Hei matapaki i ngā kuwaha VXLAN, me matapaki tuatahi tātou i a VXLAN tonu. Kia mahara ko ngā VLAN tuku iho (Whatunga Rohe Mariko) e whakamahi ana i ngā ID VLAN 12-bit hei wehewehe i ngā whatunga, e tautoko ana i ngā whatunga arorau tae atu ki te 4096. He pai te mahi a tēnei mō ngā whatunga iti, engari i roto i ngā pokapū raraunga hou, me ā rātou mano tini mīhini mariko, ipu, me ngā taiao maha-kainoho, kāore e ranea ngā VLAN. I whānau mai a VXLAN, i tautuhia e te Internet Engineering Task Force (IETF) i roto i te RFC 7348. Ko tana kaupapa he whakawhānui i te rohe pāhotanga Layer 2 (Ethernet) ki runga i ngā whatunga Layer 3 (IP) mā te whakamahi i ngā kauhanga UDP.
Ki te whakarāpopototanga, ka whakakōpirihia e VXLAN ngā anga Ethernet ki roto i ngā mōkihi UDP, ā, ka tāpirihia he Tautuhi Whatunga VXLAN 24-moka (VNI), e tautoko ana i te 16 miriona whatunga mariko. He rite tēnei ki te hoatu i tētahi "kāri tuakiri" ki ia whatunga mariko, e āhei ai rātou ki te neke noa i runga i te whatunga tūturu me te kore e pokanoa tetahi ki tetahi. Ko te wāhanga matua o VXLAN ko te VXLAN Tunnel End Point (VTEP), e kawenga ana mō te whakakōpiri me te wetewete i ngā mōkihi. Ka taea e te VTEP te pūmanawa (pēnei i te Open vSwitch) te taputapu rānei (pēnei i te maramara ASIC i runga i te pana).
He aha te rongonui o VXLAN? Nā te mea he tino ōrite ki ngā hiahia o te rorohiko kapua me te SDN (Whatunga Tautuhi-Pūmanawa). I roto i ngā kapua tūmatanui pērā i a AWS me Azure, ka taea e VXLAN te whakawhānui i ngā whatunga mariko a ngā kairēti. I roto i ngā pokapū raraunga tūmataiti, ka tautokohia e ia ngā hoahoa whatunga paparua pērā i a VMware NSX, Cisco ACI rānei. Whakaarohia he pokapū raraunga me ngā mano tini o ngā tūmau, ia ia e whakahaere ana i ngā tekau mā rua VM (Mīhini Mariko). Mā VXLAN ka taea e ēnei VM te kite i a rātou anō hei wāhanga o te whatunga Papa 2 kotahi, kia pai ai te tuku o ngā pāhotanga ARP me ngā tono DHCP.
Heoi, ehara a VXLAN i te rongoā whakaora. Ko te whakahaere i runga i te whatunga L3 me huri te L2-ki-L3, koinei te wāhi e whai hua ai te keti. Ka hono te keti VXLAN i te whatunga mariko VXLAN ki ngā whatunga o waho (pērā i ngā VLAN tuku iho, ngā whatunga ara IP rānei), kia pai ai te rere o ngā raraunga mai i te ao mariko ki te ao tūturu. Ko te tikanga tuku iho te ngākau me te wairua o te keti, e whakatau ana me pēhea te tukatuka, te arahi, me te tohatoha i ngā mōkihi.
He rite te tukanga tuku VXLAN ki tētahi kanikani ātaahua, e hono tata ana ia taahiraa mai i te pūtake ki te ūnga. Me wehewehe e tātou i ia taahiraa.
Tuatahi, ka tukuna he mōkihi mai i te kaihautū pūtake (pēnei i te VM). He anga Ethernet paerewa tēnei kei roto te wāhitau MAC pūtake, te wāhitau MAC ūnga, te tohu VLAN (mēnā he), me te kawenga. Ina whiwhi i tēnei anga, ka tirohia e te VTEP pūtake te wāhitau MAC ūnga. Mena kei roto i tana ripanga MAC te wāhitau MAC ūnga (i whiwhihia mā te ako, mā te waipuke rānei), ka mōhio ia ko tēhea VTEP mamao hei tuku i te mōkihi.
He mea nui te tukanga whakakōpaki: ka tāpirihia e te VTEP he pane VXLAN (tae atu ki te VNI, ngā haki, me ērā atu), kātahi ka tāpirihia he pane UDP o waho (me te tauranga pūtake i runga i te tohu o te anga o roto me te tauranga ūnga pumau o te 4789), he pane IP (me te wāhitau IP pūtake o te VTEP ā-rohe me te wāhitau IP ūnga o te VTEP mamao), ā, hei whakamutunga, he pane Ethernet o waho. Inaianei ka puta te mōkihi katoa hei mōkihi UDP/IP, he rite ki te waka noa, ā, ka taea te arahi i runga i te whatunga L3.
