Kuti tikurukure nezvemagedhi eVXLAN, tinofanira kutanga takurukura nezveVXLAN pachayo. Yeuka kuti maVLAN echinyakare (Virtual Local Area Networks) anoshandisa maID eVLAN ane 12-bit kupatsanura manetwork, achitsigira manetwork anosvika 4096 ane logical. Izvi zvinoshanda zvakanaka kune manetwork madiki, asi munzvimbo dzemazuva ano dzedata, nezviuru zvemacomputer, macontainer, uye nzvimbo dzinogara vanhu vakawanda, maVLAN haana kukwana. VXLAN yakazvarwa, yakatsanangurwa neInternet Engineering Task Force (IETF) muRFC 7348. Chinangwa chayo ndechekuwedzera nzvimbo yekuparadzira yeLayer 2 (Ethernet) pamusoro pemanetwork eLayer 3 (IP) uchishandisa matunnel eUDP.
Zvichitaurwa zviri nyore, VXLAN inofukidza mafuremu eEthernet mukati memapaketi eUDP uye inowedzera 24-bit VXLAN Network Identifier (VNI), inotsigira manetwork emagetsi anosvika mamiriyoni gumi nematanhatu. Izvi zvakafanana nekupa network yega yega "identity card," zvichivabvumira kufamba vakasununguka pane network chaiyo pasina kukanganisana. Chikamu chikuru cheVXLAN iVXLAN Tunnel End Point (VTEP), iyo ine basa rekuvhara nekuparadzanisa mapaketi. VTEP inogona kuva software (senge Open vSwitch) kana hardware (senge ASIC chip iri paswitch).
Sei VXLAN yakakurumbira kudaro? Nekuti inoenderana zvakakwana nezvinodiwa ne cloud computing uye SDN (Software-Defined Networking). Mumakore eruzhinji seAWS neAzure, VXLAN inogonesa kuwedzera kwe network dzevanogara muhotera pasina matambudziko. Munzvimbo dze data dzakavanzika, inotsigira ma overlay network architectures akadai seVMware NSX kana Cisco ACI. Fungidzira nzvimbo ye data ine zviuru zvemaseva, imwe neimwe ichishandisa maVM akawanda (Virtual Machines). VXLAN inobvumira maVM aya kuti azvione sechikamu che network imwechete yeLayer 2, zvichiita kuti kutapurirwa kweARP broadcasts nezvikumbiro zveDHCP zvive nyore.
Zvisinei, VXLAN haisi mushonga wedambudziko. Kushanda pa network yeL3 kunoda kushandurwa kweL2-ku-L3, ndipo panopindwa gateway. VXLAN gateway inobatanidza VXLAN virtual network ne external networks (dzakadai seVLAN dzechinyakare kana IP routing networks), zvichiita kuti data rifambe kubva munyika chaiyo kuenda kunyika chaiyo. Nzira yekutumira data ndiyo moyo nemweya we gateway, zvichisarudza kuti mapaketi anogadziriswa sei, anotumirwa sei, uye anogoverwa sei.
Maitiro ekutumira VXLAN akaita sebhora rakapfava, nhanho imwe neimwe kubva kwainobva kuenda kune imwe iri pedyo. Ngationgororei nhanho nhanho.
Kutanga, paketi inotumirwa kubva kuhost yesource (senge VM). Iyi ifuremu yeEthernet yakajairika ine kero yeMAC yesource, kero yeMAC yedestination, tag yeVLAN (kana iripo), uye payload. Painogamuchira furemu iyi, source VTEP inotarisa kero yeMAC yedestination. Kana kero yeMAC yedestination iri mutafura yayo yeMAC (yakawanikwa kuburikidza nekudzidza kana kufashamira), inoziva kuti ndeipi VTEP yekutumira paketi.
Maitiro ekuvhara data akakosha: VTEP inowedzera VXLAN header (kusanganisira VNI, flags, nezvimwewo), wozobva waisa UDP header (ine source port yakavakirwa pa hash yemukati mefuremu uye 4789 destination port), IP header (ine source IP address yemuno VTEP uye destination IP address yeremote VTEP), uye pakupedzisira Ethernet header yekunze. Paketi yese ikozvino inoonekwa sepaketi yeUDP/IP, inoita setraffic yakajairika, uye inogona kuendeswa kune network yeL3.
