Munguva ye cloud computing uye network virtualization, VXLAN (Virtual Extensible LAN) yave tekinoroji huru yekuvaka network dzinochinjika uye dzinochinjika. Pakati peVXLAN architecture pane VTEP (VXLAN Tunnel Endpoint), chinhu chakakosha chinoita kuti traffic ye layer 2 ifambiswe zvakanaka kuburikidza ne network ye layer 3 irambe ichienderera mberi nekuoma. Sezvo network traffic ichiramba ichioma nekuda kwemaitiro akasiyana-siyana e encapsulation, basa reNetwork Packet Brokers (NPBs) neTunnel Encapsulation Stripping rave rinokosha mukugadzirisa mashandiro eVTEP. Iyi blog inoongorora zvakakosha zveVTEP nehukama hwayo neVXLAN, yobva yaongorora kuti basa reNPBs' tunnel encapsulation stripping rinowedzera sei mashandiro eVTEP uye kuonekwa kwenetwork.
Kunzwisisa VTEP uye Hukama Hwayo neVXLAN
Kutanga, ngatitsanangurei pfungwa huru: VTEP, muchidimbu VXLAN Tunnel Endpoint, inetwork ine basa rekuvhara nekuburitsa mapaketi eVXLAN muVXLAN overlay network. Inoshanda senzvimbo yekutanga nekuguma kwematunnel eVXLAN, ichishanda se "gateway" inosanganisa network yevirtual overlay ne physical underlay network. VTEPs dzinogona kushandiswa semidziyo yepanyama (senge maswitch kana ma routers ane VXLAN) kana software entities (senge ma switch evirtual, ma container hosts, kana ma proxies pa virtual machines).
Hukama huripo pakati peVTEP neVXLAN hune hukama hwepedyo—VXLAN inovimba neVTEPs kuti iite basa rayo guru, nepo VTEP dziripo chete kuti dzitsigire mashandiro eVXLAN. Kukosha kukuru kweVXLAN kugadzira network ye virtual layer 2 pamusoro pe network ye layer 3 IP kuburikidza neMAC-in-UDP encapsulation, ichikunda miganho ye scalability yeVLAN dzechinyakare (dzinotsigira 4096 VLAN IDs chete) ine 24-bit VXLAN Network Identifier (VNI) inogonesa kusvika mamiriyoni gumi nematanhatu ema virtual network. Heino maitiro eVTEPs ekugonesa izvi: Kana muchina we virtual (VM) uchitumira traffic, VTEP yemuno inofukidza furemu yepakutanga ye layer 2 Ethernet nekuwedzera VXLAN header (ine VNI), UDP header (ichishandisa port 4789 ne default), outer IP header (ine source VTEP IP uye destination VTEP IP), uye outer Ethernet header. Paketi yakavharirwa inozotumirwa kuburikidza ne network ye underlay ye layer 3 kuenda kune destination VTEP, iyo inobvisa packet nekubvisa ma headers ese ekunze, yotora furemu yepakutanga yeEthernet, yozoitumira kune target VM zvichibva paVNI.
Pamusoro pezvo, maVTEP anobata mabasa akakosha akadai sekudzidza kero dzeMAC (kuronga kero dzeMAC dzemahost emunharaunda neekure kuenda kuVTEP IPs) uye kugadzirisa traffic yeBroadcast, Unknown Unicast, uye Multicast (BUM) — kungave kuburikidza nemapoka emulticast kana head-end replication mu unicast-only mode. Muchidimbu, maVTEP ndiwo mabhuroko anoita kuti network yeVXLAN iite virtualization uye multi-tenant isolation.
Dambudziko reTraffic Yakavharirwa yeVTEPs
Munzvimbo dzemazuva ano dzedata, traffic yeVTEP haiwanzo kuganhurirwa kune VXLAN encapsulation chaiyo. Traffic inopfuura neVTEPs inowanzo takura akawanda ma "encapsulation headers", anosanganisira VLAN, GRE, GTP, MPLS, kana IPIP, pamwe neVXLAN. Kuomarara kwe encapsulation uku kunounza matambudziko makuru kumabasa eVTEP uye kuteverwa kwekutarisa, kuongorora, uye kuchengetedza network:
○ - Kusaonekwa Kwakaderera: Zvishandiso zvakawanda zvekutarisa nekuchengetedza network (zvakaita seIDS/IPS, flow analyzers, uye packet sniffers) zvakagadzirirwa kugadzirisa native layer 2/layer 3 traffic. Maheader akaiswa mukati anovhara mutoro wekutanga, zvichiita kuti zvisakwanisike kuti zvishandiso izvi zviongorore nemazvo zviri mutraffic kana kuona zvisina kunaka.