I runga i te whatunga ā-tinana, ka tukuna te mōkihi e te pouara, e te pana rānei kia tae rā anō ki te VTEP ūnga. Ka tangohia e te VTEP ūnga te pane o waho, ka tirohia te pane VXLAN kia ōrite ai te VNI, kātahi ka tukuna te anga Ethernet o roto ki te kaihautū ūnga. Mena he waka unicast, broadcast, multicast rānei (BUM) te mōkihi e kore e mōhiotia, ka tāruatia e te VTEP te mōkihi ki ngā VTEP katoa e tika ana mā te whakamahi i te waipuke, e whakawhirinaki ana ki ngā rōpū multicast, ki te tāruatanga pane unicast rānei (HER).
Ko te kaupapa matua o te tuku whakamua ko te wehenga o te papa whakahaere me te papa raraunga. Ka whakamahia e te papa whakahaere te Ethernet VPN (EVPN) te tikanga Flood and Learn rānei hei ako i ngā mahere MAC me IP. Ko te EVPN e hangai ana ki te kawa BGP, ā, ka taea e ngā VTEP te whakawhitiwhiti mōhiohio ara, pērā i te MAC-VRF (Virtual Routing and Forwarding) me te IP-VRF. Ko te papa raraunga te kawenga mō te tuku whakamua tuturu, mā te whakamahi i ngā kauhanga VXLAN mō te tuku pai.
Heoi, i roto i ngā whakatinanatanga tūturu, ka pā tika te pai o te tuku whakamua ki te mahi. Ka taea e te waipuke tuku iho te whakaputa i ngā awha pāho, inā koa i roto i ngā whatunga nui. Ka arahina tēnei ki te hiahia mō te arotau i te kuwaha: ehara i te mea ko ngā kuwaha anake e hono ana i ngā whatunga ā-roto me ā-waho engari ka mahi anō hoki hei māngai ARP māngai, e whakahaere ana i ngā turuturu ara, ā, e whakarite ana i ngā ara tuku whakamua poto rawa.
Kūaha VXLAN Pokapū
Ko te kuwaha VXLAN pokapū, e kiia ana hoki he kuwaha pokapū, he kuwaha L3 rānei, ka whakatakotoria i te taha, i te paparanga matua rānei o te pokapū raraunga. Ka mahi hei pokapū pokapū, e tika ana kia haere ngā waka whakawhiti-VNI, whakawhiti-whatunga iti rānei mā roto.
Ko te tikanga, he kuwaha pokapū te kuwaha taunoa, e whakarato ana i ngā ratonga ararau Papa 3 mō ngā whatunga VXLAN katoa. Whakaarohia kia rua ngā VNI: VNI 10000 (whatunga iti 10.1.1.0/24) me VNI 20000 (whatunga iti 10.2.1.0/24). Mena kei te hiahia a VM A i roto i te VNI 10000 ki te uru atu ki a VM B i roto i te VNI 20000, ka tae tuatahi te mōkihi ki te VTEP ā-rohe. Ka kitea e te VTEP ā-rohe kāore te wāhitau IP ūnga i runga i te whatunga iti ā-rohe, ā, ka tukuna atu ki te kuwaha pokapū. Ka wetewetehia e te kuwaha te mōkihi, ka whakatau ararau, kātahi ka tāpirihia anō te mōkihi ki roto i te kauhanga ki te VNI ūnga.
He mārama ngā painga:
○ Whakahaere māmāKa whakapūmauhia ngā whirihoranga ara katoa ki runga i te kotahi, i ngā taputapu e rua rānei, ā, ka taea e ngā kaiwhakahaere te pupuri i ētahi kēti torutoru hei kapi i te whatunga katoa. He pai tēnei huarahi mō ngā pokapū raraunga iti me te rahi, ngā taiao rānei e whakamahi ana i te VXLAN mō te wā tuatahi.
○He whai hua ki ngā rauemiKo ngā kuwaha he taputapu mahi-teitei (pērā i te Cisco Nexus 9000, Arista 7050 rānei) e kaha ana ki te whakahaere i te nui o ngā waka. He pokapū te papa whakahaere, e āwhina ana i te whakaurunga ki ngā kaiwhakahaere SDN pērā i te NSX Manager.
○Mana whakahaere haumaru kahaMe haere ngā waka mā te kuwaha, kia māmā ake ai te whakatinanatanga o ngā ACL (Rārangi Mana Uru), ngā pareā ahi, me te NAT. Whakaarohia he horopaki maha-kainoho ka taea e te kuwaha pokapū te wehe ngāwari i ngā waka kainoho.
