine eziqhagamshelweyo, zingenise uthungelwano oluqhagamshelwe kwinkqubo, kwaye lwamkele uthungelwano kuphela ukusuka kwisimaphambili esithile ukusuka kukutshintsha kweSpine. Ukunciphisa i-CoPP IPv6 ND ukuya kwi-10 pps, njl.
Emva koko, i-spines ibamba iiseshoni kunye nazo zonke iinkokeli ezixhunyiwe, zisebenza njengeengcambu ezibonisa iingcambu, kwaye zamkele kuzo kuphela iindlela zobude obuthile kunye noluntu oluthile.

Icandelo lesi-4: Inkqubo yokuQalisa iSixhobo

Ngaphantsi kwesi sihloko ndidibanisa ezininzi izenzo ekufuneka zenzeke ukuze isixhobo sivele kwi-radar kwaye sifumaneke ukude.

  1. Faka isixhobo kwisixokelelwano soluhlu.
  2. Khetha idilesi ye-IP yolawulo.
  3. Misela ufikelelo olusisiseko kuyo:
    Igama lomamkeli, idilesi ye-IP yolawulo, indlela eya kuthungelwano lolawulo, abasebenzisi, izitshixo ze-SSH, iiprothokholi-i-telnet/SSH/NETCONF

Kukho iindlela ezintathu:

  • Yonke into yenziwe ngesandla ngokupheleleyo. Isixhobo siziswe kwindawo yokuma, apho umntu oqhelekileyo ophilayo uya kungena kwiinkqubo, udibanise kwi-console kwaye uyilungiselele. Inokusebenza kwiinethiwekhi ezincinci ezimileyo.
  • ZTP - Zero Touch Ubonelelo. I-hardware yafika, yasukuma, yafumana idilesi nge-DHCP, yaya kumncedisi okhethekileyo, kwaye yazilungiselela.
  • Isiseko seseva ye-console, apho uqwalaselo lokuqala lwenzeka nge-console port kwimo ezenzekelayo.

Siza kuthetha ngazo zontathu kwinqaku elahlukileyo.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Icandelo lesi-5: Imodeli yokumisela umthengisi-agnostic

Ukuza kuthi ga ngoku, zonke iisistim ziye zaba ngamabala ahlukeneyo abonelela ngezinto eziguquguqukayo kunye nenkcazo echazayo yento esingathanda ukuyibona kwinethiwekhi. Kodwa kungekudala, kuya kufuneka ujongane nezinto ezithile.
Kweli nqanaba, kwisixhobo ngasinye esikhethekileyo, iiprimitives, iinkonzo kunye nezinto eziguquguqukayo zidityanisiwe zibe yimodeli yoqwalaselo echaza ngokwenene uqwalaselo olupheleleyo lwesixhobo esithile, kuphela ngendlela engathathi hlangothi yomthengisi.
Lenza ntoni eli nyathelo? Kutheni ungenzi kwangoko ukucwangciswa kwesixhobo onokuthi ulayishe ngokulula?
Enyanisweni, oku kusombulula iingxaki ezintathu:

  1. Musa ukuziqhelanisa nojongano oluthile lokusebenzisana nesixhobo. Yiba yi-CLI, i-NETCONF, i-RESTCONF, i-SNMP - imodeli iya kufana.
  2. Musa ukugcina inani leetemplates / izikripthi ngokwenani labathengisi kwinethiwekhi, kwaye ukuba uyilo luyatshintsha, tshintsha into efanayo kwiindawo ezininzi.
  3. Layisha uqwalaselo ukusuka isixhobo (ugcino), uyibeke ngqo imodeli efanayo kwaye uthelekise ngokuthe ngqo uqwalaselo ekujoliswe kunye ekhoyo ukubala delta kwaye ulungiselele isiziba uqwalaselo eya kutshintsha kuphela ezo ndawo ziyimfuneko okanye ukuchonga ukutenxa.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Ngenxa yesi sigaba, sifumana ulungelelwaniso oluzimeleyo lomthengisi.

