Π Ndachaza isakhelo esizenzekelayo sothungelwano. Ngokutsho kwabanye abantu, kwanale ndlela yokuqala yokujonga le ngxaki sele iyilungisile imibuzo ethile. Kwaye oku kundenza ndonwabe kakhulu, kuba injongo yethu kumjikelezo ayikokugubungela i-Ansible ngemibhalo yePython, kodwa ukwakha inkqubo.
Kwaesi sikhokelo sinye sibeka indlela esiza kujongana ngayo nombuzo.
Kwaye i-network virtualization, apho lo mbandela unikezelwe kuyo, ayihambelani ngokukodwa nesihloko se-ADSM, apho sihlalutya i-automation.
Kodwa masiyijonge ngenye indlela.
Iinkonzo ezininzi zisebenzisa inethiwekhi efanayo ixesha elide. Kwimeko yomqhubi we-telecom, le yi-2G, 3G, LTE, i-broadband kunye ne-B2B, umzekelo. Kwimeko ye-DC: uxhulumaniso kubaxhasi abahlukeneyo, i-Intanethi, ukugcinwa kwebhloko, ukugcinwa kwezinto.
Kwaye zonke iinkonzo zifuna ukwahlukaniswa komnye nomnye. Le yindlela uthungelwano olungaphezulu oluvele ngayo.
Kwaye zonke iinkonzo azifuni ukulinda umntu ukuba aziqwalasele ngesandla. Yile ndlela i-orchestrators kunye ne-SDN evele ngayo.
Indlela yokuqala yokwenza i-automation ye-automation yenethiwekhi, okanye kunoko inxalenye yayo, sele ithathwa kwaye iphunyezwe kwiindawo ezininzi: VMWare, OpenStack, Google Compute Cloud, AWS, Facebook.
Yiloo nto esiza kujongana nayo namhlanje.
Iziqulatho
- izizathu
- I sigama
- I-Underlay - inethiwekhi ebonakalayo
- Ukwaleka - inethiwekhi ebonakalayo
- Ukwaleka ngeToR
- Umaleko ovela kumamkeli
- Ukusebenzisa iTungsten Fabric njengomzekelo
- Unxibelelwano kumatshini omnye womzimba
- Unxibelelwano phakathi kwee-VM ezibekwe koomatshini bomzimba abahlukeneyo
- Phuma kwilizwe langaphandle
- FAQ
- isiphelo
- amakhonkco aluncedo
izizathu
Kwaye ekubeni sithetha ngale nto, kufanelekile ukukhankanya izinto eziyimfuneko kwi-network virtualization. Enyanisweni, le nkqubo ayizange iqale izolo.
Ukhe weva ngaphezu kwesihlandlo esinye ukuba inethiwekhi ibisoloko iyeyona ndawo ingasebenziyo kuyo nayiphi na inkqubo. Kwaye oku kuyinyaniso ngandlela zonke. Inethiwekhi isiseko apho yonke into ixhomekeke kuyo, kwaye ukwenza utshintsho kuyo kunzima kakhulu - iinkonzo aziyinyamezeli xa inethiwekhi iphantsi. Rhoqo, ukuphelisa i-node enye kunokuthatha indawo enkulu yezicelo kwaye kube nefuthe kubathengi abaninzi. Oku kungenxa yokuba iqela lenethiwekhi linokumelana naluphi na utshintsho - kuba ngoku lusebenza ngandlela thile (sisenokungazi nokuba njani), kodwa apha kufuneka uqwalasele into entsha, kwaye ayaziwa ukuba izakuchaphazela njani umsebenzi womnatha.
Ukuze ungalindi ukuba i-networkers ifake ii-VLAN kwaye ingabhalisi naziphi na iinkonzo kwi-node nganye yenethiwekhi, abantu beza nombono wokusebenzisa ukugqithisa - unxibelelwano olungaphezulu - apho kukho iindidi ezininzi: GRE, IPinIP, MPLS, MPLS L2/L3VPN, VXLAN, GENEVE, MPLSoverUDP, MPLSoverGRE, njl.
Isibongozo sabo sikwizinto ezimbini ezilula:
- Kuphela iindawo eziphelayo ziqwalaselwe-iindawo zokuhamba azifuni kuchukunyiswa. Oku kukhawuleza ngokukhawuleza inkqubo, kwaye ngamanye amaxesha kukuvumela ukuba ungabandakanyi ngokupheleleyo isebe leziseko zothungelwano kwinkqubo yokwazisa ngeenkonzo ezintsha.
- Umthwalo ufihliwe nzulu ngaphakathi kweentloko - iindawo zokuhamba azidingi ukwazi nantoni na malunga nayo, malunga nokujongana neenginginya, okanye malunga neendlela zenethiwekhi yokugqithisa. Oku kuthetha ukuba kufuneka ugcine ulwazi oluncinci kwiitafile, oku kuthetha ukusebenzisa isixhobo esilula / esingabizi.
Kulo mbandela ongekho ngokupheleleyo, andicwangcisi ukuhlalutya bonke ubugcisa obunokwenzeka, kodwa kunoko ndichaza isakhelo sokusebenza kothungelwano olungaphezulu kwi-DCs.
Uluhlu olupheleleyo luya kuchaza iziko ledatha eliquka imigca yeeracks ezifanayo apho kufakwe khona isixhobo somncedisi ofanayo.
Esi sixhobo siqhuba oomatshini/izikhongozeli/ezingenaseva eziphumeza iinkonzo.
I sigama
Kwilophu umncedisi Ndiza kuchaza inkqubo ephumeza icala lomncedisi wonxibelelwano lomxumi-umncedisi.
