Mu nthawi ya cloud computing ndi network virtualization, VXLAN (Virtual Extensible LAN) yakhala ukadaulo wofunikira kwambiri popanga ma network osinthika komanso osinthika. Pakati pa zomangamanga za VXLAN pali VTEP (VXLAN Tunnel Endpoint), gawo lofunikira lomwe limalola kutumiza mosavuta kwa magalimoto a layer 2 kudzera mu ma network a layer 3. Pamene kuchuluka kwa magalimoto pa network kukukulirakulira ndi ma protocol osiyanasiyana a encapsulation, udindo wa Network Packet Brokers (NPBs) ndi luso la Tunnel Encapsulation Stripping wakhala wofunikira kwambiri pakukonza ntchito za VTEP. Blog iyi ikufotokoza zoyambira za VTEP ndi ubale wake ndi VXLAN, kenako ikufotokoza momwe ntchito ya NPBs' tunnel encapsulation stripping imathandizira magwiridwe antchito a VTEP komanso kuwoneka kwa ma network.
Kumvetsetsa VTEP ndi Ubale Wake ndi VXLAN
Choyamba, tiyeni tifotokoze mfundo zazikulu: VTEP, mwachidule cha VXLAN Tunnel Endpoint, ndi netiweki yomwe imayang'anira kuyika ndi kuchotsa ma phukusi a VXLAN mu netiweki ya VXLAN overlay. Imagwira ntchito ngati poyambira ndi pothera pa ma tunnel a VXLAN, ikugwira ntchito ngati "chipata" chomwe chimalumikiza netiweki ya virtual overlay ndi netiweki ya underlay yeniyeni. VTEPs zitha kugwiritsidwa ntchito ngati zida zakuthupi (monga ma switch kapena ma routers okhoza VXLAN) kapena mapulogalamu (monga ma switch enieni, ma container hosts, kapena ma proxies pa makina enieni).
Ubale pakati pa VTEP ndi VXLAN ndi wogwirizana—VXLAN imadalira VTEP kuti igwire ntchito yake yayikulu, pomwe VTEP ilipo yokha kuti ithandizire ntchito za VXLAN. Phindu lalikulu la VXLAN ndikupanga netiweki ya virtual layer 2 pamwamba pa netiweki ya layer 3 IP kudzera mu MAC-in-UDP encapsulation, kuthana ndi zoletsa za scalability za ma VLAN achikhalidwe (omwe amathandizira ma ID a VLAN 4096 okha) ndi 24-bit VXLAN Network Identifier (VNI) yomwe imalola ma netiweki okwana 16 miliyoni. Umu ndi momwe ma VTEP amathandizira izi: Makina owonera (VM) akatumiza anthu ambiri, VTEP yapafupi imaphimba chimango choyambirira cha layer 2 Ethernet powonjezera mutu wa VXLAN (wokhala ndi VNI), mutu wa UDP (pogwiritsa ntchito doko 4789 mwachisawawa), mutu wakunja wa IP (wokhala ndi IP ya VTEP yochokera ndi IP ya komwe ikupita), ndi mutu wakunja wa Ethernet. Kenako paketi yolumikizidwa imatumizidwa kudzera pa netiweki ya underlay ya layer 3 kupita ku VTEP yopitako, yomwe imachotsa paketiyo mwa kuchotsa mitu yonse yakunja, imapezanso chimango choyambirira cha Ethernet, ndikuchitumiza ku VM yomwe ikufunidwa kutengera VNI.
Kuphatikiza apo, ma VTEP amagwira ntchito zofunika kwambiri monga kuphunzira ma adilesi a MAC (kujambula ma adilesi a MAC a ma host am'deralo ndi akutali ku ma IP a VTEP) komanso kukonza magalimoto a Broadcast, Unknown Unicast, ndi Multicast (BUM)—kaya kudzera m'magulu a multicast kapena head-end replication mu unicast-only mode. Mwachidule, ma VTEP ndi zinthu zomwe zimapangitsa kuti VXLAN's network virtualization ndi multi-tenant isolation zitheke.
