Ukuxoxa ngamasango e-VXLAN, kufuneka siqale sixoxe ngeVXLAN ngokwayo. Khumbula ukuba iiVLAN zemveli (iiNethiwekhi zoMmandla weNgingqi) zisebenzisa i-ID ye-VLAN ye-12-bit ukwahlula amanethiwekhi, ukuxhasa ukuya kuthi ga kwi-4096 inethiwekhi ezinengqiqo. Oku kusebenza kakuhle kuthungelwano oluncinci, kodwa kumaziko edatha anamhlanje, kunye namawaka awo oomatshini ababonakalayo, izikhongozeli, kunye neendawo zokuhlala ezininzi, iiVLAN azonelanga. I-VXLAN yazalwa, ichazwe yi-Internet Engineering Task Force (IETF) kwi-RFC 7348. Injongo yayo kukwandisa i-Layer 2 (Ethernet) yokusasazwa kwe-domain phezu kwe-Layer 3 (IP) inethiwekhi usebenzisa i-UDP tunnels.
Ukubeka ngokulula, i-VXLAN ifakela iifreyimu ze-Ethernet ngaphakathi kweepakethi ze-UDP kwaye yongeza i-Identifier ye-VXLAN Network ye-24-bit (VNI), ithiyori ixhasa i-16 yezigidi zenethiwekhi. Oku kufana nokunika inethiwekhi nganye yenyani "ikhadi lesazisi," elibavumela ukuba bahambe ngokukhululekileyo kuthungelwano olubonakalayo ngaphandle kokuphazamisana. Inxalenye ephambili ye-VXLAN yi-VXLAN Tunnel End Point (VTEP), ejongene ne-encapsulating and decapsulating packets. I-VTEP inokuba yi-software (efana ne-Open vSwitch) okanye i-hardware (efana netshiphu ye-ASIC ekutshintsheni).
Kutheni iVXLAN ithandwa kangaka? Ngenxa yokuba ihambelana ngokugqibeleleyo neemfuno ze-computing yefu kunye ne-SDN (i-Software-Defined Networking). Kwilifu likawonke-wonke njenge-AWS kunye ne-Azure, i-VXLAN yenza ukuba ulwandiso olungenamthungo lothungelwano lwenyani lwabaqeshi. Kumaziko edatha abucala, ixhasa ulwaleka lwezakhiwo zenethiwekhi njengeVMware NSX okanye iCisco ACI. Yiba nomfanekiso weziko ledatha elinamawakawaka eeseva, nganye iqhuba ii-VM ezininzi (oomatshini ababonakalayo). I-VXLAN ivumela ezi VMs ukuba zizibone njengenxalenye yenethiwekhi efanayo ye-Layer 2, iqinisekisa ukuhanjiswa okuhamba kakuhle kosasazo lwe-ARP kunye nezicelo ze-DHCP.
Nangona kunjalo, i-VXLAN ayisiyiyo i-panacea. Ukusebenza kwinethiwekhi ye-L3 kufuna ukuguqulwa kwe-L2-to-L3, apho isango lingena khona. Isango le-VXLAN lidibanisa inethiwekhi ye-VXLAN ebonakalayo kunye nothungelwano lwangaphandle (njenge-VLANs yendabuko okanye i-IP yomzila wenethiwekhi), iqinisekisa ukuhamba kwedatha ukusuka kwihlabathi elibonakalayo ukuya kwihlabathi lenene. Indlela yokudlulisela phambili yintliziyo kunye nomphefumlo wesango, emisela indlela iipakethi ezicutshungulwa ngayo, zihanjiswa kwaye zisasazwe.
Inkqubo yokudlulisa iVXLAN ifana ne-ballet ethambileyo, kunye nenyathelo ngalinye ukusuka kwindawo ukuya kwindawo edityaniswe ngokusondeleyo. Masiyiqhekeze inyathelo ngenyathelo.
Okokuqala, ipakethe ithunyelwa kwinginginya yemvelaphi (efana neVM). Esi sisakhelo se-Ethernet esiqhelekileyo esiqulethe idilesi yeMAC yomthombo, idilesi ye-MAC yokufikela, i-VLAN tag (ukuba ikhona), kunye nomthwalo wokuhlawula. Ekufumaneni esi sikhokelo, umthombo we-VTEP ujonga idilesi ye-MAC yokusingwa. Ukuba idilesi ye-MAC yendawo ekuyiwa kuyo ikwitafile ye-MAC (efunyenwe ngokufunda okanye ngokukhukula), iyazi ukuba yeyiphi i-VTEP ekude yokudlulisela ipakethi kuyo.
