I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Kusukela ngo-Agasti 2017, lapho i-Cisco ithola i-Viptela, ubuchwepheshe obuyinhloko obunikezwa ukuhlela amanethiwekhi amabhizinisi asatshalaliswa I-Cisco SD-WAN. Kule minyaka engu-3 edlule, ubuchwepheshe be-SD-WAN buye badlula ezinguqukweni eziningi, ezisezingeni eliphezulu nezingamanani. Ngakho-ke, ukusebenza kukhule kakhulu futhi ukusekelwa kuvele kuma-router asendulo ochungechunge I-Cisco ISR 1000, ISR 4000, ASR 1000 kanye ne-Virtual CSR 1000v. Ngasikhathi sinye, amakhasimende amaningi akwaCisco nabalingani bayaqhubeka nokuzibuza: uyini umehluko phakathi kweCisco SD-WAN nezindlela esezivele zijwayelekile ezisuselwe kubuchwepheshe obufana Cisco DMVPN ΠΈ I-Cisco Performance Routing futhi ibaluleke kangakanani le mehluko?

Lapha kufanele ngokushesha senze ukubhuka ukuthi ngaphambi kokufika kwe-SD-WAN kuphothifoliyo ye-Cisco, i-DMVPN kanye ne-PfR bakha ingxenye ebalulekile ekwakhiweni kwezakhiwo. U-Cisco IWAN (Intelligent WAN), okwaba ngumanduleli wobuchwepheshe obugcwele be-SD-WAN. Naphezu kokufana okuvamile kwayo yomibili imisebenzi exazululwa nezindlela zokuyixazulula, i-IWAN ayikaze ithole izinga lokuzenzakalela, ukuguquguquka kanye nokuqina okudingekayo ku-SD-WAN, futhi ngokuhamba kwesikhathi, ukuthuthukiswa kwe-IWAN kwehle kakhulu. Ngesikhathi esifanayo, ubuchwepheshe obakha i-IWAN abukahambanga, futhi amakhasimende amaningi ayaqhubeka ewasebenzisa ngempumelelo, kuhlanganise nemishini yesimanje. Ngenxa yalokho, kuye kwavela isimo esithakazelisayo - imishini efanayo ye-Cisco ikuvumela ukuthi ukhethe ubuchwepheshe be-WAN obufaneleka kakhulu (i-classic, i-DMVPN+PfR noma i-SD-WAN) ngokuhambisana nezidingo nokulindelwe ngamakhasimende.

I-athikili ayihlosile ukuhlaziya ngokuningiliziwe zonke izici ze-Cisco SD-WAN kanye nobuchwepheshe be-DMVPN (noma ngaphandle Komzila Wokusebenza) - kunenani elikhulu lemibhalo etholakalayo nezinto zokwakha zalokhu. Umsebenzi oyinhloko ukuzama ukuhlola umehluko oyinhloko phakathi kwalobu buchwepheshe. Kodwa ngaphambi kokuba siqhubekele phambili ekuxoxeni ngalo mehluko, ake sikhumbule kafushane ubuchwepheshe ngokwazo.

Iyini i-Cisco DMVPN futhi kungani idingeka?

I-Cisco DMVPN ixazulula inkinga yokuxhumeka okuguquguqukayo (= okunokwehla) kwenethiwekhi yegatsha eqhelile kunethiwekhi yehhovisi elimaphakathi lebhizinisi lapho kusetshenziswa izinhlobo ezingafanele zamashaneli okuxhumana, okuhlanganisa i-inthanethi (= ngokubethela kweshaneli yokuxhumana). Ngobuchwepheshe, lokhu kubonakala ngokwakha inethiwekhi yokumbondelana ebonakalayo yekilasi le-L3 VPN kumodi ye-point-to-multipoint nge-topology enengqondo yohlobo lwe-β€œStar” (Hub-n-Spoke). Ukufeza lokhu, i-DMVPN isebenzisa inhlanganisela yobuchwepheshe obulandelayo:

  • Umzila we-IP
  • Imigudu ye-Multipoint GRE (mGRE)
  • I-Next Hop Resolution Protocol (NHRP)
  • Amaphrofayili e-IPSec Crypto

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Yiziphi izinzuzo eziyinhloko ze-Cisco DMVPN uma kuqhathaniswa nomzila wakudala usebenzisa iziteshi ze-MPLS VPN?

  • Ukwakha inethiwekhi yamagatsha, kungenzeka ukusebenzisa noma yiziphi iziteshi zokuxhumana - noma yini enganikeza ukuxhumana kwe-IP phakathi kwamagatsha kufanelekile, kuyilapho ithrafikhi izobethelwa (lapho kudingekile) futhi ibhalansiswe (lapho kungenzeka khona)
  • I-topology exhunywe ngokugcwele phakathi kwamagatsha yenziwa ngokuzenzakalelayo. Ngesikhathi esifanayo, kukhona imigudu emile phakathi kwegatsha elimaphakathi nelikude, kanye nemigudu eguqukayo lapho kudingeka khona phakathi kwamagatsha akude (uma kunethrafikhi)
  • Amarutha egatsha elimaphakathi nelikude anokumiswa okufanayo kuze kufike kumakheli e-IP wezindawo zokusebenzelana. Ngokusebenzisa i-mGRE, asikho isidingo sokumisa ngamunye ngamunye amashumi, amakhulu, noma izinkulungwane zemigudu. Ngenxa yalokho, scalability ehloniphekile nge design efanele.

Iyini i-Cisco Performance Routing futhi kungani idingeka?

Uma usebenzisa i-DMVPN kunethiwekhi yamagatsha, umbuzo owodwa obaluleke kakhulu uhlala ungaxazululiwe - ukuthi singasihlola kanjani isimo somhubhe ngamunye we-DMVPN ukuze uhambisane nezidingo zethrafikhi ebalulekile enhlanganweni yethu, futhi, ngokususelwa ekuhloleni okunjalo, ukwenza isinqumo sokuhlela kabusha? Iqiniso liwukuthi i-DMVPN kule ngxenye ihluke kancane kumzila we-classical - okungcono kakhulu okungenziwa ukulungisa izindlela ze-QoS ezizokuvumela ukuthi ubeke phambili ithrafikhi endaweni ephumayo, kodwa awukwazi nganoma iyiphi indlela ukucabangela isimo yonke indlela ngasikhathi sinye.