Vuto la Magalimoto Ozungulira a VTEP
M'malo amakono a data center, kuchuluka kwa magalimoto a VTEP nthawi zambiri kumakhala kochepa kwambiri kuposa kuchuluka kwa VXLAN. Magalimoto omwe amadutsa mu VTEP nthawi zambiri amakhala ndi mitu yambiri ya encapsulation, kuphatikizapo VLAN, GRE, GTP, MPLS, kapena IPIP, kuwonjezera pa VXLAN. Kuvuta kwa encapsulation kumeneku kumabweretsa mavuto akulu pa ntchito za VTEP komanso kuwunika kwa netiweki, kusanthula, ndi kukhazikitsa chitetezo:
○ - Kuchepa kwa Kuwoneka: Zida zambiri zowunikira maukonde ndi chitetezo (monga IDS/IPS, flow analyzers, ndi packet sniffers) zimapangidwa kuti zigwiritse ntchito traffic ya native layer 2/layer 3. Ma header ophatikizidwa amabisa katundu woyambirira, zomwe zimapangitsa kuti zidazi zisathe kusanthula molondola kuchuluka kwa magalimoto kapena kuzindikira zolakwika.
○ - Kuwonjezeka kwa Ntchito Yogwirira Ntchito: Ma VTEP okha ayenera kugwiritsa ntchito ndalama zowonjezera pakompyuta kuti agwiritse ntchito mapaketi okhala ndi zigawo zambiri, makamaka m'malo omwe anthu ambiri amadutsa. Izi zitha kubweretsa kuchedwa kwambiri, kuchepa kwa ntchito, komanso zopinga zomwe zingachitike.
○ - Mavuto Ogwirizana: Magawo osiyanasiyana a netiweki kapena malo ogulitsa ambiri angagwiritse ntchito njira zosiyanasiyana zolumikizirana. Popanda kuchotsa mitu yoyenera, magalimoto angalephere kutumizidwa kapena kukonzedwa bwino podutsa mu VTEPs, zomwe zingayambitse mavuto ogwirira ntchito limodzi.
Momwe Kutsekereza kwa Tunnel ya NPBs Kumathandizira Ma VTEP
Mylinking™ Network Packet Brokers (NPBs) yokhala ndi luso la Tunnel Encapsulation Stripping imathetsa mavutowa mwa kuchita ngati "Traffic pre-processor" ya VTEP. NPBs imatha kuchotsa mitu yosiyanasiyana ya encapsulation (kuphatikiza VXLAN, VLAN, GRE, GTP, MPLS, ndi IPIP) kuchokera ku mapaketi oyambira a data asanatumize magalimoto ku VTEP kapena zida zowunikira/zachitetezo. Ntchitoyi imapereka zabwino zitatu zazikulu pa ntchito za VTEP:
1. Kuwoneka bwino ndi Chitetezo cha Netiweki
Mwa kuchotsa mitu ya encapsulation, ma NPB amavumbula katundu woyambirira wa mapaketi, zomwe zimathandiza kuti zida zowunikira ndi chitetezo "ziwone" zomwe zili mumsewu weniweni. Mwachitsanzo, pamene magalimoto a VTEP atumizidwa ku IDS/IPS, NPB imayamba kuchotsa mitu ya VXLAN ndi MPLS, zomwe zimathandiza kuti IDS/IPS izindikire zinthu zoipa (monga pulogalamu yaumbanda kapena kuyesa kupeza zinthu mosaloledwa) mu chimango choyambirira. Izi ndizofunikira kwambiri m'malo okhala anthu ambiri omwe ma VTEP amagwira ntchito ndi anthu ambiri omwe ali m'nyumba—ma NPB amaonetsetsa kuti zida zachitetezo zimatha kuyang'ana magalimoto enieni a anthu omwe ali m'nyumba popanda kulepheretsedwa ndi encapsulation.
Kuphatikiza apo, ma NPB amatha kuchotsa mitu ya ma header kutengera mitundu ya magalimoto kapena VNI, zomwe zimapangitsa kuti pakhale kuwonekera kwa ma network enaake. Izi zimathandiza oyang'anira ma network kuthetsa mavuto (monga kutayika kwa paketi kapena kuchedwa) mwa kuthandizira kusanthula molondola kwa magalimoto mkati mwa magawo a VXLAN.
2. Kugwira Ntchito Kwabwino kwa VTEP
Ma NPB amatsitsa ntchito yochotsa ma header kuchokera ku VTEPs, kuchepetsa ndalama zoyendetsera ntchito pa zipangizo za VTEP. M'malo mwa VTEPs kugwiritsa ntchito ndalama za CPU pakuchotsa ma header angapo (monga VLAN + GRE + VXLAN), ma NPB amachita izi asanagwiritse ntchito, zomwe zimathandiza ma VTEP kuyang'ana kwambiri maudindo awo akuluakulu: kuyika ma VXLAN packets ndi kuyang'anira ma tunnel. Izi zimapangitsa kuti pakhale kuchedwa kochepa, kufalikira kwakukulu, komanso kugwira ntchito bwino kwa netiweki ya VXLAN overlay—makamaka m'malo okhala ndi ma VM ambiri komanso magalimoto ambiri.