Icandelo 6. Ujongano lomqhubi othe ngqo

Akufanele uzicenge ngethemba lokuba ngenye imini kuya kwenzeka ukuba uqwalasele i-ciska ngendlela efanayo neJuniper, ngokuthumela iminxeba efanayo kubo. Ngaphandle kokukhula kokuthandwa kweebhokisi ezimhlophe kunye nokuvela kwenkxaso ye-NETCONF, i-RESTCONF, i-OpenConfig, umxholo othile oziswa zezi protocols uyahluka kumthengisi ukuya kumthengisi, kwaye lo ngomnye weyantlukwano yabo yokukhuphisana abayi kuyiyeka ngokulula.
Oku kuphantse kufane ne-OpenContrail kunye ne-OpenStack, ezine-RestAPI njenge-interface yazo ye-NorthBound, zilindele iifowuni ezahlukeneyo ngokupheleleyo.

Ngoko, kwisinyathelo sesihlanu, imodeli ezimeleyo yomthengisi kufuneka ithathe ifom apho iya kuhamba khona kwi-hardware.
Kwaye apha zonke iindlela zilungile (hayi): CLI, NETCONF, RESTCONF, SNMP ngokulula.

Ngoko ke, siya kufuna umqhubi oya kudlulisela umphumo wesinyathelo sangaphambili kwifomathi efunekayo yomthengisi othile: isethi yemiyalelo ye-CLI, isakhiwo se-XML.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Icandelo 7. Inkqubo yokuhambisa ulungelelwaniso kwisixhobo

Siye savelisa ukucwangciswa, kodwa kusafuneka ukuba kuhanjiswe kwizixhobo - kwaye, ngokucacileyo, kungekhona ngesandla.
Okokuqala, sijongene nombuzo wokuba siza kusisebenzisa esiphi isithuthi? Kwaye namhlanje ukhetho alusekho luncinci:

  • I-CLI (i-telnet, ssh)
  • SNMP
  • I-NETCONF
  • RESTCONF
  • I-API yokuphinda
  • I-OpenFlow (nangona ingaphandle kuba iyindlela yokuhambisa iFIB, hayi useto)

Masiphawule u-t apha. I-CLI lilifa. SNMP... ukhohlokhohlo.
I-RESTCONF isesisilwanyana esingaziwayo; i-REST API ixhaswa phantse akukho mntu. Ke ngoko, siya kugxila kwi-NETCONF kuthotho.

Enyanisweni, njengoko umfundi sele eqonda, ngeli nqaku sele sigqibe isigqibo malunga ne-interface - umphumo wesinyathelo sangaphambili sele sinikezelwe kwifomathi ye-interface ekhethiweyo.

Okwesibini, yaye zeziphi izixhobo esiza kukwenza ngazo oku?
Kukho ukhetho olukhulu apha:

  • Isikripthi esizibhalayo okanye iqonga. Masixhobe nge-ncclient kunye ne-asyncIO kwaye senze yonke into ngokwethu. Kusibiza ntoni ukwakha inkqubo yokusasaza ukusuka ekuqaleni?
  • Ifanelekile ngelayibrari yayo etyebileyo yeemodyuli zothungelwano.
  • Ityuwa ngomsebenzi wayo omncinci kunye nenethiwekhi kunye nokudibanisa neNapalm.
  • Ngokwenyani uNapalm, owazi abathengisi abambalwa kwaye yiloo nto, sala kakuhle.
  • UNornir sesinye isilwanyana esiza kusihlinza kwixesha elizayo.

Apha intandokazi ayikakhethwa - siya kukhangela.

Yintoni enye ebalulekileyo apha? Iziphumo zokusebenzisa ulungelelwaniso.
Uphumelele okanye awuphumelelanga. Ngaba kusekho ukufikelela kwi-hardware okanye akunjalo?
Kubonakala ngathi ukuzibophelela kuya kunceda apha ngokuqinisekiswa kunye nokuqinisekiswa kwento ekhutshelweyo kwisixhobo.
Oku, kudityaniswe nokuphunyezwa ngokuchanekileyo kwe-NETCONF, inciphisa kakhulu uluhlu lwezixhobo ezifanelekileyo - ababaninzi abavelisi abaxhasa ukuzinikela okuqhelekileyo. Kodwa le yenye yezinto ezifunekayo ngaphambili RFP. Ekugqibeleni, akukho mntu unenkxalabo yokuba akukho mnye umthengisi waseRashiya oya kuhambelana nemeko ye-interface ye-32 * 100GE. Okanye ngaba ukhathazekile?

