Kugira ngo tuganire ku nzira za VXLAN, tugomba kubanza kuganira kuri VXLAN ubwayo. Wibuke ko VLAN zisanzwe (Virtual Local Area Networks) zikoresha ID za VLAN za biti 12 kugira ngo zigabanye imiyoboro, zigashyigikira imiyoboro igera kuri 4096. Ibi bikora neza ku miyoboro mito, ariko mu bigo bigezweho by'amakuru, hamwe n'ibihumbi by'imashini za virtual, containers, n'ahantu hakodeshwa abantu benshi, VLAN ntizihagije. VXLAN yavutse, igenwa na Internet Engineering Task Force (IETF) muri RFC 7348. Intego yayo ni ukwagura domain ya Layer 2 (Ethernet) ku miyoboro ya Layer 3 (IP) hakoreshejwe imiyoboro ya UDP.
Mu magambo make, VXLAN ishyiramo amafuremu ya Ethernet muri paki za UDP hanyuma ikongeramo VXLAN Network Identifier ya 24-bit (VNI), ishyigikira mu buryo bw'imitekerereze miliyoni 16 z'imiyoboro ya virtual. Ibi ni nko guha buri muyoboro wa virtual "ikarita y'indangamuntu," ibafasha kugenda neza kuri network ifatika nta kubangamirana. Igice cy'ingenzi cya VXLAN ni VXLAN Tunnel End Point (VTEP), ishinzwe gushyiramo no gukuramo paki. VTEP ishobora kuba porogaramu (nka Open vSwitch) cyangwa ibikoresho (nka chip ya ASIC kuri switch).
Kuki VXLAN ikunzwe cyane? Kubera ko ihuye neza n'ibyo ikeneye muri cloud computing na SDN (Software-Defined Networking). Mu bicu rusange nka AWS na Azure, VXLAN yemerera kwagura imiyoboro ya virtual y'abakodesha. Mu bigo byigenga by'amakuru, ishyigikira imiterere ya overlay network nka VMware NSX cyangwa Cisco ACI. Tekereza ikigo cy'amakuru gifite seriveri ibihumbi, buri kimwe kigakora VM nyinshi (Virtual Machines). VXLAN yemerera izi VM kwibona nk'igice cy'umuyoboro umwe wa Layer 2, bigatuma habaho kohereza neza ibiganiro bya ARP n'ubusabe bwa DHCP.
Ariko, VXLAN si umuti. Gukorera kuri network ya L3 bisaba guhindura L2-kuva kuri L3, ari naho gateway ijya. Irembo rya VXLAN rihuza network ya VXLAN virtual na network zo hanze (nk'imiyoboro ya VLAN isanzwe cyangwa imiyoboro ya IP routing), rituma amakuru ava mu isi ya virtual ajya mu isi nyayo. Uburyo bwo kohereza amakuru ni umutima n'ubugingo by'irembo, bigagena uburyo paki zitunganywa, zigatangwa, kandi zigakwirakwizwa.
Uburyo bwo kohereza VXLAN bumeze nk'umukino woroshye, aho intambwe yose iva aho ijya ijya ihurira. Reka tubicemo intambwe ku yindi.
Ubwa mbere, paki yoherezwa iturutse kuri host y'isoko (nka VM). Iyi ni frame isanzwe ya Ethernet irimo aderesi ya MAC y'isoko, aderesi ya MAC y'aho uherereye, tag ya VLAN (niba ihari), na payload. Iyo imaze kwakira iyi frame, VTEP y'aho uherereye igenzura aderesi ya MAC y'aho uherereye. Niba aderesi ya MAC y'aho uherereye iri muri table yayo ya MAC (iboneka binyuze mu kwiga cyangwa kuzura), izi VTEP yo kure yohereza paki.
Uburyo bwo gukurura amakuru ni ingenzi cyane: VTEP yongeraho umutwe wa VXLAN (harimo na VNI, amabendera, n'ibindi), hanyuma umutwe wa UDP wo hanze (ufite aho ukomoka hashingiye kuri hash y'inyuma n'aho ujya wa 4789), umutwe wa IP (ufite aderesi ya IP y'aho utuye ya VTEP na aderesi ya IP y'aho ujya ya VTEP yo kure), hanyuma umutwe wa Ethernet wo hanze. Paki yose ubu igaragara nk'ipaki ya UDP/IP, isa n'imodoka zisanzwe, kandi ishobora gutwarwa kuri network ya L3.
