I-SDSM isiphelile, kodwa isifiso esingalawuleki sokubhala sihlala.

Kwaphela iminyaka eminingi umfowethu ehlushwa ukwenza umsebenzi ovamile, ephambanisa iminwe ngaphambi kokuba alale futhi entula ubuthongo ngenxa yokuhlehla ebusuku.
Kodwa izikhathi zobumnyama sezizophela.

Ngalesi sihloko ngizoqala uchungechunge lokuthi kanjani kimi i-automation iyabonakala.
Endleleni, sizoqonda izigaba zokuzenzakalela, ukugcina okuguquguqukayo, ukuklama okusemthethweni, i-RestAPI, i-NETCONF, i-YANG, i-YDK futhi sizokwenza izinhlelo eziningi.
Kimi kusho ukuthi a) akulona iqiniso elihlosiwe, b) akuyona indlela engcono kakhulu ngaphandle kwemibandela, c) umbono wami, ngisho nangesikhathi sokunyakaza kusuka esihlokweni sokuqala kuya esihlokweni sokugcina, ungashintsha - ukwethembeka, kusukela esigabeni sokusalungiswa kuya ukushicilelwa, ngibhale kabusha yonke into kabili ngokuphelele.

Okuqukethwe

1. Izinhloso
   1. Inethiwekhi ifana nento eyodwa
   2. Ukuhlolwa kokucushwa
   3. Inguqulo
   4. Ukuqapha kanye nokuziphilisa kwezinsizakalo

2. Kusho
   1. Isistimu yokusungula
   2. Uhlelo lokuphatha isikhala se-IP
   3. Isistimu yencazelo yesevisi yenethiwekhi
   4. Indlela yokuqalisa idivayisi
   5. Imodeli yokucushwa komthengisi
   6. Isixhumi esibonakalayo somshayeli esiqondene nomthengisi
   7. Indlela yokuletha ukucushwa kudivayisi
   8. CI/CD
   9. Indlela yokwenza ikhophi yasenqolobaneni bese usesha okuchezukile
   10. Uhlelo lokuqapha

3. isiphetho

Ngizozama ukwenza i-ADSM ngefomethi ehluke kancane kune-SDSM. Izihloko ezinkulu, ezinemininingwane, ezinezinombolo zizoqhubeka nokuvela, futhi phakathi kwazo ngizoshicilela amanothi amancane avela ekuhlangenwe nakho kwansuku zonke. Ngizozama ukulwa nokufuna ukuphelela lapha futhi ngingakhothi zonke.

Yeka indlela okuhlekisa ngayo ukuthi okwesibili kufanele udlule endleleni efanayo.

Ekuqaleni kwadingeka ngibhale izihloko mayelana namanethiwekhi ngokwami ​​ngenxa yokuthi ayengekho ku-RuNet.

Manje angikwazanga ukuthola idokhumenti ebanzi engahlela izindlela zokuzenzakalela futhi ihlaziye ubuchwepheshe obungenhla isebenzisa izibonelo ezisebenzayo ezilula.

Kungenzeka ukuthi angilungile, ngakho-ke ngicela unikeze izixhumanisi ezinsizeni eziwusizo. Kodwa-ke, lokhu ngeke kushintshe ukuzimisela kwami ​​ukubhala, ngoba umgomo oyinhloko ukufunda okuthile ngokwami, futhi ukwenza ukuphila kwabanye kube lula kuyibhonasi ejabulisayo ethinta isakhi sofuzo sokwabelana ngolwazi.

Sizozama ukuthatha isikhungo sedatha ye-LAN DC enosayizi omaphakathi futhi silungise lonke uhlelo oluzenzakalelayo.
Ngizobe ngenza izinto ezithile cishe okokuqala ngqa nawe.

Ngeke ngibe ngowokuqala emibonweni nakumathuluzi achazwe lapha. UDmitry Figol ungumbungazi ovelele isiteshi esinokusakaza ngalesi sihloko.
Izindatshana zizodlulana nazo ezicini eziningi.

I-LAN DC inama-DC angu-4, amaswishi angaba ngu-250, amarutha ayingxenye yeshumi nambili kanye nama-firewall ambalwa.
Hhayi i-Facebook, kodwa kwanele ukukwenza ucabange ujule mayelana ne-automation.
Nokho, kunombono wokuthi uma unedivayisi engaphezu kwe-1, i-automation isivele iyadingeka.
Eqinisweni, kunzima ukucabanga ukuthi noma ubani manje angaphila ngaphandle kokungenani iphakethe lemibhalo yamadolo.
Nakuba ngizwile ukuthi kunamahhovisi lapho amakheli e-IP agcinwa khona ku-Excel, futhi idivayisi ngayinye yezinkulungwane zenethiwekhi ihlelwa ngesandla futhi inokumiswa kwayo okuhlukile. Lokhu, yiqiniso, kungadluliswa njengobuciko besimanje, kodwa imizwa kanjiniyela izocasulwa nakanjani.

