Kugirango tuganire kumarembo ya VXLAN, tugomba kubanza kuganira kuri VXLAN ubwayo. Wibuke ko VLANs gakondo (Virtual Local Area Networks) ikoresha indangamuntu 12-biti ya VLAN kugirango igabanye imiyoboro, ishyigikira imiyoboro igera kuri 4096. Ibi bikora neza kumurongo muto, ariko mubigo byamakuru bigezweho, hamwe nibihumbi byabo byimashini ziboneka, kontineri, hamwe nibidukikije bikodeshwa, VLANs ntabwo ihagije. VXLAN yavutse, isobanurwa na Task Force ya Internet Engineering Task Force (IETF) muri RFC 7348.Intego yayo nukwagura umurongo wa Layeri 2 (Ethernet) kumurongo wa Layeri 3 (IP) ukoresheje tunel ya UDP.
Muri make, VXLAN ikubiyemo ama frame ya Ethernet mumapaki ya UDP kandi ikongeramo 24-biti ya VXLAN Network Identifier (VNI), ifasha muburyo bwa miriyoni 16. Ibi ni nko guha buri rusobe rusanzwe "indangamuntu," ubemerera kugenda mu bwisanzure ku muyoboro w’umubiri utabangamiye undi. Ibice byingenzi bigize VXLAN ni VXLAN Umuyoboro wanyuma (VTEP), ishinzwe kubika no gupfunyika paki. VTEP irashobora kuba software (nka Gufungura vSwitch) cyangwa ibyuma (nka chip ya ASIC kuri switch).
Kuki VXLAN ikunzwe cyane? Kuberako ihuza neza nibikenewe byo kubara ibicu na SDN (Software-Defined Networking). Mu bicu rusange nka AWS na Azure, VXLAN ituma kwagura byimazeyo imiyoboro yabapangayi. Mubigo byigenga byamakuru, bishyigikira imiyoboro yububiko bwa VMware NSX cyangwa Cisco ACI. Tekereza amakuru yikigo hamwe na seriveri ibihumbi, buri kimwe gikoresha VM nyinshi (Imashini ziboneka). VXLAN yemerera aba VM kwiyumvamo nk'igice kimwe cy'urusobe rumwe rwa Layeri 2, bigatuma ihererekanyabubasha rya ARP ryamamaza n'ibisabwa DHCP.
Ariko, VXLAN ntabwo ari umuti. Gukorera kumurongo wa L3 bisaba guhinduka L2-kuri-L3, niho irembo ryinjirira. Irembo rya VXLAN rihuza umuyoboro wa VXLAN numuyoboro wo hanze (nka VLAN gakondo cyangwa imiyoboro ya IP), byemeza ko amakuru ava mwisi yisi yose kwisi. Uburyo bwo kohereza imbere ni umutima nubugingo by irembo, bigena uko paki zitunganywa, zikoreshwa, kandi zigakwirakwizwa.
Ibikorwa byo kohereza VXLAN ni nka ballet yoroheje, hamwe na buri ntambwe kuva aho iva igana. Reka tubigabanye intambwe ku yindi.
Ubwa mbere, paki yoherejwe kuva isoko yakiriye (nka VM). Nibisanzwe bisanzwe bya Ethernet ikubiyemo inkomoko ya MAC adresse, aho MAC yerekeza, tagi ya VLAN (niba ihari), hamwe nu mutwaro. Iyo wakiriye iyi ngingo, isoko VTEP igenzura aho MAC igana. Niba aho MAC igana iri mumeza yayo ya MAC (yabonetse binyuze mukwiga cyangwa umwuzure), izi VTEP ya kure yohereza paki kuri.
Igikorwa cyo gukuramo ni ingenzi: VTEP yongeramo umutwe wa VXLAN (harimo na VNI, amabendera, nibindi), hanyuma umutwe wa UDP wo hanze (hamwe nicyambu cyaturutse hashingiwe kuri hash kumurongo wimbere hamwe nicyambu cyagenwe cya 4789), umutwe wa IP (hamwe na aderesi ya IP ya VTEP yaho hamwe na IP ya enterineti ya kure ya VTEP). Ipaki yose ubu igaragara nkipaki ya UDP / IP, isa nkumuhanda usanzwe, kandi irashobora kunyuzwa kumurongo wa L3.