Ku rubuga rw'ikoranabuhanga, paki yoherezwa na router cyangwa switch kugeza igeze aho VTEP iherereye. Aho VTEP iherereye ikuraho umutwe wo hanze, ikareba umutwe wa VXLAN kugira ngo irebe ko VNI ihuye, hanyuma igatanga frame ya Ethernet y'imbere kuri host y'aho iherereye. Iyo paki itazwi nka unicast, broadcast, cyangwa multicast (BUM), VTEP isubiramo paki kuri VTEP zose zijyanye nayo ikoresheje amazi, ishingiye ku matsinda menshi cyangwa unicast header replication (HER).
Ishingiro ry'ihame ryo kohereza amakuru ni ugutandukanya indege igenzura n'indege y'amakuru. Intebe igenzura ikoresha Ethernet VPN (EVPN) cyangwa uburyo bwa Flood and Learn kugira ngo yige mapping za MAC na IP. EVPN ishingiye kuri protocole ya BGP kandi yemerera VTEP guhanahana amakuru yo kohereza amakuru, nka MAC-VRF (Virtual Routing and Forwarding) na IP-VRF. Intebe y'amakuru ishinzwe kohereza amakuru nyayo, ikoresheje tunnel za VXLAN kugira ngo yohereze amakuru neza.
Ariko, mu buryo nyabwo bwo kohereza amakuru, ubushobozi bwo kohereza amakuru bugira ingaruka zitaziguye ku mikorere. Imyuzure isanzwe ishobora gutera inkubi z'umuyaga mu buryo bworoshye, cyane cyane mu miyoboro minini. Ibi bituma hakenerwa uburyo bwo kunoza amarembo: amarembo ntabwo ahuza gusa imiyoboro y'imbere n'iy'inyuma ahubwo anakora nk'abahuza ba ARP, bakemura ibibazo by'inzira, kandi bakareba inzira ngufi zo kohereza amakuru.
Irembo rya VXLAN riherereye hagati
Irembo rya VXLAN riri hagati, rizwi kandi nk'irembo rigari cyangwa amarembo ya L3, rikunze gushyirwa ku nkengero cyangwa ku gice cy'ibanze cy'ikigo cy'amakuru. Rikora nk'ihuriro rikuru, aho abantu bose banyura muri VNI cyangwa abagenzi bambukiranya imiyoboro.
Muri rusange, gateway iri hagati ikora nk'irembo risanzwe, ritanga serivisi zo gukwirakwiza umurongo wa Layer 3 kuri network zose za VXLAN. Tekereza kuri VNI ebyiri: VNI 10000 (subnet 10.1.1.0/24) na VNI 20000 (subnet 10.2.1.0/24). Niba VM A muri VNI 10000 ishaka kwinjira muri VM B muri VNI 20000, paki ibanza kugera kuri VTEP yo mu gace. VTEP yo mu gace imenya ko aderesi ya IP y'aho iherereye itari kuri subnet yo mu gace hanyuma ikayohereza kuri gateway iri hagati. Irembo ricamo ibice bya paki, rigafata icyemezo cyo gukwirakwiza umurongo, hanyuma rikongera gushyira paki mu mwobo ugana kuri VNI y'aho iherereye.
Ibyiza biragaragara:
○ Imicungire yoroshyeImiterere yose y'inzira ishyirwa ku gikoresho kimwe cyangwa bibiri, bigatuma abakora porogaramu bagumana inzira nke gusa zo gukoreramo umuyoboro wose. Ubu buryo bukwiriye ku bigo bito n'ibiciriritse by'amakuru cyangwa ibidukikije bikoresha VXLAN ku nshuro ya mbere.
○Gukoresha neza umutungoUbusanzwe, amarembo ni ibikoresho bifite imikorere myiza (nka Cisco Nexus 9000 cyangwa Arista 7050) bishobora gutwara urujya n'uruza rw'abantu benshi. Iki gikoresho cyo kugenzura giherereye ahantu hamwe, bityo byoroshya guhuza na SDN controllers nka NSX Manager.
○Igenzura rikomeye ry'umutekanoUrujya n'uruza rw'abantu rugomba kunyura mu irembo, bityo byorohereza ishyirwa mu bikorwa rya ACL (Access Control Lists), firewalls, na NAT. Tekereza ku buryo abantu benshi bakodesha aho irembo rihuriweho rishobora gutandukanya urujya n'uruza rw'abakodesha byoroshye.
Ariko inenge ntizishobora kwirengagizwa:
○ Ingingo imwe y'inanirwaIyo gateway ibuze, itumanaho rya L3 rihagarara mu muyoboro wose. Nubwo VRRP (Virtual Router Redundancy Protocol) ishobora gukoreshwa mu gusubirwamo, iracyafite ibyago.
○Imbogamizi ku mikorereUrujya n'uruza rw'abantu bose bava iburasirazuba bajya iburengerazuba (itumanaho hagati ya seriveri) rigomba kunyura mu irembo, bigatuma inzira idakora neza. Urugero, mu itsinda ry'amanode 1000, niba umuvuduko w'irembo ari 100Gbps, umuvuduko w'amajwi ushobora kubaho mu masaha menshi.