Pa network chaiyo, packet inotumirwa ne router kana switch kusvika yasvika paVTEP. Destination VTEP inobvisa musoro wekunze, yotarisa VXLAN header kuti ive nechokwadi chekuti VNI inoenderana, uye yozoendesa furemu yemukati yeEthernet kune destination host. Kana packet isingazivikanwe ye unicast, broadcast, kana multicast (BUM), VTEP inodzokorora packet kune ese maVTEP akakodzera ichishandisa flooding, ichivimba nemapoka akawanda ecast kana unicast header replication (HER).
Chinhu chikuru chepfungwa yekutumira data kupatsanurwa kwendege yekudzora nendege yedata. Ndege yekudzora inoshandisa Ethernet VPN (EVPN) kana nzira yeFlood and Learn yekudzidza maMAC neIP mappings. EVPN yakavakirwa paBGP protocol uye inobvumira VTEPs kuchinjana ruzivo rwekutumira data, senge MAC-VRF (Virtual Routing and Forwarding) uye IP-VRF. Ndege yedata ndiyo ine basa rekutumira data chaiko, ichishandisa maVXLAN tunnels kuti itumirwe data zvakanaka.
Zvisinei, mukushandiswa chaiko, kushanda zvakanaka kwekutumira zvinhu kunokanganisa mashandiro azvo. Mafashamo ekare anogona kukonzera madutu ekuparadzira mashoko, kunyanya muma network makuru. Izvi zvinoita kuti pave nekudiwa kwekugadzirisa ma gateway: ma gateway haangobatanidzi ma network emukati nekunze chete asiwo anoshanda se proxy ARP agents, anobata nzira dzinobuda, uye anoita kuti nzira dzipfupi dzekutumira zvinhu dzifambe.
Gateway yeVXLAN iri pakati
Gateway yeVXLAN iri pakati, inonziwo centralized gateway kana L3 gateway, inowanzoiswa pamucheto kana pakati pedata center. Inoshanda senzvimbo yepakati, iyo traffic yese yecross-VNI kana cross-subnet inofanira kupfuura.
Muchokwadi, gateway iri pakati inoshanda segedhi rekutanga, ichipa masevhisi ekutumira ma network eLayer 3 kune ese maVXLAN network. Funga nezve maVNI maviri: VNI 10000 (subnet 10.1.1.0/24) uye VNI 20000 (subnet 10.2.1.0/24). Kana VM A muVNI 10000 ichida kupinda muVM B muVNI 20000, paketi inotanga yasvika kuVTEP yemunharaunda. VTEP yemunharaunda inoona kuti kero yeIP yekuenda haisi pasubnet yemunharaunda uye inoitumira kugedhi repakati. Gedhi rinobvisa paketi, rinoita sarudzo yekuendesa, uye rozoisa paketi mugomba kuenda kuVNI yekuenda.
Zvakanakira zviri pachena:
○ Kutarisira zviri nyoreMagadzirirwo ese enzira dzekufambisa data ari pakati pemudziyo mumwe chete kana miviri, zvichibvumira vashandisi kuchengetedza magedhi mashoma chete ekuvhara network yese. Maitiro aya akakodzera nzvimbo diki nepakati dzedata kana nzvimbo dziri kushandisa VXLAN kekutanga.
○Kushanda zvakanaka kwezviwanikwaMagedhi anowanzova mahardware anoshanda zvakanyanya (akadai seCisco Nexus 9000 kana Arista 7050) anokwanisa kubata vanhu vakawanda. Nzvimbo yekudzora iri pakati nepakati, zvichiita kuti zvive nyore kubatanidzwa nemaSDN controllers akadai seNSX Manager.
○Kudzora kwakasimba kwekuchengetedzaVanhu vanofamba nemota vanofanira kupfuura nepagedhi, zvichiita kuti zvive nyore kushandisa maACL (Access Control Lists), mafirewall, uye NAT. Fungidzira mamiriro ezvinhu evanogara vanhu vakawanda apo gedhi repakati rinogona kuparadzanisa vanhu vanofamba nemota.
Asi zvikanganiso hazvigoni kufuratirwa:
○ Poindi imwe chete yekukundikanaKana gateway ikakundikana, kutaurirana kweL3 kune network yese kunomira kushanda. Kunyange zvazvo VRRP (Virtual Router Redundancy Protocol) ichigona kushandiswa pakudzoreredza mashandiro emagetsi, ichiri nenjodzi.