Inkqubo ye-encapsulation ibalulekile: i-VTEP yongeza i-header ye-VXLAN (kubandakanya i-VNI, iiflegi, njalo njalo), emva koko i-header ye-UDP yangaphandle (ene-port yomthombo esekelwe kwi-hash yesakhelo sangaphakathi kunye ne-port esisigxina ye-4789), i-header ye-IP (kunye nedilesi ye-IP yomthombo we-VTEP yendawo yendawo kunye ne-destination ye-VTEP yendawo ekude ekugqibeleni. Ipakethi yonke ngoku ibonakala njengepakethe ye-UDP / IP, ibonakala ngathi i-traffic eqhelekileyo, kwaye inokuhanjiswa kwinethiwekhi ye-L3.
Kwinethiwekhi yomzimba, ipakethi ithunyelwa nge-router okanye itshintshe ide ifike kwindawo eya kuyo i-VTEP. Indawo ekuyiwa kuyo i-VTEP iqhawula i-header yangaphandle, ijonga i-header ye-VXLAN ukuqinisekisa ukuba i-VNI ihambelana, kwaye emva koko ihambisa isakhelo se-Ethernet yangaphakathi kwi-host host. Ukuba ipakethe ingaziwa i-unicast, isasazo, okanye i-multicast (BUM) itrafikhi, i-VTEP iphinda ipakethe kuzo zonke ii-VTEP ezifanelekileyo usebenzisa izikhukhula, ngokuxhomekeke kumaqela amaninzi okanye i-unicast header replication (HER).
Ingundoqo yomgaqo wokuthunyelwa kukuhlukana kwendiza yokulawula kunye nedatha yedatha. Inqwelomoya yokulawula isebenzisa i-Ethernet VPN (EVPN) okanye i-Flood and Learn mechanism to learn MAC and IP mappings. I-EVPN isekelwe kwi-protocol ye-BGP kwaye ivumela i-VTEPs ukuba itshintshe ulwazi lokuhamba, njenge-MAC-VRF (i-Virtual Routing and Forwarding) kunye ne-IP-VRF. Inqwelo-moya yedatha inoxanduva lokuthunyelwa kwangempela, usebenzisa iitonela ze-VXLAN zokuhanjiswa ngokufanelekileyo.
Nangona kunjalo, ekuhanjisweni okuyinyani, impumelelo yogqithiso luchaphazela ngokuthe ngqo ukusebenza. Izikhukula zemveli zinokubangela lula izaqhwithi zosasazo, ngakumbi kuthungelwano olukhulu. Oku kukhokelela kwimfuno yokulungiswa kwesango: amasango awaxhumi kuphela uthungelwano lwangaphakathi kunye nangaphandle kodwa lusebenza njenge-arhente ye-ARP ye-proxy, ukuphatha ukuvuza kweendlela, kunye nokuqinisekisa iindlela ezimfutshane zokuthumela.
Isango le-VXLAN elisembindini
Isango le-VXLAN eliphakathi, elikwabizwa ngokuba lisango eliphakathi okanye isango le-L3, lidla ngokubekwa emphethweni okanye kumbindi weziko ledatha. Isebenza njenge-hub ephakathi, apho yonke i-cross-VNI okanye i-cross-subnet traffic kufuneka idlule.
Ngokomgaqo, isango eliphakathi lisebenza njengesango elingagqibekanga, elibonelela ngeenkonzo zendlela ye-Layer 3 kuzo zonke iinethiwekhi zeVXLAN. Cinga ezimbini VNIs: VNI 10000 (subnet 10.1.1.0/24) kunye VNI 20000 (subnet 10.2.1.0/24). Ukuba i-VM A kwi-VNI 10000 ifuna ukufikelela kwi-VM B kwi-VNI 20000, ipakethi ifika kuqala kwi-VTEP yendawo. I-VTEP yendawo ibhaqa ukuba idilesi ye-IP yendawo ayikho kwi-subnet yendawo kwaye iyigqithisele kwisango eliphakathi. Isango lisusa ipakethe, lenze isigqibo sokuhamba, kwaye liphinde lifake ipakethi kwitonela ukuya kwindawo yeVNI.
Iinzuzo zicacile:
○ Ulawulo olululaLonke ulungelelwaniso lomzila lubekwe embindini kwisixhobo esinye okanye ezibini, ezivumela abaqhubi ukuba bagcine amasango ambalwa kuphela ukuvala inethiwekhi yonke. Le ndlela ifanelekile kumaziko edatha amancinci naphakathi okanye indawo ehambisa i-VXLAN okokuqala.
○Ubutyebi obusebenzayoAmasango ngokuqhelekileyo asebenza ngezixhobo eziphezulu (ezifana neCisco Nexus 9000 okanye i-Arista 7050) ekwaziyo ukuphatha izixa ezikhulu zetrafikhi. Indiza yokulawula iphakathi, iququzelela ukuhlanganiswa kunye nabalawuli be-SDN njengoMlawuli we-NSX.