○Kudakwirakwira nezaUko umuvuduko w'itumanaho ugenda wiyongera, umutwaro w'irembo wiyongera cyane. Mu rugero rw'ukuri, nabonye ikigo cy'imari gikoresha ikigo cy'itumanaho gihuriweho. Mbere na mbere, cyagendaga neza, ariko nyuma y'uko umubare wa VM wikubye kabiri, gutinda kwazamutse cyane kuva kuri microsecond kugera kuri milisegonda.
Uburyo bwo Gukoresha: Bikwiriye ahantu hasaba koroshya imicungire, nko mu bicu by’abikorera cyangwa imiyoboro y’igerageza. Imiterere ya Cisco ya ACI ikunze gukoresha icyitegererezo gihuriweho, hamwe n’imiterere y’amababi n’umugongo, kugira ngo habeho imikorere myiza y’amarembo y’ibanze.
Irembo rya VXLAN rikwirakwijwe
Irembo rya VXLAN rikwirakwijwe, rizwi kandi nka gateway ikwirakwijwe cyangwa anycast gateway, rishyira imikorere ya gateway kuri buri switch ya leaf cyangwa hypervisor VTEP. Buri VTEP ikora nk'irembo ryo mu gace, rikoresha L3 forwarding kuri subnet yo mu gace.
Ihame riragoye: buri VTEP ishyirwaho na IP (VIP) imwe nk'iy'irembo risanzwe, hakoreshejwe uburyo bwa Anycast. Paketi zoherezwa na VM zinyuzwa kuri VTEP yo mu gace, nta kunyura ahantu hanini. EVPN ni ingirakamaro cyane hano: binyuze muri BGP EVPN, VTEP yiga inzira z'abakoresha interineti ba kure kandi igakoresha MAC/IP bifunga kugira ngo hirindwe ko ARP yuzura.
Urugero, VM A (10.1.1.10) irashaka kwinjira muri VM B (10.2.1.10). Irembo rya VM A risanzwe ni VIP ya VTEP yo mu gace (10.1.1.1). VTEP yo mu gace ijya kuri subnet ijya aho igenewe, ishyiramo paki ya VXLAN, hanyuma ikayohereza kuri VTEP ya VM B. Iyi nzira igabanya inzira n'igihe cyo gutinda.
Ibyiza Bidasanzwe:
○ Ifite ubushobozi bwo kwaguka cyaneGukwirakwiza imikorere y'irembo kuri buri node byongera ingano y'umuyoboro, ibyo bikaba ingirakamaro ku miyoboro minini. Abatanga serivisi nini zo mu bicu nka Google Cloud bakoresha uburyo nk'ubwo kugira ngo bashyigikire miliyoni za VM.
○Imikorere myiza cyaneUrujya n'uruza rw'abantu kuva mu burasirazuba kugera mu burengerazuba rutunganywa mu gace runaka kugira ngo hirindwe inzitizi. Amakuru y'igerageza agaragaza ko umusaruro ushobora kwiyongeraho 30%-50% mu buryo bwo gukwirakwiza amakuru.
○Gukira amakosa byihuseIkosa rimwe rya VTEP rigira ingaruka gusa kuri host yo muri ako gace, rigasiga izindi nodes zidahinduka. Iyo ukoresheje EVPN yihuta, igihe cyo kugarura amakuru ni mu masegonda make.
○Imikoreshereze myiza y'umutungoKoresha chip ya ASIC isanzweho ya Leaf switch kugira ngo wihutishe ibikoresho, hamwe n'igipimo cyo kohereza kigera ku rwego rwa Tbps.
Ni izihe mbogamizi?
○ Imiterere igoyeBuri VTEP isaba imiterere y'inzira, EVPN, n'ibindi bikoresho, bigatuma gutangira gukoresha porogaramu bifata igihe kinini. Itsinda rishinzwe ibikorwa rigomba kuba rimenyereye BGP na SDN.
○Ibikoresho by'ikoranabuhanga bikenerwa cyaneIrembo rikwirakwizwa: Si swichi zose zishyigikira inzira zikwirakwizwa; Broadcom Trident cyangwa Tomahawk chips zirakenewe. Porogaramu (nka OVS kuri KVM) ntizikora neza nk'ibikoresho bya mudasobwa.
○Imbogamizi zo Guhuza IbitekerezoDistributed bivuze ko state synchronization ishingiye kuri EVPN. Iyo BGP session ihindagurika, ishobora gutera umwobo w'umukara wo kurondora.