Oomatshini bomzimba kwiiracks babizwa ngokuba ngamaseva hayi siza.
Umatshini womzimba β Ikhompyutha ye-x86 ifakwe kwindawo yokubeka. Elona gama lisetyenziswa rhoqo umamkeli. Yile nto siza kuyibiza ngayo "ΠΌΠ°ΡΠΈΠ½Π°"okanye umamkeli.
I-Hypervisor -isicelo esisebenza kumatshini obonakalayo olinganisa izixhobo ezibonakalayo apho oomatshini beVirtual basebenza khona. Ngamanye amaxesha kuncwadi nakwi-Intanethi igama elithi "hypervisor" lisetyenziswa njengesithethantonye se "host".
Umatshini wenyani -inkqubo yokusebenza esebenza kumatshini womzimba phezu kwe-hypervisor. Kuthi kulo mjikelo, akukhathaliseki nokuba ngumatshini onenyani okanye isikhongozeli nje. Masiyibize"VMΒ«
Umqeshi yingcamango ebanzi endiya kuyichaza kweli nqaku njengenkonzo eyahlukileyo okanye umxhasi owahlukileyo.
Ukuqesha okuninzi okanye multitenancy - ukusetyenziswa kwesicelo esifanayo ngabaxhasi/iinkonzo ezahlukeneyo. Ngexesha elifanayo, ukuhlukaniswa kwabaxhasi omnye komnye kuphunyezwa ngokubonga kwi-architecture yesicelo, kwaye kungekhona ngeemeko eziqhuba ngokwahlukileyo.
I-ToR β Phezulu kwisitshixo seRakhi -Ukutshintsha okufakwe kwi-rack apho bonke oomatshini bomzimba baxhunyiwe.
Ukongeza kwi-ToR topology, ababoneleli abohlukeneyo baziqhelanisa ne-End of Row (EoR) okanye uMbindi kuRowu (nangona le yokugqibela inqabile kwaye khange ndibone isishunqulelo se-MoR).
Uthungelwano lwangaphantsi okanye inethiwekhi engaphantsi okanye i-underlay yisiseko sothungelwano olubonakalayo: iiswitshi, iirotha, iintambo.
Inethiwekhi eWalekeneyo okanye umsebenzi womnatha ogqunyiweyo okanye ulwaleka-uthungelwano olubonakalayo lweetonela ezisebenza ngaphezulu kweyoqobo.
Ilaphu le-L3 okanye ilaphu le-IP -Uyilo olumangalisayo loluntu olukuvumela ukuba uphephe ukuphinda i-STP kunye nokufunda iTRILL yodliwanondlebe. Ingcamango apho inethiwekhi yonke ukuya kwinqanaba lokufikelela kuphela i-L3, ngaphandle kwee-VLANs kwaye, ngokufanelekileyo, imimandla emikhulu yosasazo eyandisiweyo. Siza kujonga ukuba igama elithi "ifektri" livela phi kwicandelo elilandelayo.
SDN -Inethiwekhi echaziweyo yeSoftware. Ayifuni kakhulu intshayelelo. Indlela yokulawula inethiwekhi apho utshintsho kwinethiwekhi alwenziwanga ngumntu, kodwa ngeprogram. Ngokuqhelekileyo kuthetha ukuhambisa iPlane yoLawulo ngaphaya kwezixhobo zenethiwekhi zokuphela kumlawuli.
I-NFV - Network Function Virtualization - virtualization of network devices, ebonisa ukuba eminye imisebenzi womnatha inokuqhutywa ngohlobo oomatshini virtual okanye izitya ukukhawulezisa ukuphunyezwa kweenkonzo ezintsha, ukuququzelela Service Chaining kunye scalability elula oxwesileyo.
VNF -Umsebenzi womnatha obonakalayo. Isixhobo esikhethekileyo esibonakalayo: umzila, iswitsha, i-firewall, i-NAT, i-IPS/IDS, njl.
Ngoku ndenza lula ngamabomu inkcazo kuphunyezo oluthile, ukuze ungabhidanisi kakhulu umfundi. Ukuze ufunde ngakumbi, ndimthumela kwicandelo . Ukongeza, i-Roman Gorge, egxeka eli nqaku ngokungachanekanga, uthembisa ukubhala umba owahlukileyo malunga ne-server kunye ne-network virtualization technologies, enzulu ngakumbi kwaye ithathele ingqalelo kwiinkcukacha.
Uninzi lweenethiwekhi namhlanje zinokwahlulwa ngokucacileyo zibe ziinxalenye ezimbini:
Ngaphantsi β uthungelwano olubonakalayo olunobumbeko oluzinzileyo.
Ukululeka -ukuthatyathwa kwi-Underlay yokwahlula abaqeshi.
Oku kuyinyaniso kokubili kwimeko ye-DC (esiza kuyihlalutya kweli nqaku) kunye ne-ISP (esingayi kuyihlalutya, kuba sele sele ikhona. ). Ngothungelwano lwamashishini, kunjalo, imeko yahlukile.
Umfanekiso ogxininise kwinethiwekhi:
Ngaphantsi
I-Underlay yinethiwekhi ebonakalayo: iiswitshi zehardware kunye neentambo. Izixhobo ezingaphantsi komhlaba ziyayazi indlela yokufikelela koomatshini bomzimba.
Ixhomekeke kwiiprothokholi ezisemgangathweni kunye nobuchwepheshe. Okuncinci ngenxa yokuba izixhobo ze-hardware ukuza kuthi ga namhlanje zisebenza kwisoftware yobunini engavumeli nokuba iprogram ye-chip okanye iphumeze eyayo imigaqo-nkqubo; ngokufanelekileyo, ukuhambelana nabanye abathengisi kunye nokubekwa emgangathweni kuyafuneka.
