Namuhla ngizokutshela mayelana nokuthi umqondo wokudala inethiwekhi entsha yangaphakathi yenkampani yethu wavela kanjani futhi wasetshenziswa. Isikhundla sabaphathi siwukuthi udinga ukuzenzela iphrojekthi egcwele ngokugcwele njengokwenzele iklayenti. Uma sizenzela kahle, singamema ikhasimende futhi sibonise ukuthi lokho esimnika kona kusebenza futhi kusebenza kahle kangakanani. Ngakho-ke, sasondela ekuthuthukisweni komqondo wenethiwekhi entsha yehhovisi laseMoscow kahle kakhulu, sisebenzisa umjikelezo ogcwele wokukhiqiza: ukuhlaziywa kwezidingo zomnyango β ukukhethwa kwesixazululo sezobuchwepheshe β ukuklama β ukuqaliswa β ukuhlolwa. Ngakho ake siqale.
Ukukhetha Isixazululo Sobuchwepheshe: I-Mutant Sanctuary
Inqubo yokusebenza ohlelweni oluzenzakalelayo oluyinkimbinkimbi okwamanje ichazwe kangcono ku-GOST 34.601-90 "Izinhlelo ezizenzakalelayo. Izigaba Zendaloβ, ngakho-ke sasebenza ngokuvumelana nakho. Futhi kakade ezigabeni zokwakhiwa kwezidingo kanye nokuthuthukiswa komqondo, sihlangabezane nobunzima bokuqala. Izinhlangano zamaphrofayili ahlukahlukene - amabhange, izinkampani zomshwalense, abathuthukisi bezinhlelo zesoftware, njll. - ngemisebenzi yabo kanye namazinga, badinga izinhlobo ezithile zamanethiwekhi, okucacisiwe okucacile futhi okujwayelekile. Nokho, lokhu ngeke kusebenze nathi.
Kungani?
I-Jet Infosystems yinkampani enkulu ye-IT ehlukahlukene. Ngesikhathi esifanayo, umnyango wethu wokwesekwa wangaphakathi mncane (kodwa uyaziqhenya), uqinisekisa ukusebenza kwezidingongqangi nezinhlelo. Le nkampani iqukethe izigaba eziningi ezenza imisebenzi ehlukene: lawa amaqembu amaningana anamandla okukhipha, kanye nabathuthukisi bangaphakathi bezinhlelo zebhizinisi, nokuphepha kolwazi, nabakhi bezinhlelo zekhompiyutha - ngokuvamile, noma ngabe ngubani. Ngakho-ke, imisebenzi yabo, amasistimu nezinqubomgomo zokuphepha nazo zihlukile. Okuyinto, njengoba bekulindelekile, idale ubunzima ohlelweni lokuhlaziya izidingo kanye nokumiswa.
Lapha, isibonelo, umnyango wezokuthuthukiswa: abasebenzi bawo babhala futhi bahlole ikhodi yenombolo enkulu yamakhasimende. Ngokuvamile kuba nesidingo sokuhlela ngokushesha izindawo zokuhlola, futhi uma singagwegwesi, akwenzeki ngaso sonke isikhathi ukwenza izimfuneko zephrojekthi ngayinye, ucele izinsiza nokwakha indawo ehlukile yokuhlola ngokuvumelana nayo yonke imithetho yangaphakathi. Lokhu kubangela izimo ezifuna ukwazi: ngolunye usuku inceku yakho ethobekile yabheka ekamelweni labathuthukisi futhi yathola ngaphansi kwetafula iqoqo le-Hadoop elisebenza kahle lamadeskithophu angama-20, elalixhunywe ngendlela engaqondakali kunethiwekhi evamile. Angicabangi ukuthi kufanelekile ukucacisa ukuthi umnyango we-IT wenkampani ubungazi ngobukhona bayo. Lesi simo, njengezinye eziningi, sabangela ukuthi ngesikhathi sokuthuthukiswa kwephrojekthi, igama elithi "mutant reserve" lazalwa, elichaza isimo sengqalasizinda yamahhovisi ehlala isikhathi eside.
