“Ungakha isixazululo (ukuxazulula inkinga) ngezindlela ezimbalwa, kodwa indlela ebiza kakhulu kanye/noma edumile ayisebenzi ngaso sonke isikhathi!”
Isingeniso
Cishe eminyakeni emithathu edlule, ekuthuthukiseni imodeli ekude yokubuyisela idatha yenhlekelele, ngihlangabezane nesithiyo esisodwa esingazange siqaphele ngokushesha - ukuntuleka kolwazi mayelana nezixazululo ezintsha zangempela ze-virtualization yenethiwekhi emithonjeni yomphakathi.
I-algorithm yemodeli ethuthukisiwe yayihlelwe kanje:
- Umsebenzisi werimothi ongithintile, ikhompuyutha yakhe yake yenqaba ukuqalisa, ebonisa umlayezo othi “idiski yesistimu ayitholwanga/ayifomethiwe,” uyilayisha esebenzisa i-USB yempilo.
- Ngesikhathi senqubo yokuqalisa, uhlelo luxhuma ngokuzenzakalelayo kunethiwekhi yendawo yangasese evikelekile, okungaphezu kwayo ngokwayo iqukethe indawo yokusebenza yomlawuli, kulokhu i-laptop, kanye ne-node ye-NAS.
- Bese ngixhuma - noma ukuvuselela ukuhlukaniswa kwediski, noma ukukhipha idatha lapho.
Ekuqaleni, ngasebenzisa le modeli ngisebenzisa iseva ye-VPN kumzila wendawo kunethiwekhi engaphansi kolawulo lwami, ngase ngisebenzisa i-VDS eqashiwe. Kodwa, njengoba kwenzeka kaningi futhi ngokomthetho wokuqala kaChisholm, uma lina, inethiwekhi yomhlinzeki we-intanethi izokwehla, khona-ke izingxabano phakathi kwezinhlangano zebhizinisi zizobangela ukuba umhlinzeki wesevisi alahlekelwe "amandla" ...
Ngakho-ke, nginqume ukwenza kuqala izidingo eziyisisekelo okufanele ithuluzi elidingekayo lihlangabezane nazo. Esokuqala esokunwetshwa kwamazwe. Okwesibili, njengoba nginama-USB amaningana anjalo, ngayinye inenethiwekhi ehlukile ehlukile. Okwesithathu, ukuxhumana okusheshayo kunethiwekhi yamadivayisi ahlukahlukene kanye nokuphathwa kwawo okulula, kufaka phakathi uma kwenzeka i-laptop yami iba isisulu somthetho oshiwo ngenhla.
Ngokusekelwe kulokhu futhi ngichithe izinyanga ezimbili nengxenye ocwaningweni olusebenzayo lwezinketho ezimbalwa ezingafaneleki kakhulu, mina, ngokuzifaka engozini kanye nobungozi bami, nganquma ukuzama elinye ithuluzi kusukela ekuqaliseni engangingakwazi ngaleso sikhathi okwakubizwa ngokuthi i-ZeroTier. Engangizange ngizisole kamuva.
Phakathi nalawa maholide kaNcibijane, ngizama ukuqonda ukuthi isimo esinokuqukethwe sishintshile yini kusukela ngaleso sikhathi esikhumbulekayo, ngenze ukuhlola okukhethiwe kokutholakala kwama-athikili ngalesi sihloko, ngisebenzisa u-Habr njengomthombo. Embuzweni othi “ZeroTier” emiphumeleni yosesho kukhona ama-athikili amathathu kuphela akhuluma ngawo, futhi akukho nesisodwa esinencazelo okungenani emfushane. Futhi lokhu naphezu kokuthi phakathi kwabo kukhona ukuhunyushwa kwesihloko esibhalwe umsunguli weZeroTier, Inc. ngokwakhe. - .
Imiphumela yayidumaza futhi yangishukumisela ukuba ngiqale ukukhuluma nge-ZeroTier ngokuningiliziwe, ngonga “abafunayo” besimanje ekubeni bahambe ngendlela efanayo engangiyithathile.
Uyini-ke?