Kodwa umntu onjengoGoogle unokukwazi ukuphuhlisa iiswitshi zakhe kwaye alahle iiprothokholi zamkelwe ngokubanzi. Kodwa i-LAN_DC ayingoGoogle.
I-Underlay itshintsha ngokunqabileyo ngenxa yokuba umsebenzi wayo usisiseko soqhagamshelwano lwe-IP phakathi koomatshini bomzimba. I-Underlay akazi nto malunga neenkonzo, abathengi, okanye abaqeshi abaqhuba ngaphezulu kwayo - idinga kuphela ukuhambisa iphakheji ukusuka kumatshini omnye ukuya komnye.
I-Underlay ingaba ngolu hlobo:
- IPv4+OSPF
- IPv6+ISIS+BGP+L3VPN
- L2+TRILL
- L2+STP
Umsebenzi womnatha ongaphantsi uqwalaselwe ngendlela yakudala: CLI/GUI/NETCONF.
Ngesandla, izikripthi, izinto eziluncedo zobunikazi.
Inqaku elilandelayo kuluhlu liya kunikezelwa kwi-underlay ngokubanzi.
Ukululeka
I-Overlay yinethiwekhi yenyani yeetonela ezolulelwe ngaphezulu kwe-Underlay, ivumela ii-VM zomxhasi omnye ukuba zinxibelelane omnye nomnye, ngelixa zibonelela ngokuzimela kwabanye abathengi.
Idatha yomxhasi ifakwe kwezinye iiheader zetonela ukuze zigqithiselwe kuthungelwano loluntu.
Ke ii-VM zomxhasi omnye (inkonzo enye) inokunxibelelana enye nenye ngeNgqungquthela, ngaphandle kokwazi nokuba yeyiphi indlela ethathwa yipakethe.
Ukwaleka kunokuba, umzekelo, njengoko ndikhankanyile ngasentla:
- Itonela ye-GRE
- VXLAN
- EVPN
- I-L3VPN
- GENEVE
Inethiwekhi yolwalekayo idla ngokumiselwa kwaye igcinwe kusetyenziswa umlawuli osembindini. Ukusuka kuyo, ukucwangciswa, iPlanethi yokuLawula kunye nePlanethi yeDatha ihanjiswa kwizixhobo ezihamba ngendlela kwaye zifake i-traffic yabathengi. Kancinci Makhe sijonge oku ngemizekelo.
Ewe, le yi-SDN ngendlela ecocekileyo.
Kukho iindlela ezimbini ezisisiseko ezahlukeneyo zokuququzelela uthungelwano lweNgqungquthela:
- Ukwaleka ngeToR
- Umaleko ovela kumamkeli
Ukwaleka ngeToR
Ukugqithisa kunokuqala kwi-switch access (ToR) emi kwi-rack, njengoko kwenzekayo, umzekelo, kwimeko yengubo ye-VXLAN.
Le yindlela evavanywe ixesha kuthungelwano lwe-ISP kwaye bonke abathengisi bezixhobo zenethiwekhi bayayixhasa.
Nangona kunjalo, kulo mzekelo, utshintsho lweToR kufuneka lukwazi ukwahlula iinkonzo ezahlukeneyo, ngokulandelelana, kwaye umlawuli wenethiwekhi kufuneka, kwinqanaba elithile, asebenzisane nabalawuli bomatshini kwaye enze utshintsho (nangona ngokuzenzekelayo) kuqwalaselo lwezixhobo. .
Apha ndiya kubhekisa umfundi kwinqaku malunga umhlobo wethu omdala .
Kule iindlela zokwakha inethiwekhi ye-DC ngelaphu le-EVPN VXLAN zichazwe ngokweenkcukacha.
Kwaye ukucwiliswa okupheleleyo ngokwenyani, unokufunda incwadi kaTsiska .
Ndiyaqaphela ukuba i-VXLAN yindlela yokudibanisa kuphela kunye nokupheliswa kweetonela akunakwenzeka kwi-ToR, kodwa kumamkeli, njengoko kwenzeka kwimeko ye-OpenStack, umzekelo.
Nangona kunjalo, ilaphu le-VXLAN, apho i-overlay iqala khona kwi-ToR, yenye yoyilo olusekiweyo lolwaleka lwenethiwekhi.
Umaleko ovela kumamkeli
Enye indlela kukuqalisa kunye nokuphelisa itonela kwiinginginya zokugqibela.
Kule meko, inethiwekhi (i-Underlay) ihlala ilula kwaye i-static kangangoko kunokwenzeka.
Kwaye umphathi ngokwawo wenza yonke i-encapsulation eyimfuneko.
Oku ngokuqinisekileyo kuya kufuna ukuqhuba isicelo esikhethekileyo kubabuthi, kodwa kufanelekile.
Okokuqala, ukuqhuba umxhasi kumatshini weLinux kulula okanye, masithi, nokuba kunokwenzeka, ngelixa utshintshile kuya kufuneka ujike kwizisombululo ze-SDN zobunikazi, ezibulala umbono wabathengisi abaninzi.
Okwesibini, ukutshintshwa kweToR kule meko kunokushiywa ngokulula njengoko kunokwenzeka, zombini ukusuka kwindawo yokujonga iPlane yoLawulo kunye neDatha yeDatha. Enyanisweni, ke akufuneki ukuba unxibelelane nomlawuli we-SDN, kwaye akufuneki ukuba kugcinwe uthungelwano / ii-ARP zabo bonke abathengi abaxhunyiwe - kwanele ukwazi idilesi ye-IP yomatshini womzimba, owenza lula kakhulu ukutshintsha / iitafile zomzila.