Noma nasi esinye isibonelo. Ngezikhathi ezithile, ibhentshi lokuhlola liyakhiwa ngaphakathi komnyango. Kwaba njalo nge-Jira ne-Confluence, esetshenziswe ngezinga elilinganiselwe yi-Software Development Center kwamanye amaphrojekthi. Ngemva kwesikhathi esithile, eminye iminyango yafunda ngalezi zinsiza eziwusizo, yazihlola, futhi ekupheleni kuka-2018, u-Jira kanye ne-Confluence basuka esimweni βsethoyizi labahleli bezinhlelo basendaweniβ baya esimweni βsezinsiza zenkampani.β Manje umnikazi kufanele anikezwe lezi zinhlelo, ama-SLA, izinqubomgomo zokuphepha zokufinyelela/zolwazi, izinqubomgomo eziyisipele, ukuqapha, imithetho yokucela umzila ukulungisa izinkinga kufanele kuchazwe - ngokuvamile, zonke izici zesistimu yolwazi olugcwele kufanele zibe khona. .
Ngayinye yezigaba zethu nayo iyi-incubator ezikhulisa imikhiqizo yayo. Abanye babo bafa esigabeni sokuthuthuka, abanye sisebenzisa ngenkathi sisebenza kumaphrojekthi, kanti abanye bamila futhi babe yizixazululo esiqala ukuzisebenzisa thina futhi sizithengisele amakhasimende. Ngohlelo olunjalo ngalunye, kuyinto efiselekayo ukuba nemvelo yayo yenethiwekhi, lapho izothuthuka khona ngaphandle kokuphazamisa ezinye izinhlelo, futhi ngesikhathi esithile ingahlanganiswa nengqalasizinda yenkampani.
Ngaphezu kwentuthuko, sinawo omkhulu kakhulu enabasebenzi abangaphezu kuka-500, bakha amaqembu ekhasimende ngalinye. Babandakanyeka ekugcineni amanethiwekhi nezinye izinhlelo, ukuqapha okukude, ukuxazulula izimangalo, nokunye. Okusho ukuthi, ingqalasizinda ye-SC, empeleni, ingqalasizinda yekhasimende abasebenza nalo njengamanje. Isici sokusebenza nalesi sigaba senethiwekhi ukuthi izindawo zabo zokusebenza zenkampani yethu ngokwengxenye zingaphandle, futhi ngokwengxenye zingaphakathi. Ngakho-ke, ku-SC sisebenzise le ndlela elandelayo - inkampani inikeza umnyango ohambisanayo ngenethiwekhi nezinye izinsiza, icabangela izindawo zokusebenza zale minyango njengokuxhumana kwangaphandle (ngokufanisa namagatsha nabasebenzisi abakude).
Idizayini yomgwaqo onguthelawayeka: singabasebenzisi (okumangazayo)
Ngemva kokuhlola zonke izingibe, saqaphela ukuthi sasithola inethiwekhi yomsebenzisi wezokuxhumana ehhovisi elilodwa, futhi saqala ukwenza ngokufanele.
Sakha inethiwekhi eyinhloko ngosizo lwanoma iyiphi yangaphakathi, futhi esikhathini esizayo futhi yangaphandle, umthengi unikezwa isevisi edingekayo: L2 VPN, L3 VPN noma umzila we-L3 ovamile. Eminye iminyango idinga ukufinyelela ku-inthanethi okuphephile, kuyilapho eminye idinga ukufinyelela okuhlanzekile ngaphandle kwama-firewall, kodwa ngesikhathi esifanayo ivikela izinsiza zethu zebhizinisi kanye nenethiwekhi ewumongo kuthrafikhi yabo.