○Ulawulo oluluqilima lokhuselekoI-Traffic kufuneka idlule kwisango, iququzelele ukuphunyezwa kwee-ACLs (I-Access Control Lists), i-firewall, kunye ne-NAT. Yiba nomfanekiso-ngqondweni wemeko enabantu abaninzi abaqeshileyo apho isango eliphakathi linokwahlula lula ukugcwala kwabaqeshi.
Kodwa iintsilelo azinakungahoywa:
○ Inqaku elinye lokusilelaUkuba isango liyasilela, unxibelelwano lwe-L3 kuthungelwano luphela lukhubazekile. Nangona i-VRRP (iProtocol ye-Virtual Router Redundancy Protocol) ingasetyenziselwa ukungafuneki, isenomngcipheko.
○Umqobo wokusebenzaZonke itrafikhi zempuma-ntshona (unxibelelwano phakathi kweeseva) kufuneka zidlule isango, okukhokelela kwindlela enganeno. Ngokomzekelo, kwi-cluster ye-node ye-1000, ukuba i-bandwidth yesango yi-100Gbps, ukudibanisa kunokwenzeka ukuba kwenzeke ngexesha leeyure.
○Ukukhula kakubiNjengoko isikali sothungelwano sikhula, umthwalo wesango ukhula ngokukhawuleza. Kumzekelo wehlabathi langempela, ndibone iziko ledatha yezemali usebenzisa isango eliphakathi. Ekuqaleni, yayihamba kakuhle, kodwa emva kokuba inani le-VM liphindwe kabini, i-latency yenyuka ukusuka kwi-microseconds ukuya kwi-milliseconds.
Imeko yeSicelo: Ifanelekile kwimo engqongileyo efuna ulawulo olulula oluphezulu, olufana namafu eshishini labucala okanye uthungelwano lovavanyo. Uyilo lweCisco's ACI luhlala lusebenzisa imodeli esembindini, edityaniswe ne-topology yamagqabi, ukuqinisekisa ukusebenza ngokufanelekileyo kwamasango angundoqo.
Kusasazwe i-VXLAN Gateway
Isango elisasaziweyo le-VXLAN, elikwabizwa ngokuba lisango elisasaziweyo okanye isango elisasaziweyo, i-offloads yesango lokukhuphela ukusebenza kwi-leaf switch nganye okanye i-hypervisor VTEP. I-VTEP nganye isebenza njengesango lendawo, ibamba ukuhanjiswa kwe-L3 kwi-subnet yendawo.
Umgaqo uguquguquka ngakumbi: i-VTEP nganye iqwalaselwe nge-IP efanayo (VIP) njengesango elingagqibekanga, usebenzisa i-Anycast mechanism. Iipakethi ze-Cross-subnet ezithunyelwa yi-VM zihanjiswa ngokuthe ngqo kwi-VTEP yendawo, ngaphandle kokudlula kwindawo esembindini. I-EVPN iluncedo kakhulu apha: nge-BGP EVPN, i-VTEP ifunda iindlela zemikhosi ekude kwaye isebenzisa i-MAC / IP yokubopha ukuphepha ukukhukula kwe-ARP.
Umzekelo, i-VM A (10.1.1.10) ifuna ukufikelela ku-VM B (10.2.1.10). Isango elimiselweyo le-VM A yi-VIP ye-VTEP yendawo (10.1.1.1). Iindlela ze-VTEP zendawo ukuya kwi-subnet yendawo, ifake i-packet ye-VXLAN, kwaye iyithumele ngokuthe ngqo kwi-VM B's VTEP. Le nkqubo inciphisa indlela kunye ne-latency.
Izinto eziluncedo ezibalaseleyo:
○ Ukukala okuphezuluUkusasaza ukusebenza kwesango kuyo yonke i-node kwandisa ubungakanani benethiwekhi, eluncedo kwiinethiwekhi ezinkulu. Ababoneleli ngamafu amakhulu njengeLifu likaGoogle basebenzisa indlela efanayo ukuxhasa izigidi zeeVM.
○Ukusebenza okuphezuluIzithuthi zaseMpuma-ntshona zisetyenzwa ekuhlaleni ukunqanda imiqobo. Idatha yokuvavanya ibonisa ukuba i-throughput inganyuka nge-30% -50% kwimodi yokusabalalisa.
○Ukuchacha ngokukhawuleza kwempazamoUkungaphumeleli kwe-VTEP enye kuchaphazela kuphela umamkeli wendawo, eshiya ezinye iindawo ezingathintekiyo. Idityaniswe ne-EVPN yokudibanisa ngokukhawuleza, ixesha lokubuyisela likwimizuzwana.