Kuluhlu lwe-ADSM, ndikhetha indlela yokwaleka kwi-host host - ke sithetha ngayo kuphela kwaye asiyi kubuyela kwifektri yeVXLAN.
Kulula ukujonga imizekelo. Kwaye njengesifundo sovavanyo siya kuthatha iqonga le-OpenSource SDN i-OpenContrail, ngoku eyaziwa ngokuba .
Ekupheleni kwenqaku ndiza kunika iingcinga malunga nesifaniso ne-OpenFlow kunye ne-OpenvSwitch.
Ukusebenzisa iTungsten Fabric njengomzekelo
Umatshini ngamnye womzimba unayo vRouter -i-router enenyani eyazi malunga nothungelwano oluqhagamshelwe kuyo kwaye ngabaphi abathengi abangababo - ngokusisiseko i-PE router. Kumxhasi ngamnye, igcina itafile esecaleni kwendlela (funda iVRF). Kwaye i-vRouter ngokwenene yenza i-Overlay tunneling.
Kancinci ngakumbi malunga ne-vRouter isekupheleni kwenqaku.
I-VM nganye ebekwe kwi-hypervisor iqhagamshelwe kwi-vRouter yalo matshini nge .
TAP -Indawo yokuFikelela kwitheminali-ujongano olubonakalayo kwi-Linux kernel evumela ukusebenzisana kwenethiwekhi.
Ukuba kukho iinethiwekhi ezininzi emva kwe-vRouter, ngoko ujongano olubonakalayo lwenzelwe ngamnye kubo, apho idilesi ye-IP inikwe - iya kuba yidilesi yesango engagqibekanga.
Zonke iinethiwekhi zomthengi omnye zibekwe kwindawo enye I-VRF (itafile enye), ezahlukeneyo - kwiintlobo ezahlukeneyo.
Ndiza kwenza i-disclaimer apha ukuba ayizizo zonke izinto ezilula, kwaye ndiza kuthumela umfundi onolwazi ekupheleni kwenqaku..
Ukuze ii-vRouters zinxibelelane omnye nomnye, kwaye, ngokufanelekileyo, ii-VM ezibekwe emva kwazo, zitshintshiselana ngolwazi lomzila nge. Umlawuli we-SDN.
Ukuphuma kwilizwe langaphandle, kukho indawo yokuphuma kwi-matrix - isango lenethiwekhi yenyani VNGW β IGateWay yeNethiwekhi eNgcono (ixesha lam).
Ngoku makhe sijonge imizekelo yonxibelelwano-kwaye kuya kubakho ukucaca.
Unxibelelwano kumatshini omnye womzimba
I-VM0 ifuna ukuthumela ipakethi kwi-VM2. Masicinge okwangoku ukuba le yi-VM yomxhasi omnye.
Data Plane
- I-VM-0 inendlela engagqibekanga kujongano lwayo lwe-eth0. Iphakheji ithunyelwa apho.
Olu jongano lwe-eth0 luqhagamshelwe ngokoqobo kwi-router ye-vRouter nge-TAP interface tap0. - I-vRouter ihlalutya ukuba loluphi ujongano ipakethe eza kuyo, oko kukuthi, ngowuphi umxhasi (VRF) yeyayo, kwaye ijonga idilesi yomamkeli ngetafile yomzila yalo mxhasi.
- Emva kokuba ubonile ukuba umamkeli kumatshini omnye ukwizibuko elahlukileyo, i-vRouter ithumela nje ipakethe kuyo ngaphandle kweeheader ezongezelelweyo - kulo mzekelo, i-vRouter sele inongeno lwe-ARP.
Kule meko, ipakethi ayifaki inethiwekhi yomzimba - ihanjiswa ngaphakathi kwi-vRouter.
Inqwelomoya yokulawula
Xa umatshini wenyani uqala, i-hypervisor iyayixelela:
- Eyakhe idilesi yeIP.
- Indlela engagqibekanga idlula kwidilesi ye-IP ye-vRouter kule nethiwekhi.
I-hypervisor inika ingxelo kwi-vRouter nge-API ekhethekileyo:
- Yintoni oyifunayo ukwenza ujongano olubonakalayo.
- Loluphi uhlobo lothungelwano lwenyani olufuna ukwenziwa (VM)?
- Yiyiphi iVRF (VN) yokuyibophelela kuyo.
- Ungeno lwe-ARP olungatshintshiyo lwale VM-ujongano olusemva kwedilesi ye-IP kunye nedilesi ye-MAC enxulunyaniswa nayo.
Kwakhona, eyona nkqubo yokunxibelelana yenziwa lula ngenxa yokuqonda le ngcamango.
Ke, i-vRouter ibona zonke ii-VM zomxhasi omnye kumatshini onikiweyo njengothungelwano oluqhagamshelwe ngokuthe ngqo kwaye inomzila phakathi kwawo ngokwawo.
Kodwa i-VM0 kunye ne-VM1 zezabathengi abahlukeneyo kwaye, ngokufanelekileyo, zikwiitafile ezahlukeneyo ze-vRouter.
Nokuba bayakwazi ukunxibelelana omnye komnye ngokuthe ngqo kuxhomekeke kwizicwangciso ze-vRouter kunye noyilo lwenethiwekhi.
Umzekelo, ukuba zombini ii-VMs zabathengi zisebenzisa iidilesi zoluntu, okanye i-NAT yenzeka kwi-vRouter ngokwayo, ngoko indlela ethe ngqo kwi-vRouter inokwenziwa.