Umthuthukisi ubeka i-ZeroTier njengeswishi ye-Ethernet ehlakaniphile yeplanethi enguMhlaba.
“Kuyi-hypervisor yenethiwekhi esabalalisiwe eyakhelwe phezu kwenethiwekhi yomhlaba wonke evikelekile yontanga kuya kontanga (P2P). Ithuluzi elifana neswishi ye-SDN yebhizinisi, eklanyelwe ukuhlela amanethiwekhi abonakalayo phezu kwawangempela, endawo nasemhlabeni jikelele, anekhono lokuxhuma cishe noma yiluphi uhlelo lokusebenza noma idivayisi.”
Lena incazelo yokumaketha, manje mayelana nezici zobuchwepheshe.
▍ I-Kernel:
I-ZeroTier Network Hypervisor iyinjini ye-virtualization yenethiwekhi ezimele yodwa elingisa inethiwekhi ye-Ethernet, efana ne-VXLAN, phezu kwenethiwekhi yomhlaba wonke ebethelwe kontanga-kuya-peer (P2P).
Imithethonqubo esetshenziswa ku-ZeroTier ingeyokuqala, nakuba ifana ngokubukeka ne-VXLAN ne-IPSec futhi iqukethe izendlalelo ezimbili ezihlukene ngokomqondo, kodwa ezihlobene eduze: i-VL1 ne-VL2.
→
▍I-VL1 isendlalelo sezokuthutha esiyisisekelo se-peer-to-peer (P2P), uhlobo "lwekhebula elibonakalayo".
"Isikhungo sedatha yomhlaba wonke sidinga 'ikhabethe lomhlaba wonke' lokusebenzisa ikhebula."
Kumanethiwekhi avamile, i-L1 (I-OSI Layer 1) ibhekisela kuzintambo zangempela noma imisakazo engenantambo ethwala idatha kanye nama-chips edivayisi ye-transceiver ayishintshayo futhi ayidilize. I-VL1 iyinethiwekhi yontanga kuya kontanga (P2P) eyenza into efanayo, isebenzisa ukubethela, ukufakazela ubuqiniso, namanye amaqhinga enethiwekhi ukuze ihlele izintambo ezibonakalayo njengoba kudingeka.
Ngaphezu kwalokho, ikwenza lokhu ngokuzenzakalelayo, ngokushesha futhi ngaphandle kokubandakanyeka komsebenzisi wethula i-node entsha ye-ZeroTier.
Ukufeza lokhu, i-VL1 ihlelwe ngendlela efanayo nohlelo lwegama lesizinda. Enhliziyweni yenethiwekhi kuneqembu lamaseva ezimpande atholakala kakhulu, indima yawo efana naleyo yamaseva egama lezimpande ze-DNS. Okwamanje, amaseva empande ayinhloko (amaplanethi) angaphansi kolawulo lonjiniyela - i-ZeroTier, Inc. futhi ahlinzekwa njengesevisi yamahhala.
Nokho, kuyenzeka ukuthi udale amaseva empande yangokwezifiso (amaluns) akuvumela ukuthi:
- ukunciphisa ukuncika kwingqalasizinda ye-ZeroTier, Inc.;
- ukwandisa umkhiqizo ngokunciphisa ukubambezeleka;
- qhubeka nokusebenza njengokujwayelekile uma uxhumano lwe-inthanethi lulahlekile.
Ekuqaleni, ama-node ethulwa ngaphandle kokuxhumana okuqondile komunye nomunye.
Intanga ngayinye ku-VL1 inekheli le-ZeroTier elingu-40-bit (10 hexadecimal) eliyingqayizivele, okuthi, ngokungafani namakheli e-IP, yisihlonzi esibethelwe esingenalo ulwazi lomzila. Leli kheli libalwa kusukela engxenyeni yomphakathi yamabhangqa okhiye basesidlangalaleni/abayimfihlo. Ikheli le-node, ukhiye wasesidlangalaleni, nokhiye oyimfihlo ndawonye kwenza ubunikazi bayo.
Member ID: df56c5621c
|
ZeroTier address of nodeNgokuqondene nokubethela, lesi yisizathu sendatshana ehlukile.