Futhi yini okufanele uyenze uma isiteshi sehlisa isithunzi kancane futhi hhayi ngokuphelele - ukuthi ungakubona kanjani futhi kuhlolwe kanjani lokhu? I-DMVPN ngokwayo ayikwazi ukwenza lokhu. Uma kucatshangelwa ukuthi iziteshi ezixhuma amagatsha zingadlula kuma-opharetha e-telecom ahluke ngokuphelele, zisebenzisa ubuchwepheshe obuhluke ngokuphelele, lo msebenzi uba yinto engeyona into encane kakhulu. Futhi yilapho ubuchwepheshe be-Cisco Performance Routing busiza khona, ngaleso sikhathi okwase kudlule kuzo izigaba ezimbalwa zokuthuthuka.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Umsebenzi we-Cisco Performance Routing (ngemuva kwalokhu i-PfR) wehlela ekulinganiseni isimo semizila (imihubhe) yethrafikhi ngokusekelwe kumamethrikhi angukhiye abalulekile kuzinhlelo zokusebenza zenethiwekhi - ukubambezeleka, ukuhluka kwe-latency (i-jitter) nokulahlekelwa kwephakethe (iphesenti). Ukwengeza, i-bandwidth esetshenzisiwe ingalinganiswa. Lezi zilinganiso zenzeka eduze nesikhathi sangempela ngangokunokwenzeka futhi ngokufanelekile, futhi umphumela walezi zilinganiso uvumela umzila osebenzisa i-PfR ukwenza izinqumo eziguqukayo mayelana nesidingo sokushintsha umzila walokhu noma lolo hlobo lwethrafikhi.

Ngakho-ke, umsebenzi wenhlanganisela ye-DMVPN/PfR ungachazwa kafushane kanje:

  • Vumela ikhasimende ukuthi lisebenzise noma yiziphi iziteshi zokuxhumana kunethiwekhi ye-WAN
  • Qinisekisa ikhwalithi ephezulu kakhulu yezinhlelo zokusebenza ezibalulekile kulezi ziteshi

Iyini i-Cisco SD-WAN?

I-Cisco SD-WAN ubuchwepheshe obusebenzisa indlela ye-SDN ukuze udale futhi usebenzise inethiwekhi yenhlangano ye-WAN. Lokhu ikakhulukazi kusho ukusetshenziswa kwalokho okubizwa ngokuthi abalawuli (izakhi zesofthiwe), ezihlinzeka nge-orchestration emaphakathi kanye nokucushwa okuzenzakalelayo kwazo zonke izingxenye zesixazululo. Ngokungafani ne-canonical SDN (isitayela se-Clean Slate), i-Cisco SD-WAN isebenzisa izinhlobo ezimbalwa zezilawuli, ngasinye senza indima yaso - lokhu kwenziwa ngenhloso ukuze kuhlinzekwe ukukaleka okungcono kanye ne-geo-redundancy.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Endabeni ye-SD-WAN, umsebenzi wokusebenzisa noma yiziphi izinhlobo zamashaneli nokuqinisekisa ukusebenza kwezicelo zebhizinisi uhlala ufana, kodwa ngesikhathi esifanayo, izidingo zokuzenzakalela, ukulinganisa, ukuphepha kanye nokuguquguquka kwenethiwekhi enjalo ziyakhula.

Ingxoxo yokungafani

Uma manje siqala ukuhlaziya umehluko phakathi kwalezi zindlela zobuchwepheshe, zizowela kwesinye sezigaba ezilandelayo:

  • Umehluko wezakhiwo - imisebenzi isatshalaliswa kanjani kuzo zonke izingxenye ezahlukahlukene zesixazululo, kuhlelwe kanjani ukusebenzisana kwezingxenye ezinjalo, futhi lokhu kuwathinta kanjani amandla kanye nokuvumelana nezimo kobuchwepheshe?
  • Ukusebenza - yini enye ubuchwepheshe obungayenza enye engakwazi ukuyenza? Futhi ingabe ibaluleke kangako?

Uyini umehluko wezakhiwo futhi ubalulekile?

Ngabunye balobu buchwepheshe bunezingxenye eziningi β€œezinyakazayo” ezingahlukani kuphela ngezindima zazo, kodwa nasendleleni ezisebenzisana ngayo. Ukuthi lezi zimiso zicatshangelwa kahle kangakanani kanye nezinsimbi ezijwayelekile zesixazululo zinquma ngokuqondile ukuqina kwaso, ukubekezelela amaphutha nokusebenza kahle kukonke.

Ake sibheke izici ezihlukahlukene zezakhiwo ngokuningiliziwe:

Idatha-indiza – ingxenye yesixazululo esibhekele ukudlulisa ithrafikhi yomsebenzisi phakathi komthombo nomamukeli. I-DMVPN ne-SD-WAN zisetshenziswa ngokuvamile ngokufanayo kumarutha ngokwawo ngokusekelwe kumigudu ye-Multipoint GRE. Umehluko uwukuthi isethi edingekayo yamapharamitha ala mahubhe akhiwa kanjani:

  • Π² I-DMVPN/PfR iwuhlelo olukhethekile lwamaleveli amabili lamanodi ane-Star noma i-Hub-n-Spoke topology. Ukulungiswa okuqinile kwe-Hub kanye nokubophezela okumile kwe-Spoke ku-Hub kuyadingeka, kanye nokusebenzisana ngephrothokholi ye-NHRP ukuze kwakheke uxhumano lwendiza yedatha. Ngenxa yalokho, ukwenza izinguquko ku-Hub kube nzima kakhuluokuhlobene, isibonelo, ukushintsha/ukuxhuma amashaneli e-WAN noma ukushintsha amapharamitha akhona.
  • Π² I-SD-WAN iyimodeli eguquguqukayo ngokugcwele yokuthola amapharamitha wamathaneli afakiwe asuselwe kundiza yokulawula (i-OMP protocol) kanye nendiza ye-orchestration (ukusebenzelana nesilawuli se-vBond ukuze kutholwe isilawuli nemisebenzi ye-NAT evundlayo). Kulokhu, noma yimaphi ama-topologies angaphezulu angasetshenziswa, kufaka phakathi ama-hierarchical. Ngaphakathi kwe-topology yomhubhe oyimbondela emisiwe, ukumiswa okuguquguqukayo kwe-topology enengqondo ku-VPN(VRF) ngayinye ngayinye kungenzeka.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Indiza yokulawula - imisebenzi yokushintshanisa, ukuhlunga kanye nokuguqulwa komzila nolunye ulwazi phakathi kwezingxenye zesixazululo.

