Kuti tikambirane zipata VXLAN, choyamba tiyenera kukambirana VXLAN palokha. Kumbukirani kuti ma VLAN achikhalidwe (Virtual Local Area Networks) amagwiritsa ntchito ma ID a 12-bit VLAN kugawa maukonde, kuthandizira mpaka 4096 maukonde omveka. Izi zimagwira ntchito bwino pamanetiweki ang'onoang'ono, koma m'malo amakono a data, okhala ndi makina zikwizikwi, zotengera, ndi malo okhala anthu ambiri, ma VLAN ndi osakwanira. VXLAN idabadwa, yotanthauzidwa ndi Internet Engineering Task Force (IETF) mu RFC 7348. Cholinga chake ndi kukulitsa dera lowulutsa la Layer 2 (Ethernet) pa ma network a Layer 3 (IP) pogwiritsa ntchito ma tunnel a UDP.
Mwachidule, VXLAN imayika mafelemu a Efaneti mkati mwa mapaketi a UDP ndikuwonjezera 24-bit VXLAN Network Identifier (VNI), yomwe imathandizira ma netiweki pafupifupi 16 miliyoni. Izi zili ngati kupatsa netiweki iliyonse "chidziwitso," chowalola kuti aziyenda momasuka pa netiweki yakuthupi popanda kusokonezana. Chigawo chapakati cha VXLAN ndi VXLAN Tunnel End Point (VTEP), yomwe imayang'anira kuyika ndikuchotsa mapaketi. VTEP ikhoza kukhala mapulogalamu (monga Open vSwitch) kapena hardware (monga ASIC chip pa switch).
Chifukwa chiyani VXLAN ndi yotchuka kwambiri? Chifukwa imagwirizana bwino ndi zosowa za cloud computing ndi SDN (Software-Defined Networking). M'mitambo yapagulu ngati AWS ndi Azure, VXLAN imathandizira kukulitsa maukonde a lendi. M'malo osungiramo zidziwitso zachinsinsi, imathandizira zomanga zama network ngati VMware NSX kapena Cisco ACI. Ingoganizirani malo opangira data omwe ali ndi ma seva masauzande ambiri, iliyonse ili ndi ma VM (Makina Owona). VXLAN imalola ma VM awa kuti adziwone ngati gawo limodzi la netiweki ya Layer 2, kuwonetsetsa kuti mawayilesi a ARP ndi zopempha za DHCP zikuyenda bwino.
Komabe, VXLAN si mankhwala. Kugwira ntchito pa intaneti ya L3 kumafuna kutembenuka kwa L2-to-L3, kumene chipata chimalowa. Chipata cha VXLAN chimagwirizanitsa VXLAN virtual network ndi ma network akunja (monga ma VLAN achikhalidwe kapena ma IP routing network), kuonetsetsa kuti deta ikuyenda kuchokera kudziko lenileni kupita kudziko lenileni. Njira yotumizira ndi mtima ndi mzimu wa chipata, zomwe zimatsimikizira momwe mapaketi amakonzedwa, kuyendetsedwa, ndi kugawidwa.
Njira yotumizira VXLAN ili ngati ballet yofewa, yomwe sitepe iliyonse kuchokera kugwero kupita komwe ikupita imakhala yolumikizana kwambiri. Tiyeni tiphwanye pang'onopang'ono.
Choyamba, paketi imatumizidwa kuchokera kwa gwero (monga VM). Ichi ndi chimango cha Efaneti chokhazikika chomwe chili ndi adilesi ya MAC yochokera, adilesi ya MAC yopita, tag ya VLAN (ngati ilipo), ndi zolipira. Mukalandira chimangochi, gwero la VTEP limayang'ana komwe adilesi ya MAC ikupita. Ngati adilesi ya MAC yopitira ili pa tebulo lake la MAC (yopezedwa kudzera mu kuphunzira kapena kusefukira), imadziwa VTEP yakutali kuti itumize paketiyo.
Njira yolumikizira ndiyofunikira: VTEP imawonjezera mutu wa VXLAN (kuphatikiza VNI, mbendera, ndi zina zotero), kenako mutu wakunja wa UDP (wokhala ndi doko lochokera ku hash ya chimango chamkati ndi doko lokhazikika la 4789), mutu wa IP (ndi gwero la IP adilesi ya VTEP yapafupi), ndi adilesi yakutali ya VTEP, ndi adilesi yakutali ya VTEP. Phukusi lonselo tsopano likuwoneka ngati paketi ya UDP / IP, ikuwoneka ngati magalimoto wamba, ndipo imatha kuyendetsedwa pa netiweki ya L3.