Kwimeko echaseneyo, kunokwenzeka ukuwela izithuba zeedilesi - kufuneka uhambe kwiseva ye-NAT ukuze ufumane idilesi yoluntu - oku kufana nokufikelela kumanethiwekhi angaphandle, axoxwa ngezantsi.
Unxibelelwano phakathi kwee-VM ezibekwe koomatshini bomzimba abahlukeneyo
Data Plane
- Isiqalo siyafana ncakasana: I-VM-0 ithumela ipakethi enendawo eya kuyo i-VM-7 (172.17.3.2) ngokungagqibekanga kwayo.
- I-vRouter iyayifumana kwaye ngeli xesha ibona ukuba indawo ekuyiwa kuyo ikumatshini owahlukileyo kwaye iyafikeleleka ngeTunnel0.
- Okokuqala, ixhoma ileyibhile yeMPLS echonga ujongano olukude, ukuze kwicala elingasemva i-vRouter inokugqiba ukuba ibeke phi le pakethi ngaphandle kokujonga okongeziweyo.
- I-Tunnel0 inomthombo 10.0.0.2, indawo ekuyiwa kuyo: 10.0.1.2.
I-vRouter yongeza i-GRE (okanye i-UDP) iintloko kunye ne-IP entsha kwipakethi yokuqala. - Itheyibhile ye-vRouter yomzila inendlela engagqibekanga ngedilesi ye-ToR1 10.0.0.1. Kulapho ayithumela khona.
- ToR1, njengelungu womnatha Underlay, uyazi (umzekelo, nge OSPF) indlela ukuya 10.0.1.2 kwaye ithumela ipakethi ecaleni kwendlela. Qaphela ukuba i-ECMP ivuliwe apha. Kukho iihops ezimbini ezizayo kulo mzekeliso, kwaye imisonto eyahlukeneyo iya kuhlelwa kuyo ngehashi. Kwimeko yefektri yokwenyani, kuya kubakho ngaphezulu kwe-4 elandelayo.
Ngelo xesha, akafuni ukwazi ukuba yintoni ephantsi kwe-header ye-IP yangaphandle. Oko kukuthi, enyanisweni, phantsi kwe-IP kunokubakho isanti ye-IPv6 ngaphezulu kwe-MPLS ngaphezulu kwe-Ethernet ngaphezulu kwe-MPLS ngaphezulu kwe-GRE ngaphezulu kwesiGrike.
- Ngokufanelekileyo, kwicala lokufumana, i-vRouter isusa i-GRE kwaye, isebenzisa ithegi ye-MPLS, iyaqonda ukuba yeyiphi i-interface le ipakethi ekufuneka ithunyelwe kuyo, iyihlube kwaye iyithumele kwimo yayo yokuqala kumamkeli.
Inqwelomoya yokulawula
Xa uqalisa imoto, kwenzeka into efanayo njengoko kuchazwe ngasentla.
Kwaye kunye noku kulandelayo:
- Kumxhasi ngamnye, i-vRouter yabela ithegi yeMPLS. Le yileyibhile yenkonzo ye-L3VPN, apho abathengi baya kwahlulwa kumatshini ofanayo womzimba.
Enyanisweni, ithegi ye-MPLS isoloko yabiwa ngokungenamiqathango yi-vRouter - emva kwayo yonke loo nto, akwaziwa kwangaphambili ukuba umatshini uya kusebenzisana kuphela nabanye oomatshini emva kwe-vRouter efanayo kwaye oku kunokwenzeka ukuba akunjalo.
- vRouter iseka uxhulumaniso kunye nomlawuli we-SDN usebenzisa i-protocol ye-BGP (okanye efana nayo - kwimeko ye-TF, le yi-XMPP 0_o).
- Ngale seshoni, i-vRouter inika ingxelo yeendlela eziya kuthungelwano oluqhagamshelweyo kumlawuli we-SDN:
- Idilesi yenethiwekhi
- Indlela yokuqinisa (MPLSoGRE, MPLSoUDP, VXLAN)
- Ithegi yomthengi weMPLS
- Idilesi yakho yeIP njenge nexthop
- Umlawuli we-SDN ufumana iindlela ezinjalo kuzo zonke ii-vRouters ezixhunyiwe kwaye zibonise kwabanye. Oko kukuthi, isebenza njengeReflector yeNdlela.
Kwenzeka into efanayo kwelinye icala.
Ukwaleka kunokutshintsha ubuncinane yonke imzuzu. Oku kuphantse kwenzeke kumafu oluntu, apho abathengi baqala kwaye bavale oomatshini babo benyani.
Umlawuli ophakathi ukhathalela bonke ubunzima bokugcina ulungelelwaniso kunye nokubeka iliso kwiitafile zokutshintsha / ukuhambisa kwi-vRouter.
Xa sithetha nje, umlawuli unxibelelana nazo zonke ii-vRouters nge-BGP (okanye iprotocol efanayo) kwaye uthumela ngokulula ulwazi lomzila. BGP, umzekelo, sele Idilesi-Family ukuhambisa indlela encapsulation okanye .
Ngexesha elifanayo, ukucwangciswa kwenethiwekhi ye-Underlay ayitshintshi nangayiphi na indlela, leyo, ngendlela, kunzima kakhulu ukuzenzekelayo, kwaye kulula ukuphuka kunye nokunyakaza okungahambi kakuhle.
Phuma kwilizwe langaphandle
Kwenye indawo ukulinganisa kufuneka kuphele, kwaye kufuneka uphume kwihlabathi elibonakalayo uye kweyokwenyani. Kwaye ufuna isango lefowuni yokuhlawula.
Zimbini iindlela ezisetyenziswayo:
- I-router ye-hardware ifakiwe.