Izinhloso

Manje sizobeka imigomo engabonakali kakhulu:

• Inethiwekhi ifana nento eyodwa
• Ukuhlolwa kokucushwa
• Inguqulo yesimo senethiwekhi
• Ukuqapha kanye nokuziphilisa kwezinsizakalo

Kamuva kulesi sihloko sizobheka ukuthi yiziphi izindlela esizozisebenzisa, futhi kokulandelayo, sizobheka imigomo nezindlela ngokuningiliziwe.

Inethiwekhi ifana nento eyodwa

Ibinzana elichazayo lochungechunge, nakuba ekuqaleni lingase lingabonakali libaluleke kangako: sizolungisa inethiwekhi, hhayi idivayisi ngayinye.
Eminyakeni yakamuva, sibone ushintsho ekugcizeleleni ekuphatheni inethiwekhi njengebhizinisi elilodwa, yingakho I-Software Defined Networking, Amanethiwekhi Aqhutshwa Ngenhloso и I-Autonomous Networks.
Ngemuva kwakho konke, yini izinhlelo zokusebenza ezidinga umhlaba jikelele kunethiwekhi: ukuxhumana phakathi kwamaphoyinti A no-B (kahle, ngezinye izikhathi +B-Z) nokuhlukaniswa kwezinye izinhlelo zokusebenza nabasebenzisi.

Ngakho-ke umsebenzi wethu kulolu chungechunge uwukuthi ukwakha uhlelo, igcina ukucushwa kwamanje inethiwekhi yonke, esesivele ibolile yaba ukulungiselelwa kwangempela kudivayisi ngayinye ngokuvumelana nendima yayo nendawo.
Uhlelo ukuphathwa kwenethiwekhi kusho ukuthi ukwenza izinguquko siyayithinta, futhi yona, ibala isimo esifiswayo sedivayisi ngayinye futhi iyilungiselele.
Ngale ndlela, sinciphisa ukufinyelela okwenziwa ngesandla ku-CLI kuze kucishe kube iqanda - noma yiziphi izinguquko kuzilungiselelo zedivayisi noma ukwakheka kwenethiwekhi kufanele kwenziwe kube semthethweni futhi kubhalwe phansi - bese kudluliselwa ezintweni ezidingekayo zenethiwekhi.

Okusho ukuthi, ngokwesibonelo, uma sinquma ukuthi kusukela manje kuqhubeke ama-rack switch e-Kazan kufanele amemezele amanethiwekhi amabili esikhundleni seyodwa, thina

1. Okokuqala sibhala izinguquko kumasistimu
2. Ikhiqiza ukulungiselelwa okuqondisiwe kwawo wonke amadivayisi enethiwekhi
3. Sethula uhlelo lokubuyekeza ukucushwa kwenethiwekhi, olubala ukuthi yini okudingeka isuswe endaweni ngayinye, ukuthi yengeze ini, futhi ilethe ama-node esimweni esifunayo.

Ngesikhathi esifanayo, senza izinguquko mathupha kuphela esinyathelweni sokuqala.

Ukuhlolwa kokucushwa

Kwaziwaukuthi u-80% wezinkinga zenzeka ngesikhathi sezinguquko zokucushwa - ubufakazi obungaqondile balokhu ukuthi ngesikhathi samaholide oNyaka Omusha konke kuvame ukuzola.
Ngizibonele mathupha inqwaba yezikhathi zokwehla emhlabeni wonke ngenxa yephutha lomuntu: umyalo ongalungile, ukulungiselelwa kwenziwe egatsheni elingalungile, umphakathi ukhohlwe, i-MPLS yadilizwa emhlabeni wonke kumzila, kwalungiselelwa izingcezu ezinhlanu zehadiwe, kodwa iphutha alizange libe khona. kwaphawula okwesithupha, kwenziwa izinguquko ezindala ezenziwa omunye umuntu . Kunenqwaba yezimo.

Ukuzenzakalela kuzosivumela ukuthi senze amaphutha ambalwa, kodwa ngezinga elikhulu. Ngale ndlela awukwazi ukwenza izitini hhayi nje idivayisi eyodwa, kodwa yonke inethiwekhi ngesikhathi esisodwa.