Mwachitsanzo, m'malo osungira deta omwe ali ndi ma NPB ndi ma Switches omwe amagwira ntchito ngati ma VTEP, NPB (monga Mylinking™ Network Packet Brokers) imatha kuchotsa ma VLAN ndi ma MPLS headers kuchokera ku magalimoto omwe akubwera asanafike ku ma VTEP. Izi zimachepetsa kuchuluka kwa ntchito zokonza ma header zomwe ma VTEP amafunika kuchita, zomwe zimawathandiza kuti azitha kuyendetsa ma tunnel ndi traffic flow nthawi imodzi.
3. Kugwirizana Kwabwino Pakati pa Ma Network Osiyanasiyana
Mu ma network a ogulitsa ambiri kapena magawo ambiri, magawo osiyanasiyana a zomangamanga angagwiritse ntchito njira zosiyanasiyana zolumikizira deta. Mwachitsanzo, magalimoto ochokera ku malo osungira deta akutali angafike ku VTEP yakomweko yokhala ndi GRE encapsulation, pomwe magalimoto am'deralo amagwiritsa ntchito VXLAN. NPB imatha kuchotsa mitu yosiyanasiyana iyi (GRE, VXLAN, IPIP, ndi zina zotero) ndikutumiza mtsinje wokhazikika, wachikhalidwe ku VTEP, kuthetsa mavuto ogwirira ntchito limodzi. Izi ndizofunikira kwambiri m'malo osakanikirana amtambo, komwe magalimoto ochokera ku mautumiki apamtambo a anthu onse (nthawi zambiri amagwiritsa ntchito GTP kapena IPIP encapsulation) amafunika kulumikizana ndi ma network a VXLAN omwe ali pamalopo kudzera pa VTEP.
Kuphatikiza apo, ma NPB amatha kutumiza mitu yodulidwa ngati metadata ku zida zowunikira, kuonetsetsa kuti oyang'anira amasunga zomwe zili mu encapsulation yoyambirira (monga chizindikiro cha VNI kapena MPLS) pomwe amalolabe kusanthula katundu weniweni. Kugwirizana kumeneku pakati pa kuchotsa mitu ndi kusunga zomwe zili mu context ndikofunikira kwambiri pakuwongolera bwino ma netiweki.
Kodi mungagwiritse ntchito bwanji ntchito yochotsa phukusi la tunnel mu VTEP?
Kuchotsa ma tunnel encapsulation stripping mu VTEP kungagwiritsidwe ntchito kudzera mu makonzedwe a hardware-level, mfundo zofotokozedwa ndi mapulogalamu, komanso mgwirizano ndi olamulira a SDN, ndi core logic yoyang'ana kwambiri kuzindikira mitu ya tunnel → kuchita zochita zochotsa ma tunnel → kutumiza katundu woyambirira. Njira zenizeni zogwiritsira ntchito zimasiyana pang'ono kutengera mitundu ya VTEP (yakuthupi/ya mapulogalamu), ndipo njira zazikulu ndi izi:
Tsopano, tikulankhula za Implementation on Physical VTEPs (monga,Othandizira a Network Packet a Mylinking™ VXLAN) Pano.
Ma VTEP enieni (monga Mylinking™ VXLAN-capable Network Packet Brokers) amadalira ma chips a hardware ndi malamulo okhazikika kuti akwaniritse bwino kutsekereza deta, koyenera zochitika za malo osungira deta omwe ali ndi magalimoto ambiri:
Kufananiza ma sub-interfaces pa ma VTEPs enieni ndikukonza mitundu ya encapsulation kuti igwirizane ndikuchotsa mitu yeniyeni ya tunnel. Mwachitsanzo, pa Mylinking™ VXLAN-capable Network Packet Brokers, konzani ma sub-interfaces a Layer 2 kuti muzindikire ma tag a 802.1Q VLAN kapena mafelemu osatchulidwa, ndikuchotsa mitu ya VLAN musanatumize magalimoto ku VXLAN tunnel. Pa magalimoto omwe ali ndi GRE/MPLS, yambitsani kusanthula kwa protocol yofanana pa sub-interface kuti muchotse mitu yakunja.
Kuchotsa mutu pogwiritsa ntchito mfundo: Gwiritsani ntchito ACL (Access Control List) kapena mfundo yokhudza magalimoto kuti mufotokoze malamulo ofanana (monga, kufananiza UDP port 4789 ya VXLAN, protocol type 47 ya GRE) ndikumanga zochita zochotsa. Pamene magalimoto akugwirizana ndi malamulo, chip ya VTEP hardware imachotsa yokha mitu ya tunnel yomwe yatchulidwa (ma VXLAN/UDP/IP outer headers, MPLS labels, ndi zina zotero) ndikutumiza katundu woyambirira wa Layer 2.
