Namhlanje ndiza kukuxelela malunga nendlela umbono wokudala inethiwekhi entsha yangaphakathi yenkampani yethu yeza kwaye yaphunyezwa. Isikhundla solawulo kukuba kufuneka uzenzele iprojekthi epheleleyo njengeyomthengi. Ukuba sizenzela ngokwethu kakuhle, sinokumema umthengi size simbonise ukuba oko simnika kona kusebenza yaye kusebenza kakuhle kangakanani na. Ngoko ke, sasondela ekuphuhliseni ingcamango yenethiwekhi entsha yeofisi yaseMoscow ngokucokisekileyo, sisebenzisa umjikelezo opheleleyo wemveliso: uhlalutyo lweemfuno zesebe β ukukhethwa kwesisombululo sobugcisa β uyilo β ukuphunyezwa β uvavanyo. Ngoko masiqale.
Ukukhetha iSicombululo soBuchule: iMutant Sanctuary
Inkqubo yokusebenza kwi-automated system eyinkimbinkimbi ngoku ichazwe kakuhle kwi-GOST 34.601-90 "Iinkqubo ezizenzekelayo. Amanqanaba eNdaloβ, ngoko sisebenze ngokungqinelana nayo. Kwaye sele kumanqanaba okubunjwa kweemfuno kunye nophuhliso lweengcamango, sadibana nobunzima bokuqala. Imibutho yeeprofayili ezahlukeneyo - iibhanki, iinkampani ze-inshurensi, abaphuhlisi beprogram, njl njl - kwimisebenzi yabo kunye nemigangatho, bafuna iindidi ezithile zothungelwano, ezicacileyo kunye nezisemgangathweni. Nangona kunjalo, oku akuyi kusebenza nathi.
Kutheni?
IJet Infosystems yinkampani enkulu eyohlukeneyo yeIT. Kwangaxeshanye, isebe lethu lenkxaso yangaphakathi lincinci (kodwa liyaziqhenya), liqinisekisa ukusebenza kweenkonzo ezisisiseko kunye neenkqubo. Inkampani iqulethe izahlulo ezininzi ezenza imisebenzi eyahlukeneyo: la maqela anamandla amaninzi akhuphayo, kunye nabaphuhlisi beenkqubo zoshishino, kunye nokhuseleko lolwazi, kunye nabakhi beenkqubo zekhompyutha - ngokubanzi, nokuba ngubani na. Ngokufanelekileyo, imisebenzi yabo, iinkqubo kunye nemigaqo-nkqubo yokhuseleko nayo yahlukile. Oko, njengoko kulindelekile, kudale ubunzima kwinkqubo yohlalutyo lweemfuno kunye nokulinganisa.
Apha, umzekelo, isebe lophuhliso: abasebenzi balo babhala kunye nekhowudi yokuvavanya inani elikhulu labathengi. Rhoqo kukho imfuneko yokucwangcisa ngokukhawuleza iimeko ezingqongileyo zovavanyo, kwaye ukuthetha ngokungafihlisiyo, akusoloko kusenzeka ukuqulunqa iimfuno zeprojekthi nganye, ukucela izixhobo kunye nokwakha indawo yovavanyo eyahlukileyo ngokuhambelana nayo yonke imimiselo yangaphakathi. Oku kuvelisa iimeko ezinomdla: ngolunye usuku umkhonzi wakho othobekileyo wajonga kwigumbi labaphuhlisi kwaye wafumana phantsi kwetafile iqoqo leHadoop elisebenza ngokufanelekileyo lee-desktops ezingama-20, elaliqhagamshelwe ngendlela engaqondakaliyo kwinethiwekhi eqhelekileyo. Andiqondi ukuba kufanelekile ukucacisa ukuba isebe le-IT lenkampani lalingazi malunga nobukho bayo. Le meko, njengezinye ezininzi, yayinoxanduva lokuba ngexesha lokuphuhliswa kweprojekthi, igama elithi "mutant reserve" lazalwa, lichaza imeko yeziseko ze-ofisi ezinomonde.
