"Ungasenza isisombululo (ukusombulula ingxaki) ngeendlela ezininzi, kodwa eyona ndlela ibiza kakhulu kunye / okanye idumileyo ayisoloko isebenzayo!"
Intshayelelo
Malunga neminyaka emithathu edlulileyo, kwinkqubo yokuphuhlisa imodeli ekude yokubuyisela idatha yentlekele, ndadibana nomqobo omnye ongazange uqatshelwe ngokukhawuleza - ukungabikho kolwazi malunga nezisombululo ezitsha zoqobo zokunxibelelana kwenethiwekhi kwimithombo yoluntu.
I-algorithm yemodeli ephuhlisiwe yacwangciswa ngolu hlobo lulandelayo:
- Umsebenzisi okude oqhakamshelane nam, onekhompyuter yakhe yakha yala ukuqala, ebonisa umyalezo othi "idiski yenkqubo ayibonwanga / ayifomathwanga," ilayisha isebenzisa ubomi be-USB.
- Ngethuba lenkqubo yokuqalisa, inkqubo idibanisa ngokuzenzekelayo kwinethiwekhi yendawo yangasese ekhuselekileyo, eyongeza kuyo ngokwayo iqulethe indawo yokusebenza yomlawuli, kule meko i-laptop, kunye ne-node ye-NAS.
- Emva koko ndidibanisa - mhlawumbi ukuvuselela izahlulo zediski, okanye ukukhupha idatha apho.
Ekuqaleni, ndasebenzisa le modeli usebenzisa iseva ye-VPN kwi-router yendawo kwinethiwekhi ephantsi kolawulo lwam, emva koko kwi-VDS eqeshiweyo. Kodwa, ngokuqhelekileyo kwenzeka kwaye ngokomthetho wokuqala kaChisholm, ukuba imvula, inethiwekhi yomnikezeli we-Intanethi iya kuhla, ngoko iingxabano phakathi kwamashishini oshishino ziya kubangela ukuba umnikezeli wenkonzo alahlekelwe "amandla" ...
Ngoko ke, ndagqiba ekubeni ndiqale ndiqulunqe iimfuno ezisisiseko ekufuneka isixhobo esiyimfuneko sihlangabezane nazo. Eyokuqala kukunabisa amagunya. Okwesibini, ngenxa yokuba ndinezinto ezininzi zobomi be-USB, nganye inenethiwekhi ezimeleyo. Ewe, okwesithathu, uqhagamshelo olukhawulezayo kuthungelwano lwezixhobo ezahlukeneyo kunye nolawulo olulula lwazo, kubandakanywa ukuba ilaptop yam iphinde ibe lixhoba lomthetho okhankanywe ngasentla.
Ngokusekwe koku kwaye ndichithe iinyanga ezimbini ezinesiqingatha kuphando olusebenzayo lweendlela ezininzi ezingafanelekanga, mna, ngengozi yam kunye nomngcipheko, ndaye ndagqiba kwelokuba ndizame esinye isixhobo ukusuka kwisiqalo esingaziwayo kum ngelo xesha esasibizwa ngokuba yiZeroTier. Into endingazange ndizisole ngayo kamva.
Ngethuba leeholide zoNyaka omtsha, ndizama ukuqonda ukuba imeko enomxholo utshintshile ukususela kweso sihlandlo esingenakulibaleka, ndenze uphicotho olukhethiweyo lokufumaneka kwamanqaku kulo mbandela, usebenzisa iHabr njengomthombo. Kumbuzo othi "ZeroTier" kwiziphumo zokukhangela kukho amanqaku amathathu kuphela akhankanyiweyo, kwaye akukho nalinye elinenkcazo emfutshane. Kwaye oku nangona phakathi kwabo kukho inguqulelo yenqaku elibhalwe ngumseki weZeroTier, Inc. ngokwakhe. - .
Iziphumo zazidanisa kwaye zandikhuthaza ukuba ndiqale ukuthetha ngeZeroTier ngokweenkcukacha ngakumbi, ndisindisa “abafunayo” banamhlanje ekubeni bahambe ngendlela efanayo nale ndiyithathileyo.
Ngoko uyintoni?