  • Π² I-DMVPN/PfR - kwenziwa kuphela phakathi kwamarutha e-Hub kanye ne-Spoke. Ukushintshisana okuqondile kolwazi lomzila phakathi kwe-Spokes akunakwenzeka. Ngenxa yalokho, Ngaphandle kwe-Hub esebenzayo, indiza yokulawula kanye nendiza yedatha ayikwazi ukusebenza, okubeka izimfuneko ezingeziwe zokutholakala okuphezulu kuhabhu ezingakwazi ukuhlangabezwa njalo.
  • Π² I-SD-WAN - Indiza yokulawula ayilokothi yenziwe ngokuqondile phakathi kwamarutha - ukusebenzisana kwenzeka ngesisekelo sephrothokholi ye-OMP futhi kwenziwa ngempela ngohlobo olukhethekile oluhlukile lwesilawuli se-vSmart, esinikeza ithuba lokulinganisa, ukubhuka kwe-geo kanye nokulawula okuphakathi nendawo umthwalo wesignali. Esinye isici sephrothokholi ye-OMP ukumelana kwayo okuphawulekayo nokulahlekelwa kanye nokuzimela kusukela esivinini sesiteshi sokuxhumana nabalawuli (ngaphakathi kwemingcele enengqondo, kunjalo). Okukuvumela ngempumelelo ngokulinganayo ukuthi ubeke izilawuli ze-SD-WAN emafini omphakathi noma ayimfihlo ngokufinyelela nge-inthanethi.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Inqubomgomo-indiza – ingxenye yesixazululo esibhekene nokuchaza, ukusabalalisa nokusebenzisa izinqubomgomo zokulawulwa kwethrafikhi kunethiwekhi esabalalisiwe.

  • I-DMVPN - kukhawulelwe ngempumelelo izinqubomgomo zekhwalithi yesevisi (i-QoS) ezilungiselelwe ngayodwana kumzila ngamunye kusetshenziswa izifanekiso ze-CLI noma ze-Prime Infrastructure.
  • I-DMVPN/PfR - Izinqubomgomo ze-PfR zakhiwa kumzila ophakathi nendawo we-Master Controller (MC) nge-CLI bese isakazwa ngokuzenzakalelayo kuma-MC egatsha. Kulesi simo, izindlela ezifanayo zokudlulisa inqubomgomo zisetshenziswa njengendiza yedatha. Akunakwenzeka ukuhlukanisa ukushintshisana kwezinqubomgomo, imininingwane yomzila kanye nedatha yomsebenzisi. Ukusatshalaliswa kwenqubomgomo kudinga ukuba khona kokuxhumana kwe-IP phakathi kwe-Hub ne-Spoke. Kulokhu, umsebenzi we-MC ungakwazi, uma kunesidingo, uhlanganiswe nerutha ye-DMVPN. Kuyenzeka (kodwa akudingekile) ukusebenzisa izifanekiso ze-Prime Infrastructure ukukhiqiza inqubomgomo endaweni eyodwa. Isici esibalulekile ukuthi inqubomgomo yakhiwe emhlabeni wonke kunethiwekhi ngendlela efanayo - Izinqubomgomo zomuntu ngamunye zesegimenti ngayinye azisekelwe.
  • I-SD-WAN - Ukuphathwa kwethrafikhi kanye nekhwalithi yezinqubomgomo zesevisi kunqunywa phakathi nendawo ngokusebenzisa i-Cisco vManage graphical interface, efinyeleleka nange-inthanethi (uma kunesidingo). Zisatshalaliswa ngeziteshi zokusayina ngokuqondile noma ngokungaqondile ngezilawuli ze-vSmart (kuye ngokuthi hlobo luni lwenqubomgomo). Azincikile ekuxhumekeni kwendiza yedatha phakathi kwama-routers, ngoba sebenzisa zonke izindlela zethrafikhi ezitholakalayo phakathi kwesilawuli nerutha.

    Kumasegimenti enethiwekhi ahlukene, kuyenzeka ukuthi udale izinqubomgomo ezihlukile - ububanzi benqubomgomo bunqunywa izihlonzi eziningi ezihlukile ezinikezwe kusixazululo - inombolo yegatsha, uhlobo lohlelo lokusebenza, isiqondiso sethrafikhi, njll.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

I-Orchestration-indiza - izindlela ezivumela izingxenye ukuthi zibonane ngokuguquguqukayo, zilungiselele futhi zixhumanise ukusebenzisana okulandelayo.

  • Π² I-DMVPN/PfR Ukutholwa okuhlanganyelwe phakathi kwamarutha kusekelwe ekucushweni okumile kwamadivayisi e-Hub kanye nokucushwa okuhambisanayo kwamadivayisi e-Spoke. Ukutholwa okunamandla kwenzeka kuphela ku-Spoke, ebika izinhlaka zayo zokuxhuma kwe-Hub kudivayisi, yona elungiselelwa kusengaphambili nge-Spoke. Ngaphandle kokuxhumana kwe-IP phakathi kwe-Spoke kanye okungenani ne-Hub eyodwa, akunakwenzeka ukwakha indiza yedatha noma indiza yokulawula.
  • Π² I-SD-WAN ukuhlelwa kwezingxenye zesixazululo kwenzeka kusetshenziswa isilawuli se-vBond, lapho ingxenye ngayinye (amarutha kanye nezilawuli ze-vManage/vSmart) kumele ziqale zisungule ukuxhumana kwe-IP.

    Ekuqaleni, izingxenye azazi mayelana nemingcele yokuxhuma enye nenye - kulokhu zidinga i-orchestrator ye-vBond. Umgomo ojwayelekile umi kanje - ingxenye ngayinye esigabeni sokuqala ifunda (ngokuzenzakalelayo noma ngokwezibalo) kuphela mayelana nemingcele yokuxhuma ku-vBond, bese i-vBond yazisa umzila mayelana nezilawuli ze-vManage ne-vSmart (ezitholwe ekuqaleni), okwenza kube nokwenzeka ukusungula ngokuzenzakalelayo. zonke izixhumanisi zamasignali ezidingekayo.