Pa netiweki yakuthupi, paketi imatumizidwa ndi rauta kapena kusinthana mpaka ikafika komwe ikupita VTEP. VTEP yopita imachotsa mutu wakunja, imayang'ana mutu wa VXLAN kuti muwonetsetse kuti VNI ikufanana, ndiyeno imapereka chimango chamkati cha Ethernet kwa omwe akupita. Ngati paketiyo ndi yosadziwika ya unicast, broadcast, kapena multicast (BUM) traffic, VTEP imabwereza paketi ku ma VTEP onse oyenerera pogwiritsa ntchito kusefukira kwa madzi, kudalira magulu a multicast kapena unicast header replication (HER).
Pakatikati pa mfundo yotumizira ndikulekanitsa ndege yowongolera ndi ndege ya data. Ndege yowongolera imagwiritsa ntchito Ethernet VPN (EVPN) kapena makina a Flood and Learn kuti aphunzire mapu a MAC ndi IP. EVPN imachokera ku protocol ya BGP ndipo imalola ma VTEPs kusinthanitsa zidziwitso zamayendedwe, monga MAC-VRF (Virtual Routing and Forwarding) ndi IP-VRF. Ndege ya data ndiyomwe imayang'anira kutumiza kwenikweni, pogwiritsa ntchito ma tunnel a VXLAN kuti atumize bwino.
Komabe, m'magawo enieni, kutumiza mwachangu kumakhudza magwiridwe antchito. Kusefukira kwamadzi kumatha kuyambitsa mphepo yamkuntho, makamaka pamanetiweki akuluakulu. Izi zimabweretsa kufunikira kwa kukhathamiritsa kwa zipata: zipata sizimangolumikiza maukonde amkati ndi akunja komanso zimakhala ngati ma proxy ARP othandizira, kuthana ndi kutayikira kwanjira, ndikuwonetsetsa njira zazifupi zotumizira.
Centralized VXLAN Gateway
Chipata chapakati cha VXLAN, chomwe chimatchedwanso chipata chapakati kapena chipata cha L3, chimayikidwa m'mphepete kapena pakati pa malo opangira data. Imakhala ngati likulu lapakati, momwe magalimoto onse odutsa-VNI kapena cross-subnet ayenera kudutsa.
M'malo mwake, chipata chapakati chimakhala ngati chipata chosasinthika, chopereka ma Layer 3 routing services pamanetiweki onse a VXLAN. Taganizirani ma VNI awiri: VNI 10000 (subnet 10.1.1.0/24) ndi VNI 20000 (subnet 10.2.1.0/24). Ngati VM A mu VNI 10000 ikufuna kupeza VM B mu VNI 20000, paketi imafika ku VTEP yapafupi. VTEP yakumaloko imazindikira kuti adilesi ya IP siili pa subnet yapafupi ndikuitumiza kuchipata chapakati. Chipatacho chimadula paketiyo, kupanga chisankho, ndikuyikanso paketiyo mumsewu wopita komwe mukupita ku VNI.
Ubwino wake ndi woonekeratu:
○ Kuwongolera kosavutaMasinthidwe onse amachitidwe amakhala pakati pa chipangizo chimodzi kapena ziwiri, zomwe zimalola ogwiritsa ntchito kukhala ndi zipata zochepa kuti atseke netiweki yonse. Njirayi ndi yoyenera kwa malo ang'onoang'ono ndi apakatikati a data kapena malo omwe akugwiritsa ntchito VXLAN kwa nthawi yoyamba.
○ZothandizaZipata nthawi zambiri zimakhala zogwira ntchito kwambiri (monga Cisco Nexus 9000 kapena Arista 7050) zomwe zimatha kuthana ndi kuchuluka kwa magalimoto. Ndege yowongolera imakhala yapakati, ikuthandizira kuphatikizana ndi olamulira a SDN monga NSX Manager.
○Kuwongolera kwamphamvu kwachitetezoMagalimoto ayenera kudutsa pachipata, kuthandizira kukhazikitsidwa kwa ACLs (Access Control Lists), zozimitsa moto, ndi NAT. Tangoganizirani zochitika zokhala ndi anthu ambiri pomwe chipata chapakati chimatha kusiyanitsa mosavuta anthu ambiri.
Koma zofooka sizinganyalanyazidwe:
○ Kulephera kumodzi kokhaNgati chipata chikalephera, kulumikizana kwa L3 pamaneti onse kumakhala kopuwala. Ngakhale VRRP (Virtual Router Redundancy Protocol) ingagwiritsidwe ntchito pakuchepetsa, imakhalabe ndi zoopsa.