Kusukela kudala, okhokho bethu bahlola ukunemba kwezinguquko ezenziwe ngeso elibukhali, amabhola ensimbi kanye nokusebenza kwenethiwekhi ngemva kokukhishwa.
Labo mkhulu umsebenzi wabo oholele ekulahlekelweni kwesikhathi nokulahlekelwa okuyinhlekelele bashiye inzalo encane futhi kufanele bafe ngokuhamba kwesikhathi, kodwa ukuziphendukela kwemvelo kuyinqubo ehamba kancane, ngakho-ke akuwona wonke umuntu osahlola izinguquko elabhorethri kuqala.
Kodwa-ke, abahamba phambili ngenqubekelaphambili yilabo abenze inqubo yokuhlola ukucushwa kanye nokusetshenziswa kwayo okuqhubekayo kunethiwekhi. Ngamanye amazwi, ngiboleke inqubo ye-CI/CD (Ukuhlanganiswa Okuqhubekayo, Ukusabalalisa Okuqhubekayo) kusukela konjiniyela.
Kwesinye sezingxenye sizobheka ukuthi singakwenza kanjani lokhu kusetshenziswa uhlelo lokulawula inguqulo, mhlawumbe i-Github.

Uma usujwayele umqondo wenethiwekhi ye-CI/CD, ngobusuku obubodwa indlela yokuhlola ukucushwa ngokuyisebenzisa kunethiwekhi yokukhiqiza izobonakala njengokungazi kwasekuqaleni kwenkathi ephakathi. Okufana nokushaya i-warhead ngesando.

Ukuqhubeka okuphilayo kwemibono mayelana uhlelo ukuphathwa kwenethiwekhi kanye ne-CI/CD iba inguqulo ephelele yokucushwa.

Inguqulo

Sizothatha ngokuthi nanoma yiziphi izinguquko, kungakhathaliseki ukuthi zincane kangakanani, ngisho nakudivayisi eyodwa engabonakali, yonke inethiwekhi isuka kwesinye isimo iye kwesinye.
Futhi asihlali njalo sikhipha umyalo kudivayisi, sishintsha isimo senethiwekhi.
Ngakho ake sibize lezi zinguqulo zezifunda?

Ake sithi inguqulo yamanje 1.0.0.
Ingabe ikheli lasesizindeni se-inthanethi le-Loopback interface kwelinye lama-ToR lishintshile? Lena inguqulo encane futhi izoba nenombolo 1.0.1.
Sibuyekeze izinqubomgomo zokungenisa imizila ku-BGP - ngokujulile kancane - kakade 1.1.0
Sinqume ukulahla i-IGP futhi sishintshele ku-BGP kuphela - lokhu sekuvele kuwushintsho olukhulu lomklamo - 2.0.0.

Ngesikhathi esifanayo, ama-DC ahlukene angase abe nezinguqulo ezahlukene - inethiwekhi iyathuthuka, imishini emisha ifakiwe, amazinga amasha we-spines ayengezwa endaweni ethile, hhayi kwabanye, njll.

Mayelana inguqulo ye-semantic sizokhuluma esihlokweni esihlukile.

Ngiyaphinda - noma yiluphi ushintsho (ngaphandle kwemiyalo yokususa iphutha) luyisibuyekezo senguqulo. Abalawuli kufanele baziswe nganoma yikuphi ukuphambuka enguqulweni yamanje.

Okufanayo kuyasebenza ekubuyiseleni emuva izinguquko - lokhu akukhanseli imiyalo yokugcina, lokhu akukhona ukuhlehlisa usebenzisa isistimu yokusebenza yedivayisi - lokhu kuletha yonke inethiwekhi enguqulweni entsha (endala).

Ukuqapha kanye nokuziphilisa kwezinsizakalo

Lo msebenzi wokuzibonakalisa usufinyelele izinga elisha kumanethiwekhi esimanje.
Ngokuvamile, abahlinzeki besevisi abakhulu bathatha indlela yokuthi isevisi ehlulekile idinga ukulungiswa ngokushesha okukhulu futhi kuphakanyiswe entsha, esikhundleni sokucabanga ukuthi kwenzekeni.
"Kakhulu" kusho ukuthi udinga ukumbozwa ngokukhululekile kuzo zonke izinhlangothi ngokuqapha, okuzothi ngemizuzwana embalwa kubonakale ukuchezuka okuncane kokujwayelekile.
Futhi lapha amamethrikhi ajwayelekile, afana nokulayisha isixhumi esibonakalayo noma ukutholakala kwamanodi, awasaneli. Ukuqapha kwabo mathupha yisikhulu esisebenza emsebenzini akwanele nakho.
Ezintweni eziningi kufanele kube khona Ukuziphilisa - amalambu okuqapha aphenduka abomvu futhi sahamba futhi sazigcoba i-plantain lapho ibuhlungu khona.

Futhi lapha asiqapheli kuphela amadivaysi ngamanye, kodwa futhi nempilo yenethiwekhi yonke, kokubili ibhokisi elimhlophe, eliqondakalayo, kanye nebhokisi elimnyama, eliyinkimbinkimbi kakhulu.

Yini esizoyidinga ukuze sifeze lezi zinhlelo zokuvelela?