→
Ukuze kusungulwe ukuxhumana, ontanga baqala bathumele amaphakethe “phezulu” esihlahleni samaseva ezimpande, futhi njengoba la maphakethe ehamba ngenethiwekhi, aqala ukudalwa okungahleliwe kweziteshi eziya phambili endleleni. Isihlahla sihlala sizama “ukubhidlika ngokwaso” ukuze sizithuthukisele imephu yomzila esiyigcinayo.
Indlela yokusungula ukuxhumana kontanga-kontanga imi kanje:
- I-Node A ifuna ukuthumela iphakethe ku-Node B, kodwa njengoba ingayazi indlela eqondile, ilithumela phezulu ku-Node R (inyanga, iseva yempande yomsebenzisi).
- Uma inodi R inokuxhumana okuqondile ne-node B, idlulisela iphakethe lapho. Uma kungenjalo, ithumela iphakethe phezulu nomfula ngaphambi kokufinyelela izimpande zeplanethi. Izimpande zeplanethi ziyazi ngawo wonke ama-node, ngakho iphakethe lizogcina lifinyelele ku-node B uma liku-inthanethi.
- I-Node R iphinde ithumele umlayezo obizwa ngokuthi "i-rendezvous" ku-node A, equkethe amacebo okuthi ingafinyelela kanjani endaweni engu-B. Okwamanje, iseva eyimpande, edlulisela iphakethe ku-node B, ithumela "i-rendezvous" eyazisa ngokuthi ingakwazi kanjani. ukufinyelela ku-node A.
- Ama-Node A no-B athola imilayezo yawo yokuhlangana futhi azame ukuthumelana imilayezo yokuhlola ngomzamo wokwephula noma iyiphi i-NAT noma izindonga zomlilo eziqinile okuhlangatshezwane nazo endleleni. Uma lokhu kusebenza, khona-ke uxhumano oluqondile luyasungulwa, futhi amaphakethe awasayi emuva naphambili.
Uma uxhumano oluqondile lungakwazi ukusungulwa, ukuxhumana kuzoqhubeka nge-relay, futhi imizamo yokuxhumana eqondile izoqhubeka kuze kube yilapho kufinyelelwa umphumela oyimpumelelo.
I-VL1 iphinde ibe nezinye izici zokusungula ukuxhumana okuqondile, okuhlanganisa ukutholwa kontanga kwe-LAN, ukubikezela kwembobo kokuvunguza kwe-IPv4 NAT ehambisanayo, kanye nemephu yembobo ecacile kusetshenziswa i-PnP kanye/noma i-NAT-PMP uma itholakala ku-LAN yendawo ebonakalayo.
→
▍I-VL2 iyiphrothokholi yenethiwekhi efana ne-VXLAN efana ne-Ethernet enemisebenzi yokuphatha ye-SDN. Indawo yokuxhumana ejwayelekile ye-OS nezinhlelo zokusebenza...
Ngokungafani ne-VL1, ukudala amanethiwekhi e-VL2 (ama-VLAN) nokuxhuma ama-node kuwo, kanye nokuwaphatha, kudinga ukubamba iqhaza okuqondile kumsebenzisi. Angakwenza lokhu esebenzisa isilawuli senethiwekhi. Empeleni, i-node evamile ye-ZeroTier, lapho imisebenzi yesilawuli ilawulwa ngezindlela ezimbili: noma ngokuqondile, ngokushintsha amafayela, noma, njengoba umthuthukisi encoma kakhulu, usebenzisa i-API eshicilelwe.
Le ndlela yokuphatha amanethiwekhi abonakalayo we-ZeroTier ayilungele kakhulu umuntu ojwayelekile, ngakho-ke kukhona ama-GUI amaningana:
- Eyodwa evela kunjiniyela i-ZeroTier, etholakala njengesixazululo sefu somphakathi se-SaaS esinezinhlelo ezine zokubhaliselwe, okuhlanganisa mahhala, kodwa kukhawulelwe enanini lamadivayisi aphethwe kanye nezinga lokusekelwa.