Okanye nanku omnye umzekelo. Ngamaxesha athile, ibhentshi yovavanyo isekwa ngaphakathi kwisebe. Oku kwakunjalo ngeJira kunye neConfluence, eyayisetyenziswa kwinqanaba elilinganiselweyo yiZiko loPhuhliso lweSoftware kwezinye iiprojekthi. Emva kwexesha elithile, amanye amasebe afunda ngezi zixhobo ziluncedo, azivavanya, kwaye ekupheleni kuka-2018, uJira kunye neConfluence basuka kwimo "yokudlala abadwelisi benkqubo basekhaya" ukuya kwimo "yezixhobo zenkampani." Ngoku umnini kufuneka anikezelwe kwezi nkqubo, ii-SLAs, ukufikelela / imigaqo-nkqubo yokhuseleko lolwazi, imigaqo-nkqubo yokugcina, ukubeka iliso, imithetho yezicelo zendlela yokulungisa iingxaki kufuneka zichazwe - ngokubanzi, zonke iimpawu zenkqubo yolwazi olupheleleyo kufuneka lube khona. .
Ngalinye icandelo lethu likwayi-incubator ekhulisa imveliso yayo. Abanye babo bafa kwinqanaba lophuhliso, abanye sisebenzisa ngelixa sisebenza kwiiprojekthi, ngelixa abanye bethatha iingcambu kwaye babe zizisombululo eziphindaphindiweyo esiqala ukuzisebenzisa thina kwaye sizithengisele abathengi. Kwinkqubo nganye enjalo, kuyinqweneleka ukuba ibe nendawo yayo yenethiwekhi, apho iya kuphuhlisa ngaphandle kokuphazamisa ezinye iinkqubo, kwaye ngexesha elithile linokuhlanganiswa kwiziseko zenkampani.
Ukongeza kuphuhliso, sinayo enkulu kakhulu kunye nabasebenzi abangaphezu kwama-500, benziwe amaqela kumthengi ngamnye. Babandakanyeka ekugcineni uthungelwano kunye nezinye iinkqubo, ukubeka iliso kude, ukusombulula amabango, njalo njalo. Oko kukuthi, isiseko se-SC, enyanisweni, sisisiseko somthengi abasebenza naye ngoku. Ubume bokusebenza neli candelo lothungelwano kukuba iindawo zabo zokusebenza zenkampani yethu zingaphandle, kwaye ngokuyinxenye zingaphakathi. Ngoko ke, kwi-SC siphumeze le ndlela ilandelayo - inkampani ibonelela isebe elihambelanayo kunye nothungelwano kunye nezinye izibonelelo, ngokuqwalasela iindawo zokusebenza zala masebe njengonxibelelwano lwangaphandle (ngokulinganisa kunye namasebe kunye nabasebenzisi abakude).
Uyilo lohola wendlela: singumsebenzisi (ngothusayo)
Emva kokuvavanya yonke imigibe, saqonda ukuba sifumana uthungelwano lwabaqhubi bezonxibelelwano ngaphakathi kweofisi enye, kwaye saqala ukwenza ngokufanelekileyo.
Senze inethiwekhi engundoqo ngoncedo lwalo naluphi na lwangaphakathi, kwaye kwixesha elizayo nangaphandle, umthengi unikezelwa ngenkonzo efunekayo: L2 VPN, L3 VPN okanye i-L3 yomzila rhoqo. Amanye amasebe adinga ukufikelela kwi-Intanethi okukhuselekileyo, ngelixa abanye bafuna ukufikelela okucocekileyo ngaphandle kwee-firewall, kodwa kwangaxeshanye ukukhusela izixhobo zethu zenkampani kunye nenethiwekhi engundoqo kwi-traffic yabo.
