Kuti tikurukure VXLAN magedhi, tinofanira kutanga takurukura VXLAN pachayo. Rangarira kuti maVLAN echinyakare (Virtual Local Area Networks) anoshandisa 12-bit VLAN IDs kupatsanura network, inotsigira anosvika 4096 ane musoro network. Izvi zvinoshanda zvakanaka kune madiki madiki, asi munzvimbo dzemazuva ano dzedata, nezviuru zvavo zvemashini chaiwo, midziyo, uye nharaunda dzemaroja mazhinji, maVLAN haana kukwana. VXLAN yakazvarwa, yakatsanangurwa neInternet Engineering Task Force (IETF) muRFC 7348. Chinangwa chayo ndechekuwedzera Layer 2 (Ethernet) nhepfenyuro yedunhu pamusoro peLayer 3 (IP) network uchishandisa UDP tunnel.
Zvichitaurwa zviri nyore, VXLAN inovhara Ethernet mafuremu mukati meUDP mapaketi uye inowedzera 24-bit VXLAN Network Identifier (VNI), inotsigira mamirioni gumi nematanhatu network. Izvi zvakafanana nekupa yega yega yega network "chitupa kadhi," ichivabvumira kufamba vakasununguka pane network yemuviri pasina kupindirana. Iyo yakakosha chikamu cheVXLAN ndiyo VXLAN Tunnel End Point (VTEP), iyo ine basa rekuvhara uye decapsulating mapaketi. VTEP inogona kunge iri software (yakadai seVhura vSwitch) kana Hardware (senge ASIC chip pane switch).
Sei VXLAN yakakurumbira zvakadaro? Nekuti inonyatso kuenderana nezvido zve cloud computing uye SDN (Software-Defined Networking). Mumakore eruzhinji seAWS neAzure, VXLAN inogonesa kuwedzera isina musono kwemareja echokwadi network. Munzvimbo dzakavanzika dzedata, inotsigira yakavharika network zvivakwa seVMware NSX kana Cisco ACI. Fungidzira nzvimbo yedata ine zviuru zvemaseva, imwe neimwe ichimhanya akawanda eVMs (Virtual Machines). VXLAN inobvumira maVM aya kuti azvione sechikamu cheiyo Layer 2 network, kuve nechokwadi chekufambiswa kwakanaka kweARP nhepfenyuro uye zvikumbiro zveDHCP.
Nekudaro, VXLAN haisi panacea. Kushanda paL3 network kunoda L2-to-L3 kutendeuka, iyo iyo gedhi rinopinda mukati. VXLAN gedhi rinobatanidza VXLAN virtual network nekunze network (yakadai sechinyakare VLANs kana IP routing network), kuve nechokwadi kuti data inoyerera kubva kunyika chaiyo kuenda kunyika chaiyo. Nzira yekuendesa mberi ndiyo mwoyo uye mweya wegedhi, kutarisa kuti mapaketi anogadziriswa sei, anofambiswa, uye anogoverwa.
Iyo VXLAN yekuendesa mberi maitiro yakafanana nebhereti yakapfava, ine nhanho imwe neimwe kubva kunobva kune kwainoenda ichinyatsobatanidzwa. Ngatiparurei nhanho nhanho.
Kutanga, pakiti inotumirwa kubva kune sosi inotambira (yakadai seVM). Iyi ndiyo yakajairwa Ethernet furemu ine sosi MAC kero, kwainoenda MAC kero, VLAN tag (kana iripo), uye mubhadharo. Pakugamuchira iyi furemu, sosi VTEP inotarisa kwainoenda MAC kero. Kana kero yeMAC yekwainoenda iri mutafura yayo yeMAC (yakawanikwa kuburikidza nekudzidza kana mafashama), inoziva kuti ndeipi VTEP iri kure yekuendesa pakiti kwairi.
Iyo encapsulation process yakakosha: iyo VTEP inowedzera VXLAN musoro (kusanganisira iyo VNI, mireza, zvichingodaro), ipapo yekunze UDP musoro (ine sosi yechiteshi inoenderana nehashi yemukati furemu uye yakatarwa yekuenda chiteshi che4789), iyo IP musoro (ine sosi IP kero yenzvimbo yeVTEP yenzvimbo), uye Ethernet kero yekunze. Iyo yese packet ikozvino inoratidzika seUDP / IP packet, inoita seyakajairwa traffic, uye inogona kufambiswa paL3 network.