○ - Kuwedzera Kwekugadzirisa Pamusoro: MaVTEP pachawo anofanira kushandisa mari yakawanda yekugadzirisa mapaketi akavharirwa muzvikamu zvakawanda, kunyanya munzvimbo dzine vanhu vakawanda vanofamba-famba. Izvi zvinogona kukonzera kunonoka kwakanyanya, kudzikira kwekushanda, uye zvikanganiso zvinogona kuitika.
○ - Matambudziko ekushanda pamwe chete: Zvikamu zvakasiyana zve network kana nzvimbo dzevatengesi vakawanda zvinogona kushandisa nzira dzakasiyana dze encapsulation. Pasina header stripping yakakodzera, traffic inogona kutadza kutumirwa kana kugadziriswa nemazvo kana ichipfuura neVTEPs, zvichikonzera matambudziko ekubatana.
Maitiro eNPBs' Tunnel Encapsulation Stripping Anopa VTEP Simba
Mylinking™ Network Packet Brokers (NPBs) ine Tunnel Encapsulation Stripping inokwanisa kugadzirisa matambudziko aya nekushanda se "Traffic pre-processor" yeVTEPs. NPBs dzinogona kubvisa ma encapsulation headers akasiyana-siyana (kusanganisira VXLAN, VLAN, GRE, GTP, MPLS, uye IPIP) kubva pamapaketi edata ekutanga vasati vatumira traffic kuVTEPs kana maturusi ekutarisa/kuchengetedza. Basa iri rinopa mabhenefiti matatu akakosha ekushanda kweVTEP:
1. Kuonekwa Kwakawedzerwa uye Kuchengetedzwa kweNetwork
Nekubvisa maheader e encapsulation, maNPB anoburitsa pachena huwandu hwepakutanga hwemapaketi, zvichiita kuti maturusi ekutarisa nekuchengetedza "aone" zviri mukati metraffic chaiyo. Semuenzaniso, kana traffic yeVTEP ikatumirwa kuIDS/IPS, NPB inotanga yabvisa maheader eVXLAN neMPLS, zvichibvumira IDS/IPS kuona mabasa akaipa (akadai se malware kana kuedza kuwana zvisina mvumo) mufuremu yekutanga. Izvi zvakakosha zvikuru munzvimbo dzine vanhu vakawanda vanotora traffic apo maVTEP anobata traffic kubva kune vanhu vakawanda vanotora traffic—NPB dzinoona kuti maturusi ekuchengetedza anogona kuongorora traffic yevanotora traffic pasina kudziviswa ne encapsulation.
Uyezve, maNPB anogona kusarudza kubvisa maheaders zvichienderana nemhando dzetraffic kana VNI, zvichiita kuti zvionekwe zvakanyanya muma virtual networks chaiwo. Izvi zvinobatsira vatariri venetwork kugadzirisa matambudziko (akadai sekurasikirwa kwepacket kana latency) nekugonesa kuongororwa kwakarurama kwetraffic mukati mezvikamu zveVXLAN.
2. Kushanda Kwakanaka kweVTEP
MaNPB anoburitsa basa rekubvisa header kubva kuVTEPs, zvichideredza mari inoshandiswa pakugadzirisa pamidziyo yeVTEP. Panzvimbo pekuti VTEP ishandise CPU resources pakubvisa headers dzakawanda (semuenzaniso, VLAN + GRE + VXLAN), maNPB anobata danho iri rekugadzirisa, zvichibvumira maVTEP kuti atarise mabasa avo makuru: encapsulation/decapsulation yemapaketi eVXLAN uye tunnel management. Izvi zvinoguma nekudzikira kwe latency, throughput yakakwira, uye kuvandudzwa kwekushanda kweVXLAN overlay network—kunyanya munzvimbo dzine density virtualization ine zviuru zveVM uye traffic loads inorema.