βSiye saqukumbela i-SLAβ ngokungekho sikweni kwicandelo ngalinye. Ngokuhambelana nayo, zonke iziganeko ezivelayo kufuneka zipheliswe ngexesha elithile, elivunyelwene kwangaphambili. Iimfuno zenkampani kuthungelwano lwayo ziye zabonakala zingqongqo. Ixesha eliphezulu lokuphendula kwisiganeko kwimeko yokungaphumeleli kwefowuni kunye ne-imeyile kwakuyimizuzu emi-5. Ixesha lokubuyisela ukusebenza kwenethiwekhi ngexesha lokusilela okuqhelekileyo alikho ngaphezu komzuzu.
Ekubeni sinothungelwano lwe-carrier-grade network, unokudibanisa kuphela ngokuhambelana nemithetho. Iiyunithi zenkonzo zibeka imigaqo-nkqubo kwaye zibonelela ngeenkonzo. Abafuni nokuba nolwazi malunga noqhagamshelo lweeseva ezithile, oomatshini benyani kunye neendawo zokusebenza. Kodwa kwangaxeshanye, iindlela zokukhusela ziyafuneka, kuba akukho xhulumaniso olunye kufuneka lukhubaze inethiwekhi. Ukuba i-loop yenziwe ngengozi, abanye abasebenzisi akufanele baqaphele oku, oko kukuthi, impendulo eyaneleyo kwinethiwekhi iyimfuneko. Nawuphi na umqhubi we-telecom uhlala esombulula iingxaki ezifanayo ezibonakala zintsonkothile kuthungelwano olungundoqo. Ibonelela ngenkonzo kubathengi abaninzi abaneemfuno ezahlukeneyo kunye netrafikhi. Ngexesha elifanayo, ababhalisile abahlukeneyo akufanele bafumane ukuphazamiseka kwi-traffic yabanye.
Ekhaya, sisombulule le ngxaki ngale ndlela ilandelayo: sakha i-backbone L3 network kunye ne-redundancy epheleleyo, sisebenzisa i-IS-IS protocol. Uthungelwano olungaphezulu lwakhiwe phezu kondoqo osekwe kubuchwephesha /, usebenzisa iprotocol yomzila . Ukukhawulezisa ukudibanisa kweendlela zokuziphatha, iteknoloji ye-BFD yasetyenziswa.
Ulwakhiwo lwenethiwekhi
Kwiimvavanyo, esi sikimu sazibonakalisa sibalaseleyo - xa nayiphi na ishaneli okanye utshintsho lunqanyuliwe, ixesha lokudibanisa alikho ngaphezu kwe-0.1-0.2 s, ubuncinci beepakethi ezilahlekileyo (ngokuphindaphindiweyo akukho), iiseshoni ze-TCP azikrazulwa, iingxoxo zomnxeba. aziphazanyiswa.
I-Underlay Layer-Umzila
Umaleko oWalekayo-Umzila
Ukutshintsha kweHuawei CE6870 kunye neelayisensi ze-VXLAN zisetyenziswe njengokutshintsha kokuhambisa. Esi sixhobo sinomlinganiselo wexabiso / umgangatho ophezulu, okuvumela ukuba udibanise ababhalisi ngesantya se-10 Gbit / s, kwaye udibanise kwi-backbone ngesantya se-40-100 Gbit / s, kuxhomekeke kwii-transceivers ezisetyenzisiweyo.
IHuawei CE6870 iyatshintsha
Ukutshintsha kweHuawei CE8850 kwasetyenziswa njengotshintsho oluphambili. Injongo kukuhambisa i-traffic ngokukhawuleza nangokuthembekileyo. Akukho zixhobo ziqhagamshelwe kubo ngaphandle kokutshintshwa kokusasazwa, abazi nto malunga neVXLAN, ngoko ke imodeli ene-32 40/100 Gbps port yakhethwa, kunye nelayisensi esisiseko ebonelela nge-L3 yomzila kunye nenkxaso ye-IS-IS kunye ne-MP-BGP. Iiprothokholi .