"Siphethe i-SLA" ngokungakahleleki esigabeni ngasinye. Ngokuvumelana nayo, zonke izigameko ezivelayo kufanele ziqedwe phakathi nesikhathi esithile, okwakuvunyelwene ngaso ngaphambili. Izidingo zenkampani kunethiwekhi yayo zibonakale ziqinile. Isikhathi esiphezulu sokuphendula esigamekweni uma ucingo ne-imeyili luhluleka kwakuyimizuzu emi-5. Isikhathi sokubuyisela ukusebenza kwenethiwekhi phakathi nokwehluleka okujwayelekile asidluli iminithi.
Njengoba sinenethiwekhi yenkampani yenethiwekhi, ungaxhuma kuyo kuphela ngokuhambisana nemithetho eqinile. Amayunithi esevisi abeka izinqubomgomo futhi ahlinzeke ngamasevisi. Abadingi ngisho nolwazi mayelana nokuxhumeka kwamaseva athile, imishini ebonakalayo nezindawo zokusebenza. Kodwa ngesikhathi esifanayo, izindlela zokuvikela ziyadingeka, ngoba akukho uxhumano olulodwa okufanele lukhubaze inethiwekhi. Uma i-loop idalwe ngengozi, abanye abasebenzisi akufanele baqaphele lokhu, okungukuthi, impendulo eyanele evela kunethiwekhi iyadingeka. Noma yimuphi u-opharetha we-telecom uhlala exazulula izinkinga ezifanayo ezibonakala ziyinkimbinkimbi ngaphakathi kwenethiwekhi yakhe eyinhloko. Inikeza isevisi kumakhasimende amaningi anezidingo ezahlukene kanye nethrafikhi. Ngesikhathi esifanayo, ababhalisile abahlukene akufanele bahlangabezane nokuphazamiseka okuvela kuthrafikhi yabanye.
Ekhaya, sixazulule le nkinga ngale ndlela elandelayo: sakha inethiwekhi ye-L3 yomgogodla nge-redundancy egcwele, sisebenzisa iphrothokholi ye-IS-IS. Inethiwekhi eyimbondela yakhiwe phezu komnyombo ngokusekelwe kubuchwepheshe /, usebenzisa iphrothokholi yomzila . Ukuze kusheshiswe ukuhlangana kwezivumelwano zomzila, kusetshenziswe ubuchwepheshe be-BFD.
Isakhiwo senethiwekhi
Ezivivinyweni, lolu hlelo lubonise ukuthi luhle kakhulu - lapho noma yisiphi isiteshi noma inkinobho inqanyuliwe, isikhathi sokuhlangana asibi ngaphezu kuka-0.1-0.2 s, amaphakethe amancane alahlekile (ngokuvamile awekho), izikhathi ze-TCP azidabuki, izingxoxo zocingo. aziphazanyiswa.
Isendlalelo esingaphansi - Umzila
Isendlalelo Sembondela - Umzila
Amaswishi e-Huawei CE6870 anamalayisense e-VXLAN asetshenziswe njengokushintsha kokusabalalisa. Le divayisi inenani eliphelele lesilinganiso/ikhwalithi, ekuvumela ukuthi uxhume ababhalisile ngesivinini esingu-10 Gbit/s, futhi uxhume umgogodla ngesivinini esingu-40β100 Gbit/s, kuye ngama-transceiver asetshenzisiwe.
IHuawei CE6870 iyashintsha
Ukushintsha kweHuawei CE8850 kusetshenziswe njengokushintshwa okuyisisekelo. Umgomo uwukudlulisa ithrafikhi ngokushesha nangokuthembekile. Awekho amadivayisi axhunywe kuwo ngaphandle kwamaswishi okusabalalisa, abazi lutho nge-VXLAN, ngakho-ke imodeli enamachweba angu-32 40/100 Gbps yakhethwa, nelayisensi eyisisekelo ehlinzeka ngomzila we-L3 nosekelo lwe-IS-IS ne-MP-BGP. amaphrothokholi .