Pane network yemuviri, packet inotumirwa nerouter kana chinja kusvika yasvika kwainoenda VTEP. Kwainoenda VTEP inobvisa musoro wekunze, inotarisa VXLAN musoro kuti ive nechokwadi chekuti VNI inoenderana, uye yoendesa iyo yemukati Ethernet furemu kune iyo yekuenda. Kana iyo packet isingazivikanwe unicast, kutepfenyura, kana multicast (BUM) traffic, iyo VTEP inodzokorora pakiti kune ese akakodzera maVTEP achishandisa mafashama, achitsamira pamapoka emhando dzakawanda kana unicast header replication (HER).
Nheyo yenheyo yekutumira ndeyekuparadzaniswa kwendege yekudzora uye ndege yedata. Iyo ndege inodzora inoshandisa Ethernet VPN (EVPN) kana iyo Mafashama uye Dzidza michina yekudzidza MAC uye IP mappings. EVPN yakavakirwa paBGP protocol uye inobvumira VTEPs kuchinjana ruzivo rwenzira, seMAC-VRF (Virtual Routing uye Forwarding) uye IP-VRF. Iyo ndege yedata ine basa rekutumira chaiko, uchishandisa VXLAN tunnels yekufambisa kwakanaka.
Nekudaro, mukutumirwa chaiko, kufambisa kwekufambisa kunobata zvakananga kuita. Mafashama echinyakare anogona kukonzera madutu enhepfenyuro zviri nyore, kunyanya mumambure makuru. Izvi zvinotungamira kune kudiwa kwe gedhi optimization: magedhi haangobatanidzi emukati nekunze network chete asi zvakare kuita se proxy ARP vamiririri, kubata nzira inodonha, uye ive nechokwadi ipfupi nzira dzekufambisa.
Centralized VXLAN Gateway
Gedhi repakati reVXLAN, rinodaidzwawo kuti gedhi repakati kana L3 gedhi, rinowanzoiswa kumucheto kana pakati pepakati pe data data. Iyo inoshanda senge yepakati hub, iyo iyo yese muchinjiko-VNI kana muchinjiko-subnet traffic inofanira kupfuura.
Muchidimbu, gedhi repakati rinoita segedhi rekutanga, richipa Layer 3 routing masevhisi kune ese VXLAN network. Funga maVNI maviri: VNI 10000 (subnet 10.1.1.0/24) uye VNI 20000 (subnet 10.2.1.0/24). Kana VM A muVNI 10000 ichida kuwana VM B muVNI 20000, packet inotanga kusvika kuVTEP yeko. VTEP yemuno inoona kuti IP kero yekuenda haisi pane subnet yeko uye inoiendesa kugedhi repakati. Gedhi rinobvisa pakiti, rinoita sarudzo yekufambisa, uye rinozoisa pakiti zvakare mukotoni inoenda kunzvimbo yeVNI.
Zvakanakira zviri pachena:
○ Kutarisira kuri nyoreEse magadzirirwo enzira anoiswa pakati pemudziyo mumwe kana maviri, achibvumira vashandisi kuchengetedza mashoma masuwo ekuvhara network yese. Iyi nzira yakakodzera kune diki uye yepakati-saizi data data kana nharaunda kuendesa VXLAN kekutanga.
○Resource inoshandaMagedhi anowanzo shanda zvakanyanya (seCisco Nexus 9000 kana Arista 7050) inokwanisa kubata huwandu hukuru hwetraffic. Iyo ndege yekudzora inoiswa pakati, ichifambisa kubatanidzwa nevanodzora SDN seNSX Maneja.
○Kudzora kwakasimba kwekuchengetedzaTraffic inofanira kupfuura nepagedhi, kufambisa kushandiswa kwe ACLs (Access Control Lists), firewalls, uye NAT. Fungidzira mamiriro ezvivakwa zvakawanda apo gedhi repakati rinogona kupatsanura zviri nyore traffic yevanoroja.
