Kuti tikambirane za njira za VXLAN, choyamba tiyenera kukambirana za VXLAN yokha. Kumbukirani kuti ma VLAN achikhalidwe (Virtual Local Area Networks) amagwiritsa ntchito ma ID a VLAN a 12-bit kugawa ma network, kuthandizira ma network okwana 4096. Izi zimagwira ntchito bwino pa ma network ang'onoang'ono, koma m'malo amakono a data, okhala ndi makina awo ambirimbiri, ma container, ndi malo okhala ndi anthu ambiri, ma VLAN sakwanira. VXLAN idabadwa, yomwe idafotokozedwa ndi Internet Engineering Task Force (IETF) mu RFC 7348. Cholinga chake ndikukulitsa gawo la kufalitsa la Layer 2 (Ethernet) pa ma network a Layer 3 (IP) pogwiritsa ntchito ma tunnel a UDP.
Mwachidule, VXLAN imaphatikiza mafelemu a Ethernet mkati mwa mapaketi a UDP ndikuwonjezera VXLAN Network Identifier (VNI) ya 24-bit, yomwe imathandizira ma network okwana 16 miliyoni. Izi zili ngati kupatsa netiweki iliyonse "khadi lodziwika," zomwe zimawalola kuyenda momasuka pa netiweki yeniyeni popanda kusokonezana. Gawo lalikulu la VXLAN ndi VXLAN Tunnel End Point (VTEP), yomwe imayang'anira kuyika ndi kuchotsa mapaketi. VTEP ikhoza kukhala mapulogalamu (monga Open vSwitch) kapena hardware (monga ASIC chip pa switch).
N’chifukwa chiyani VXLAN ndi yotchuka chonchi? Chifukwa imagwirizana bwino ndi zosowa za cloud computing ndi SDN (Software-Defined Networking). Mu mitambo ya anthu onse monga AWS ndi Azure, VXLAN imalola kufalikira kwa ma network a anthu obwereka mosavuta. Mu malo osungira deta achinsinsi, imathandizira mapangidwe a ma network a overlay monga VMware NSX kapena Cisco ACI. Tangoganizirani malo osungira deta okhala ndi ma seva zikwizikwi, iliyonse ikugwiritsa ntchito ma VM ambiri (Virtual Machines). VXLAN imalola ma VM awa kudziona ngati gawo la netiweki yomweyo ya Layer 2, kuonetsetsa kuti ma ARP ndi ma DHCP akuyenda bwino.
Komabe, VXLAN si mankhwala othetsera mavuto. Kugwira ntchito pa netiweki ya L3 kumafuna kusintha kwa L2-to-L3, komwe ndi komwe chipata chimayambira. Chipata cha VXLAN chimalumikiza netiweki ya VXLAN ndi ma netiweki akunja (monga ma VLAN achikhalidwe kapena ma netiweki oyendetsera IP), kuonetsetsa kuti deta ikuyenda kuchokera ku dziko lenileni kupita ku dziko lenileni. Njira yotumizira deta ndiyo mtima ndi moyo wa chipata, zomwe zimatsimikiza momwe mapaketi amagwiritsidwira ntchito, kuyendetsedwa, komanso kugawidwa.
Njira yotumizira VXLAN ili ngati ballet yofewa, ndipo sitepe iliyonse kuchokera kochokera kupita komwe ikupita imalumikizidwa kwambiri. Tiyeni tiifotokoze pang'onopang'ono.
Choyamba, paketi imatumizidwa kuchokera ku gwero lothandizira (monga VM). Iyi ndi chimango chokhazikika cha Ethernet chomwe chili ndi adilesi ya MAC yoyambira, adilesi ya MAC yopita, chizindikiro cha VLAN (ngati chilipo), ndi katundu wolipira. Chimango ichi chikalandira, gwero la VTEP limayang'ana adilesi ya MAC yopita. Ngati adilesi ya MAC yopita ili mu tebulo lake la MAC (yomwe imapezeka kudzera mu kuphunzira kapena kudzaza), imadziwa VTEP yakutali yoti itumize paketiyo.