- Isixhobo siqalisiwe esisebenzisa imisebenzi ye-router (ewe, ilandela i-SDN, siye sadibana ne-VNF). Masiyibize njengesango elibonakalayo.
I-advanteji yendlela yesibini yi-scalability ethe tyaba encinci - akukho mandla aneleyo - sasungula omnye umatshini wenyani onesango. Kuwo nawuphi na umatshini womzimba, ngaphandle kokujonga iirakhi zasimahla, iiyunithi, ukuphuma kwamandla, ukuthenga i-hardware ngokwayo, ukuyihambisa, ukuyifakela, ukuyitshintsha, ukuyiqwalasela, kwaye emva koko utshintshe amacandelo angalunganga kuwo.
Ukungalungi kwesango elibonakalayo kukuba iyunithi ye-router ebonakalayo iseyi-odolo yobukhulu obunamandla ngakumbi kunomatshini we-multi-core virtual, kwaye isofthiwe yayo, eyenzelwe isiseko sayo se-hardware, isebenza ngokuzinza ngakumbi.akukho). Kukwanzima ukukhanyela inyani yokuba i-hardware kunye nesoftware entsonkothileyo isebenza ngokulula, ifuna uqwalaselo kuphela, ngelixa ukuqaliswa kunye nokugcinwa kwesango elibonakalayo kungumsebenzi weenjineli ezinamandla.
Ngonyawo olunye, isango lijonge kuNxibelelwano lwenyani, njengoomatshini oqhelekileyo weVirtual, kwaye unokunxibelelana nazo zonke ezinye ii-VM. Kwangaxeshanye, inokuphelisa uthungelwano lwabo bonke abathengi kwaye, ngokufanelekileyo, iqhube umzila phakathi kwabo.
Ngolunye unyawo lwayo, isango lijonge kwinethiwekhi yomqolo kwaye liyayazi indlela yokungena kwi-Intanethi.
Data Plane
Oko kukuthi, inkqubo ibonakala ngolu hlobo:
- I-VM-0, emva kokungagqibekanga kwi-vRouter enye, ithumela ipakethi enendawo kwilizwe langaphandle (185.147.83.177) kujongano lwe-eth0.
- I-vRouter ifumana le pakethi kwaye ijonge idilesi yendawo ekuyiwa kuyo kwitheyibhile yomzila-ifumana indlela engagqibekanga ngeVNGW1 yokungena kwiTunnel 1.
Uyabona kwakhona ukuba le yi-tunnel ye-GRE ene-SIP 10.0.0.2 kunye ne-DIP 10.0.255.2, kwaye kufuneka kwakhona aqhoboshele ileyibhile ye-MPLS yalo mxhasi, i-VNGW1 ilindele. - I-vRouter ipakisha ipakethi yokuqala ngeMPLS, GRE kunye neeheader ze-IP ezintsha kwaye iyithumele kwi-ToR1 10.0.0.1 ngokungagqibekanga.
- Inethiwekhi engaphantsi ihambisa ipakethi kwisango le-VNGW1.
- Isango le-VNGW1 lisusa i-GRE kunye ne-MPLS i-tunnel headers, ibona idilesi yendawo ekuyiyo, ijongana netafile yayo yomzila kwaye iyaqonda ukuba iqondiswe kwi-Intanethi - oko kukuthi, ngokuJonga ngokupheleleyo okanye ngokuMiselweyo. Ukuba kuyimfuneko, yenza uguqulelo lwe-NAT.
- Kunokubakho inethiwekhi ye-IP eqhelekileyo ukusuka kwi-VNGW ukuya kumda, into engenakwenzeka.
Kunokubakho inethiwekhi ye-MPLS yeklasikhi (IGP + LDP / RSVP TE), kunokubakho ilaphu elingasemva kunye ne-BGP LU okanye i-tunnel ye-GRE esuka kwi-VNGW ukuya kumda nge-IP network.
Yiba nokuba kunjalo, i-VNGW1 yenza i-encapsulations efunekayo kwaye ithumele ipakethi yokuqala kumda.
I-traffic kwelinye icala idlula kwinqanaba elifanayo ngendlela echaseneyo.
- Umda uwisa ipakethe kwiVNGW1
- Uyamkhulula, ajonge idilesi yomamkeli kwaye abone ukuba uyafikeleleka ngeTunnel1 tunnel (MPLSoGRE okanye MPLSoUDP).
- Ngokuhambelanayo, ifaka ileyibhile yeMPLS, i-header ye-GRE / UDP kunye ne-IP entsha kwaye iyithumele kwi-ToR3 10.0.255.1 yayo.
Idilesi yendawo yetonela yidilesi ye-IP ye-vRouter apho i-VM ekujoliswe kuyo ikhona - 10.0.0.2. - Inethiwekhi engaphantsi ihambisa ipakethi kwi-vRouter efunwayo.
- I-vRouter ekujoliswe kuyo ifunda i-GRE/UDP, imisela i-interface isebenzisa ilebhile ye-MPLS kwaye ithumela ipakethe ye-IP engenanto kwi-interface ye-TAP ehambelana ne-eth0 ye-VM.
Inqwelomoya yokulawula
I-VNGW1 iseka i-BGP ebumelwaneni kunye nomlawuli we-SDN, apho ifumana khona zonke iinkcukacha zomzila malunga nabaxhasi: yeyiphi idilesi ye-IP (vRouter) isemva kweyiphi umxhasi, kwaye yeyiphi ileyibhile yeMPLS eyichongayo.