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Icandelo 8. CI / CD

Ngeli xesha, sele sinolungelelwaniso olulungele zonke izixhobo zenethiwekhi.
Ndibhala "kuyo yonke into" kuba sithetha ngokuguqulela isimo sothungelwano. Kwaye nokuba ufuna ukutshintsha useto lokutshintsha nje olunye, utshintsho lubalelwa inethiwekhi yonke. Ngokucacileyo, zinokuba ngu-zero kwiindawo ezininzi.

Kodwa, njengoko besele kukhankanyiwe ngasentla, asilohlobo oluthile lwamabhari abafuna ukuqengqeleka yonke into iye kwimveliso.
Ubumbeko olwenziwayo kufuneka ludlule kwiPipeline CI/CD.

I-CI/CD imele uHlanganiso oluqhubekayo, ukusasazwa ngokuqhubekayo. Le yindlela apho iqela lingakhupheli kuphela ukukhutshwa okukhulu okutsha rhoqo emva kweenyanga ezintandathu, ukutshintshela ngokupheleleyo endala, kodwa rhoqo ngokunyukayo sebenzisa (Ukusasazwa) ukusebenza okutsha kwiinxalenye ezincinci, nganye kuzo ivavanywa ngokubanzi ukuhambelana, ukhuseleko kunye ukusebenza (Ukudityaniswa).

Ukwenza oku, sinenkqubo yokulawula inguqu ebeka iliso kwiinguqu zokucwangcisa, ibhubhoratri ehlola ukuba inkonzo yomthengi yaphukile, inkqubo yokubeka iliso ehlola le nyaniso, kwaye inyathelo lokugqibela likhupha utshintsho kwinethiwekhi yokuvelisa.

Ngaphandle kwemiyalelo yokulungisa iimpazamo, zonke iinguqu kwinethiwekhi kufuneka zidlule kwiPipeline yeCI / CD - esi sisiqinisekiso sobomi obuzolileyo kunye nomsebenzi omde, owonwabileyo.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Icandelo 9. Ugcino kunye nenkqubo yokufumanisa okungaqhelekanga

Ewe, akukho mfuneko yokuba uthethe ngee-backups kwakhona.
Siza kuzibeka ngokulula kwi-git ngokwesithsaba okanye kwinyani yotshintsho loqwalaselo.

Kodwa icandelo lesibini linomdla ngakumbi - umntu kufuneka abeke iliso kwezi backups. Kwaye kwezinye iimeko, lo mntu kufuneka ahambe kwaye ajike yonke into njengoko kwakunjalo, kwaye kwabanye, meow kumntu ukuba kukho into engalunganga.
Umzekelo, ukuba uye wavela umsebenzisi omtsha ongabhaliswanga kwiinguqu, kufuneka umsuse kwi-hack. Kwaye ukuba kungcono ukuba ungachukumisi umgaqo omtsha we-firewall, mhlawumbi umntu uvele wavula i-debugging, okanye mhlawumbi inkonzo entsha, i-bungler, ayizange ibhaliswe ngokwemigaqo, kodwa abantu sele beyijoyine.

Asisayi kusinda kwi-delta encinci kwisikali senethiwekhi yonke, ngaphandle kwazo naziphi na iinkqubo ezizenzekelayo kunye nesandla esiqinileyo solawulo. Ukulungisa iingxaki, akukho mntu uyakongeza uqwalaselo kwiinkqubo nakanjani na. Ngaphezu koko, zisenokungabandakanywa nakwimodeli yoqwalaselo.