Njira yolumikizirana ndi yofunika kwambiri: VTEP imawonjezera mutu wa VXLAN (kuphatikiza VNI, mbendera, ndi zina zotero), kenako mutu wa UDP wakunja (wokhala ndi doko loyambira lozikidwa pa hash ya chimango chamkati ndi doko lokhazikika la 4789), mutu wa IP (wokhala ndi adilesi ya IP yoyambira ya VTEP yakomweko ndi adilesi ya IP yoyambira ya VTEP yakutali), ndipo pamapeto pake mutu wakunja wa Ethernet. Phukusi lonse tsopano likuwoneka ngati paketi ya UDP/IP, limawoneka ngati traffic wamba, ndipo limatha kuyendetsedwa pa netiweki ya L3.
Pa netiweki yeniyeni, paketiyo imatumizidwa ndi rauta kapena switch mpaka itafika pa VTEP yopita. Destination VTEP imachotsa mutu wakunja, kuyang'ana mutu wa VXLAN kuti iwonetsetse kuti VNI ikugwirizana, kenako imapereka chimango chamkati cha Ethernet ku host yopitako. Ngati paketiyo ndi yosadziwika ngati unicast, broadcast, kapena multicast (BUM), VTEP imabwerezanso paketiyo ku VTEP zonse zofunikira pogwiritsa ntchito flooding, kudalira magulu ambiri kapena unicast header replication (HER).
Mfundo yaikulu ya mfundo yotumizira deta ndi kulekanitsa ndege yowongolera ndi ndege ya deta. Ndege yowongolera imagwiritsa ntchito Ethernet VPN (EVPN) kapena njira ya Flood and Learn kuti iphunzire mapu a MAC ndi IP. EVPN imachokera ku protocol ya BGP ndipo imalola ma VTEP kusinthana zambiri zotumizira deta, monga MAC-VRF (Virtual Routing and Forwarding) ndi IP-VRF. Ndege ya deta imayang'anira kutumiza deta, pogwiritsa ntchito njira za VXLAN kuti ipereke deta bwino.
Komabe, mu ntchito zenizeni, kugwiritsa ntchito bwino njira zotumizira mauthenga kumakhudza mwachindunji magwiridwe antchito. Kusefukira kwa madzi kwachikhalidwe kumatha kuyambitsa mphepo yamkuntho, makamaka m'maukonde akuluakulu. Izi zimapangitsa kuti pakhale kufunikira kwa kukonza njira zolowera: njira zolowera sizimangolumikiza maukonde amkati ndi akunja komanso zimagwira ntchito ngati othandizira a ARP, kuthana ndi kutayikira kwa njira, ndikuwonetsetsa kuti njira zotumizira mauthenga ndi zazifupi kwambiri.
Chipata cha VXLAN chapakati
Chipata cha VXLAN cholumikizidwa pakati, chomwe chimatchedwanso chipata chapakati kapena chipata cha L3, nthawi zambiri chimayikidwa m'mphepete kapena pakati pa data center. Chimagwira ntchito ngati malo olumikizirana pakati, momwe magalimoto onse odutsa pa intaneti kapena ma subnet ayenera kudutsa.
Mwachidule, chipata cholumikizidwa pakati chimagwira ntchito ngati chipata chokhazikika, chomwe chimapereka mautumiki a routing a Layer 3 pa ma network onse a VXLAN. Taganizirani ma VNI awiri: VNI 10000 (subnet 10.1.1.0/24) ndi VNI 20000 (subnet 10.2.1.0/24). Ngati VM A mu VNI 10000 ikufuna kupeza VM B mu VNI 20000, paketiyo imayamba kufika pa VTEP yakomweko. VTEP yakomweko imazindikira kuti adilesi ya IP yolowera siili pa subnet yakomweko ndikuyitumiza ku chipata cholumikizidwa pakati. Chipatacho chimaduladula paketiyo, kupanga chisankho cholumikizira, kenako ndikuyikanso paketiyo mu ngalande yopita ku VNI yolowera.