Eyona nto isezantsi yiHuawei CE8850 core switch
Kwinqanaba loyilo, kwaqhambuka ingxoxo phakathi kweqela malunga nobuchwepheshe obungasetyenziselwa ukuphumeza uxhulumaniso olunokunyamezela kwimpazamo kwiinodi zenethiwekhi ezingundoqo. Iofisi yethu yaseMoscow ibekwe kwizakhiwo ezithathu, sinamagumbi okusasaza angama-7, kuwo omabini amagumbi amabini okuhanjiswa kweHuawei CE6870 afakwe (kuphela kokufikelela kwafakwa kumagumbi amaninzi okuhambisa). Xa kuphuhliswa ingqikelelo yothungelwano, iinketho ezimbini zokungafuneki zaqwalaselwa:
- Ukudityaniswa kokutshintshwa kokusabalalisa kwi-stack-tolerant stack kwigumbi ngalinye lokudibanisa. Iinzuzo: ukulula kunye nokulula ukuseta. Ukungalungi: kukho ithuba eliphezulu lokungaphumeleli kwe-stack yonke xa iimpazamo zenzeka kwi-firmware yezixhobo zenethiwekhi ("ukuvuza kweememori" kunye nokunye okunjalo).
- Faka isicelo se-M-LAG kunye ne-Anycast gateway technologies ukudibanisa izixhobo kwiiswitshi zokusasaza.
Ekugqibeleni, sahlala kwinketho yesibini. Kunzima kakhulu ukuyiqwalasela, kodwa ibonise ekusebenzeni kwayo kunye nokuthembeka okuphezulu.
Makhe siqale siqwalasele ukudibanisa izixhobo zokugqibela kwiiswitshi zokusasaza:
Umnqamlezo
Ukutshintsha ukufikelela, iseva, okanye nasiphi na esinye isixhobo esifuna uqhagamshelwano olunyamezela impazamo sibandakanyiwe kwizitshixo ezimbini zokuhambisa. Itekhnoloji ye-M-LAG ibonelela ngokungasebenziyo kwinqanaba lekhonkco ledatha. Kucingelwa ukuba izitshixo ezimbini zokusasaza zibonakala kwisixhobo esiqhagamshelweyo njengesixhobo esinye. Ukungafuneki kunye nokulinganisa umthwalo kwenziwa kusetyenziswa iprotocol ye-LACP.
Itekhnoloji yesango le-Anycast ibonelela ngokuphindaphinda kwinqanaba lenethiwekhi. Inani elikhulu ngokufanelekileyo leeVRFs ziqwalaselwe kutshintshiso ngalunye losasazo (iVRF nganye yenzelwe iinjongo zayo - ngokwahlukeneyo kubasebenzisi "abaqhelekileyo", ngokwahlukileyo kwifowuni, ngokwahlukeneyo kwiimeko ezahlukeneyo zovavanyo kunye nophuhliso, njl.njl.), nakwindawo nganye. I-VRF ineeVLAN ezininzi eziqwalaselweyo. Kuthungelwano lwethu, utshintsho lokuhambisa ngamasango angagqibekanga kuzo zonke izixhobo eziqhagamshelwe kuzo. Iidilesi ze-IP ezihambelana nojongano lweVLAN ziyafana kuzo zombini iiswitshi zokuhambisa. Itrafikhi ihanjiswa kwiswitshi ekufutshane.
Ngoku makhe sijonge ukudibanisa ukuhanjiswa kokutshintsha kwi-kernel:
Ukunyamezela impazamo kunikezelwa kwinqanaba lenethiwekhi usebenzisa i-IS-IS protocol. Nceda uqaphele ukuba umgca wonxibelelwano we-L3 ohlukeneyo unikezelwa phakathi kokutshintsha, ngesantya se-100G. Ngokwasemzimbeni, lo mgca wonxibelelwano yintambo yoFikelelo ngokuthe ngqo; inokubonwa ngasekunene kwifoto yeHuawei CE6870 switch.