Ngokufanayo, yena ngokwakhe wazisa umlawuli we-SDN wendlela engagqibekanga kunye neleyibhile yalo mxhasi, ebonisa yena njenge-nexthop. Kwaye ke oku kungagqibekanga kufika kwi-vRouters.
Kwi-VNGW, indlela yokudibanisa okanye inguqulelo ye-NAT iqhele ukwenzeka.
Kwaye kwelinye icala, uthumela ngqo le ndlela idityanisiweyo kwiseshoni enemida okanye iReflectors yeNdlela. Kwaye kubo ifumana indlela engagqibekanga okanye iFull-View, okanye enye into.
Ngokubhekiselele kwi-encapsulation kunye nokutshintshwa kwetrafikhi, i-VNGW ayifani ne-vRouter.
Ukuba wandisa umda omncinci, ngoko unokongeza ezinye izixhobo zenethiwekhi kwi-VNGWs kunye ne-vRouters, ezifana ne-firewall, ukucocwa kwetrafikhi okanye iifama zokutyebisa, i-IPS, njalo njalo.
Kwaye ngoncedo lwendalo elandelelanayo yee-VRF kunye nesaziso esichanekileyo seendlela, unokunyanzela i-traffic ukuba ijikeleze ngendlela oyifunayo, ebizwa ngokuba yi-Service Chaining.
Oko kukuthi, apha kwakhona umlawuli we-SDN usebenza njengeNdlela-Reflector phakathi kwe-VNGWs, i-vRouters kunye nezinye izixhobo zenethiwekhi.
Kodwa eneneni, umlawuli ukwakhupha ulwazi malunga ne-ACL kunye ne-PBR (Umgaqo-nkqubo oSekwe kwiNdlela), ebangela ukuba ukuqukuqela kwetrafikhi kuhambe ngokwahlukileyo kunendlela ebaxelela ngayo.
FAQ
Kutheni uhlala usenza i-GRE/UDP inqaku?
Ewe, ngokubanzi, oku kunokuthiwa ngokuthe ngqo kwi-Tungsten Fabric - akufuneki ukuba uyithathele ingqalelo.
Kodwa ukuba siyayithatha, i-TF ngokwayo, ngelixa i-OpenContrail, ixhasa zombini i-encapsulations: i-MPLS kwi-GRE kunye ne-MPLS kwi-UDP.
I-UDP ilungile kuba kwi-Source Port kulula kakhulu ukubethelela umsebenzi we-hash ukusuka kwi-IP yasekuqaleni + iProto + Port kwintloko yayo, eya kukuvumela ukuba wenze ukulinganisa.
Kwimeko ye-GRE, yeha, kukho ii-IP zangaphandle kunye ne-GRE headers, ezifanayo kuzo zonke iitrafikhi ezifakiweyo kwaye akukho ntetho yokulinganisa - bambalwa abantu abanokukhangela nzulu ngaphakathi kwipakethi.
Kude kube lixesha, iirotha, ukuba zazikwazi ukusebenzisa iitonela eziguqukayo, zenze njalo kwiMPLSoGRE kuphela, kwaye kutsha nje bafunde ukusebenzisa iMPLSoUDP. Ke ngoko, kufuneka sihlale siphawula malunga nokuba nokwenzeka kweencapsulations ezimbini ezahlukeneyo.
Ngobulungisa, kuyafaneleka ukuba uqaphele ukuba i-TF ixhasa ngokupheleleyo uxhumano lwe-L2 usebenzisa i-VXLAN.
Uthembise ngokuzoba ukuhambelana ne-OpenFlow.
Bayicela ngokwenene. I-vSwitch kwi-OpenStack efanayo yenza izinto ezifanayo kakhulu, isebenzisa i-VXLAN, leyo, ngendlela, nayo ine-header ye-UDP.
KwiPlane yeDatha basebenza phantse ngokufanayo; iPlaneti yoLawulo yahluka kakhulu. I-Tungsten Fabric isebenzisa i-XMPP ukuhambisa ulwazi lwendlela kwi-vRouter, ngelixa i-OpenStack iqhuba i-Openflow.
Ngaba ungandixelela okungakumbi malunga ne-vRouter?
Yahlulwe yangamacandelo amabini: vRouter Agent kunye vRouter Forwarder.
Eyokuqala iqhuba kwiSithuba soMsebenzisi we-OS yenginginya kwaye inxibelelana nomlawuli we-SDN, ukutshintshiselana ngolwazi malunga neendlela, ii-VRF kunye nee-ACL.
Owesibini uphumeza iPlane yeDatha - ngokuqhelekileyo kwi-Kernel Space, kodwa inokuphinda isebenze kwi-SmartNICs - amakhadi womnatha kunye ne-CPU kunye ne-chip eguqukayo ehleliweyo eyahlukileyo, ekuvumela ukuba ususe umthwalo kwi-CPU yomshini wokusingatha, kwaye wenze uthungelwano lukhawuleze kwaye luqhube ngakumbi. kuqikelelwa.
Enye imeko enokwenzeka kukuba i-vRouter sisicelo seDPDK kwiSithuba soMsebenzisi.
Ummeli we-vRouter uthumela useto kwi-vRouter Forwarder.
Yintoni iNethiwekhi ebonakalayo?
Nditshilo ekuqaleni kwenqaku malunga neVRF ukuba umqeshi ngamnye ubotshelelwe kwiVRF yakhe. Kwaye ukuba oku kwakwanele ekuqondeni okungaphezulu kokusebenza kwenethiwekhi yokugqithisa, ngoko kwi-iteration elandelayo kuyimfuneko ukwenza ingcaciso.