Ubwino wake ndi woonekeratu:
○ Kuyang'anira kosavutaMakonzedwe onse a ma routing amakhala pakati pa chipangizo chimodzi kapena ziwiri, zomwe zimathandiza kuti ogwiritsa ntchito azikhala ndi zipata zochepa zokha kuti akwaniritse netiweki yonse. Njira imeneyi ndi yoyenera malo ang'onoang'ono komanso apakatikati a data kapena malo omwe akugwiritsa ntchito VXLAN koyamba.
○Kugwiritsa ntchito bwino zinthuMa Gateway nthawi zambiri amakhala ndi zida zogwira ntchito bwino kwambiri (monga Cisco Nexus 9000 kapena Arista 7050) zomwe zimatha kuyendetsa magalimoto ambiri. Dongosolo lowongolera limakhala pakati, zomwe zimathandiza kuti pakhale kulumikizana ndi owongolera a SDN monga NSX Manager.
○Kulamulira kwamphamvu kwa chitetezoMagalimoto ayenera kudutsa pachipata, zomwe zimathandiza kukhazikitsa ma ACL (Access Control Lists), ma firewall, ndi NAT. Tangoganizirani momwe chipata cholumikizirana chimatha kusiyanitsa mosavuta kuchuluka kwa magalimoto obwereka.
Koma zofooka zake sizinganyalanyazidwe:
○ Kulephera kokhaNgati chipata chalephera, kulumikizana kwa L3 pa netiweki yonse kumayimitsidwa. Ngakhale kuti VRRP (Virtual Router Redundancy Protocol) ingagwiritsidwe ntchito pochepetsa maukonde, imakhalabe ndi zoopsa.
○Cholepheretsa magwiridwe antchitoMagalimoto onse ochokera kummawa kupita kumadzulo (kulumikizana pakati pa ma seva) ayenera kudutsa chipata, zomwe zimapangitsa kuti pakhale njira yabwino kwambiri. Mwachitsanzo, mu gulu la ma node 1000, ngati bandwidth ya chipata ndi 100Gbps, kuchulukana kwa magalimoto kungachitike nthawi yomwe anthu ambiri amafika pa intaneti.
○Kusakula bwinoPamene kukula kwa netiweki kukukula, kuchuluka kwa ma gateway kumawonjezeka kwambiri. Mu chitsanzo chenicheni, ndawona malo osungira deta yazachuma pogwiritsa ntchito gateway yolumikizidwa pakati. Poyamba, idayenda bwino, koma chiwerengero cha ma VM chitawirikiza kawiri, latency idakwera kwambiri kuchokera pa ma microseconds kupita ku ma milliseconds.
Chitsanzo Chogwiritsira Ntchito: Choyenera malo omwe amafuna kusavuta kuyang'anira, monga mitambo yachinsinsi yamakampani kapena ma network oyesera. Kapangidwe ka Cisco ka ACI nthawi zambiri kamagwiritsa ntchito chitsanzo chapakati, chophatikizidwa ndi topology ya tsamba-msana, kuti zitsimikizire kuti zipata zapakati zikugwira ntchito bwino.
Chipata cha VXLAN Chogawidwa
Chipata chogawika cha VXLAN, chomwe chimadziwikanso kuti chipata chogawika kapena chipata chilichonse chotayika, chimatsitsa magwiridwe antchito a chipata ku switch iliyonse ya leaf kapena hypervisor VTEP. VTEP iliyonse imagwira ntchito ngati chipata chapafupi, chosamalira kutumiza kwa L3 kwa subnet yakomweko.