• Iba nohlu lwawo wonke amadivayisi kunethiwekhi, indawo yawo, izindima, amamodeli, izinguqulo zesofthiwe.
  kazan-leaf-1.lmu.net, Kazan, leaf, Juniper QFX 5120, R18.3.
• Yiba nesistimu yokuchaza amasevisi enethiwekhi.
  I-IGP, BGP, L2/3VPN, Inqubomgomo, ACL, NTP, SSH.
• Ukwazi ukuqalisa idivayisi.
  Igama lomethuleli, Mgmt IP, Mgmt Route, Abasebenzisi, RSA-Keys, LLDP, NETCONF
• Lungiselela idivayisi futhi ulethe ukucushwa kwenguqulo oyifunayo (okuhlanganisa endala).
• Ukucushwa kokuhlola
• Ngezikhathi ezithile hlola isimo sawo wonke amadivayisi ngokuchezuka kulawo amanje futhi ubike ukuthi kufanele kube ubani.
  Ebusuku, othile wengeze ngokuthula umthetho ku-ACL.
• Gada ukusebenza.

Kusho

Kuzwakala kuyinkimbinkimbi ngokwanele ukuqala ukubola iphrojekthi ibe izingxenye.

Futhi kuzoba yishumi kubo:

1. Isistimu yokusungula
2. Uhlelo lokuphatha isikhala se-IP
3. Isistimu yencazelo yesevisi yenethiwekhi
4. Indlela yokuqalisa idivayisi
5. Imodeli yokucushwa komthengisi
6. Isixhumi esibonakalayo somshayeli esiqondene nomthengisi
7. Indlela yokuletha ukucushwa kudivayisi
8. CI/CD
9. Indlela yokwenza ikhophi yasenqolobaneni bese usesha okuchezukile
10. Uhlelo lokuqapha

Lokhu, ngendlela, kuyisibonelo sokuthi umbono wemigomo yomjikelezo ushintshile kanjani - kwakukhona izingxenye ezi-4 kuhlaka.

Emfanekisweni ngibonise zonke izingxenye kanye nedivayisi ngokwayo.
Izingxenye eziphambanayo ziyasebenzisana.
Uma ibhulokhi inkulu, kudinga ukunakwa okwengeziwe kule ngxenye.

Ingxenye 1: Uhlelo Lokusungula

Ngokusobala, sifuna ukwazi ukuthi iyiphi imishini etholakala lapho, yini exhunywe kuyo.
Isistimu yokusungula iyingxenye ebalulekile yanoma iyiphi ibhizinisi.
Imvamisa, inkampani inohlelo lokusungula oluhlukile lwamadivayisi enethiwekhi, oluxazulula izinkinga ezithize kakhulu.
Njengengxenye yalolu chungechunge lwama-athikili, sizoyibiza nge-DCIM - Ukuphathwa Kwengqalasizinda Yesikhungo Sedatha. Nakuba igama elithi DCIM ngokwalo, uma sikhuluma ngokuqinile, lihlanganisa okuningi.

Ngezinjongo zethu, sizogcina ulwazi olulandelayo mayelana nedivayisi kuyo:

• Inombolo yokusungula
• Isihloko/Incazelo
• Imodeli (IHuawei CE12800, Juniper QFX5120, njll.)
• Imingcele yesici (amabhodi, izixhumanisi, njll.)
• Iqhaza (Iqabunga, Umgogodla, Umzila Womngcele, njll.)
• Indawo (isifunda, idolobha, isikhungo sedatha, indawo yokubeka, iyunithi)
• Ukuxhumana phakathi kwamadivaysi
• I-topology yenethiwekhi

Kusobala ngokuphelele ukuthi thina ngokwethu sifuna ukwazi konke lokhu.
Kodwa ingabe lokhu kuzosiza ngezinjongo ezizenzakalelayo?
Ngokungangabazeki.
Isibonelo, siyazi ukuthi esikhungweni sedatha esinikeziwe ekushintsheni kweLeaf, uma kuyi-Huawei, ama-ACL okuhlunga ithrafikhi ethile kufanele asetshenziswe ku-VLAN, futhi uma kuyiJuniper, bese kuyunithi 0 yesixhumi esibonakalayo esibonakalayo.
Noma udinga ukukhipha iseva entsha ye-Syslog kuyo yonke imingcele esifundeni.

Kuyo sizogcina amadivaysi enethiwekhi abonakalayo, isibonelo amarutha abonakalayo noma izibonisi zezimpande. Singangeza amaseva e-DNS, i-NTP, i-Syslog kanye nayo yonke into ngendlela eyodwa noma enye ehlobene nenethiwekhi.

Ingxenye 2: Uhlelo lokuphatha isikhala se-IP

Yebo, futhi namuhla kunamaqembu abantu abagcina umkhondo weziqalo namakheli e-IP kufayela le-Excel. Kodwa indlela yesimanjemanje iseyisizindalwazi, ene-front-end ku-nginx/apache, API kanye nemisebenzi ebanzi yokuqopha amakheli e-IP namanethiwekhi ahlukaniswe ama-VRF.
IPAM - Ukuphathwa Kwekheli Le-IP.