- Okwesibili kuvela kunjiniyela ozimele, owenziwe lula ngandlela thile ekusebenzeni, kodwa kutholakala njengesixazululo esiyimfihlo somthombo ovulekile ozosetshenziswa endaweni noma ezisetshenziswa zamafu.
I-VL2 yenziwa phezu kwe-VL1 futhi ithuthwa yiyo. Nokho, izuza njengefa ukubethela kanye nokuqinisekiswa kwephoyinti lokugcina le-VL1, futhi isebenzisa okhiye bayo be-asymmetric ukuze isayine futhi iqinisekise izifakazelo. I-VL1 ikuvumela ukuthi usebenzise i-VL2 ngaphandle kokukhathazeka nge-topology ekhona yenethiwekhi ebonakalayo. Okusho ukuthi, izinkinga zokuxhumeka nokusebenza kahle komzila yizinkinga ze-VL1. Kubalulekile ukuqonda ukuthi akukho ukuxhumana phakathi kwamanethiwekhi abonakalayo e-VL2 nezindlela ze-VL1. Ngokufanayo nokuphindaphinda kwe-VLAN ku-LAN enezintambo, amanodi amabili abelana ngobulungu benethiwekhi obuningi asazoba nomzila owodwa we-VL1 (ikhebula elibonakalayo) phakathi kwawo.
Inethiwekhi ngayinye ye-VL2 (VLAN) ikhonjwa ngekheli lenethiwekhi le-64-bit (16 hexadecimal) le-ZeroTier, eliqukethe ikheli le-40-bit ZeroTier lesilawuli kanye nenombolo engu-24-bit ehlonza inethiwekhi edalwe yileso silawuli.
Network ID: 8056c2e21c123456
| |
| Network number on controller
|
ZeroTier address of controllerUma inodi ijoyina inethiwekhi noma icela isibuyekezo sokumisa inethiwekhi, ithumela umlayezo wesicelo sokucushwa kwenethiwekhi (nge-VL1) kusilawuli senethiwekhi. Isilawuli bese sisebenzisa ikheli le-VL1 lenodi ukuze silithole kunethiwekhi futhi silithumele izitifiketi ezifanele, izifakazelo, nolwazi lokumisa. Ngokombono wamanethiwekhi abonakalayo e-VL2, amakheli e-VL1 ZeroTier angacatshangwa njengezinombolo zamachweba kuswishi enkulu yomhlaba wonke.
Zonke izifakazelo ezikhishwe abalawuli benethiwekhi kumanodi amalungu enethiwekhi enikeziwe zisayinwa ngokhiye oyimfihlo wesilawuli ukuze bonke abahlanganyeli benethiwekhi bakwazi ukuziqinisekisa. Ukuqinisekisa kunezitembu zesikhathi ezikhiqizwe yisilawuli, okuvumela ukuqhathanisa okuhlobene ngaphandle kokufinyelela iwashi lesistimu yendawo yomsingathi.
Imininingwane ikhishwa kuphela kubanikazi bazo bese ithunyelwa kontanga abafuna ukuxhumana namanye ama-node kunethiwekhi. Lokhu kuvumela inethiwekhi ukuthi ifinyelele osayizi abakhulu ngaphandle kwesidingo sokubeka inani elikhulu lemininingwane kumanodi noma uxhumane njalo nesilawuli senethiwekhi.
Amanethiwekhi we-ZeroTier asekela ukusatshalaliswa kokusakaza okuningi ngohlelo olulula lokushicilela/lokubhalisa.
→
Uma i-node ifisa ukuthola ukusakaza okuningi kweqembu elithile lokusabalalisa, ikhangisa ubulungu kulelo qembu kwamanye amalungu enethiwekhi exhumana nawo kanye nomlawuli wenethiwekhi. Uma i-node ifisa ukuthumela i-multicast, ngesikhathi esifanayo ifinyelela inqolobane yayo yokushicilelwe kwakamuva futhi ngezikhathi ezithile icele ukushicilelwa okwengeziwe.
Ukusakaza (i-Ethernet ff: ff: ff: ff: ff: ff) kuthathwa njengeqembu lokusakaza okuningi lapho bonke abahlanganyeli babhalisela khona. Ingakhutshazwa ezingeni lenethiwekhi ukuze kuncishiswe ithrafikhi uma ingadingeki.