Kugwirizana kwa chipata chogawika: Mu zomangamanga za Spine-Leaf VXLAN, ma VTEP enieni (ma Leaf nodes) amatha kugwira ntchito limodzi ndi ma Layer 3 gateways kuti amalize multi-layer stripping. Mwachitsanzo, pambuyo pa ma Spine nodes kupita patsogolo kwa MPLS-encapsulated VXLAN traffic kupita ku Leaf VTEPs, ma VTEP amayamba kuchotsa ma MPLS labels, kenako amachita VXLAN decapsulation.
Kodi mukufuna chitsanzo cha kasinthidwe ka chipangizo cha VTEP cha wogulitsa (mongaOthandizira a Network Packet a Mylinking™ VXLAN) kuti mugwiritse ntchito njira yotsekera makoma a ngalande?
Chitsanzo Chogwiritsira Ntchito Moyenera
Ganizirani za malo akuluakulu osungira deta omwe amagwiritsa ntchito netiweki ya VXLAN yokhala ndi ma switch a H3C ngati VTEP, yothandizira ma VM ambiri obwereketsa. Malo osungira deta amagwiritsa ntchito MPLS potumiza magalimoto pakati pa ma switch apakati ndi VXLAN polumikizirana ndi VM-to-VM. Kuphatikiza apo, maofesi a nthambi akutali amatumiza magalimoto ku malo osungira deta kudzera mu ma tunnel a GRE. Kuti atsimikizire chitetezo ndi kuwonekera, kampaniyo imagwiritsa ntchito NPB yokhala ndi Tunnel Encapsulation Stripping pakati pa netiweki yapakati ndi ma VTEP.
Magalimoto akafika pamalo osungira deta:
(1) NPB choyamba imachotsa ma header a MPLS kuchokera ku magalimoto ochokera ku netiweki yayikulu ndi ma header a GRE kuchokera ku magalimoto ochokera ku ofesi ya nthambi.
(2) Pa magalimoto a VXLAN pakati pa VTEPs, NPB imatha kuchotsa mitu ya VXLAN yakunja ikatumiza magalimoto ku zida zowunikira, zomwe zimathandiza kuti zidazo ziwone magalimoto oyambira a VM.
(3) NPB imatumiza magalimoto omwe akonzedwa kale (odulidwa ndi mutu) ku VTEP, omwe amangofunika kuthana ndi VXLAN encapsulation/decapsulation ya katundu wamba. Kukhazikitsa kumeneku kumachepetsa katundu wokonza VTEP, kumathandiza kusanthula kwathunthu kwa magalimoto, ndikuwonetsetsa kuti magawo a MPLS, GRE, ndi VXLAN akugwirizana bwino.
Ma VTEP ndi maziko a ma network a VXLAN, zomwe zimathandiza kuti ma virtualization azitha kufalikira komanso kulumikizana ndi anthu ambiri. Komabe, kusinthasintha kwa kuchuluka kwa magalimoto omwe ali m'ma network amakono kumabweretsa mavuto akulu pa magwiridwe antchito a VTEP komanso kuwoneka bwino kwa ma network. Ma Network Packet Brokers omwe ali ndi luso lotha kutsekereza ma network amatha kuthana ndi mavutowa pokonza magalimoto asanayambe, kuchotsa mitu yosiyanasiyana (VXLAN, VLAN, GRE, GTP, MPLS, IPIP) isanafike pa VTEP kapena zida zowunikira. Izi sizimangokonza magwiridwe antchito a VTEP pochepetsa kuchuluka kwa ma processing komanso zimawonjezera kuwoneka bwino kwa ma network, kulimbitsa chitetezo, komanso kukonza kugwirira ntchito limodzi m'malo osiyanasiyana.
Pamene mabungwe akupitiliza kugwiritsa ntchito njira zomangira mitambo ndi njira zogwiritsira ntchito mitambo yosakanikirana, mgwirizano pakati pa NPBs ndi VTEPs udzakhala wofunika kwambiri. Pogwiritsa ntchito ntchito ya NPBs yotsekereza ma tunnel, oyang'anira ma network amatha kutsegula mphamvu zonse za ma network a VXLAN, kuonetsetsa kuti ndi othandiza, otetezeka, komanso osinthika malinga ndi zosowa zamabizinesi zomwe zikusintha.
Nthawi yotumizira: Januwale-09-2026