Asi zvikanganiso hazvigone kuregererwa:
○ Nzvimbo imwe chete yekutadzaKana gedhi rikatadza, kutaurirana kweL3 kunetiweki yese kwakaoma mitezo. Kunyange zvazvo VRRP (Virtual Router Redundancy Protocol) ichigona kushandiswa pakuregeredza, ichiri nenjodzi.
○Performance bottleneckYese yekumabvazuva-kumadokero traffic (kutaurirana pakati pemaseva) inofanira kupfuura gedhi, zvichikonzera nzira yakaderera. Semuenzaniso, mune 1000-node cluster, kana gedhi bandwidth iri 100Gbps, kusangana kungangoitika panguva dzepamusoro.
○Murombo scalabilitySezvo chiyero chetiweki chichikura, mutoro wegedhi unowedzera zvakanyanya. Mumuenzaniso wepasirese, ndakaona nzvimbo yedata data ichishandisa gedhi repakati. Pakutanga, yaimhanya zvakanaka, asi mushure mekunge nhamba yeVM yakapetwa kaviri, latency yakakwira kubva kumamicroseconds kuenda kumamilliseconds.
Mamiriro ekushandisa: Inokodzera nharaunda inoda yakakwirira manejimendi nyore, senge bhizinesi yakavanzika makore kana bvunzo network. Cisco's ACI architecture inowanzo shandisa yepakati modhi, yakasanganiswa neshizha-spine topology, kuve nechokwadi chekushanda kwakanaka kwemasuwo epakati.
Yakagoverwa VXLAN Gateway
Gedhi reVXLAN rakagoverwa, rinozivikanwawo segedhi rakagoverwa kana chero gedhi rekukanda, rinoburitsa mashandiro egedhi kune yega shizha switch kana hypervisor VTEP. VTEP yega yega inoita segedhi renzvimbo, inobata L3 kutumira kune subnet yenzvimbo.
Nheyo yacho inonyanya kuchinjika: VTEP yega yega inogadziridzwa neiyo yakafanana virtual IP (VIP) seyakajairika gedhi, uchishandisa iyo Anycast mechanism. Cross-subnet mapaketi anotumirwa neVM anofambiswa zvakananga paVTEP yenzvimbo, pasina kuenda nepakati pepakati. EVPN inonyanya kubatsira pano: kuburikidza neBGP EVPN, iyo VTEP inodzidza nzira dzevaenzi vari kure uye inoshandisa MAC/IP kusunga kudzivirira ARP mafashama.
Semuenzaniso, VM A (10.1.1.10) inoda kuwana VM B (10.2.1.10). VM A's default gateway ndiyo VIP yemunharaunda VTEP (10.1.1.1). Iyo yemunharaunda VTEP nzira dzekuenda kune subnet, inovhara iyo VXLAN pakiti, uye inotumira yakananga kuVM B's VTEP. Iyi nzira inoderedza nzira uye latency.
Zvakanakisa Zvakanakira:
○ High scalabilityKugovera mashandiro egedhi kune imwe neimwe node inowedzera saizi yetiweki, iyo inobatsira kune yakakura network. Vanopa makore makuru seGoogle Cloud vanoshandisa nzira yakafanana kutsigira mamirioni eVM.
○Superior performanceKumabvazuva-kumadokero traffic inogadziriswa munharaunda kudzivirira zvipingamupinyi. Test data inoratidza kuti throughput inogona kuwedzera ne30% -50% mune yakagoverwa mode.
○Fast kukanganisa kuporaKukundikana kweVTEP imwe chete kunobata chete muiti wepanzvimbo, achisiya mamwe ma node asina kubatwa. Yakasanganiswa neEVPN yekukurumidza kuchinjika, nguva yekudzorera iri mumasekondi.
○Kushandisa zvakanaka zviwanikwaShandisa iripo Leaf switch ASIC chip yekumhanyisa Hardware, nemitengo yekutumira inosvika padanho reTbps.
Ndezvipi zvisingabatsiri?
○ Kugadzirisa kwakaomaVTEP yega yega inoda kumisikidzwa kwenzira, EVPN, uye mamwe maficha, kuita kwekutanga kuendesa kunotora nguva. Chikwata chekushanda chinofanirwa kujairana neBGP uye SDN.
○High hardware zvinodiwaYakagoverwa gedhi: Haasi ese ma switch anotsigira akagoverwa magedhi; Broadcom Trident kana Tomahawk machipisi anodiwa. Mashandisirwo esoftware (seOVS paKVM) haaite pamwe nehardware.