    Isinyathelo esilandelayo esokuba irutha entsha ifunde mayelana namanye amarutha akunethiwekhi ngokuxhumana kwe-OMP nesilawuli se-vSmart. Ngakho-ke, i-router, ngaphandle kokwazi lutho ekuqaleni mayelana nemingcele yenethiwekhi, ikwazi ukubona ngokuzenzakalelayo futhi ixhume kubalawuli bese iphinda ithole ngokuzenzakalelayo futhi yakha ukuxhumana namanye amarutha. Kulokhu, imingcele yokuxhuma yazo zonke izingxenye ayikaziwa ekuqaleni futhi ingashintsha ngesikhathi sokusebenza.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Ukuphatha-indiza – ingxenye yesixazululo esihlinzeka ngokuphathwa nokuqapha okumaphakathi.

  • I-DMVPN/PfR – asikho isixazululo esikhethekile sokuphatha-indiza enikeziwe. Ngokuzenzakalela okuyisisekelo nokuqapha, imikhiqizo efana ne-Cisco Prime Infrastructure ingasetshenziswa. Irutha ngayinye inamandla okulawulwa ngomugqa womyalo we-CLI. Ukuhlanganiswa namasistimu angaphandle nge-API akunikeziwe.
  • I-SD-WAN - konke ukuxhumana okuvamile kanye nokuqapha kwenziwa phakathi nendawo ngokusebenzisa i-graphical interface yesilawuli se-vManage. Zonke izici zesixazululo, ngaphandle kokukhetha, ziyatholakala ukuze zicushwe nge-vManage, kanye nangelabhulali ye-REST API ebhalwe ngokugcwele.

    Zonke izilungiselelo zenethiwekhi ye-SD-WAN ku-vManage zehlela ekwakhiweni okubili okuyinhloko - ukwakheka kwezifanekiso zedivayisi (Isifanekiso Sedivayisi) kanye nokwakhiwa kwenqubomgomo enquma ukucabanga kokusebenza kwenethiwekhi nokucutshungulwa kwethrafikhi. Ngesikhathi esifanayo, i-vManage, isakaza inqubomgomo ekhiqizwe umlawuli, ikhetha ngokuzenzakalelayo ukuthi yiziphi izinguquko nokuthi yiziphi izisetshenziswa ngazinye/izilawuli okudingeka zenziwe, okwandisa kakhulu ukusebenza kahle kanye nokulinganisa kwesixazululo.

    Ngokusebenzisa i-vManage interface, akukhona nje ukulungiswa kwesixazululo se-Cisco SD-WAN okutholakalayo, kodwa futhi nokuqapha okugcwele kwesimo sazo zonke izingxenye zesixazululo, kuze kufike esimweni samanje samamethrikhi emihubhe ngayinye kanye nezibalo zokusetshenziswa kwezinhlelo zokusebenza ezihlukahlukene. ngokusekelwe ekuhlaziyweni kwe-DPI.

    Naphezu kwe-centralization yokusebenzisana, zonke izingxenye (izilawuli nama-routers) nazo zinomugqa womyalo osebenza ngokugcwele we-CLI, odingekayo esigabeni sokuqalisa noma esimweni esiphuthumayo sokuxilongwa kwendawo. Kwimodi evamile (uma kukhona isiteshi sokubonisa phakathi kwezingxenye) kuma-routers, umugqa womyalo utholakala kuphela ekuxilongweni futhi awutholakali ukwenza izinguquko zendawo, okuqinisekisa ukuphepha kwendawo kanye nomthombo kuphela wezinguquko kunethiwekhi enjalo yi-vManage.

Ukuphepha Okudidiyelwe - lapha asikhulumi kuphela ngokuvikelwa kwedatha yomsebenzisi uma idluliswa eziteshini ezivulekile, kodwa futhi mayelana nokuvikeleka okuphelele kwenethiwekhi ye-WAN ngokusekelwe kubuchwepheshe obukhethiwe.

  • Π² I-DMVPN/PfR Kuyenzeka ukubethela idatha yomsebenzisi kanye nezivumelwano zokusayina. Uma usebenzisa amamodeli athile erutha, imisebenzi yokuvikela umlilo ngokuhlolwa kwethrafikhi, i-IPS/IDS iyatholakala futhi. Kungenzeka ukuhlukanisa amanethiwekhi egatsha usebenzisa i-VRF. Kuyenzeka ukuqinisekisa (isici esisodwa) amaphrothokholi okulawula.

    Kulesi simo, i-router ekude ibhekwa njengento ethembekile yenethiwekhi ngokuzenzakalelayo - i.e. izimo zokuyekethisa ngokomzimba kwemishini ngayinye kanye nethuba lokufinyelela okungagunyaziwe kuzo akucatshangwa noma kucatshangelwe; akukho ukuqinisekiswa kwezinto ezimbili zezingxenye zesixazululo, lapho kwenzeka inethiwekhi esabalaliswa ngokwendawo. ingase ibe nezingozi ezengeziwe ezibalulekile.

  • Π² I-SD-WAN ngokufanisa ne-DMVPN, ikhono lokubethela idatha yomsebenzisi linikeziwe, kodwa ngokuvikeleka kwenethiwekhi okwandiswe kakhulu kanye nemisebenzi yokuhlukaniswa kwe-L3/VRF (i-firewall, i-IPS/IDS, ukuhlunga kwe-URL, ukuhlunga kwe-DNS, i-AMP/TG, i-SASE, ummeleli we-TLS/SSL, njll.) d.). Ngesikhathi esifanayo, ukushintshaniswa kokhiye bokubethela kwenziwa ngokuphumelelayo ngezilawuli ze-vSmart (kunokuba ngokuqondile), ngokusebenzisa iziteshi zokusayina ezisungulwe ngaphambilini ezivikelwe ukubethela kwe-DTLS/TLS ngokusekelwe ezitifiketini zokuphepha. Okuphinde kuqinisekise ukuvikeleka kokuhwebelana okunjalo futhi kuqinisekise ukukala okungcono kwesixazululo kuze kufike ezinkulungwaneni zamadivayisi kunethiwekhi efanayo.

    Zonke izixhumanisi zokusayina (isilawuli-kuya-kumlawuli, isilawuli-rutha) nazo zivikelekile ngokusekelwe ku-DTLS/TLS. Ama-routers afakwe izitifiketi zokuphepha ngesikhathi sokukhiqiza okungenzeka ukuthi kufakwe esikhundleni/kwandiswe. Ukuqinisekiswa kwezinto ezimbili kufinyelelwa ngokugcwaliseka okuyisibopho nangesikhathi esisodwa kwemibandela emibili ukuze umzila/isilawuli sisebenze kunethiwekhi ye-SD-WAN:

    • Isitifiketi sokuvikela esisebenzayo
    • Ukufakwa okusobala nokuqaphela umlawuli wengxenye ngayinye ohlwini β€œolumhlophe” lwamadivayisi avunyelwe.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Umehluko osebenzayo phakathi kwe-SD-WAN ne-DMVPN/PfR

Ukuqhubekela phambili ekuxoxweni ngokungafani kokusebenza, kufanele kuqashelwe ukuthi eziningi zazo ziwukuqhubeka kwezakhiwo - akuyona imfihlo ukuthi lapho benza ukwakheka kwesixazululo, abathuthukisi baqala emandleni abafuna ukuwathola ekugcineni. Ake sibheke umehluko obaluleke kakhulu phakathi kobuchwepheshe obubili.