Ngezinjongo zethu, sizogcina ulwazi olulandelayo kuyo:

• IVLAN
• I-VRF
• Amanethiwekhi/Ama-subnet
• Amakheli e-IP
• Ibophezela amakheli kumadivayisi, amanethiwekhi ezindaweni nezinombolo ze-VLAN

Futhi, kuyacaca ukuthi sifuna ukwenza isiqiniseko sokuthi uma sabela ikheli le-IP elisha le-Loopback ye-ToR, ngeke sikhubeke ngokuthi isivele yabelwe othile. Noma ukuthi sisebenzise isiqalo esifanayo kabili emaphethelweni ahlukene enethiwekhi.
Kodwa lokhu kusiza kanjani nge-automation?
Kalula.
Sicela isiqalo ohlelweni esinendima ye-Loopbacks, equkethe amakheli e-IP atholakalayo ukuze anikezwe - uma sitholakala, sinikezela ngekheli, uma kungenjalo, sicela ukwakhiwa kwesiqalo esisha.
Noma lapho sidala ukucushwa kwedivayisi, singathola ohlelweni olufanayo lapho i-VRF kufanele ibekwe khona.
Futhi lapho uqala iseva entsha, iskripthi singena ohlelweni, sithola ukuthi iyiphi iseva ekhona, iyiphi ichweba nokuthi iyiphi i-subnet eyabelwe esibonakalayo - futhi izokwaba ikheli leseva kuyo.

Lokhu kuphakamisa isifiso sokuhlanganisa i-DCIM ne-IPAM ibe yisistimu eyodwa ukuze ingaphindi imisebenzi futhi inganikezeli amabhizinisi amabili afanayo.
Yilokho esizokwenza.

Ingxenye 3. Uhlelo lokuchaza amasevisi enethiwekhi

Uma amasistimu amabili okuqala egcina okuhlukile okusadinga ukusetshenziswa ngandlela thize, eyesithathu ichaza indima ngayinye yedivayisi ukuthi kufanele ilungiswe kanjani.
Kuyafaneleka ukuhlukanisa izinhlobo ezimbili ezihlukene zezinsizakalo zenethiwekhi:

• Ingqalasizinda
• Iklayenti.

Okwakuqala kuklanyelwe ukuhlinzeka ngoxhumano oluyisisekelo nokulawula idivayisi. Lokhu kufaka phakathi i-VTY, i-SNMP, i-NTP, i-Syslog, i-AAA, izivumelwano zomzila, i-CoPP, njll.
Laba bakamuva bahlelela iklayenti insizakalo: MPLS L2/L3VPN, GRE, VXLAN, VLAN, L2TP, njll.
Kunjalo, kukhona futhi amacala emingcele - lapho ukufaka MPLS LDP, BGP? Yebo, futhi amaphrothokholi omzila angasetshenziselwa amaklayenti. Kodwa lokhu akubalulekile.

Zombili izinhlobo zamasevisi zihlukaniswa zaba izinto zokuqala zokucushwa:

• ukuxhumana ngokomzimba nokunengqondo (ithegi/i-anteg, mtu)
• Amakheli e-IP nama-VRF (IP, IPv6, VRF)
• Ama-ACL nezinqubomgomo zokucubungula ithrafikhi
• Amaphrothokholi (IGP, BGP, MPLS)
• Izinqubomgomo zomzila (uhlu lwesiqalo, imiphakathi, izihlungi ze-ASN).
• Izinsiza ezisetshenziswayo (SSH, NTP, LLDP, Syslog...)
• njll.

Sizokwenza kanjani kahle lokhu, anginalwazi okwamanje. Sizoyibheka esihlokweni esehlukile.

Uma sisondela kancane empilweni, singakuchaza lokho
I-Leaf switch kufanele ibe nezikhathi ze-BGP nazo zonke izinguquko ezixhunyiwe ze-Spine, ngenisa amanethiwekhi axhunyiwe kunqubo, futhi yamukele kuphela amanethiwekhi asuka kusiqalo esithile esivela kumaswishi e-Spine. Nciphisa i-CoPP IPv6 ND ibe ngu-10 pps, njll.
Ngokulandelayo, ama-spines abamba amaseshini nawo wonke ama-lead axhunyiwe, asebenza njengezibonisi zezimpande, futhi amukele kuzo kuphela imizila yobude obuthile kanye nomphakathi othile.

Ingxenye 4: Indlela Yokuqalisa Idivayisi

Ngaphansi kwalesi sihloko ngihlanganisa izenzo eziningi okufanele zenzeke ukuze idivayisi ivele ku-radar futhi ifinyelelwe ukude.