Kumurongo wumubiri, paki yoherejwe na router cyangwa guhinduranya kugeza igeze aho VTEP igana. Icyerekezo VTEP yiyambuye umutwe winyuma, igenzura umutwe wa VXLAN kugirango urebe neza ko VNI ihuye, hanyuma igatanga ikadiri yimbere ya Ethernet imbere aho yakiriye. Niba paki itazwi unicast, isakaza, cyangwa traffic nyinshi (BUM), VTEP yigana paki kuri VTEP zose zijyanye no gukoresha umwuzure, ishingiye kumatsinda menshi cyangwa kwigana imitwe ya unicast (HER).
Intangiriro yihame ryimbere ni ugutandukanya indege igenzura nindege yamakuru. Indege igenzura ikoresha Ethernet VPN (EVPN) cyangwa Umwuzure no Kwiga uburyo bwo kwiga amakarita ya MAC na IP. EVPN ishingiye kuri protocole ya BGP kandi yemerera VTEP guhana amakuru yamakuru, nka MAC-VRF (Virtual Routing and Forwarding) na IP-VRF. Indege yamakuru ishinzwe kohereza imbere, ikoresheje tunel ya VXLAN kugirango ikwirakwizwa neza.
Ariko, mubikorwa byoherejwe, gukora neza bigira ingaruka kumikorere. Umwuzure gakondo urashobora gutera byoroshye umuyaga mwinshi, cyane cyane mumiyoboro minini. Ibi biganisha ku gukenera amarembo meza: amarembo ntabwo ahuza imiyoboro yimbere n’imbere gusa ahubwo ikora nka porokisi ya ARP ikora, ikemura inzira, kandi ikemeza inzira ngufi zigana imbere.
Irembo rya VXLAN Hagati
Irembo rya VXLAN ryashyizwe hamwe, ryitwa kandi irembo ryegereye cyangwa irembo rya L3, mubisanzwe byoherejwe kumpera cyangwa murwego rwibanze rwikigo. Ikora nka hub rwagati, inyuramo inzira zose zambukiranya VNI cyangwa cross-subnet zigomba kunyura.
Ihame, irembo ryibanze rikora nkirembo risanzwe, ritanga serivise ya Layeri 3 kumurongo wose wa VXLAN. Suzuma VNI ebyiri: VNI 10000 (subnet 10.1.1.0/24) na VNI 20000 (subnet 10.2.1.0/24). Niba VM A muri VNI 10000 ishaka kugera kuri VM B muri VNI 20000, paki ibanza kugera kuri VTEP yaho. VTEP yaho isanga aderesi ya IP igenewe itari kuri subnet yaho hanyuma ikohereza kumarembo yegeranye. Irembo ryangiza paki, rifata icyemezo cyo kunyura, hanyuma ryongera gufunga paki mumurongo ugana VNI.
Ibyiza biragaragara:
Management Ubuyobozi bworoshyeIbishushanyo mbonera byose byashyizwe kumurongo umwe cyangwa ibiri, bituma abashoramari bakomeza amarembo make yo gutwikira umuyoboro wose. Ubu buryo bukwiranye namakuru mato mato mato cyangwa ibidukikije bikoresha VXLAN kunshuro yambere.
○Ibikoresho nezaIrembo ni ibyuma bikora cyane (nka Cisco Nexus 9000 cyangwa Arista 7050) ishoboye gutwara ibinyabiziga byinshi. Indege igenzura ihuriweho, yorohereza kwishyira hamwe nabagenzuzi ba SDN nka Manager wa NSX.
○Igenzura rikomeye ry'umutekanoImodoka igomba kunyura mumarembo, byorohereza ishyirwa mubikorwa rya ACLs (Urutonde rwo kugenzura), firewall, na NAT. Tekereza ibintu byinshi-bikodeshwa aho irembo ryegereye rishobora gutandukanya byoroshye abapangayi.
Ariko ibitagenda neza ntibishobora kwirengagizwa:
Ingingo imwe yo gutsindwaNiba irembo ryananiranye, itumanaho rya L3 murusobe rwose rurahagarara. Nubwo VRRP (Virtual Router Redundancy Protocol) ishobora gukoreshwa mubucucike, iracyafite ingaruka.