○Dambudziko rekushanda zvakanakaKufamba kwese kubva kumabvazuva kuenda kumadokero (kutaurirana pakati pemaseva) kunofanira kupfuura gedhi, zvichikonzera nzira isina kunaka. Semuenzaniso, muboka rema node 1000, kana bandwidth yegedhi iri 100Gbps, kuzara kunogona kuitika panguva dzekushanda zvakanyanya.
○Kusakwanisa kukura zvakanakaSezvo network scale ichikura, gateway load inowedzera zvakanyanya. Mumuenzaniso chaiwo, ndakaona financial data center ichishandisa centralized gateway. Pakutanga, yakafamba zvakanaka, asi mushure mekunge nhamba yeVM yawedzera kaviri, latency yakawedzera kubva pama microseconds kuenda kuma milliseconds.
Maitiro Ekushandisa: Yakakodzera nzvimbo dzinoda manejimendi ari nyore, senge makore ebhizinesi ega kana network dzekuedza. Magadzirirwo eACI eCisco anowanzo shandisa modhi yakabatana, yakasanganiswa netopology yemashizha, kuve nechokwadi chekuti magedhi makuru anoshanda zvakanaka.
Gateway yeVXLAN yakaparadzirwa
Gateway yeVXLAN yakaparadzirwa, inozivikanwawo segateway yakaparadzirwa kana anycast gateway, inoburitsa mashandiro egateway kune yega yega leaf switch kana hypervisor VTEP. VTEP yega yega inoshanda segateway yemuno, ichibata L3 forwarding kune subnet yemuno.
Nheyo yacho inochinjika: VTEP yega yega yakagadzirirwa neIP chaiyo (VIP) yakafanana negedhi rekutanga, uchishandisa Anycast mechanism. Mapaketi ecross-subnet anotumirwa nemaVM anoendeswa zvakananga paVTEP yemuno, pasina kufanira kupfuura nepakati. EVPN inonyanya kubatsira pano: kuburikidza neBGP EVPN, VTEP inodzidza nzira dzemahost ari kure uye inoshandisa MAC/IP binding kudzivirira ARP kufashamira.
Semuenzaniso, VM A (10.1.1.10) inoda kupinda muVM B (10.2.1.10). VM A's default gateway ndiyo VIP ye local VTEP (10.1.1.1). Local VTEP inoenda kune destination subnet, inofukidza VXLAN packet, uye inoitumira zvakananga kuVM B's VTEP. Maitiro aya anoderedza nzira uye latency.
Zvakanakira Zvikuru:
○ Kukwanisa kukura zvakanyanyaKugovera mashandiro egedhi kune node yega yega kunowedzera saizi yenetwork, izvo zvinobatsira kune network hombe. Vanopa ma cloud makuru vakaita seGoogle Cloud vanoshandisa nzira yakafanana kutsigira mamiriyoni eVM.
○Kushanda kwepamusoro-soroKufamba kwevanhu kubva kumabvazuva kuenda kumadokero kunogadziriswa munharaunda kuti pasave nematambudziko. Ruzivo rwekuyedza runoratidza kuti kufambiswa kwevanhu kunogona kuwedzera ne30%-50% mukushandiswa kwemagetsi.
○Kukurumidza kupora zvikanganisoKukundikana kamwe chete kweVTEP kunokanganisa chete host yemuno, zvichisiya mamwe ma nodes asina kukanganiswa. Kana zvabatanidzwa nekubatana nekukurumidza kweEVPN, nguva yekudzoreredza ipfupi.
○Kushandisa zviwanikwa zvakanakaShandisa chip yeASIC yeLeaf switch iripo kuti ikurumidze hardware, uye mwero wekutumira unosvika padanho reTbps.
Ndezvipi zvakaipa zviri kuitika?
○ Kurongeka kwakaomararaVTEP yega yega inoda marongero enzira dzekufambisa, EVPN, nezvimwe zvinhu, zvichiita kuti kutanga kutumirwa kutore nguva. Chikwata chekushanda chinofanira kunge chichiziva BGP neSDN.
○Zvinodiwa zvehardware zvakakwiriraGateji Yakaparadzirwa: Haasi maswichi ese anotsigira magedhi akaparadzirwa; machipisi eBroadcom Trident kana Tomahawk anodiwa. Kuiswa kwesoftware (senge OVS paKVM) hakushande zvakanaka sehardware.
○Matambudziko Ekusachinja-chinjaKugoverwa zvinoreva kuti kuenderana kwemamiriro ezvinhu kunoenderana neEVPN. Kana chikamu cheBGP chikachinja-chinja, zvinogona kukonzera gomba dema rekushandisa.