1. Faka idivayisi kusistimu yokusungula.
2. Khetha ikheli le-IP lokuphatha.
3. Setha ukufinyelela kuyo okuyisisekelo:
   Igama lomethuleli, ikheli le-IP lokuphatha, indlela eya kunethiwekhi yabaphathi, abasebenzisi, okhiye be-SSH, izivumelwano - telnet/SSH/NETCONF

Kunezindlela ezintathu:

• Konke kwenziwa mathupha ngokuphelele. Idivayisi ilethwa esitobhini, lapho umuntu ojwayelekile wezinto eziphilayo ezoyifaka kumasistimu, axhume kukhonsoli futhi ayilungiselele. Ingasebenza kumanethiwekhi amancane amile.
• I-ZTP - I-Zero Touch Provisioning. I-hardware yafika, yasukuma, yathola ikheli nge-DHCP, yaya kuseva ekhethekile, yazilungiselela yona.
• Ingqalasizinda yamaseva e-console, lapho ukucushwa kokuqala kwenzeka ngembobo ye-console ngemodi ezenzakalelayo.

Sizokhuluma ngazo zontathu esihlokweni esihlukene.

Ingxenye yesi-5: Imodeli yokucushwa komthengisi

Kuze kube manje, wonke amasistimu abe ama-patches ahlukene anikeza okuguquguqukayo kanye nencazelo ememezelayo yalokho esingathanda ukukubona kunethiwekhi. Kodwa ngokushesha noma kamuva, kuzodingeka ubhekane nemininingwane ethile.
Kulesi sigaba, kudivayisi ngayinye ethile, ama-primitives, amasevisi nokuguquguquka kuhlanganiswa kube imodeli yokumisa echaza ukumiswa okuphelele kwedivayisi ethile, kuphela ngendlela engathathi hlangothi yomthengisi.
Senzani lesi sinyathelo? Kungani ungadali ngokushesha ukucushwa kwedivayisi ongakwazi ukumane ukulayishe?
Eqinisweni, lokhu kuxazulula izinkinga ezintathu:

1. Ungazivumelanisi nesixhumi esibonakalayo esithile sokusebenzelana nedivayisi. Kungaba i-CLI, i-NETCONF, i-RESTCONF, i-SNMP - imodeli izofana.
2. Ungagcini inombolo yezifanekiso/izikripthi ngokwenani labathengisi kunethiwekhi, futhi uma ukwakheka kushintsha, shintsha into efanayo ezindaweni ezimbalwa.
3. Layisha ukulungiselelwa kusuka kudivayisi (isipele), kubeke kumodeli efanayo ncamashi futhi uqhathanise ngokuqondile ukulungiselelwa okuqondiwe nalokhu okukhona ukuze ubale i-delta futhi ulungise isiqeshana sokumisa esizoshintsha kuphela lezo zingxenye ezidingekayo noma ukuhlonza ukuchezuka.

Njengomphumela walesi sigaba, sithola ukucushwa okuzimele komthengisi.

Ingxenye 6. Isixhumi esibonakalayo somshayeli esiqondene nomthengisi

Akufanele uzithobe ngethemba lokuthi ngolunye usuku kuzokwazi ukulungisa i-ciska ngendlela efanayo neJuniper, ngokuthumela izingcingo ezifanayo kubo. Ngaphandle kokuduma okukhulayo kwamabhokisi amhlophe kanye nokuvela kosekelo lwe-NETCONF, i-RESTCONF, i-OpenConfig, okuqukethwe okuqondile okulethwa yilezi zivumelwano kuyahluka kusuka kumthengisi kuya kumthengisi, futhi lokhu kungomunye womehluko wabo wokuncintisana abangeke bakuyeke kalula.
Lokhu kucishe kufane ne-OpenContrail ne-OpenStack, ene-RestAPI njengesixhumi esibonakalayo se-NorthBound, ilindele izingcingo ezihluke ngokuphelele.

Ngakho-ke, esinyathelweni sesihlanu, imodeli ezimele yomthengisi kufanele ithathe ifomu lapho izoya khona ku-hardware.
Futhi lapha zonke izindlela zilungile (hhayi): i-CLI, i-NETCONF, i-RESTCONF, i-SNMP kalula.

Ngakho-ke, sizodinga umshayeli ozodlulisela umphumela wesinyathelo sangaphambilini kufomethi edingekayo yomthengisi othize: isethi yemiyalo ye-CLI, isakhiwo se-XML.

Ingxenye 7. Indlela yokuletha ukucushwa ocingweni

Senze ukucushwa, kodwa kusadinga ukulethwa kumadivayisi - futhi, ngokusobala, hhayi ngesandla.
Okokuqala, sibhekene nombuzo wokuthi sizosebenzisa ziphi izinto zokuhamba? Futhi namuhla ukukhetha akusekuncane:

• I-CLI (i-telnet, ssh)
• SNMP
• I-NETCONF
• RESTCONF
• I-REST API
• I-OpenFlow (yize ingaphandle ngoba iyindlela yokuletha i-FIB, hhayi izilungiselelo)

Ake siphawule u-t lapha. I-CLI iyifa. SNMP... ukukhwehlela.
I-RESTCONF kuseyisilwane esingaziwa; i-REST API isekelwa cishe akekho. Ngakho-ke, sizogxila ku-NETCONF ochungechungeni.