Ngokuqhelekileyo, kwiindlela zokusebenzisa i-virtualization, i-Virtual Network entity (ungayiqwalasela le nto isibizo esifanelekileyo) yaziswa ngokwahlukileyo kubathengi / abaqashi / oomatshini be-virtual - into ezimeleyo ngokupheleleyo. Kwaye le Network Virtual isenokudityaniswa ngojongano kumqeshi omnye, komnye, kubini, okanye naphi na. Ngoko, umzekelo, i-Service Chaining iphunyezwa xa i-traffic kufuneka idluliselwe kwiindawo ezithile ngokulandelelana okufunekayo, ngokudala kunye nokudibanisa iiNethiwekhi ezichanekileyo ngokulandelelana okuchanekileyo.
Ke, ngolo hlobo, akukho mbalelwano ngqo phakathi kweNethiwekhi ebonakalayo kunye nomqeshi.
isiphelo
Le yinkcazo engaphezulu kakhulu yokusebenza kwenethiwekhi yenyani kunye ne-overlay evela kumamkeli kunye nomlawuli we-SDN. Kodwa kungakhathaliseki ukuba yiyiphi iqonga le-virtualization oyikhethayo namhlanje, liya kusebenza ngendlela efanayo, nokuba yi-VMWare, i-ACI, i-OpenStack, i-CloudStack, i-Tungsten Fabric okanye i-Juniper Contrail. Ziya kwahluka kwiindidi ze-encapsulations kunye neeheader, iiprothokholi zokuhambisa ulwazi ukuphelisa izixhobo zenethiwekhi, kodwa umgaqo wenethiwekhi ye-software-configurable overlay esebenza phezu kwenethiwekhi elula kunye ne-static underlay iya kuhlala ifana.
Sinokuthi namhlanje i-SDN esekelwe kwinethiwekhi engaphezulu iphumelele intsimi yokudala ilifu labucala. Nangona kunjalo, oku akuthethi ukuba i-Openflow ayinandawo kwihlabathi langoku-isetyenziswa kwi-OpenStacke nakwi-VMWare NSX efanayo, ngokokwazi kwam, uGoogle uyisebenzisa ukuseta inethiwekhi engaphantsi komhlaba.
Apha ngezantsi ndinikeze amakhonkco kwimathiriyeli eneenkcukacha ngakumbi ukuba ufuna ukufunda umba nzulu.
Kwaye kuthekani nge-Underlay yethu?
Kodwa ngokubanzi, akukho nto. Akazange atshintshe yonke indlela. Ekuphela kwento ekufuneka ayenze kwimeko yokwaleka ukusuka kumamkeli kuhlaziyo lweendlela kunye nee-ARP njengoko i-vRouter/VNGW ibonakala kwaye inyamalale kwaye iphathe iipakethi phakathi kwazo.
Masiqulunqe uluhlu lweemfuno zothungelwano lwe-Underlay.
- Ukwazi ukusebenzisa uhlobo oluthile lweprotocol yomzila, kwimeko yethu - BGP.
- Yiba ne-bandwidth ebanzi, ngokukhethekileyo ngaphandle kobhaliso olungaphezulu, ukuze iipakethi zingalahleki ngenxa yokugcwala.
- Ukuxhasa i-ECMP yinxalenye ebalulekileyo yelaphu.
- Ukwazi ukubonelela ngeQoS, kuquka izinto ezikhohlisayo ezifana ne-ECN.
- Ukuxhasa i-NETCONF sisiseko sekamva.
Ndinike ixesha elincinci kakhulu apha kumsebenzi wenethiwekhi ye-Underlay ngokwayo. Oku kungenxa yokuba kamva kuthotho ndiza kugxila kulo, kwaye siya kuchukumisa kuphela i-Overlay ngokudlula.
Ngokucacileyo, ndisinciphisa kakhulu sonke ngokusebenzisa njengomzekelo inethiwekhi ye-DC eyakhiwe kumzi-mveliso we-Cloz onendlela ecocekileyo ye-IP kunye nokwaleka okuvela kumamkeli.
Nangona kunjalo, ndiqinisekile ukuba nayiphi na inethiwekhi enoyilo inokuchazwa ngokwemigaqo esemthethweni kwaye izenzekelayo. Kuphela nje injongo yam apha kukuqonda iindlela zokuzenzekelayo, kwaye ungabhidanisi wonke umntu ngokusombulula ingxaki ngendlela eqhelekileyo.
Njengenxalenye ye-ADSM, i-Roman Gorge kunye nam siceba ukupapasha umba owahlukileyo malunga nokubonwa kwamandla ekhompyutheni kunye nokusebenzisana kwayo ne-network virtualization. Hala undiqhwetha.
amakhonkco aluncedo
- .
- . Iiyure ze-6 malunga ne-Yandex.Cloud, equka inethiwekhi ebonakalayo kwi-TF.
- .
- . Ithetha ngayo yonke inethiwekhi ye-DC, kuquka i-Underlay, i-Overlay, iindlela zokujonga ezininzi kunye nolawulo.
Enkosi
- -wayesakuba ngumamkeli we-linkmeup podcast kwaye ngoku uyingcali kwicandelo lamaqonga elifu. Ngezimvo kunye nokuhlelwa. Ewe, silinde inqaku lakhe elinzulu ngakumbi malunga ne-virtualization kungekudala.
- -ugxa wam kunye nengcali kwinkalo yophuhliso lwenethiwekhi yenyani. Ngezimvo kunye nokuhlelwa.
- - umlingane wam kunye nengcali kwintsimi yeTungsten Fabric. Ngezimvo kunye nokuhlelwa.
- -I-illustrator linkmeup. Ye KDPV.
- Alexander Limonov. Kuba "automato" meme.
umthombo: www.habr.com