I-AppQ (Ikhwalithi Yohlelo Lokusebenza) - imisebenzi yokuqinisekisa ikhwalithi yokudluliselwa kwethrafikhi yezicelo zebhizinisi

Imisebenzi ebalulekile yobuchwepheshe obucutshungulwayo ihloselwe ukuthuthukisa ulwazi lomsebenzisi ngangokunokwenzeka lapho kusetshenziswa izinhlelo zokusebenza ezibucayi zebhizinisi kunethiwekhi esabalalisiwe. Lokhu kubaluleke kakhulu ezimeni lapho ingxenye yengqalasizinda ingalawulwa yi-IT noma ingakuqinisekisi nokudluliswa kwedatha okuyimpumelelo.

I-DMVPN ayinikezi ngokwayo izindlela ezinjalo. Okungcono kakhulu okungenziwa kunethiwekhi yakudala ye-DMVPN wukuhlukanisa ithrafikhi ephumayo ngokufaka isicelo futhi uyibeke eqhulwini lapho idluliselwa esiteshini se-WAN. Ukukhethwa komhubhe we-DMVPN kunqunywa kuleli cala kuphela ngokutholakala kwawo kanye nomphumela wokusebenza kwezivumelwano zomzila. Ngesikhathi esifanayo, isimo sokuphela kwendlela/umhubhe kanye nokuwohloka kwawo okungase kube khona akunakwa ngokwemibandela yamamethrikhi abalulekile abalulekile ekufakweni kwenethiwekhi - ukubambezeleka, ukulibaziseka ukuhluka (i-jitter) nokulahlekelwa (% ). Kulokhu, ukuqhathanisa ngokuqondile i-DMVPN yakudala ne-SD-WAN mayelana nokuxazulula izinkinga ze-AppQ kulahlekelwa yonke incazelo - i-DMVPN ayikwazi ukuxazulula le nkinga. Uma ungeza ubuchwepheshe be-Cisco Performance Routing (PfR) kulo mongo, isimo siyashintsha futhi ukuqhathanisa ne-Cisco SD-WAN kuba nenjongo kakhulu.

Ngaphambi kokuthi sixoxe ngomehluko, nakhu ukubuka okusheshayo kokuthi ubuchwepheshe bufana kanjani. Ngakho, kokubili ubuchwepheshe:

  • ube nendlela ekuvumela ukuthi uhlole ngokuguqukayo isimo somhubhe ngamunye osunguliwe ngokuya ngamamethrikhi athile - okungenani, ukubambezeleka, ukuhluka kokubambezeleka kanye nokulahleka kwephakethe (%)
  • sebenzisa isethi ethile yamathuluzi ukwakha, ukusabalalisa nokusebenzisa imithetho yokulawulwa kwethrafikhi (izinqubomgomo), ngokucabangela imiphumela yokulinganisa isimo samamethrikhi abalulekile omhubhe.
  • hlukanisa ithrafikhi yohlelo lokusebenza kumazinga L3-L4 (DSCP) wemodeli ye-OSI noma ngamasiginesha ohlelo lokusebenza lwe-L7 ngokusekelwe ezindleleni ze-DPI ezakhelwe kumzila
  • Kuzinhlelo zokusebenza ezibalulekile, zikuvumela ukuthi unqume amanani amukelekayo amamethrikhi, imithetho yokudlulisa ithrafikhi ngokuzenzakalelayo, nemithetho yokuhlela kabusha ithrafikhi lapho amanani e-threshold eqiwe.
  • Lapho behlanganisa ithrafikhi ku-GRE/IPSec, basebenzisa indlela yemboni eseyisunguliwe yokudlulisa izimpawu zangaphakathi ze-DSCP kusihloko sephakethe sangaphandle se-GRE/IPSEC, esivumela ukuvumelanisa izinqubomgomo ze-QoS zenhlangano kanye nomsebenzisi we-telecom (uma kune-SLA efanelekile) .

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Ingabe i-SD-WAN ne-DMVPN/PfR ihluke kanjani ekugcineni-kuya-ekupheleni amamethrikhi?

I-DMVPN/PfR

  • Zombili izinzwa zesofthiwe ezisebenzayo nezingenzi lutho (Ama-Probes) zisetshenziselwa ukuhlola amamethrikhi ezempilo emhubhe ajwayelekile. Ezisebenzayo zisekelwe kuthrafikhi yomsebenzisi, abangenzi lutho balingisa ithrafikhi enjalo (uma ingekho).
  • Akukho ukulungiswa kahle kwezibali kanye nezimo zokuthola ukonakaliswa - i-algorithm ilungisiwe.
  • Ukwengeza, ukukalwa komkhawulokudonsa osetshenzisiwe endleleni ephumayo kuyatholakala. Okwengeza ukuguquguquka okwengeziwe kokuphathwa kwethrafikhi ku-DMVPN/PfR.
  • Ngesikhathi esifanayo, ezinye izindlela ze-PfR, lapho amamethrikhi eqiwe, zithembele ekusayineni kwempendulo ngendlela yemilayezo ekhethekile ye-TCA (Threshold Crossing Alert) okufanele isuke kumamukeli wethrafikhi iye emthonjeni, yona ethatha ukuthi isimo iziteshi ezikaliwe kufanele okungenani zanele ukudlulisa imiyalezo enjalo ye-TCA. Okungukuthi ezimweni eziningi akuyona inkinga, kodwa ngokusobala ayikwazi ukuqinisekiswa.