Eqinisweni, njengoba umfundi esezwile kakade, ngalesi sikhathi sesivele sinqume nge-interface - umphumela wesinyathelo esedlule usuvele wethulwa ngefomethi ye-interface ekhethiwe.

Okwesibili, futhi yimaphi amathuluzi esizokwenza ngawo lokhu?
Kukhona futhi ukukhetha okukhulu lapha:

• Umbhalo ozibhalele wona noma inkundla. Masizihlomise nge-ncclient ne-asyncIO futhi sizenzele yonke into. Kusibizani ukwakha uhlelo lokusatshalaliswa kusukela ekuqaleni?
• Ibonakala ngomtapo wayo ocebile wamamojula wenethiwekhi.
• Usawoti ngomsebenzi wawo omncane nenethiwekhi nokuxhumana neNapalm.
• Empeleni uNapalm, owazi abathengisi abambalwa futhi yilokho, sala kahle.
• UNornir ungesinye isilwane esizosihlinza esikhathini esizayo.

Lapha intandokazi ayikakhethwa - sizobe sicinga.

Yini enye ebalulekile lapha? Imiphumela yokusebenzisa ukucushwa.
Uphumelele noma cha. Ingabe kusekhona ukufinyelela kuhadiwe noma cha?
Kubonakala sengathi ukuzibophezela kuzosiza lapha ngokuqinisekisa nokuqinisekisa lokho okulandiwe kudivayisi.
Lokhu, kuhlanganiswe nokuqaliswa okulungile kwe-NETCONF, kunciphisa kakhulu ububanzi bamadivayisi afanelekile - ababaningi abakhiqizi abasekela ukuzibophezela okuvamile. Kodwa lokhu kungenye yezinto ezidingekayo kuqala RFP. Ekugcineni, akekho okhathazekile ngokuthi akekho noyedwa umthengisi waseRussia ozohambisana nesimo sokusebenzisana se-32 * 100GE. Noma ukhathazekile?

Ingxenye 8. CI/CD

Kuleli qophelo, sesivele sinokucushwa okulungele wonke amadivayisi enethiwekhi.
Ngibhala "kuyo yonke into" ngoba sikhuluma ngokuguqula isimo senethiwekhi. Futhi noma udinga ukushintsha izilungiselelo zeswishi eyodwa nje, izinguquko zibalelwa inethiwekhi yonke. Ngokusobala, angaba nguziro kumanodi amaningi.

Kodwa, njengoba sekushiwo ngenhla, asilona uhlobo oluthile lwamaqaba olufuna ukugoqa yonke into iqonde ekukhiqizeni.
Ukucushwa okukhiqiziwe kufanele kuqale kudlule kuPipeline CI/CD.

I-CI/CD imele Ukuhlanganiswa Okuqhubekayo, Ukuthunyelwa Okuqhubekayo. Lena indlela lapho ithimba lingakhiphi nje ukukhishwa okukhulu okusha njalo ngemva kwezinyanga eziyisithupha, lishintsha ngokuphelele elidala, kodwa livame ukusebenzisa ngokuqhubekayo (Deployment) ukusebenza okusha ngezingxenye ezincane, ngayinye evivinywa ngokugcwele ukuhambisana, ukuphepha kanye ukusebenza (Ukuhlanganisa).

Ukwenza lokhu, sinesistimu yokulawula inguqulo eqapha izinguquko zokucushwa, ilabhorethri ehlola ukuthi isevisi yeklayenti iphukile, isistimu yokuqapha ehlola leli qiniso, futhi isinyathelo sokugcina sikhipha izinguquko kunethiwekhi yokukhiqiza.

Ngaphandle kwemiyalo yokususa iphutha, zonke izinguquko kunethiwekhi kufanele zidlule ku-CI/CD Pipeline - lesi isiqinisekiso sethu sempilo enokuthula nomsebenzi omude, ojabulisayo.

Ingxenye 9. Ikhophi yasenqolobaneni kanye nesistimu yokuthola okudidayo

Hhayi-ke, asikho isidingo sokukhuluma ngama-backups futhi.
Sizomane sizifake ku-git ngokusho komqhele noma ngenxa yoshintsho lokucushwa.