○Imikorere idahwitseImodoka zose zi burasirazuba-uburengerazuba (itumanaho hagati ya seriveri) zigomba kurenga amarembo, bikavamo inzira idahwitse. Kurugero, muri cluster ya 1000-node, niba umurongo wa enterineti ari 100Gbps, ubwinshi bwikibazo gishobora kubaho mugihe cyamasaha.
○Ubunini bukeMugihe urusobe rwiyongera, umutwaro winjira wiyongera cyane. Murugero rwukuri-rwisi, Nabonye ikigo cyimari yimari nkoresheje amarembo yibanze. Ku ikubitiro, yagenze neza, ariko nyuma yumubare wa VM wikubye kabiri, ubukererwe bwiyongereye kuva kuri microseconds kugeza kuri milisegonda.
Ikoreshwa rya Porogaramu: Birakwiriye kubidukikije bisaba ubuyobozi bworoshye bworoshye, nkibicu byigenga byigenga cyangwa imiyoboro yikizamini. Ubwubatsi bwa ACI bwa Cisco bukunze gukoresha moderi yibanze, ihujwe na topologiya yibibabi-umugongo, kugirango ikore neza amarembo yibanze.
Ikwirakwizwa rya VXLAN Irembo
Irembo ryagabanijwe rya VXLAN, rizwi kandi nk'irembo ryagabanijwe cyangwa irembo iryo ari ryo ryose, risohora imikorere y'irembo kuri buri kibabi cyangwa hypervisor VTEP. Buri VTEP ikora nk'irembo ryaho, ikora L3 yohereza kuri subnet yaho.
Ihame riroroshye guhinduka: buri VTEP igizwe na IP imwe (VIP) nki irembo risanzwe, ukoresheje uburyo bwa Anycast. Amapaki yambukiranya-yoherejwe na VMs anyuzwa kuri VTEP yaho, bitabaye ngombwa ko unyura mu ngingo nkuru. EVPN ni ingirakamaro cyane hano: binyuze muri BGP EVPN, VTEP yiga inzira zabakiriya ba kure kandi ikoresha MAC / IP guhuza kugirango wirinde umwuzure wa ARP.
Kurugero, VM A (10.1.1.10) irashaka kugera kuri VM B (10.2.1.10). Irembo rya VM A risanzwe ni VIP ya VTEP yaho (10.1.1.1). Inzira za VTEP zaho zerekeza kuri subnet igana, ikubiyemo paki ya VXLAN, ikohereza kuri VTEP ya VM B. Iyi nzira igabanya inzira nubukererwe.
Ibyiza bidasanzwe:
Ubunini bukeGukwirakwiza amarembo kuri buri node byongera ubunini bwurusobe, bifitiye akamaro imiyoboro minini. Abatanga ibicu binini nka Google Cloud bakoresha uburyo busa bwo gushyigikira miliyoni za VM.
○Imikorere isumba iyindiUmuhanda wiburasirazuba-uburengerazuba utunganyirizwa mugace kugirango wirinde icyuho. Ikizamini cyibizamini byerekana ko ibicuruzwa bishobora kwiyongera 30% -50% muburyo bwagabanijwe.
○Gukosora amakosa vubaKunanirwa kwa VTEP bigira ingaruka gusa kubakira hafi, hasigara izindi node zitagize ingaruka. Uhujije na EVPN yihuta, igihe cyo gukira kiri mumasegonda.
○Gukoresha neza umutungoKoresha ibibabi bihari ASIC chip kugirango yihutishe ibyuma, hamwe nibiciro byoherejwe bigera kurwego rwa Tbps.
Ni izihe ngaruka mbi?
IbonezaBuri VTEP isaba iboneza rya routing, EVPN, nibindi bikoresho, bigatuma gahunda yo gutangira itwara igihe. Itsinda ryibikorwa rigomba kuba rimenyereye BGP na SDN.
○Ibyangombwa bisabwa cyaneIrembo ryatanzwe: Ntabwo abahindura bose bashyigikira amarembo yagabanijwe; Broadcom Trident cyangwa Tomahawk chip irakenewe. Gushyira mu bikorwa porogaramu (nka OVS kuri KVM) ntabwo ikora neza nk'ibyuma.