I-SD-WAN

  • Ukuze kuhlolwe ukuphela ukuya ekupheleni kwamamethrikhi esimo somhubhe ajwayelekile, iphrothokholi ye-BFD isetshenziswa kumodi ye-echo. Kulesi simo, impendulo ekhethekile ngendlela ye-TCA noma imilayezo efanayo ayidingeki - ukuhlukaniswa kwezizinda zokuhluleka kugcinwa. Futhi ayidingi ukuba khona kwethrafikhi yomsebenzisi ukuze kuhlolwe isimo somhubhe.
  • Kungenzeka ukushuna kahle izibali sikhathi ze-BFD ukuze ulawule isivinini sokuphendula nokuzwela kwe-algorithm ekucekeleni phansi kwesiteshi sokuxhumana ukusuka kumasekhondi ambalwa ukuya emaminithini.

    Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

  • Ngesikhathi sokubhala, kuneseshini eyodwa kuphela ye-BFD emhubheni ngamunye. Lokhu kungase kudale ubumbudumbudu obuncane ekuhlaziyeni isimo somhubhe. Eqinisweni, lokhu kungaba umkhawulo kuphela uma usebenzisa uxhumano lwe-WAN olusekelwe ku-MPLS L2/L3 VPN ne-QoS SLA okuvunyelwene ngayo - uma ukumaka kwe-DSCP kwethrafikhi ye-BFD (ngemuva kokuhlanganisa ku-IPSec/GRE) kufana nolayini obaluleke kakhulu inethiwekhi yomsebenzisi we-telecom, khona-ke lokhu kungase kuthinte ukunemba kanye nesivinini sokutholwa kokucekelwa phansi kwethrafikhi ebaluleke kancane. Ngesikhathi esifanayo, kungenzeka ukushintsha ukulebula okuzenzakalelayo kwe-BFD ukuze unciphise ubungozi bezimo ezinjalo. Ezinguqulweni ezizayo zesofthiwe ye-Cisco SD-WAN, izilungiselelo ze-BFD ezicushwe kahle kulindeleke, kanye nekhono lokwethula amaseshini amaningi e-BFD emhubheni ofanayo ngamavelu e-DSCP ngayinye (ezinhlelo zokusebenza ezahlukene).
  • I-BFD ngaphezu kwalokho ikuvumela ukuthi ulinganise usayizi wephakethe omkhulu ongadluliswa ngomhubhe othile ngaphandle kokuhlukana. Lokhu kuvumela i-SD-WAN ukuthi iguqule ngokuguqukayo amapharamitha afana ne-MTU ne-TCP MSS Lungisa ukuze usebenzise ngokugcwele umkhawulokudonsa otholakalayo kusixhumanisi ngasinye.
  • Ku-SD-WAN, inketho yokuvumelanisa kwe-QoS kusuka ku-telecom opharetha iyatholakala, hhayi kuphela ngokusekelwe ezinkambini ze-L3 DSCP, kodwa futhi ngokusekelwe kumanani we-L2 CoS, angenziwa ngokuzenzakalelayo kunethiwekhi yegatsha ngamadivayisi akhethekile - isibonelo, i-IP. amafoni

Amakhono, izindlela zokuchaza nokusebenzisa izinqubomgomo ze-AppQ ahluke kanjani?

Izinqubomgomo ze-DMVPN/PfR:

  • Kuchazwa kumzila wegatsha omaphakathi ngomugqa womyalo we-CLI noma izifanekiso zokumisa ze-CLI. Ukukhiqiza izifanekiso ze-CLI kudinga ukulungiswa kanye nolwazi lwe-syntax yenqubomgomo.

    Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

  • Kuchazwa emhlabeni jikelele ngaphandle kokuba nokwenzeka kokucushwa/ushintsho lomuntu ngamunye ezidingweni zezingxenye zenethiwekhi ngazinye.
  • Ukwenziwa kwenqubomgomo esebenzisanayo akunikeziwe kusixhumi esibonakalayo esinesithombe.
  • Ukulandelela izinguquko, ifa, nokudala izinguqulo eziningi zezinqubomgomo zokushintsha ngokushesha akunikeziwe.
  • Kusatshalaliswa ngokuzenzakalelayo kumarutha amagatsha akude. Kulokhu, iziteshi zokuxhumana ezifanayo zisetshenziswa njengokudlulisa idatha yomsebenzisi. Uma singekho isiteshi sokuxhumana phakathi kwegatsha elimaphakathi nelikude, ukusabalalisa/ukushintsha kwezinqubomgomo akunakwenzeka.
  • Zisetshenziswa kumzila ngamunye futhi, uma kunesidingo, ziguqula umphumela wezinqubo ezijwayelekile zomzila, zibe nokuhamba phambili okuphezulu.
  • Ezimeni lapho zonke izixhumanisi ze-WAN zegatsha ziba nokulahlekelwa okukhulu kwethrafikhi, azikho izindlela zesinxephezelo ezinikeziwe.

Izinqubomgomo ze-SD-WAN:

  • Ichazwe ku-vManage GUI ngewizadi yesifanekiso esisebenzisanayo.
  • Isekela ukudala izinqubomgomo eziningi, ukukopisha, ukuzuza, ukushintsha phakathi kwezinqubomgomo ngesikhathi sangempela.
  • Isekela izilungiselelo zenqubomgomo ngayinye yamasegimenti enethiwekhi ahlukene (amagatsha)
  • Zisatshalaliswa kusetshenziswa noma isiphi isiteshi sesignali esitholakalayo phakathi kwesilawuli nerutha kanye/noma i-vSmart - azincikile ngokuqondile ekuxhumekeni kwendiza yedatha phakathi kwamarutha. Lokhu, kunjalo, kudinga uxhumano lwe-IP phakathi kwe-router ngokwayo kanye nezilawuli.

    Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

  • Ezimweni lapho wonke amagatsha atholakalayo egatsha ehlangabezana nokulahlekelwa kwedatha okubalulekile okudlula imikhawulo eyamukelekayo yezinhlelo zokusebenza ezibalulekile, kungenzeka ukusebenzisa izindlela ezengeziwe ezikhulisa ukuthembeka kokudlulisela:
    • I-FEC (Ukulungiswa Kwephutha Langaphambili) - isebenzisa i-algorithm ekhethekile yokubhala amakhodi. Lapho udlulisela ithrafikhi ebalulekile eziteshini ezinamaphesenti abalulekile okulahlekelwa, i-FEC ingenziwa isebenze ngokuzenzakalelayo futhi ivumele, uma kunesidingo, ukubuyisela ingxenye elahlekile yedatha. Lokhu kwandisa kancane umkhawulokudonsa wokudlulisa osetshenzisiwe, kodwa kuthuthukisa kakhulu ukuthembeka.

      Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

    • Ukuphindwaphindwa kokusakaza kwedatha - Ngokungeziwe ku-FEC, inqubomgomo ingahlinzeka ngokuphindaphinda okuzenzakalelayo kwethrafikhi yezinhlelo zokusebenza ezikhethiwe uma kwenzeka izinga elibi nakakhulu lokulahlekelwa elingakwazi ukunxeshezelwa yi-FEC. Kulesi simo, idatha ekhethiwe izodluliswa kuwo wonke amathaneli abheke egatsheni eliwamukelayo ngokususa ukuphindaphinda (ukwehla amakhophi engeziwe amaphakethe). Umshini ukhulisa kakhulu ukusetshenziswa kwesiteshi, kodwa futhi ukhulisa kakhulu ukwethembeka kokudlulisela.

Amakhono e-Cisco SD-WAN, ngaphandle kwama-analogue aqondile ku-DMVPN/PfR

Ukwakheka kwesixazululo se-Cisco SD-WAN kwezinye izimo kukuvumela ukuthi uthole amakhono okungenzeka anzima kakhulu ukuwasebenzisa ngaphakathi kwe-DMVPN/PfR, noma angenzeki ngenxa yezindleko zomsebenzi ezidingekayo, noma angenzeki nhlobo. Ake sibheke ezithakazelisa kakhulu kuzo:

I-Traffic-Engineering (TE)

I-TE ihlanganisa izindlela ezivumela ithrafikhi ukuthi ihlukane nendlela evamile eyakhiwe izimiso zomzila. I-TE ivame ukusetshenziselwa ukuqinisekisa ukutholakala okuphezulu kwezinsizakalo zenethiwekhi, ngokusebenzisa ikhono lokudlulisa ngokushesha futhi/noma ngokuqhubekayo ithrafikhi ebalulekile kwenye indlela yokudlulisela (ehlukene), ukuze kuqinisekiswe ikhwalithi engcono yesevisi noma isivinini sokululama uma kwenzeka ukwehluleka. endleleni enkulu.

Ubunzima bokusebenzisa i-TE busesidingweni sokubala futhi ubeke (hlola) enye indlela kusengaphambili. Kumanethiwekhi e-MPLS o-opharetha bezingcingo, le nkinga ixazululwa kusetshenziswa ubuchwepheshe obufana ne-MPLS Traffic-Engineering enezandiso zezivumelwano ze-IGP kanye nephrothokholi ye-RSVP. Futhi muva nje, ubuchwepheshe be-Segment Routing, obulungiselelwe kangcono ukulungiselelwa okuphakathi nendawo kanye ne-orchestration, buye banda kakhulu. Kumanethiwekhi akudala e-WAN, lobu buchwepheshe ngokuvamile abumelwe noma buncishiselwa ukusetshenziswa kwezindlela ze-hop-by-hop njenge-Policy-Based Routing (PBR), ekwazi ukuhlanganisa ithrafikhi, kodwa isebenzise lokhu kumzila ngamunye ngokuhlukana - ngaphandle kokuthatha. ngokucabangela isimo sonke senethiwekhi noma umphumela we-PBR ezinyathelweni zangaphambilini noma ezilandelayo. Umphumela wokusebenzisa lezi zinketho ze-TE uyadumaza - i-MPLS TE, ngenxa yobunzima bokucushwa nokusebenza, isetshenziswa, njengomthetho, kuphela engxenyeni ebaluleke kakhulu yenethiwekhi (core), futhi i-PBR isetshenziswa kuma-routers ngamanye ngaphandle ikhono lokudala inqubomgomo ye-PBR ehlanganisiwe yayo yonke inethiwekhi. Ngokusobala, lokhu kusebenza futhi kumanethiwekhi asekelwe ku-DMVPN.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

I-SD-WAN mayelana nalokhu inikeza isisombululo esihle kakhulu esingelula nje ukusimisa, kodwa futhi nezikali ezingcono kakhulu. Lokhu kuwumphumela wezakhiwo zokulawula-indiza kanye nenqubomgomo-yendiza esetshenzisiwe. Ukusebenzisa indiza yenqubomgomo ku-SD-WAN ikuvumela ukuthi uchaze inqubomgomo ye-TE phakathi nendawo - iyiphi ithrafikhi enentshisekelo kuyo? eyamaphi ama-VPN? Yimaphi ama-node/imihubhe lapho kudingekile noma, ngokuphambene, kungavunyelwe ukwakha omunye umzila? Ngokulandelayo, ukufakwa endaweni eyodwa kokuphathwa kwendiza yokulawula okusekelwe kuzilawuli ze-vSmart kukuvumela ukuthi uguqule imiphumela yomzila ngaphandle kokusebenzisa izilungiselelo zamadivayisi angawodwana - amarutha avele abona umphumela we-logic eyakhiwe kusixhumi esibonakalayo se-vManage futhi yadluliselwa ukuze isetshenziswe vSmart.

Isevisi-chaining

Ukwakha amaketango esevisi kuwumsebenzi onzima kakhulu kumzila wakudala kunomshini wobunjiniyela be-Traffic osuchaziwe. Ngempela, kulokhu, akudingekile kuphela ukudala umzila okhethekile wohlelo lokusebenza lwenethiwekhi ethile, kodwa futhi nokuqinisekisa ikhono lokususa ithrafikhi kunethiwekhi ezindaweni ezithile (noma zonke) zenethiwekhi ye-SD-WAN ukuze icutshungulwe isicelo esikhethekile noma isevisi (Firewall, Balancing, Caching, Inspection traffic, njll.). Ngesikhathi esifanayo, kuyadingeka ukwazi ukulawula isimo salezi zinsizakalo zangaphandle ukuze kuvinjelwe izimo ze-black-holing, futhi kuyadingeka izindlela ezivumela ukuthi lezi zinsizakalo zangaphandle zohlobo olufanayo zibekwe ezindaweni ezahlukene ze-geo. ngekhono lenethiwekhi lokukhetha ngokuzenzakalelayo indawo yesevisi engcono kakhulu yokucubungula ithrafikhi yegatsha elithile. Endabeni ye-Cisco SD-WAN, lokhu kulula kakhulu ukukufeza ngokwakha inqubomgomo efanele yendawo eyodwa β€œenamathelisa” zonke izici zeketango lesevisi eliqondiwe libe yinto eyodwa futhi iguqule ngokuzenzakalelayo i-data-plane kanye ne-control-plane logic kuphela lapho futhi uma kunesidingo.