Kodwa ingxenye yesibili iyathakazelisa kakhulu - othile kufanele abheke lezi zipele. Futhi kwezinye izimo, lo muntu kufanele ahambe futhi aguqule yonke into njengoba kwakunjalo, futhi kwabanye, meow kumuntu ukuthi kukhona okungalungile.
Isibonelo, uma kuvele umsebenzisi omusha ongabhalisiwe eziguquguqukayo, udinga ukumsusa ekugegeleni. Futhi uma kungcono ukuthi ungathinti umthetho omusha we-firewall, mhlawumbe othile uvele wavula ukulungisa iphutha, noma mhlawumbe isevisi entsha, i-bungler, ayizange ibhaliswe ngokuvumelana nemithethonqubo, kodwa abantu sebevele bayijoyine.

Ngeke namanje sibalekele i-delta ethile esikalini sayo yonke inethiwekhi, ngaphandle kwanoma yiziphi izinhlelo ezizenzakalelayo kanye nesandla esiqinile sokuphatha. Ukuze ulungise izinkinga, akekho ozongeza ukumisa kumasistimu noma kunjalo. Ngaphezu kwalokho, angeke aze afakwe kumodeli yokucushwa.

Isibonelo, umthetho we-firewall wokubala inani lamaphakethe nge-IP ngayinye ukuze wenze inkinga ibe ngokwendawo uwukucushwa kwesikhashana okuvamile.

Ingxenye 10. Uhlelo lokuqapha

Ekuqaleni bengingadingi ukudingida isihloko sokuqapha - kuseyisihloko esikhulu, esinempikiswano futhi esiyinkimbinkimbi. Kodwa njengoba izinto ziqhubeka, kwavela ukuthi lokhu kwakuyingxenye ebalulekile ye-automation. Futhi akunakwenzeka ukukweqa, ngisho ngaphandle kokuzijwayeza.

I-Evolving Thought iyingxenye ephilayo yenqubo ye-CI/CD. Ngemva kokukhipha ukucushwa kunethiwekhi, sidinga ukwazi ukunquma ukuthi ingabe konke kuhamba kahle ngakho manje.
Futhi asikhulumi nje kuphela futhi hhayi kakhulu mayelana namashejuli wokusebenzisa isikhombimsebenzisi noma ukutholakala kwe-node, kodwa mayelana nezinto ezicashile - ukuba khona kwemizila edingekayo, izimfanelo kuzo, inani leseshini ye-BGP, omakhelwane be-OSPF, Ukusebenza kokuphela kokuphela yezinkonzo ezeqile.
Ingabe ama-syslog kuseva yangaphandle ayeke ukuhlanganisa, noma ingabe i-ejenti ye-SFlow iphukile, noma ingabe ukwehla kolayini kwaqala ukukhula, noma ingabe ukuxhumana phakathi kokupheya kweziqalo ezithile kwephukile?

Sizocabanga ngalokhu esihlokweni esehlukile.

isiphetho

Njengesisekelo, ngikhethe enye yemiklamo yenethiwekhi yesikhungo sedatha yesimanje - i-L3 Clos Fabric ene-BGP njengephrothokholi yomzila.
Lesi sikhathi sizokwakha inethiwekhi kuJuniper, ngoba manje i-interface ye-JunOs iyi-vanlove.

Masenze impilo yethu ibe nzima kakhulu ngokusebenzisa amathuluzi we-Open Source kuphela kanye nenethiwekhi yabathengisi abaningi - ngakho-ke ngaphezu kweJuniper, ngizokhetha omunye umuntu onenhlanhla endleleni.

Uhlelo lokushicilelwa okuzayo lufana nalokhu:
Okokuqala ngizokhuluma ngamanethiwekhi abonakalayo. Okokuqala, ngoba ngifuna, futhi okwesibili, ngoba ngaphandle kwalokhu, ukuklama kwenethiwekhi yengqalasizinda ngeke kucace kakhulu.
Bese mayelana nomklamo wenethiwekhi ngokwawo: i-topology, umzila, izinqubomgomo.
Ake sihlanganise isitendi saselabhorethri.
Ake sicabange ngakho futhi mhlawumbe sizijwayeze ukuqalisa idivayisi kunethiwekhi.
Bese mayelana nengxenye ngayinye ngemininingwane ejulile.

Futhi yebo, angithembisi ukuqeda kahle lo mjikelezo ngesixazululo esenziwe ngomumo. 🙂

Izixhumanisi eziwusizo

• Ngaphambi kokungena kulolu chungechunge, kufanelekile ukufunda incwadi kaNatasha Samoilenko I-Python Yonjiniyela Benethiwekhi. Futhi mhlawumbe kudlule inkambo.
• Kuyoba usizo nokufunda RFC mayelana nokuklanywa kwamafekthri esikhungo sedatha evela ku-Facebook nguPeter Lapukhov.
• Imibhalo yezakhiwo izokunikeza umbono wokuthi i-Overlay SDN isebenza kanjani. Indwangu ye-Tungsten (owayekade eyi-Open Contrail).

Ngiyabonga

I-Roman Gorge. Okwamazwana nokuhlela.
Artyom Chernobay. Okwe-KDPV.

Source: www.habr.com