Semuenzaniso, munzvimbo ine data centre ine NPBs neSwitches dzinoshanda seVTEPs, NPB (yakadai seMylinking™ Network Packet Brokers) inogona kubvisa VLAN neMPLS headers kubva mutraffic inouya isati yasvika kuVTEPs. Izvi zvinoderedza huwandu hwemabasa ekugadzirisa header ayo VTEPs inofanira kuita, zvichiita kuti vakwanise kubata ma tunnels akawanda panguva imwe chete uye traffic flows.
3. Kushanda pamwe chete kwakavandudzwa pakati pema network akasiyana-siyana
Muma network ane vatengesi vakawanda kana akawanda, zvikamu zvakasiyana zvezvivakwa zvinogona kushandisa nzira dzakasiyana dze encapsulation. Semuenzaniso, traffic kubva kunzvimbo yedata iri kure inogona kusvika paVTEP yemunharaunda ine GRE encapsulation, nepo traffic yemunharaunda ichishandisa VXLAN. NPB inogona kubvisa misoro iyi yakasiyana-siyana (GRE, VXLAN, IPIP, nezvimwewo) yoendesa traffic yakajairika, yemuno kuVTEP, zvichibvisa matambudziko ekubatana. Izvi zvinonyanya kukosha munzvimbo dze hybrid cloud, uko traffic kubva kumasevhisi egore reruzhinji (kazhinji vachishandisa GTP kana IPIP encapsulation) inofanirwa kubatanidzwa nema network eVXLAN ari panzvimbo kuburikidza neVTEPs.
Pamusoro pezvo, maNPB anogona kutumira ma stripped headers se metadata kumaturusi ekutarisa, zvichiita kuti vatariri varambe vachichengetedza mamiriro ezvinhu nezve encapsulation yekutanga (senge VNI kana MPLS label) uku vachigonesa kuongorora muripo wemuno. Kuenzana uku pakati pe header stripping ne context preservation ndiko kwakakosha pakubata network zvakanaka.
Maitiro ekushandisa basa rekubvisa tunnel package muVTEP?
Kubvisa tunnel encapsulation stripping muVTEP kunogona kuitwa kuburikidza nehardware-level configuration, software-defined policies, uye kushanda pamwe chete neSDN controllers, ne core logic inotarisa pakuona tunnel headers → kuita stripping actions → kutumira payloads dzepakutanga. Nzira dzekushandisa dzakasiyana zvishoma zvichienderana nemhando dzeVTEP (physical/software), uye nzira huru ndeidzi:
Iye zvino, tiri kutaura nezve Implementation on Physical VTEPs (semuenzaniso,Vatengesi veNetwork Packet vanokwanisa kushandisa Mylinking™ VXLAN) pano.
MaVTEP emuviri (akadai seMylinking™ VXLAN-capable Network Packet Brokers) anoshandisa machipisi ehardware uye mirairo yekugadzirisa yakatsaurirwa kuti awane kuburitsa data rakakwana, rakakodzera nzvimbo dzedata dzinofamba nevanhu vakawanda:
Kufananidza ma "interface" akavakirwa pa "interface": Gadzira ma "sub-interfaces" pama "physical access ports" eVTEPs uye gadzirisa ma "encapsulation types" kuti aenderane uye abvise ma "tunnel headers" chaiwo. Semuenzaniso, paMylinking™ VXLAN-capable Network Packet Brokers, gadzirisa ma "sub-interfaces" e "Layer 2" kuti aone ma "tags" e802.1Q VLAN kana ma "untagged frames", uye bvisa ma "headers" eVLAN usati watumira "traffic" ku "VXLAN tunnel". Kune GRE/MPLS-encapsulated traffic, bvumira "compatible protocol parsing" pa "sub-interface" kuti ubvise ma "outer headers".
Kubvisa musoro uchishandisa mutemo: Shandisa ACL (Access Control List) kana mutemo wetraffic kutsanangura mitemo yekufananidza (semuenzaniso, kufananidza UDP port 4789 yeVXLAN, protocol type 47 yeGRE) uye kusunga zviito zvekubvisa. Kana traffic ichiwirirana nemitemo, chip yeVTEP hardware inobvisa otomatiki misoro yetunnel yakatarwa (VXLAN/UDP/IP outer headers, MPLS labels, nezvimwewo) uye inotumira payload yekutanga yeLayer 2.