Engari kāore e taea te wareware i ngā ngoikoretanga:
○ Te pūwāhi kotahi o te rahungaKi te kore e rahua te kuwaha, ka kore e taea te whakawhitiwhiti kōrero L3 puta noa i te whatunga katoa. Ahakoa ka taea te whakamahi i te VRRP (Virtual Router Redundancy Protocol) mō te redundancy, he mōrearea tonu kei roto.
○Te aukati mahiMe karohia te kuwaha e ngā waka katoa e ahu mai ana i te rawhiti ki te hauauru (te whakawhitiwhiti kōrero i waenga i ngā tūmau), ka hua ake he ara kāore i te tino pai. Hei tauira, i roto i tētahi rōpū 1000-pūnga, ki te 100Gbps te whānui o te kuwaha, tera pea ka puta he raruraru i ngā hāora pīki.
○Te ngoikore o te tauineI te tipu haere o te tauine whatunga, ka piki haere te kawenga o te kuwaha. I roto i tētahi tauira o te ao tūturu, kua kite ahau i tētahi pokapū raraunga pūtea e whakamahi ana i tētahi kuwaha pokapū. I te tīmatanga, i pai te oma, engari i muri i te pikinga o te maha o ngā VM, ka piki haere te whakaroa mai i ngā maikorohekona ki ngā mirihekona.
Horopaki Taupānga: He pai mō ngā taiao e hiahia ana kia māmā te whakahaere, pērā i ngā kapua tūmataiti hinonga, i ngā whatunga whakamātautau rānei. He maha ngā wā ka whakamahia e te hoahoa ACI a Cisco tētahi tauira pokapū, me te āhua rau-tuara, hei whakarite i te mahi whai hua o ngā kuwaha matua.
VXLAN Gateway Tohatoha
Ka tukuna e te kuwaha VXLAN tohatoha, e mōhiotia ana ko te kuwaha tohatoha, ko te kuwaha anycast rānei, te mahi kuwaha ki ia pana rau, ki ia VTEP hypervisor rānei. Ka mahi ia VTEP hei kuwaha ā-rohe, e whakahaere ana i te tuku L3 mō te whatunga iti ā-rohe.
He ngāwari ake te mātāpono: ka whirihorahia ia VTEP ki te IP mariko (VIP) rite tonu ki te kuwaha taunoa, mā te whakamahi i te tikanga Anycast. Ka tukuna tika ngā mōkihi whatunga-whiti e tukuna ana e ngā VM ki runga i te VTEP ā-rohe, me te kore e haere mā roto i tētahi pūwāhi pokapū. He tino whai hua te EVPN i konei: mā te BGP EVPN, ka ako te VTEP i ngā ara o ngā kaihautū mamao, ā, ka whakamahi i te here MAC/IP hei karo i te waipuke ARP.
Hei tauira, e hiahia ana a VM A (10.1.1.10) ki te uru atu ki a VM B (10.2.1.10). Ko te kuwaha taunoa a VM A ko te VIP o te VTEP ā-rohe (10.1.1.1). Ka tukuna e te VTEP ā-rohe ki te whatunga ūnga, ka whakakōpikopiko i te mōkihi VXLAN, ka tukuna tika atu ki te VTEP a VM B. Mā tēnei tukanga ka whakaitihia te ara me te whakaroa.
Ngā Painga Tino Pai:
○ Te kaha whakawhanuiMā te tohatoha i te mahi a te kuwaha ki ia pūnga ka nui ake te rahi o te whatunga, he mea whai hua tēnei mō ngā whatunga nunui. Ka whakamahia e ngā kaiwhakarato kapua nui pērā i a Google Cloud tētahi tikanga ōrite hei tautoko i ngā miriona VM.
○Mahi tino paiKa tukatukahia ā-rohe te waka mai i te rawhiti ki te hauauru kia kore ai e arai. E whakaatu ana ngā raraunga whakamātautau ka taea te piki ake te rerenga raraunga mā te 30%-50% i te aratau tohatoha.
○Te whakaora tere i te hapaKa pāngia te kaihautū ā-rohe anake e te rahunga VTEP kotahi, ka kore e pāngia ētahi atu pūnga. I te whakakotahitanga me te tere o te huihuinga o te EVPN, ko te wā whakaora kei roto i ngā hēkona.
○Te whakamahinga pai o ngā rauemiWhakamahia te maramara ASIC o te pana Rau mō te whakaterenga taputapu, me ngā tere tuku whakamua ka eke ki te taumata Tbps.
He aha ngā ngoikoretanga?
○ Whirihoranga uauaMe whirihora te ara, te EVPN, me ētahi atu āhuatanga mō ia VTEP, ā, ka roa te wā e pau ana i te tīmatanga o te whakatinanatanga. Me mōhio te tīma whakahaere ki te BGP me te SDN.