Umphuhlisi ubeka iZeroTier njengokutshintsha okukrelekrele kwe-Ethernet kwiplanethi yoMhlaba.
“Yinethiwekhi esasazwayo ye-hypervisor eyakhelwe phezulu kuthungelwano lwe-cryptographically olukhuselekileyo lwe-global peer-to-peer (P2P). Isixhobo esifana nokutshintsha kwe-SDN yenkampani, eyilelwe ukuququzelela uthungelwano olubonakalayo ngaphezulu kwenyama, yasekhaya neyehlabathi, ekwaziyo ukuqhagamshela phantse nasiphi na isixhobo okanye isixhobo. ”
Oku kuninzi kwenkcazo yokuthengisa, ngoku malunga neempawu zobuchwepheshe.
▍Kernel:
I-ZeroTier Network Hypervisor yi-stand-alone network virtualization injini exelisa inethiwekhi ye-Ethernet, efana ne-VXLAN, phezu kwenethiwekhi ye-encrypted peer-to-peer (P2P) yehlabathi jikelele.
Iiprothokholi ezisetyenziswe kwi-ZeroTier zezemveli, nangona zifana ngenkangeleko ye-VXLAN kunye ne-IPSec kwaye iqulathe iileya ezimbini ezihlukeneyo, kodwa ezisondeleleneyo: i-VL1 kunye ne-VL2.
→
▍I-VL1 ngumaleko wezothutho we-peer-to-peer (P2P), uhlobo lwe-“virtual cable”.
"Iziko ledatha yehlabathi lifuna 'ikhabhathi yehlabathi' yokufaka iikhebhula."
Kuthungelwano oluqhelekileyo, i-L1 (i-OSI Layer 1) ibhekisa kwiintambo zokwenyani okanye iirediyo ezingenazingcingo ezithwala idatha kunye neetshiphusi zesixhobo se-transceiver ezibonakalayo eziyimodareyitha kwaye ziyithobe. I-VL1 yinethiwekhi yontanga-kwi-peer (P2P) eyenza into efanayo, isebenzisa i-encryption, ukuqinisekiswa, kunye namanye amaqhinga othungelwano ukucwangcisa iintambo ezibonakalayo njengoko zifuneka.
Ngaphezu koko, ikwenza oku ngokuzenzekelayo, ngokukhawuleza kwaye ngaphandle kokubandakanyeka komsebenzisi ukusungula i-node entsha ye-ZeroTier.
Ukufezekisa oku, i-VL1 icwangciswe ngokufanayo kwisistim yegama lesizinda. Embindini wothungelwano liqela labancedisi beengcambu abafumaneka kakhulu, abanendima efana naleyo yeeseva zegama lengcambu ye-DNS. Okwangoku, iiseva eziphambili (zeplanethi) ziphantsi kolawulo lomphuhlisi - iZeroTier, Inc. kwaye zibonelelwa njengenkonzo yasimahla.
Nangona kunjalo, kuyenzeka ukwenza iiseva zeengcambu zesiko (iiluns) ezikuvumela ukuba:
- ukunciphisa ukuxhomekeka kwiziseko ezingundoqo zeZeroTier, Inc.;
- ukwandisa imveliso ngokunciphisa ulibaziseko;
- qhubeka nokusebenza njengesiqhelo ukuba uqhagamshelo lwe-Intanethi lulahlekile.
Ekuqaleni, ii-nodes ziqaliswa ngaphandle koqhagamshelwano oluthe ngqo omnye komnye.
Intanga nganye kwi-VL1 ine-40-bit (i-10 hexadecimal) idilesi ye-ZeroTier ekhethekileyo, leyo, ngokungafaniyo needilesi ze-IP, isazisi esifihliweyo esingenalwazi lwendlela. Le dilesi ibalwa ukusuka kwindawo kawonke-wonke/yabucala. Idilesi yendawo, isitshixo sikawonke-wonke, kunye nesitshixo sabucala kunye zenza isazisi salo.
Member ID: df56c5621c
|
ZeroTier address of nodeNgokuphathelele uguqulelo oluntsonkothileyo, esi sisizathu senqaku elahlukileyo.