I-ZeroTier ilingisa ukushintshwa kwangempela kwe-Ethernet. Leli qiniso lisivumela ukuba sikwenze ukuhlanganisa amanethiwekhi abonakalayo adalwe namanye amanethiwekhi e-Ethernet (i-LAN enezintambo, i-WiFi, indiza yangemuva ebonakalayo, njll.) ezingeni lokuxhumanisa idatha - usebenzisa ibhuloho le-Ethernet elivamile.
Ukuze usebenze njengebhuloho, isilawuli senethiwekhi kufanele siqoke umsingathi kanjalo. Lolu hlelo lusetshenziswa ngenxa yezizathu zokuphepha, njengoba abasingathi benethiwekhi abavamile abavunyelwe ukuthumela ithrafikhi kusuka komunye umthombo ngaphandle kwekheli labo le-MAC. Ama-Node aqokwe njengamabhuloho aphinde asebenzise imodi ekhethekile ye-algorithm yokusakaza okuningi, esebenzisana nawo ngobudlova futhi eqondiswe phakathi nokubhaliselwe kweqembu nokuphindaphinda kwayo yonke ithrafikhi yokusakaza nezicelo ze-ARP.
I-switch nayo inamandla okudala amanethiwekhi omphakathi kanye ne-ad-hoc, indlela ye-QoS kanye nomhleli wemithetho yenethiwekhi.
▍Inodi:
I-ZeroTier One iyisevisi esebenza kumakhompyutha aphathekayo, amadeskithophu, amaseva, imishini ebonakalayo neziqukathi ezihlinzeka ngoxhumo kunethiwekhi ebonakalayo ngokusebenzisa imbobo yenethiwekhi ebonakalayo, efana neklayenti le-VPN.
Uma isevisi isifakiwe futhi isiqalile, ungaxhuma kumanethiwekhi abonakalayo usebenzisa amakheli awo anezinhlamvu eziyi-16. Inethiwekhi ngayinye ibonakala njengembobo yenethiwekhi ebonakalayo ohlelweni, esebenza njengembobo ye-Ethernet evamile.
I-ZeroTier One okwamanje iyatholakala kuma-OS namasistimu alandelayo.
I-OS:
- Microsoft Windows - Isifaki se-MSI x86/x64
- I-MacOS - Isifaki se-PKG
- Apple iOS - App Store
- Android - I-Play Store
- Linux - DEB/RPM
- I-FreeBSD - Iphakethe le-FreeBSD
I-NAS:
- I-Synology NAS
- QNAP NAS
- I-WD MyCloud NAS
Abanye:
- Docker - ifayela le-docker
- I-OpenWRT - ichweba lomphakathi
- Ukushumeka uhlelo lokusebenza - I-SDK (libzt)
Ukufingqa konke lokhu okungenhla, ngizoqaphela ukuthi i-ZeroTier iyithuluzi elihle kakhulu futhi elisheshayo lokuhlanganisa izinsiza zakho ezibonakalayo, ezibonakalayo noma zefu zibe inethiwekhi yendawo evamile, enekhono lokuyihlukanisa ibe ama-VLAN kanye nokungabikho kwephuzu elilodwa lokwehluleka. .
Yilokho okwengxenye yethiyori ngefomethi ye-athikili yokuqala mayelana ne-ZeroTier ye-Habr - cishe yilokho kuphela! Esihlokweni esilandelayo, ngihlela ukukhombisa ngokwenza ukwakhiwa kwengqalasizinda yenethiwekhi ebonakalayo esekelwe ku-ZeroTier, lapho i-VDS enethempulethi ye-GUI yomthombo ovulekile yangasese izosetshenziswa njengesilawuli senethiwekhi.
Bafundi abathandekayo! Ingabe usebenzisa ubuchwepheshe be-ZeroTier kumaphrojekthi akho? Uma kungenjalo, yimaphi amathuluzi owasebenzisayo ukuxhumanisa izinsiza zakho?
Source: www.habr.com