Kubatana kwegedhi rakaparadzirwa: MuSpine-Leaf VXLAN architectures, physical VTEPs (Leaf nodes) dzinogona kushanda pamwe chete neLayer 3 gateways kuti dzipedzise multi-layer stripping. Semuenzaniso, mushure mekunge Spine nodes dzaendesa MPLS-encapsulated VXLAN traffic kuLeaf VTEPs, VTEPs inotanga yabvisa MPLS labels, yobva yaita VXLAN decapsulation.
Unoda here muenzaniso wekugadzirisa mudziyo weVTEP wemutengesi (wakadai seVatengesi veNetwork Packet vanokwanisa kushandisa Mylinking™ VXLAN) kuti iite tunnel encapsulation stripping?
Maitiro Ekushandisa Anoshanda
Funga nezvenzvimbo huru yedata inoshandisa network yeVXLAN overlay ine maswichi eH3C seVTEPs, ichitsigira maVM akawanda ekugara. Nzvimbo iyi inoshandisa MPLS yekufambisa traffic pakati pemaswichi epakati neVXLAN yekutaurirana kweVM-ku-VM. Pamusoro pezvo, mahofisi ebazi ari kure anotumira traffic kunzvimbo yedata kuburikidza nematunnel eGRE. Kuti ive nechokwadi chekuchengetedzeka uye kuonekwa, kambani iyi inoshandisa NPB ine Tunnel Encapsulation Stripping pakati penetwork yepakati neVTEPs.
Kana traffic yasvika panzvimbo yedata:
(1) NPB inotanga yabvisa maheader eMPLS kubva kutraffic inobva ku core network uye maheader eGRE kubva kutraffic ye branch office.
(2) Pakufamba kweVXLAN pakati peVTEPs, NPB inogona kubvisa misoro yeVXLAN yekunze painotumira traffic kumaturusi ekutarisa, zvichibvumira maturusi kuti aongorore traffic yepakutanga yeVM.
(3) NPB inotumira traffic yakagadziriswa kare (header-stripped) kuVTEPs, iyo inongoda kubata VXLAN encapsulation/decapsulation yemubhadharo wepayload. Iyi setup inoderedza mutoro wekugadzirisa VTEP, inobvumira kuongororwa kwakazara kwetraffic, uye inoita kuti zvive nyore kushanda pamwe chete pakati peMPLS, GRE, uye VXLAN segments.
VTEPs ndiwo musimboti wemanetwork eVXLAN, zvichiita kuti hunyanzvi hwekuona zvinhu (virtualization) huwedzere uye kutaurirana nevanhu vakawanda. Zvisinei, kuoma kuri kukura kwetraffic yakavharirwa mumanetwork emazuva ano kunokonzera matambudziko makuru pakushanda kweVTEP uye kuonekwa kwenetwork. Network Packet Brokers ine Tunnel Encapsulation Stripping capabilities inotarisa matambudziko aya nekugadzira traffic isati yasvika, kubvisa maheader akasiyana-siyana (VXLAN, VLAN, GRE, GTP, MPLS, IPIP) isati yasvika kuVTEP kana maturusi ekutarisa. Izvi hazvingogadzirisi mashandiro eVTEP chete nekuderedza mashandiro ekugadzirisa asiwo zvinowedzera kuonekwa kwenetwork, kusimbisa kuchengetedzeka, uye kunatsiridza kushanda pamwe chete munzvimbo dzakasiyana-siyana.
Sezvo masangano achiramba achishandisa magadzirirwo e "cloud-native" uye ma "hybrid cloud deployments", kubatana pakati peNPBs neVTEPs kuchawedzera kukosha. Nekushandisa basa reNPBs' tunnel encapsulation stripping, vatariri venetwork vanogona kuvhura mukana wese wemanetwork eVXLAN, vachiona kuti anoshanda zvakanaka, akachengeteka, uye anochinjika zvinoenderana nezvinodiwa zvebhizinesi zviri kuchinja.
Nguva yekutumira: Ndira-09-2026