Mfundoyi ndi yosinthasintha: VTEP iliyonse imakonzedwa ndi IP yeniyeni (VIP) yomweyo monga chipata chokhazikika, pogwiritsa ntchito njira ya Anycast. Mapaketi a Cross-subnet omwe amatumizidwa ndi ma VM amayendetsedwa mwachindunji pa VTEP yakomweko, popanda kudutsa pakati. EVPN ndi yothandiza kwambiri apa: kudzera mu BGP EVPN, VTEP imaphunzira njira za ma host akutali ndipo imagwiritsa ntchito MAC/IP binding kuti ipewe kusefukira kwa ARP.
Mwachitsanzo, VM A (10.1.1.10) ikufuna kugwiritsa ntchito VM B (10.2.1.10). Chipata chokhazikika cha VM A ndi VIP ya VTEP yapafupi (10.1.1.1). VTEP yapafupi imapita ku subnet yopitako, imaphimba paketi ya VXLAN, ndikuitumiza mwachindunji ku VTEP ya VM B. Njirayi imachepetsa njira ndi kuchedwa.
Ubwino Wapadera:
○ Kutha kufalikira kwambiriKugawa magwiridwe antchito a chipata ku node iliyonse kumawonjezera kukula kwa netiweki, zomwe zimathandiza ma netiweki akuluakulu. Opereka ma cloud akuluakulu monga Google Cloud amagwiritsa ntchito njira yofanana yothandizira ma VM mamiliyoni ambiri.
○Kuchita bwino kwambiriMagalimoto ochokera kum'mawa kupita kumadzulo amakonzedwa m'deralo kuti apewe mavuto. Deta yoyesera ikuwonetsa kuti kuchuluka kwa magalimoto kumatha kuwonjezeka ndi 30%-50% munjira yogawa.
○Kuchira mwachangu kwa zolakwikaKulephera kamodzi kokha kwa VTEP kumakhudza wolandila wapafupi yekha, zomwe zimapangitsa kuti ma node ena asakhudzidwe. Kuphatikiza ndi kulumikizana mwachangu kwa EVPN, nthawi yobwezeretsa imakhala mumasekondi.
○Kugwiritsa ntchito bwino zinthuGwiritsani ntchito chip cha ASIC chomwe chilipo cha Leaf switch kuti mufulumizitse hardware, ndipo mitengo yotumizira ifike pa mulingo wa Tbps.
Kodi kuipa kwake ndi kotani?
○ Kapangidwe kovutaVTEP iliyonse imafuna kukhazikitsidwa kwa njira yolumikizirana, EVPN, ndi zina, zomwe zimapangitsa kuti kuyika koyamba kutenge nthawi. Gulu logwira ntchito liyenera kudziwa bwino BGP ndi SDN.
○Zofunikira pa hardware yapamwambaChipata chogawika: Si ma switch onse omwe amathandizira zipata zogawika; Broadcom Trident kapena ma chip a Tomahawk amafunika. Mapulogalamu (monga OVS pa KVM) sagwira ntchito bwino ngati zida zamagetsi.
○Mavuto OsasinthasinthaKugawa kumatanthauza kuti kusinthasintha kwa boma kumadalira EVPN. Ngati gawo la BGP lisinthasintha, lingayambitse dzenje lakuda lolowera.
Chitsanzo cha Kugwiritsa Ntchito: Chabwino kwambiri pa malo osungira deta a hyperscale kapena mitambo ya anthu onse. Rauta yogawa ya VMware NSX-T ndi chitsanzo chabwino. Pophatikizidwa ndi Kubernetes, imathandizira bwino kulumikizana kwa ma container.
Chipatala cha VxLAN chogawidwa pakati pa malo ndi chipatala cha VxLAN chogawidwa pakati pa malo
Tsopano tiyeni tikambirane za nkhani yaikulu: ndi iti yabwino kuposa iyi? Yankho lake ndi lakuti "zimadalira", koma tiyenera kufufuza mozama mu deta ndi maphunziro a milandu kuti tikutsimikizireni.