Umzekelo, umthetho we-firewall wokubala inani leepakethe nge-IP ethile ukuze uchaze ingxaki lulungiselelo lwexeshana oluqhelekileyo.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Icandelo 10. Inkqubo yokubeka iliso

Ekuqaleni andizukusigubungela isihloko sokubeka iliso - isengumxholo onzima, ophikisanayo kunye nonzima. Kodwa njengoko izinto zaziqhubeka, kwafumaniseka ukuba le yayiyinxalenye ebalulekileyo ye-automation. Kwaye akunakwenzeka ukuyigqitha, ngaphandle kokuziqhelanisa.

Ingcinga ephuhlayo iyinxalenye yenkqubo yeCI/CD. Emva kokukhupha uqwalaselo kwinethiwekhi, kufuneka sikwazi ukubona ukuba yonke into ilungile na ngoku.
Kwaye asithethi kuphela kwaye hayi kakhulu malunga neeshedyuli zokusetyenziswa kojongano okanye ukufumaneka kwendawo, kodwa malunga nezinto ezifihlakeleyo - ubukho beendlela eziyimfuneko, iimpawu kuzo, inani leeseshoni ze-BGP, abamelwane be-OSPF, ukusebenza kokuphela kokuya yeenkonzo ezingaphezulu.
Ngaba i-syslogs kumncedisi wangaphandle iyekile ukudibanisa, okanye i-arhente ye-SFlow yaphuka, okanye ingaba amathontsi emigca aqale ukukhula, okanye udibaniso phakathi kwezinye izibini zezimaphambili zophukile?

Siza kuqwalasela oku kwinqaku elahlukileyo.

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

Ukuzenzekela kwabancinci. Inxalenye zero. Ukucwangcisa

isiphelo

Njengesiseko, ndakhetha enye yoyilo lwangoku lwenethiwekhi yedatha-L3 Clos Fabric kunye ne-BGP njengeprothokholi yomzila.
Ngeli xesha siya kwakha inethiwekhi kwiJuniper, kuba ngoku i-interface yeJunOs i-vanlove.

Masenze ubomi bethu bube nzima ngakumbi ngokusebenzisa izixhobo zoMthombo oVulekileyo kuphela kunye nenethiwekhi yabathengisi abaninzi - ke ukongeza kwiJuniper, ndiza kukhetha omnye umntu onethamsanqa ngakumbi endleleni.

Isicwangciso sopapasho oluzayo sinje:
Okokuqala ndiza kuthetha malunga neenethiwekhi zenyani. Okokuqala, kuba ndifuna, kwaye okwesibini, kuba ngaphandle koku, ukuyila kothungelwano lweziseko zophuhliso akuyi kucaca kakhulu.
Emva koko malunga noyilo lwenethiwekhi ngokwayo: i-topology, umzila, imigaqo-nkqubo.
Masihlanganise isitendi selabhoratri.
Makhe sicinge ngayo kwaye mhlawumbi siziqhelanise nokuqaliswa kwesixhobo kwinethiwekhi.
Kwaye ke malunga necandelo ngalinye kwiinkcukacha ezisondeleyo.

Kwaye ewe, andithembisi ukuphelisa lo mjikelo ngesisombululo esele senziwe. πŸ™‚

amakhonkco aluncedo

  • Ngaphambi kokuba uhlolisise uchungechunge, kuyafaneleka ukufunda incwadi kaNatasha Samoilenko I-Python yeeNjineli zeNethiwekhi. Kwaye mhlawumbi kudlule kunjalo.
  • Kwakhona kuya kuba luncedo ukufunda RFC malunga noyilo lweefektri zamaziko edatha ukusuka kwi-Facebook nguPeter Lapukhov.
  • Amaxwebhu oyilo aya kukunika umbono wendlela esebenza ngayo i-SDN eWalekayo. Ilaphu leTungsten (eyayisakuba yi-Open Contrail).
Enkosi

Umwonyo waseRoma. Ngezimvo kunye nokuhlelwa.
Artyom Chernobay Ye KDPV.

umthombo: www.habr.com

Yongeza izimvo