○Kulephera kwa magwiridwe antchitoMagalimoto onse akum'mawa ndi kumadzulo (kulumikizana pakati pa maseva) kuyenera kudutsa pachipata, zomwe zimapangitsa kuti pakhale njira yocheperako. Mwachitsanzo, mumagulu a 1000-node, ngati chipata cha bandwidth ndi 100Gbps, kusokonezeka kungathe kuchitika panthawi yochuluka kwambiri.
○Kusakhazikika bwinoPamene ma network akukula, kuchuluka kwa zipata kumawonjezeka kwambiri. Mu chitsanzo chenicheni cha dziko lapansi, ndawonapo malo osungira ndalama pogwiritsa ntchito chipata chapakati. Poyamba, idayenda bwino, koma kuchuluka kwa ma VM kuwirikiza kawiri, latency idakwera kuchokera ku ma microseconds kupita ku ma milliseconds.
Mmene Mungagwiritsire Ntchito: Oyenera malo omwe amafunikira kuwongolera kosavuta, monga mitambo yabizinesi kapena ma network oyesera. Zomangamanga za Cisco's ACI nthawi zambiri zimagwiritsa ntchito mtundu wapakati, wophatikizidwa ndi topology yamasamba, kuwonetsetsa kuti zipata zapakati zikuyenda bwino.
Kugawidwa kwa VXLAN Gateway
Chipata chogawidwa cha VXLAN, chomwe chimadziwikanso ngati chipata chogawidwa kapena chipata chilichonse, chimatsitsa magwiridwe antchito a tsamba lililonse kapena hypervisor VTEP. VTEP iliyonse imakhala ngati chipata chakumaloko, kutengera kutumiza kwa L3 kwa subnet yakomweko.
Mfundoyi ndi yowonjezereka: VTEP iliyonse imakonzedwa ndi IP yofanana (VIP) monga chipata chosasinthika, pogwiritsa ntchito njira ya Anycast. Mapaketi a subnet otumizidwa ndi ma VM amayendetsedwa molunjika pa VTEP yakumaloko, osadutsa pakatikati. EVPN ndiyothandiza kwambiri pano: kudzera pa BGP EVPN, VTEP imaphunzira njira za makamu akutali ndipo imagwiritsa ntchito MAC/IP yomanga kuti ipewe kusefukira kwa ARP.
Mwachitsanzo, VM A (10.1.1.10) akufuna kupeza VM B (10.2.1.10). Njira yokhazikika ya VM A ndi VIP ya VTEP (10.1.1.1). Njira za VTEP zakumaloko zopita ku subnet yopita, zimayika paketi ya VXLAN, ndikutumiza mwachindunji ku VM B's VTEP. Izi zimachepetsa njira ndi latency.
Ubwino Wodziwika:
○ Kukhazikika kwakukuluKugawa magwiridwe antchito a zipata ku node iliyonse kumawonjezera kukula kwa netiweki, komwe kumakhala kopindulitsa pama network akulu. Opereka mitambo akulu ngati Google Cloud amagwiritsa ntchito njira yofananira yothandizira mamiliyoni a ma VM.
○Kuchita bwino kwambiriMagalimoto a kum'mawa ndi kumadzulo amakonzedwa kumaloko kuti apewe zovuta. Deta yoyesera ikuwonetsa kuti kutulutsa kumatha kuchulukira ndi 30% -50% mumachitidwe ogawidwa.
○Fast kuchira kuchiraKulephera kumodzi kwa VTEP kumakhudza okhawo omwe akukhala nawo, kusiya ma node ena osakhudzidwa. Kuphatikizidwa ndi kusinthika kwachangu kwa EVPN, nthawi yochira ili m'masekondi.
○Kugwiritsa ntchito bwino zinthuGwiritsani ntchito chipangizo cha Leaf switch chomwe chilipo cha ASIC kuti muwonjezetse ma hardware, ndi mitengo yotumizira kupita ku Tbps.
Kodi kuipa kwake ndi kotani?
○ Kusintha kovutirapoVTEP iliyonse imafuna kasinthidwe kamayendedwe, EVPN, ndi zina, zomwe zimapangitsa kuti ntchito yoyambira ikhale nthawi yambiri. Gulu logwira ntchito liyenera kudziwa BGP ndi SDN.