Okuphansi yiHuawei CE8850 core switch
Esigabeni sokuklama, kwaqubuka ingxoxo phakathi kwethimba mayelana nobuchwepheshe obungase busetshenziswe ukuze kusetshenziswe uxhumano olubekezelela iphutha kumanodi enethiwekhi ayinhloko. Ihhovisi lethu laseMoscow litholakala ezakhiweni ezintathu, sinamagumbi okusabalalisa angu-7, ngalinye lapho kwafakwa khona amaswishi amabili okusabalalisa e-Huawei CE6870 (amaswishi okufinyelela kuphela afakwe emakamelweni amaningana okusabalalisa). Lapho kwakhiwa umqondo wenethiwekhi, kucatshangelwe izinketho ezimbili zokuphinda zingasebenzi:
- Ukuhlanganiswa kwamaswishi okusabalalisa kube isitaki esibekezelela amaphutha egumbini ngalinye lokuxhumanisa. Izinzuzo: ukulula nokulula kokusetha. Ukungalungi: kukhona amathuba aphezulu okuhluleka kwe-stack sonke lapho amaphutha eyenzeka ku-firmware yamadivayisi enethiwekhi ("ukuvuza kwememori" nokunye okunjalo).
- Sebenzisa i-M-LAG kanye nobuchwepheshe besango le-Anycast ukuze uxhume amadivayisi kumaswishi okusabalalisa.
Ekugcineni, sazinza ngenketho yesibili. Kunzima kakhulu ukuyilungisa, kodwa ibonise ukusebenza kwayo nokuthembeka okuphezulu.
Ake siqale sicabangele ukuxhuma amadivayisi wokugcina kumaswishi okusabalalisa:
Isiphambano
Iswishi yokufinyelela, iseva, nanoma iyiphi enye idivayisi edinga uxhumano olubekezelela iphutha ifakiwe kumaswishi amabili okusabalalisa. Ubuchwepheshe be-M-LAG buhlinzeka ngokungasebenzi ezingeni lokuxhumanisa idatha. Kucatshangwa ukuthi amaswishi amabili okusabalalisa avela emishinini exhunyiwe njengedivayisi eyodwa. I-redundancy nokulinganisa komthwalo kwenziwa kusetshenziswa iphrothokholi ye-LACP.
Ubuchwepheshe besango le-Anycast buhlinzeka ngokungasebenzi ezingeni lenethiwekhi. Inani elikhulu kakhulu lama-VRF alungiselelwe kumaswishi okusabalalisa ngakunye (i-VRF ngayinye ihloselwe izinjongo zayo - ngokwehlukana kubasebenzisi βabavamileβ, ngokuhlukene ngocingo, ngokuhlukene ezindaweni ezihlukahlukene zokuhlola nezokuthuthuka, njll.), nakuleyo naleyo. I-VRF inama-VLAN amaningana amisiwe. Kunethiwekhi yethu, amaswishi okusabalalisa angamasango azenzakalelayo awo wonke amadivayisi axhunywe kuwo. Amakheli e-IP ahambisana nezixhumi ezibonakalayo ze-VLAN ayafana kuwo womabili amaswishi okusabalalisa. Ithrafikhi ihanjiswa ngeswishi eseduze.
Manje ake sibheke ukuxhuma amaswishi okusabalalisa ku-kernel:
Ukubekezelela amaphutha kunikezwa ezingeni lenethiwekhi kusetshenziswa iphrothokholi ye-IS-IS. Sicela uqaphele ukuthi ulayini wokuxhumana we-L3 ohlukile unikezwa phakathi kwamaswishi, ngesivinini esingu-100G. Ngokomzimba, lo mugqa wokuxhumana uyintambo yokufinyelela okuqondile; ungabonakala ngakwesokudla esithombeni sokushintshwa kweHuawei CE6870.