Kuchokera pakuwona momwe magwiridwe antchito amagwirira ntchito, machitidwe ogawidwa amagwira ntchito bwino kwambiri. Mu benchmark yanthawi zonse ya data center (yochokera ku zida zoyesera za Spirent), nthawi yocheperako ya centralized gateway inali 150μs, pomwe ya system yogawidwa inali 50μs yokha. Ponena za throughput, machitidwe ogawidwa amatha kupeza mosavuta line-rate forwarding chifukwa amagwiritsa ntchito Spine-Leaf Equal Cost Multi-Path (ECMP) routing.
Kukula kwa malo ndi malo ena omenyera nkhondo. Ma network apakati ndi oyenera ma network okhala ndi ma node 100-500; kupitirira apo, ma network ogawidwa amapambana. Mwachitsanzo, tenga Alibaba Cloud. VPC yawo (Virtual Private Cloud) imagwiritsa ntchito ma gateways a VXLAN ogawidwa kuti athandize ogwiritsa ntchito mamiliyoni ambiri padziko lonse lapansi, ndi latency ya gawo limodzi pansi pa 1ms. Njira yapakati ikanatha kalekale.
Nanga bwanji za mtengo? Yankho lokhazikika limapereka ndalama zochepa zoyambira, zomwe zimafuna njira zochepa zapamwamba. Yankho logawidwa limafuna ma node onse a masamba kuti athandizire kutsitsa kwa VXLAN, zomwe zimapangitsa kuti pakhale ndalama zambiri zokweza zida. Komabe, pamapeto pake, yankho logawidwa limapereka ndalama zochepa za O&M, chifukwa zida zodziyimira zokha monga Ansible zimathandiza kukonza batch.
Chitetezo ndi kudalirika: Machitidwe apakati amathandiza chitetezo chapakati koma amakhala pachiwopsezo chachikulu cha kuukira kwa malo amodzi. Machitidwe ogawidwa ndi olimba koma amafunikira njira yowongolera yolimba kuti apewe kuukira kwa DDoS.
Kafukufuku weniweni: Kampani ya e-commerce idagwiritsa ntchito VXLAN yokhazikika kuti imange tsamba lake. Munthawi yomwe inali ndi nthawi yayitali, kugwiritsa ntchito CPU yolowera kunakwera kufika pa 90%, zomwe zidapangitsa kuti ogwiritsa ntchito adandaule za kuchedwa. Kusintha kupita ku mtundu wogawidwa kunathetsa vutoli, zomwe zidalola kampaniyo kuwirikiza kawiri kukula kwake. Mosiyana ndi zimenezi, banki yaying'ono idakakamira kuti pakhale mtundu wokhazikika chifukwa idayika patsogolo kuwunika kotsatira malamulo ndipo idapeza kuti kuyang'anira pakati ndikosavuta.
Kawirikawiri, ngati mukufuna njira yogwiritsira ntchito maukonde ndi kukula kwakukulu, njira yogwiritsira ntchito maukonde ndiyo njira yoyenera. Ngati bajeti yanu ndi yochepa ndipo gulu lanu loyang'anira silikudziwa zambiri, njira yogwiritsira ntchito maukonde ndi yothandiza kwambiri. M'tsogolomu, chifukwa cha kukwera kwa 5G ndi edge computing, maukonde ogwiritsidwa ntchito adzakhala otchuka kwambiri, koma maukonde ogwiritsidwa ntchito adzakhalabe ofunika pazochitika zinazake, monga kulumikizana kwa nthambi.
Othandizira Mapaketi a Network a Mylinking™Thandizani VxLAN, VLAN, GRE, MPLS Header Stripping
Inathandizira mutu wa VxLAN, VLAN, GRE, MPLS womwe unachotsedwa mu phukusi loyambirira la data ndikutumiza zotsatira.
Nthawi yotumizira: Okutobala-09-2025