○Zofunikira zapamwamba za HardwareNjira yogawa: Si masiwichi onse omwe amathandizira zipata zogawidwa; Tchipisi za Broadcom Trident kapena Tomahawk ndizofunikira. Kukhazikitsa mapulogalamu (monga OVS pa KVM) simagwira ntchito ngati hardware.
○Mavuto OsasinthasinthaKugawidwa kumatanthauza kuti kulunzanitsa kwa boma kumadalira EVPN. Ngati gawo la BGP likusintha, likhoza kuyambitsa dzenje lakuda.
Momwe Mungagwiritsire Ntchito: Zabwino kwa ma hyperscale data Center kapena mitambo yapagulu. VMware NSX-T's rauta yogawidwa ndi chitsanzo. Kuphatikizidwa ndi Kubernetes, imathandizira mosavutikira maukonde.
Centralized VxLAN Gateway vs. Distributed VxLAN Gateway
Tsopano pachimake: chabwino ndichiti? Yankho ndi "zimadalira", koma tiyenera kukumba mozama mu data ndi maphunziro amilandu kuti tikutsimikizireni.
Kuchokera pamawonekedwe a magwiridwe antchito, machitidwe ogawidwa amawoneka bwino kuposa. Mu benchmark ya data center (yotengera zida zoyesera za Spirent), pafupifupi latency ya pachipata chapakati inali 150μs, pomwe ya dongosolo logawidwa linali 50μs yokha. Pankhani yodutsa, makina ogawidwa amatha kupititsa patsogolo mizere mosavuta chifukwa amathandizira njira ya Spine-Leaf Equal Cost Multi-Path (ECMP).
Scalability ndi bwalo lina lankhondo. Maukonde apakati ndi oyenera maukonde okhala ndi node 100-500; kupitilira sikelo iyi, ma network omwe amagawidwa amapambana. Tengani Alibaba Cloud, mwachitsanzo. VPC yawo (Virtual Private Cloud) imagwiritsa ntchito zipata za VXLAN zothandizira mamiliyoni a ogwiritsa ntchito padziko lonse lapansi, okhala ndi gawo limodzi la latency pansi pa 1ms. Njira yapakati ikanatha kalekale.
Nanga bwanji mtengo? Yankho lapakati limapereka ndalama zotsika zoyambira, zomwe zimangofunika zipata zochepa zapamwamba. Yankho logawidwa limafuna ma node onse a masamba kuti athandizire kutsitsa kwa VXLAN, zomwe zimapangitsa kuti pakhale ndalama zambiri zokweza ma hardware. Komabe, m'kupita kwanthawi, yankho logawidwa limapereka ndalama zotsika za O&M, monga zida zodzichitira ngati Ansible zimathandizira kusinthika kwa batch.
Chitetezo ndi kudalirika: Machitidwe apakati amathandizira chitetezo chapakati koma amakhala pachiwopsezo cha malo amodzi. Njira zogawira zimakhala zolimba koma zimafunikira ndege yowongolera kuti ipewe kuukira kwa DDoS.
Kafukufuku wapadziko lonse lapansi: Kampani ya e-commerce idagwiritsa ntchito VXLAN yapakati kuti ipange malo ake. Panthawi yochulukirachulukira, kugwiritsa ntchito pachipata cha CPU kudakwera mpaka 90%, zomwe zidapangitsa kuti anthu azidandaula za latency. Kusintha ku mtundu wogawidwa kunathetsa vutoli, kulola kampani kuwirikiza kawiri kukula kwake. Mosiyana ndi zimenezi, banki yaing'ono inaumirira kuti pakhale chitsanzo chapakati chifukwa amaika patsogolo kafukufuku wotsatira malamulo ndipo anaona kuti kasamalidwe kapakati ndi kosavuta.
Mwambiri, ngati mukuyang'ana magwiridwe antchito kwambiri pamaneti ndi kukula, njira yogawa ndiyo njira yopitira. Ngati bajeti yanu ili yochepa ndipo gulu lanu loyang'anira lilibe chidziwitso, njira yapakati ndiyothandiza kwambiri. M'tsogolomu, ndi kukwera kwa 5G ndi makompyuta am'mphepete, ma intaneti ogawidwa adzakhala otchuka kwambiri, koma maukonde apakati adzakhalabe ofunika pazochitika zinazake, monga kugwirizanitsa ofesi ya nthambi.
Mylinking™ Network Packet Brokerskuthandizira VxLAN, VLAN, GRE, MPLS Header Stripping
Inathandizira VxLAN, VLAN, GRE, MPLS mutu wovulidwa mu paketi yoyambirira ya data ndikutumiza zotuluka.
Nthawi yotumiza: Oct-09-2025