Okunye kungaba ukuhlela βokuqothoβ okuxhunywe ngokugcwele kwenkanyezi ephindwe kabili, kodwa, njengoba kushiwo ngenhla, sinamagumbi ayi-7 axhumanisayo ezakhiweni ezintathu. Ngakho-ke, ukube besikhethe i-topology "yenkanyezi ekabili", besiyodinga ngokuphindwe kabili kunama-40G ama-transceivers "ebanga elide". Ukonga lapha kubaluleke kakhulu.
Amagama ambalwa adinga ukushiwo mayelana nokuthi ubuchwepheshe be-VXLAN ne-Anycast gateway busebenza kanjani ndawonye. I-VXLAN, ngaphandle kokungena emininingwaneni, iwumhubhe wokuthutha amafreyimu e-Ethernet ngaphakathi kwamaphakethe e-UDP. I-loopback interfaces yokushintshwa kokusabalalisa isetshenziswa njengekheli le-IP lendawo yomhubhe we-VXLAN. I-crossover ngayinye inokushintsha okubili okunamakheli e-loopback interface efanayo, ngakho iphakethe lingafika kunoma iyiphi yazo, futhi uhlaka lwe-Ethernet lungakhishwa kulo.
Uma iswishi yazi mayelana nekheli le-MAC lendawo yohlaka olubuyisiwe, uhlaka luzolethwa ngendlela efanele endaweni yalo. Ukuqinisekisa ukuthi womabili amaswishi okusabalalisa afakwe ekuxhumekeni okufanayo anolwazi lwakamuva mayelana nawo wonke amakheli e-MAC βafikaβ kusuka kumaswishi okufinyelela, indlela ye-M-LAG inesibopho sokuvumelanisa amatafula ekheli le-MAC (kanye ne-ARP. amatafula) kuwo womabili amaswishi amapheya e-M-LAG.
Ukulinganisa kwethrafikhi kufinyelelwa ngenxa yokuba khona kunethiwekhi engaphansi kwemizila eminingana eya ekuxhumaneni okubuyela emuva kwamaswishi okusabalalisa.
Esikhundleni isiphetho
Njengoba kushiwo ngenhla, ngesikhathi sokuhlola nokusebenza inethiwekhi ibonise ukwethembeka okuphezulu (isikhathi sokubuyisela ukwehluleka okuvamile asikho ngaphezu kwamakhulu ama-millisecond) nokusebenza okuhle - ukuxhumanisa ngakunye kuxhunywe kumnyombo ngamashaneli amabili angu-40 Gbit/s. Amaswishi okufinyelela kunethiwekhi yethu astakiwe futhi axhunywe kumaswishi okusabalalisa nge-LACP/M-LAG ngamashaneli amabili angu-10 Gbit/s. Isitaki sivamise ukuqukatha amaswishi angu-5 anezimbobo ezingama-48 lilinye, futhi izitaki zokufinyelela ezingafika kwezingu-10 zixhunywe ekusabalaliseni ekuxhumekeni ngakunye. Ngakho-ke, umgogodla uhlinzeka mayelana ne-30 Mbit / s ngomsebenzisi ngamunye ngisho nomthwalo omkhulu wethiyori, okuyinto ngesikhathi sokubhala eyanele kuzo zonke izinhlelo zethu zokusebenza ezisebenzayo.
Inethiwekhi ikuvumela ukuthi uhlele kalula ukumataniswa kwanoma yimaphi amadivayisi axhumene ngokungafanele ngakho kokubili i-L2 ne-L3, inikeze ukuhlukaniswa okuphelele kwethrafikhi (okuthandwa isevisi yezokuvikela yolwazi) kanye nezizinda ezinephutha (ezithandwa ithimba lemisebenzi).
Engxenyeni elandelayo sizokutshela ukuthi sithuthele kanjani kunethiwekhi entsha. Hlala ubukele!
UMaxim Klochkov
Umxhumanisi omkhulu wocwaningo lwenethiwekhi kanye neqembu lamaphrojekthi ayinkimbinkimbi
Isikhungo Sezixazululo Zenethiwekhi
"Jet Infosystems"
Source: www.habr.com