○Ngā whakaritenga taputapu teiteiKeti tohatoha: Kāore ngā pana katoa e tautoko i ngā keti tohatoha; me whakamahi maramara Broadcom Trident, Tomahawk rānei. Kāore ngā whakatinanatanga pūmanawa (pēnei i te OVS i runga i te KVM) e mahi pai ana ki te taputapu.
○Ngā Wero o te TūturutangaKo te tikanga o te tohatoha ko te tukutahitanga āhua e whakawhirinaki ana ki te EVPN. Mena ka rerekē te wātū BGP, ka puta pea he pōro pango ara.
Horopaki Taupānga: He tino pai mō ngā pokapū raraunga tauine nui, mō ngā kapua tūmatanui rānei. He tauira noa te pouara tohatoha a VMware NSX-T. I te whakakotahitanga me Kubernetes, ka tautoko pai i te whatunga ipu.
Te Kūaha VxLAN Pokapū me te Kūaha VxLAN Tohatoha
Nā, ki te kaupapa matua: ko tēhea te mea pai ake? Ko te whakautu "kei te āhua", engari me keri hōhonu tātou ki ngā raraunga me ngā rangahau take kia whakamanahia ai koe.
Mai i te tirohanga mahi, he mārama te pai ake o ngā pūnaha tohatoha. I roto i te paearu pokapū raraunga noa (i runga i ngā taputapu whakamātautau Spirent), ko te roanga toharite o te whakaroa o te kuwaha pokapū he 150μs, ko te roanga o te pūnaha tohatoha he 50μs noa iho. Mō te nui o te tuku, ka taea e ngā pūnaha tohatoha te whakatutuki i te tuku tere-rārangi nā te mea ka whakamahia e rātou te ara Spine-Leaf Equal Cost Multi-Path (ECMP).
Ko te āheinga tauine tētahi atu pakanga. He pai ngā whatunga pokapū mō ngā whatunga he 100-500 ngā pona; i tua atu i tēnei tauine, ka whiwhi ngā whatunga tohatoha i te mana nui. Hei tauira, tirohia a Alibaba Cloud. Ka whakamahia e tā rātou VPC (Virtual Private Cloud) ngā kēti VXLAN tohatoha hei tautoko i ngā miriona kaiwhakamahi puta noa i te ao, me te whakaroa kotahi-rohe i raro i te 1ms. Kua roa kē te hinga o tētahi huarahi pokapū.
Ā, me pēhea te utu? He iti ake te haumitanga tuatahi o tētahi otinga pokapū, he torutoru noa ngā kēti teitei e hiahiatia ana. Me tautoko e ngā pona rau katoa te tango i te kawenga VXLAN mō tētahi otinga tohatoha, ka nui ake ngā utu whakapai ake taputapu. Heoi, i te wā roa, he iti ake ngā utu O&M mō tētahi otinga tohatoha, nā te mea ka taea e ngā taputapu aunoatanga pēnei i a Ansible te whakahohe i te whirihoranga puranga.
Haumarutanga me te pono: Ka āwhina ngā pūnaha pokapū i te tiakitanga pokapū engari he nui te mōrearea o ngā whakaekenga takitahi. He pakari ake ngā pūnaha tohatoha engari me whai papa whakahaere pakari hei ārai i ngā whakaekenga DDoS.
He rangahau take o te ao tūturu: I whakamahia e tētahi kamupene hokohoko ipurangi te VXLAN pokapū hei hanga i tana pae. I ngā wā tino pukumahi, i piki ake te whakamahinga o te CPU ki te 90%, ā, i puta ai ngā amuamu a ngā kaiwhakamahi mō te whakaroa. Nā te huri ki tētahi tauira tohatoha i whakatau te raruraru, ā, ka taea e te kamupene te whakaneke rua i tōna tauine. I tetahi atu taha, i tohe tētahi peeke iti ki tētahi tauira pokapū nā te mea i whakatairangahia e rātou ngā arotakenga ture, ā, i kitea he ngāwari ake te whakahaere pokapū.
I te nuinga o te wā, ki te mea kei te rapu koe i te mahi whatunga tino pai me te tauine, ko te huarahi tohatoha te huarahi hei whai. Mena he iti tō tahua, ā, kāore he wheako o tō rōpū whakahaere, he pai ake te huarahi pokapū. I te heke mai, me te pikinga ake o te 5G me te rorohiko taha, ka nui ake te rongonui o ngā whatunga tohatoha, engari ka whai hua tonu ngā whatunga pokapū i roto i ngā āhuatanga motuhake, pēnei i te hononga tari peka.
Ngā Kaihokohoko Mōkihi Whatunga Mylinking™tautoko i te VxLAN, VLAN, GRE, MPLS Te Tango Pane
I tautokona te pane VxLAN, VLAN, GRE, MPLS i tangohia mai i roto i te kete raraunga taketake, ā, i tukuna atu te putanga.
Wā tuku: Oketopa-09-2025