→
Ukuseka unxibelelwano, oontanga baqala ukuthumela iipakethi "phezulu" umthi weeseva zeengcambu, kwaye njengoko ezi zipakethi zihamba ngenethiwekhi, ziqalisa ukudala okungahleliwe kwamajelo ahamba phambili endleleni. Umthi uhlala uzama "ukuziwisa ngokwawo" ukuze uzilungiselele imephu yendlela oyigcinayo.
Indlela yokuseka umdibaniso wontanga-kwi-peer ngolu hlobo lulandelayo:
- I-Node A ifuna ukuthumela ipakethe kwi-Node B, kodwa ekubeni ingayazi indlela ethe ngqo, iyithumela phezulu kwi-Node R (inyanga, i-root server yomsebenzisi).
- Ukuba i-node R inodibaniso oluthe ngqo kunye ne-node B, idlulisela ipakethe apho. Ngaphandle koko, ithumela ipakethi phezulu phambi kokufikelela kwiingcambu zeplanethi.Iingcambu zeplanethi ziyazi malunga nazo zonke iindawo, ngoko ke ipakethi iya kufikelela kwi-node B ukuba i-intanethi.
- I-Node R iphinda ithumele umyalezo obizwa ngokuba yi "rendezvous" kwi-node A, equlethe iingcebiso malunga nendlela yokufikelela kwi-node B. Okwangoku, umncedisi wengcambu, ohambisa ipakethe kwi-node B, uthumela "i-rendezvous" eyazisa malunga nendlela enokuyenza ngayo. ukufikelela kwindawo A.
- Ii-Nodes A kunye no-B zifumana imiyalezo yazo kwaye zizame ukuthumela imiyalezo yovavanyo enye kwenye ngeenzame zokwaphula nayiphi na i-NAT okanye i-firewall efunyenwe endleleni. Ukuba oku kusebenza, ngoko uxhulumaniso oluthe ngqo lusekwe, kwaye iipakethi azisayi kubuyela emva naphambili.
Ukuba uxhulumaniso oluthe ngqo alunakusekwa, unxibelelwano luya kuqhubeka nge-relay, kwaye iinzame zokudibanisa ngokuthe ngqo ziya kuqhubeka de kubekho umphumo ophumelelayo.
I-VL1 ikwanazo nezinye iimpawu zokuseka uqhagamshelo oluthe ngqo, kubandakanywa ukufunyanwa koontanga be-LAN, uqikelelo lwezibuko lokuhamba kwi-symmetric IPv4 NAT, kunye nemephu ecacileyo yezibuko kusetyenziswa i-UPnP kunye/okanye i-NAT-PMP ukuba iyafumaneka kwi-LAN yendawo ebonakalayo.
→
▍VL2 yi-VXLAN efana ne-Ethernet yenethiwekhi ye-virtualization protocol enemisebenzi yolawulo lwe-SDN. Imeko yonxibelelwano eqhelekileyo ye-OS kunye nezicelo...
Ngokungafani ne-VL1, ukudala iinethiwekhi ze-VL2 (i-VLAN) kunye nokudibanisa i-nodes kubo, kunye nokulawula, kufuna ukuthatha inxaxheba ngokuthe ngqo kumsebenzisi. Unokukwenza oku ngokusebenzisa umlawuli wenethiwekhi. Ngokwenene, i-node ye-ZeroTier eqhelekileyo, apho imisebenzi yomlawuli ilawulwa ngeendlela ezimbini: ngokuthe ngqo, ngokuguqula iifayile, okanye, njengoko umphuhlisi encoma kakhulu, usebenzisa i-API epapashwe.
Le ndlela yokulawula uthungelwano lwe-ZeroTier lwenyani ayilunganga kakhulu kumntu oqhelekileyo, ngoko ke kukho ii-GUI ezininzi:
- Enye evela kumphuhlisi we-ZeroTier, ekhoyo njengesisombululo selifu sikawonke-wonke se-SaaS kunye nezicwangciso ezine zokubhalisa, kubandakanywa simahla, kodwa kunqunyelwe kwinani lezixhobo ezilawulwayo kunye nenqanaba lenkxaso.