Uburyo bwo Gukoresha: Ni byiza cyane ku bigo bitanga amakuru bya hyperscale cyangwa ibicu rusange. Router ya VMware NSX-T ikwirakwizwa ni urugero rusanzwe. Iyo ihujwe na Kubernetes, ishyigikira neza uburyo bwo guhuza amakontenari.
Irembo rya VxLAN rihuriweho hagati ugereranije n'irembo rya VxLAN rikwirakwizwa
Noneho tujye ku ndunduro: ni ikihe cyiza kurushaho? Igisubizo ni "biterwa", ariko tugomba gucukumbura cyane amakuru n'inyigo z'ibyabaye kugira ngo tubyemeze.
Mu buryo bw'imikorere, sisitemu zikwirakwizwa zirusha cyane. Mu gipimo gisanzwe cyo mu kigo cy'amakuru (gishingiye ku bikoresho byo gupima bya Spirent), impuzandengo y'igihe cyo gutinda kw'irembo ryihariye yari 150μs, mu gihe icy'irembo ryihariye cyari 50μs gusa. Mu bijyanye n'uburyo bwo gusohora, sisitemu zikwirakwizwa zishobora kugera ku buryo bworoshye ku isonga ry'umurongo kuko zikoresha uburyo bwa ECMP (Spine-Leaf Equal Cost Multi-Path).
Gushobora kwaguka ni ikindi kibuga cy’intambara. Imiyoboro ihuriweho n’abantu benshi ikwiriye imiyoboro ifite nodes 100-500; uretse iki gipimo, imiyoboro ihuriweho n’abantu benshi iratsinda. Fata urugero rwa Alibaba Cloud. VPC yabo (Virtual Private Cloud) ikoresha inzira za VXLAN zihuriweho kugira ngo ifashe abakoresha babarirwa muri za miriyoni ku isi, hamwe n’igihe cyo gutinda mu gace kamwe kiri munsi ya 1ms. Uburyo bwo guhurira hamwe bwari gusenyuka kera cyane.
Bite se ku kiguzi? Igisubizo gihuriweho gitanga ishoramari rito ku ntangiriro, gisaba inzira nke zo mu rwego rwo hejuru. Igisubizo gikwirakwizwa gisaba utudomo twose tw’amababi kugira ngo gishyigikire VXLAN offloading, bigatuma ikiguzi cyo kuvugurura ibikoresho byiyongera. Ariko, mu gihe kirekire, igisubizo gikwirakwizwa gitanga ikiguzi gito cya O&M, kuko ibikoresho by’ikoranabuhanga nka Ansible bifasha gushyiraho batch configuration.
Umutekano n'ubwirinzi: Sisitemu zihuriweho zorohereza uburinzi buhuriweho ariko ziteza ibyago byinshi byo kugaba igitero kimwe. Sisitemu zihuriweho zirakomeye ariko zisaba urwego rukomeye rwo kugenzura kugira ngo hirindwe ibitero bya DDoS.
Inyigo y’ibyabaye mu buzima busanzwe: Isosiyete y’ubucuruzi bwo kuri interineti yakoresheje VXLAN yo mu rwego rwo hejuru kugira ngo yubake urubuga rwayo. Mu bihe by’akazi kenshi, ikoreshwa rya CPU ryazamutse rigera kuri 90%, bituma abakoresha binubira gutinda. Guhindura uburyo bwo gukwirakwiza byakemuye ikibazo, bituma isosiyete ishobora gukuba kabiri mu buryo bworoshye. Ku rundi ruhande, banki ntoya yashimangiye uburyo bwo gukwirakwiza kuko yashyize imbere igenzura ry’amategeko kandi yasanze imicungire yayo yoroshye.
Muri rusange, niba ushaka imikorere n'ubunini bukabije bw'umuyoboro w'itumanaho, uburyo bwo gukwirakwiza amakuru ni bwo buryo bwiza bwo gukurikiza. Niba ingengo y'imari yawe ari nke kandi itsinda ryawe ry'ubuyobozi ridafite uburambe, uburyo bwo gukwirakwiza amakuru buzaba ingirakamaro kurushaho. Mu gihe kizaza, hamwe n'izamuka rya 5G na edge computing, imiyoboro ikwirakwiza amakuru izarushaho gukundwa, ariko imiyoboro ihuza amakuru izaba igifite akamaro mu bihe runaka, nko guhuza ibiro by'ishami.
Abahuza ba Mylinking™ Network Packetgushyigikira VxLAN, VLAN, GRE, MPLS Header Stripping
Yashyigikiye umutwe wa VxLAN, VLAN, GRE, MPLS wakuwe mu ipaki y'amakuru y'umwimerere hanyuma woherezwa.
Igihe cyo kohereza: Ukwakira-09-2025