Enye indlela iya kuba kukuququzelela "inyanisekileyo" edibene ngokupheleleyo ne-double star topology, kodwa, njengoko kukhankanyiwe ngasentla, sinamagumbi angama-7 adibanisa kwizakhiwo ezithathu. Ngokufanelekileyo, ukuba sikhethe i-topology "yeenkwenkwezi ezimbini", besiya kufuna ngokuthe ngqo kabini "uluhlu olude" lwe-40G transceivers. Ukongiwa apha kubaluleke kakhulu.
Kufuneka kuthethwe amagama ambalwa malunga nendlela i-VXLAN kunye ne-Anycast gateway technologies esebenza ngayo kunye. I-VXLAN, ngaphandle kokungena kwiinkcukacha, i-tunnel yokuthutha iifreyimu ze-Ethernet ngaphakathi kweepakethi ze-UDP. I-loopback interfaces yokutshintshwa kokusabalalisa isetyenziswe njengedilesi ye-IP ye-tunnel ye-VXLAN. I-crossover nganye inezitshintshi ezimbini ezineedilesi ze-loopback interface efanayo, ngoko ke ipakethi inokufika kuyo nayiphi na kuzo, kwaye isakhelo se-Ethernet sinokukhutshwa kuyo.
Ukuba iswitshi iyazi malunga nedilesi ye-MAC yokufikela yesakhelo esifunyenweyo, isakhelo siya kuhanjiswa ngokuchanekileyo kwindawo yayo. Ukuqinisekisa ukuba zombini iiswitshi zokusasaza ezifakwe kumnqamlezo ofanayo zinolwazi lwangoku malunga nazo zonke iidilesi ze-MAC "ezifikayo" ukusuka kwiiswitshi zokufikelela, indlela ye-M-LAG inoxanduva lokuvumelanisa iitafile zeedilesi ze-MAC (kunye ne-ARP. iitafile) kuzo zombini iiswitshi M-LAG ngababini.
Ulungelelwaniso lwetrafikhi luphunyeziwe ngenxa yobukho bothungelwano olungaphantsi lweendlela ezininzi ukuya kujongano olusemva lwelophu yokutshintsha kosasazo.
Endaweni yesiphelo
Njengoko kukhankanyiwe ngasentla, ngexesha lokuvavanya kunye nokusebenza uthungelwano lubonise ukuthembeka okuphezulu (ixesha lokubuyisela ukusilela okuqhelekileyo alikho ngaphezu kwamakhulu e-milliseconds) kunye nokusebenza kakuhle - i-cross-connect nganye ixhunywe kwi-core ngamashaneli amabini angama-40 Gbit / s. Ukutshintsha kokufikelela kuthungelwano lwethu kufakwe kwaye kuqhagamshelwe kwiiswitshi zokusasaza nge-LACP/M-LAG ezineziteshi ezimbini ze-10 Gbit/s. I-stack idla ngokuqulatha iiswitshi ezi-5 ezinamazibuko angama-48 ngalinye, kwaye ukuya kuthi ga kwi-10 i-stacks yokufikelela idityaniswe nokusasazwa kwi-cross-connect nganye. Ngaloo ndlela, umqolo unikezela malunga ne-30 Mbit / s ngomsebenzisi ngamnye nakumthwalo omkhulu wethiyori, apho ngexesha lokubhala lanele kuzo zonke izicelo zethu eziphathekayo.
Inethiwekhi ikuvumela ukuba ulungelelanise ngokugqibeleleyo ukudityaniswa kwazo naziphi na izixhobo eziqhagamshelwe ngokungekho mthethweni nge-L2 kunye ne-L3, ngokubonelela ngokuzimeleyo okupheleleyo kwe-traffic (ethandwa yinkonzo yokhuseleko lolwazi) kunye neendawo eziphosakeleyo (ezithandwa liqela lemisebenzi).
Kwicandelo elilandelayo siza kukuxelela ukuba sifudukele njani kwinethiwekhi entsha. Hla umamele!
UMaxim Klochkov
Umcebisi ophezulu wophicotho lothungelwano kunye neqela leeprojekthi ezinzima
IZiko leZisombululo zeNethiwekhi
"Jet Infosystems"
umthombo: www.habr.com