- Eyesibini isuka kumphuhlisi ozimeleyo, owenziwe lula ngandlel’ ithile ekusebenzeni, kodwa ekhoyo njengesisombululo sabucala esivulekileyo sokusetyenziswa kwisiseko okanye kwimithombo yelifu.
I-VL2 iphunyezwa phezu kwe-VL1 kwaye ithuthwa ngayo. Nangona kunjalo, ifumana ilifa lofihlo kunye nokuqinisekiswa kwe-VL1 endpoint, kwaye isebenzisa izitshixo zayo ze-asymmetric ukusayina kunye nokuqinisekisa iziqinisekiso. I-VL1 ikuvumela ukuba uphumeze i-VL2 ngaphandle kokukhathazeka malunga ne-topology yenethiwekhi ekhoyo. Oko kukuthi, iingxaki ngoqhagamshelo kunye nokusebenza kakuhle kwendlela ziingxaki ze-VL1. Kubalulekile ukuqonda ukuba akukho nxibelelwano phakathi kweVL2 uthungelwano lwenyani kunye neendlela zeVL1. Ngokufana nokuphindaphinda kwe-VLAN kwi-LAN eneentambo, iindawo ezimbini zokuhlala ezabelana ngobulungu benethiwekhi ezininzi ziseza kuba ne-VL1 enye kuphela (i-virtual cable) indlela phakathi kwazo.
Inethiwekhi nganye ye-VL2 (VLAN) ichongiwe nge-64-bit (16 hexadecimal) idilesi yenethiwekhi ye-ZeroTier, equlethe idilesi ye-40-bit ye-ZeroTier yomlawuli kunye nenombolo ye-24-bit echonga inethiwekhi eyenziwe ngulo mlawuli.
Network ID: 8056c2e21c123456
| |
| Network number on controller
|
ZeroTier address of controllerXa i-node ijoyina inethiwekhi okanye icela uhlaziyo lwesimo senethiwekhi, ithumela umyalezo wesicelo soqwalaselo lwenethiwekhi (ngeVL1) kumlawuli wenethiwekhi. Umlawuli ke usebenzisa idilesi yeVL1 yenode ukuyifumana kuthungelwano kwaye ayithumele izatifikethi ezifanelekileyo, iziqinisekiso, kunye nolwazi loqwalaselo. Ngokombono weVL2 uthungelwano lwenyani, iidilesi ze-VL1 ZeroTier zinokucingelwa njengeenombolo zezibuko kutshintsho olukhulu lwehlabathi jikelele.
Zonke iziqinisekiso ezikhutshwe ngabalawuli bothungelwano kwiindawo zamalungu othungelwano olunikiweyo zisayinwa ngesitshixo esiyimfihlo somlawuli ukuze bonke abathathi-nxaxheba bothungelwano baziqinisekise. Iinkcazi zinezitampu zexesha ezenziwe ngumlawuli, ezivumela uthelekiso oluzalanayo ngaphandle kokufikelela kwiwotshi yenkqubo yendawo yomamkeli.
Iziqinisekiso zinikezelwa kuphela kubanikazi bazo kwaye emva koko zithunyelwe kubalingane abafuna ukunxibelelana namanye ama-node kwinethiwekhi. Oku kuvumela uthungelwano ukuba lukhule lube kubungakanani obukhulu ngaphandle kwesidingo sokufihla izixa ezikhulu zeenkcukacha kwiinodi okanye uqhagamshelane rhoqo nomlawuli wenethiwekhi.
Amanethiwekhi eZeroTier axhasa ukuhanjiswa kwemulticast ngokusebenzisa inkqubo elula yokupapasha / yokubhalisa.
→
Xa i-node inqwenela ukufumana usasazo lwe-multicast kwiqela elithile lokusabalalisa, lithengisa ubulungu kwelo qela kwamanye amalungu othungelwano olunxibelelana nalo kunye nomlawuli wenethiwekhi. Xa i-node inqwenela ukuthumela i-multicast, kwangaxeshanye ifikelela kwi-cache yopapasho lwamva nje kwaye ngamanye amaxesha icele upapasho olongezelelweyo.