Ngabe i-Cisco SD-WAN izonqamula igatsha okuhlala kulo i-DMVPN?

Ikhono lokudala ukucutshungulwa kwethrafikhi esatshalaliswa nge-geo yezinhlobo ezikhethiwe zezinhlelo zokusebenza ngokulandelana okuthile kumishini ekhethekile (kodwa engahlobene nenethiwekhi ye-SD-WAN ngokwayo) mhlawumbe ukubonakaliswa okucace kakhulu kwezinzuzo ze-Cisco SD-WAN ngaphezu kokwakudala. ubuchwepheshe kanye nezinye izixazululo ze-SD -WAN ezivela kwabanye abakhiqizi.

Yini ekugcineni?

Ngokusobala, kokubili i-DMVPN (enomzila Wokusebenza noma ngaphandle kwayo) kanye ne-Cisco SD-WAN ekugcineni ukuxazulula izinkinga ezifanayo kakhulu maqondana nenethiwekhi ye-WAN esabalalisiwe yenhlangano. Ngaso leso sikhathi, umehluko obalulekile wezakhiwo nokusebenza kubuchwepheshe be-Cisco SD-WAN uholela enqubweni yokuxazulula lezi zinkinga. kwelinye izinga lekhwalithi. Ukufingqa, singabona umehluko omkhulu olandelayo phakathi kobuchwepheshe be-SD-WAN ne-DMVPN/PfR:

  • I-DMVPN/PfR ngokujwayelekile ukusebenzisa ubuchwepheshe obuhlolwe isikhathi bokwakha amanethiwekhi e-VPN ambondelanayo futhi, ngokuya ngendiza yedatha, afana nobuchwepheshe besimanje be-SD-WAN, nokho, kunenani lemikhawulo ngendlela yokumisa okuphoqelekile okumile. yamarutha kanye nokukhethwa kwama-topology kukhawulelwe ku-Hub-n-Spoke. Ngakolunye uhlangothi, i-DMVPN/PfR inomsebenzi othile ongakatholakali ngaphakathi kwe-SD-WAN (sikhuluma nge-BFD yohlelo lokusebenza ngalunye).
  • Ngaphakathi kwendiza yokulawula, ubuchwepheshe buyahluka kakhulu. Uma kucatshangelwa ukucutshungulwa okuphakathi kwezivumelwano zokusayina, i-SD-WAN ivumela, ikakhulukazi, ukunciphisa kakhulu izizinda ezihlulekayo futhi "ihlukanise" inqubo yokudlulisa ithrafikhi yabasebenzisi kusukela ekuboniseni ukuxhumana - ukungatholakali kwezilawuli okwesikhashana akuphazamisi ikhono lokudlulisa ithrafikhi yomsebenzisi. . Ngesikhathi esifanayo, ukungatholakali kwesikhashana kwanoma yiliphi igatsha (kuhlanganise nelinye elimaphakathi) akuthinti nganoma iyiphi indlela ikhono lamanye amagatsha ukusebenzisana namanye kanye nabalawuli.
  • Isakhiwo sokwakhiwa kanye nokusetshenziswa kwezinqubomgomo zokuphathwa kwethrafikhi endabeni ye-SD-WAN futhi iphakeme kunaleyo eku-DMVPN/PfR - ukubhuka kwe-geo kusetshenziswe kangcono kakhulu, akukho ukuxhumana ku-Hub, maningi amathuba okuthola inhlawulo. -izinqubomgomo zokulungisa, uhlu lwezimo zokulawulwa kwethrafikhi ezisetshenzisiwe nalo lukhulu kakhulu.
  • Inqubo ye-orchestration yesixazululo nayo ihluke kakhulu. I-DMVPN ithatha ubukhona bemingcele eyaziwa ngaphambili okufanele iboniswe ngandlela thile ekucushweni, okukhawulela ukuguquguquka kwesixazululo kanye nokwenzeka kwezinguquko eziguquguqukayo. Ngakolunye uhlangothi, i-SD-WAN isekelwe kumbono wokuthi ngesikhathi sokuqala sokuxhuma, i-router "ayazi lutho" mayelana nabalawuli bayo, kodwa iyazi "ubani ongambuza" - lokhu kwanele hhayi nje ukusungula ngokuzenzakalelayo ukuxhumana naye. izilawuli, kodwa nokwenza ngokuzenzakalela i-topology yedatha yendiza exhumeke ngokugcwele, engalungiselelwa/ishintshwe kalula kusetshenziswa izinqubomgomo.
  • Mayelana nokuphatha okumaphakathi, okuzenzakalelayo nokuqapha, i-SD-WAN ilindeleke ukuthi idlule amandla e-DMVPN/PfR, avele asuka kubuchwepheshe bakudala futhi ancike kakhulu emugqeni womyalo we-CLI kanye nokusetshenziswa kwezinhlelo ze-NMS ezisekelwe kusifanekiso.
  • Ku-SD-WAN, uma kuqhathaniswa ne-DMVPN, izidingo zokuphepha zifinyelele izinga elihlukile lekhwalithi. Izimiso eziyinhloko ukwethembana okuyiziro, ukukala kanye nokuqinisekiswa kwezinto ezimbili.

Lezi ziphetho ezilula zingase zinikeze umbono ongalungile wokuthi ukudala inethiwekhi esekelwe ku-DMVPN/PfR kulahlekelwe yikho konke ukuhambisana namuhla. Lokhu akulona iqiniso ngokuphelele. Isibonelo, ezimeni lapho inethiwekhi isebenzisa izinto eziningi eziphelelwe yisikhathi futhi ingekho indlela yokuyishintsha, i-DMVPN ingakuvumela ukuthi uhlanganise amadivayisi "amadala" kanye "namasha" abe yinethiwekhi eyodwa esabalaliswa nge-geo enezinzuzo eziningi ezichazwe. ngenhla.

Ngakolunye uhlangothi, kufanele kukhunjulwe ukuthi wonke amarutha ezinkampani zamanje zeCisco asekelwe ku-IOS XE (ISR 1000, ISR 4000, ASR 1000, CSR 1000v) namuhla asekela noma iyiphi imodi yokusebenza - kokubili umzila wakudala kanye ne-DMVPN ne-SD-WAN - ukukhetha kunqunywa izidingo zamanje kanye nokuqonda ukuthi nganoma yisiphi isikhathi, usebenzisa imishini efanayo, ungaqala ukuqhubekela phambili kubuchwepheshe obuphambili.

Source: www.habr.com

Engeza amazwana