Maitiro Ekushandisa: Yakanakira nzvimbo dzedata dzakanyanya kukwira kana makore eruzhinji. Router yakagoverwa yeVMware NSX-T muenzaniso wakajairika. Pamwe chete neKubernetes, inotsigira network yemakontena zvakanaka.
Gateway yeVxLAN iri pakati penyika (Centralized VxLAN Gateway) vs. Yakaparadzirwa (Distributed VxLAN Gateway)
Zvino ngatiendei kumugumo: ndechipi chiri nani? Mhinduro ndeyekuti "zvinoenderana", asi tinofanira kutsvaga zvakadzama mudata neongororo dzezviitiko kuti tikugutsirei.
Kubva pamaonero ekushanda, masisitimu akaparadzirwa anoshanda zviri pachena kupfuura mamwe ese. Muchiyero chepakati pedata (zvichibva pamidziyo yekuedza yeSpirent), avhareji yekunonoka kwegedhi repakati yaive 150μs, nepo sisitimu yakaparadzirwa yaive 50μs chete. Panyaya yekupfuura, masisitimu akaparadzirwa anogona kuwana nyore nyore line-rate forwarding nekuti anoshandisa Spine-Leaf Equal Cost Multi-Path (ECMP) routing.
Kukwanisa kupararira (Scability) ndeimwe nzvimbo yekurwira. Manetwork ari pakati akakodzera manetwork ane ma nodes 100-500; kupfuura chiyero ichi, manetwork ari pakati anowana simba guru. Semuenzaniso, tora Alibaba Cloud. VPC yavo (Virtual Private Cloud) inoshandisa magedhi eVXLAN akaparadzirwa kutsigira mamiriyoni evashandisi pasi rese, ne single-region latency iri pasi pe1ms. Nzira iri pakati ingadai yakadonha kare kare.
Ko mutengo? Mhinduro iri pakati inopa mari shoma yekutanga, ichingoda nzira shoma dzepamusoro. Mhinduro yakagoverwa inoda kuti ma leaf nodes ese atsigire VXLAN offloading, zvichikonzera mitengo yakakwira yekuvandudza hardware. Zvisinei, nekufamba kwenguva, mhinduro yakagoverwa inopa mitengo yakaderera yeO&M, sezvo maturusi e otomatiki akadai seAnsible achigonesa batch configuration.
Kuchengetedzeka uye kuvimbika: Masisitimu ari pakati nepakati anoita kuti dziviriro iri pakati nepakati asi ane njodzi huru yekurwiswa kwenzvimbo imwe chete. Masisitimu akapararira akasimba asi anoda nzvimbo yakasimba yekudzora kudzivirira kurwiswa kweDDoS.
Chidzidzo chechokwadi: Kambani ye e-commerce yakashandisa VXLAN iri pakati nepakati kuvaka nzvimbo yayo. Munguva dzaiva nenguva yakawanda, kushandiswa kweCPU ye gateway kwakakwira kusvika 90%, zvichikonzera kunyunyuta kwevashandisi nezvekunonoka. Kuchinja kuenda kumodhi yakapararira kwakagadzirisa dambudziko iri, zvichiita kuti kambani ikwanise kuwedzera kaviri kukura kwayo. Kusiyana neizvi, bhangi diki rakasimbirira pamodhi iri pakati nepakati nekuti vaikoshesa kuongororwa kwekutevedzera mitemo uye vakaona manejimendi ari pakati nepakati ari nyore.
Kazhinji, kana uchitsvaga mashandiro enetwork akanyanya uye kukura kwayo, nzira yekugovera ndiyo nzira yakanaka. Kana bhajeti yako iri shoma uye timu yako yekutarisira isina ruzivo, nzira yekugovera iri pakati inoshanda zvakanyanya. Mune ramangwana, nekukura kwe5G uye edge computing, network dzakapararira dzichava dzakakurumbira, asi network dziri pakati dzicharamba dzichikosha mune zvimwe zviitiko, zvakaita sekubatanidza hofisi yebazi.
Vatengesi veMapaketi eMylinking™ Networkrutsigiro rweVxLAN, VLAN, GRE, MPLS Header Stripping
Yakatsigira VxLAN, VLAN, GRE, MPLS header yakabviswa mupaketi yedata yekutanga ndokutumirwa.
Nguva yekutumira: Gumiguru-09-2025