○Kusawirirana MatambudzikoDistributed zvinoreva kuti kuwiriranisa kwenyika kunovimba neEVPN. Kana chirongwa cheBGP chikachinja, chinogona kukonzera buri dema.
Mamiriro ekushandisa: Yakakwana kune hyperscale data nzvimbo kana makore eruzhinji. VMware NSX-T's yakagoverwa router muenzaniso wakajairika. Yakasanganiswa neKubernetes, inotsigira zvisingaite midziyo network.
Centralized VxLAN Gateway vs. Distributed VxLAN Gateway
Zvino pakuguma: chii chiri nani? Mhinduro ndeye "zvinoenderana", asi isu tinofanirwa kuchera zvakadzama mu data uye nyaya dzenyaya kuti utende iwe.
Kubva pakuona kwekuita, masisitimu akagoverwa anobuda pachena. Mune yakajairwa data center benchmark (zvichienderana neSpirent test equipment), avhareji latency yepakati pegedhi yaive 150μs, nepo iyo yesystem yakagoverwa yaingova 50μs. Panyaya yekufambisa, masisitimu akagoverwa anogona nyore kuwana mutsara-chiyero chekufambisa nekuti anowedzera Spine-Leaf Equal Cost Multi-Path (ECMP) nzira.
Scalability imwe nhandare yehondo. Centralized network akakodzera kune network ine 100-500 nodes; kunze kwechikero ichi, ma network akagoverwa anowana ruoko rwepamusoro. Tora Alibaba Cloud, semuenzaniso. VPC yavo (Virtual Private Cloud) inoshandisa yakagoverwa VXLAN magedhi kutsigira mamirioni evashandisi pasi rese, ine single-region latency pasi pe1ms. A centralized approach ingadai yakadonha kare kare.
Zvakadini nemutengo? Mhinduro yepakati inopa yakaderera yekutanga kudyara, ichingoda mashoma epamusoro-magumo magedhi. Mhinduro yakagovaniswa inoda ese mashizha node kuti atsigire VXLAN kurodha, zvichitungamira kumitengo yepamusoro yekuvandudza hardware. Nekudaro, nekufamba kwenguva, mhinduro yakagoverwa inopa yakaderera O&M mutengo, sematurusi otomatiki seAnsible anogonesa batch kumisikidzwa.
Chengetedzo uye kuvimbika: Masisitimu epakati anofambisa kuchengetedzwa kwepakati asi anoisa njodzi yakakura yeimwe nzvimbo yekurwiswa. Masisitimu anoparadzirwa anowedzera kusimba asi anoda yakasimba kudzora ndege kudzivirira DDoS kurwiswa.
A real-world case study: Imwe e-commerce kambani yakashandisa centralized VXLAN kuvaka saiti yayo. Munguva dzepamusoro-soro, gedhi reCPU kushandiswa kwakakwira kusvika 90%, zvichikonzera kunyunyuta kwevashandisi nezve latency. Kuchinjira kumuenzaniso wakagoverwa kwakagadzirisa nyaya, zvichiita kuti kambani iwedzere kaviri chiyero chayo. Sezvineiwo, bhanga diki rakaomerera pane yepakati modhi nekuti ivo vaiisa pamberi pekuongorora kuteedzera uye vakawana manejimendi iri nyore.
Kazhinji, kana iwe uchitsvaga yakanyanyisa network kuita uye chiyero, nzira yakagoverwa ndiyo nzira yekuenda nayo. Kana bhajeti yako ishoma uye timu yako yekutungamira isina ruzivo, nzira yepakati inonyanya kushanda. Mune ramangwana, nekukwira kwe5G uye edge computing, akagoverwa network anozove akakurumbira, asi centralized network icharamba yakakosha mumamiriro ezvinhu chaiwo, akadai sekubatana kwehofisi yebazi.
Mylinking™ Network Packet Brokerstsigira VxLAN, VLAN, GRE, MPLS Header Stripping
Yakatsigira iyo VxLAN, VLAN, GRE, MPLS musoro wakabviswa muyekutanga data packet uye kutumirwa kuburitsa.
Nguva yekutumira: Oct-09-2025