Usasazo (i-Ethernet ff: ff: ff: ff: ff: ff) iphathwa njengeqela le-multicast apho bonke abathathi-nxaxheba babhalisela. Inokukhutshazwa kwinqanaba lenethiwekhi ukunciphisa i-traffic ukuba ayifuni.
I-ZeroTier ilinganisa iswitshi yokwenyani ye-Ethernet. Le nyaniso iyasivumela ukuba siyenze ukudibanisa uthungelwano oludaliweyo lwenyani kunye nezinye iinethiwekhi ze-Ethernet (i-LAN enentambo, i-WiFi, i-backplane ebonakalayo, njl.) kwinqanaba lekhonkco ledatha - usebenzisa ibhulorho ye-Ethernet eqhelekileyo.
Ukwenza njengebhulorho, umlawuli wothungelwano kufuneka achonge umamkeli ngolo hlobo. Esi sikimu siphunyezwa ngenxa yezizathu zokhuseleko, kuba iinginginya zenethiwekhi eziqhelekileyo azivumelekanga ukuthumela i-traffic ukusuka kumthombo ngaphandle kwedilesi yabo ye-MAC. IiNodes ezichongiweyo njengeebhulorho zikwasebenzisa imowudi ekhethekileyo ye-algorithm ye-multicast, enxibelelana nabo ngokungqongqo kwaye ijolise ngexesha lokubhaliselwa kweqela kunye nokuphindaphindwa kwazo zonke izithuthi zokusasaza kunye nezicelo ze-ARP.
Ukutshintsha kwakhona kunamandla okudala amanethiwekhi oluntu kunye ne-ad-hoc, indlela ye-QoS kunye nomhleli wemithetho yenethiwekhi.
▍Indawo:
ZeroTier One yinkonzo eqhutywa kwiilaptops, iidesktops, iiseva, oomatshini ababonakalayo kunye nezikhongozeli ezibonelela ngoqhagamshelo kuthungelwano olunenyani ngezibuko lothungelwano lwenyani, olufana nomxhasi weVPN.
Nje ukuba inkonzo ifakelwe kwaye iqalisiwe, ungaqhagamshela kwiinethiwekhi zenyani usebenzisa iidilesi zabo ezinedijithi ezili-16. Uthungelwano ngalunye lubonakala njengezibuko lothungelwano lwenyani kwinkqubo, eziphatha njengechweba eliqhelekileyo le-Ethernet.
I-ZeroTier One ngoku iyafumaneka kwi-OS elandelayo kunye neenkqubo.
Iinkqubo zokuSebenza:
- Microsoft Windows -MSI isifakeli x86/x64
- MacOS -I-PKG isifakeli
- Apple iOS - Ivenkile yosetyenziso
- Android — Play Store
- Linux -DEB/RPM
- FreeBSD -Iphakheji ye-FreeBSD
QAPHELA:
- I-Synology NAS
- I-QNAP NAS
- WD MyCloud NAS
Abanye:
- Docker -ifayile yedocker
- I-OpenWRT - izibuko loluntu
- Ufakelo lwe-app - SDK (libzt)
Ukushwankathela konke oku kungasentla, ndiza kuqaphela ukuba i-ZeroTier sisixhobo esibalaseleyo kwaye esikhawulezayo sokudibanisa izixhobo zakho zomzimba, ezibonakalayo okanye zelifu kwinethiwekhi eqhelekileyo yendawo, kunye nokukwazi ukwahlula kwiiVLAN kunye nokungabikho kwenqaku elinye lokusilela. .
Yiyo leyo yecandelo lethiyori kwifomathi yenqaku lokuqala malunga neZeroTier yeHabr - yiyo yonke loo nto! Kwinqaku elilandelayo, ndiceba ukubonisa ekusebenzeni ukwakhiwa kwesiseko senethiwekhi esekelwe kwiZeroTier, apho i-VDS ene-template ye-GUI evulekileyo yangasese iya kusetyenziswa njengomlawuli wenethiwekhi.
Bafundi abathandekayo! Ngaba usebenzisa itekhnoloji yeZeroTier kwiiprojekthi zakho? Ukuba akunjalo, zeziphi izixhobo ozisebenzisayo ukunxibelelanisa izixhobo zakho?
umthombo: www.habr.com