○Ibibazo byo guhuzagurikaIkwirakwizwa bivuze ko guhuza leta gushingiye kuri EVPN. Niba isomo rya BGP rihindagurika, birashobora gutera inzira yumukara.
Porogaramu Ikoreshwa: Byuzuye kuri hyperscale data center cyangwa ibicu rusange. VMware NSX-T yagabanijwe ya router ni urugero rusanzwe. Uhujwe na Kubernetes, ishyigikira bidasubirwaho imiyoboro ya kontineri.
Irembo rya VxLAN Hagati hamwe na VxLAN Irembo
Noneho kugeza ku ndunduro: niyihe nziza? Igisubizo ni "biterwa", ariko tugomba gucukumbura cyane mumibare hamwe nubushakashatsi bwakozwe kugirango twemeze.
Uhereye kubikorwa, sisitemu yagabanijwe irarenze neza. Mubipimo bisanzwe byamakuru (bishingiye kubikoresho byo gupima Spirent), impuzandengo yubukererwe bw irembo ryagizwe hagati ya 150μs, mugihe iyakwirakwijwe yari 50μs gusa. Kubijyanye no kwinjiza, sisitemu yagabanijwe irashobora kugera byoroshye kumurongo-igipimo cyohereza imbere kuko bakoresha umugongo-ibibabi bingana nigiciro kinini-Inzira (ECMP).
Ubunini ni urundi rugamba. Imiyoboro ihuriweho ikwiranye numuyoboro ufite imitwe 100-500; kurenga iki gipimo, imiyoboro ikwirakwizwa yunguka imbaraga. Fata Igicu cya Alibaba. VPC yabo (Virtual Private Cloud) ikoresha amarembo ya VXLAN yagabanijwe kugirango ifashe miliyoni zabakoresha kwisi yose, hamwe nubukererwe bwakarere kamwe munsi ya 1ms. Uburyo bukomatanyije bwaba bwarasenyutse kera.
Tuvuge iki ku biciro? Igisubizo gikomatanyije gitanga ishoramari ryambere ryambere, bisaba amarembo make yohejuru. Igisubizo cyatanzwe gisaba amababi yose kugirango ashyigikire VXLAN yikuramo, biganisha kumafaranga yo kuzamura ibyuma byinshi. Ariko, mugihe kirekire, igisubizo cyatanzwe gitanga igiciro gito cya O&M, nkibikoresho byikora nka Ansible bifasha ibice.
Umutekano no kwizerwa: Sisitemu yibanze yorohereza kurinda hagati ariko bitera ibyago byinshi byingingo imwe yibitero. Sisitemu yatanzwe irakomeye ariko irasaba indege igenzura ikomeye kugirango ikumire ibitero bya DDoS.
Ubushakashatsi bwakozwe ku isi: Isosiyete ikora e-ubucuruzi yakoresheje VXLAN ikomatanyije mu kubaka urubuga rwayo. Mugihe cyibihe byinshi, imikoreshereze y amarembo ya CPU yazamutse igera kuri 90%, biganisha kubakoresha kwijujuta. Guhindukira kuri moderi yagabanijwe byakemuye ikibazo, bituma sosiyete yikuba kabiri igipimo cyayo. Ku rundi ruhande, banki nto yashimangiye icyitegererezo gikomatanyije kuko bashyize imbere igenzura ryubahirizwa kandi basanga ubuyobozi bwibanze bworoshye.
Muri rusange, niba ushaka imikorere ikabije yumurongo nubunini, uburyo bwagabanijwe ninzira nzira. Niba bije yawe ari nto kandi itsinda ryanyu rishinzwe kuyobora rikaba ridafite uburambe, inzira yibanze irakenewe. Mu bihe biri imbere, hamwe no kuzamuka kwa 5G hamwe no kubara mudasobwa, imiyoboro ikwirakwizwa izarushaho gukundwa, ariko imiyoboro ikomatanyije izakomeza kuba ingirakamaro mu bihe byihariye, nko guhuza ibiro by’ishami.
Mylinking ™ Umuyoboro wa Packet Brokersshyigikira VxLAN, VLAN, GRE, Umutwe wa MPLS
Bishyigikiye VxLAN, VLAN, GRE, MPLS umutwe wambuwe mumapaki yumwimerere hanyuma wohereze ibisohoka.
Igihe cyo kohereza: Ukwakira-09-2025