○Ukusetyenziswa kakuhle kwezixhoboSebenzisa itshiphu yeLeaf ekhoyo ye-ASIC yokunyusa ihardware, kunye namazinga okuthumela afikelela kwinqanaba le-Tbps.
Ziziphi izinto ezingeloncedo?
○ Ubumbeko oluntsonkothileyoI-VTEP nganye idinga ukucwangciswa kwendlela, i-EVPN, kunye nezinye iimpawu, ukwenza ukuthunyelwa kokuqala kudle ixesha. Iqela lemisebenzi kufuneka liqhelane ne-BGP kunye ne-SDN.
○Iimfuno eziphezulu ze-hardwareIsango elisasazwayo: Ayizizo zonke iiswitshi ezixhasa amasango asasaziweyo; I-Broadcom Trident okanye iitshiphusi zeTomahawk ziyafuneka. Ukuphunyezwa kwesoftware (efana ne-OVS kwi-KVM) ayisebenzi kakuhle njengehardware.
○Imingeni ehambelanayoUkusasazwa kuthetha ukuba ulungelelwaniso lwelizwe luxhomekeke kwi-EVPN. Ukuba iseshoni ye-BGP iyaguquguquka, inokubangela umngxuma omnyama wokuthunga.
Imeko yeSicelo: Ifanelekile kumaziko edatha ye-hyperscale okanye amafu oluntu. Umzila osasaziweyo we-VMware NSX-T ngumzekelo oqhelekileyo. Idityaniswe neKubernetes, ixhasa ngaphandle komthungo uthungelwano lwesikhongozeli.
I-Centralized VxLAN Gateway vs. Ukuhanjiswa kweSango le-VxLAN
Ngoku kufikelela kuvuthondaba: yeyiphi engcono? Impendulo ithi "kuxhomekeke", kodwa kufuneka simbe nzulu kwidatha kunye nezifundo zecala ukuze sikuqinisekise.
Ngokwembono yokusebenza, iinkqubo ezisasaziweyo zisebenza ngokucacileyo. Kwi-benchmark yeziko ledatha eqhelekileyo (esekelwe kwisixhobo sovavanyo lwe-Spirent), i-avareji ye-latency yesango eliphakathi laliyi-150μs, ngelixa i-system esasazwayo yayiyi-50μs kuphela. Ngokubhekiselele kwi-throughput, iinkqubo ezisasazwayo zinokufikelela ngokulula ukuhanjiswa kwesantya somgca ngenxa yokuba zisebenzisa i-Spine-Leaf Equal Cost Multi-Path (ECMP) umzila.
I-scalability lelinye ibala lokulwa. Uthungelwano oluphakathi lufanelekile kuthungelwano olune-100-500 nodes; ngaphaya kwesi sikali, uthungelwano olusasazwayo lufumana isandla esiphezulu. Thatha i-Alibaba Cloud, umzekelo. I-VPC yabo (i-Virtual Private Cloud) isebenzisa amasango e-VXLAN asasazwayo ukuxhasa izigidi zabasebenzisi emhlabeni jikelele, kunye ne-single-region latency phantsi kwe-1ms. Indlela yokusebenzela esembindini ngeyawa kwakudala.
Kuthekani ngeendleko? Isisombululo esisembindini sinikezela utyalo-mali olusezantsi olusezantsi, olufuna kuphela amasango asezantsi aphezulu. Isisombululo esisasazwayo sidinga zonke iinqununu zeqabunga ukuxhasa ukulayishwa kweVXLAN, okukhokelela kwiindleko eziphezulu zokuphucula i-hardware. Nangona kunjalo, ekuhambeni kwexesha, isisombululo esisasazwayo sibonelela ngeendleko eziphantsi ze-O&M, njengezixhobo ezizenzekelayo ezifana ne-Ansible yenza uqwalaselo lwebhetshi.
Ukhuseleko kunye nokuthembeka: Iinkqubo ezibekwe kwindawo enye ziququzelela ukhuseleko oluphakathi kodwa zibeka umngcipheko ophezulu wamanqaku okuhlaselwa. Iinkqubo ezisasazwayo zomelele ngakumbi kodwa zifuna inqwelomoya yokulawula eyomeleleyo ukukhusela ukuhlaselwa kweDDoS.
Uphononongo lwemeko yehlabathi lokwenyani: Inkampani ye-e-commerce yasebenzisa i-VXLAN esembindini ukwakha indawo yayo. Ngexesha leencopho, ukusetyenziswa kwe-CPU yesango kuye kwanda ukuya kuma-90%, okukhokelela kwizikhalazo zabasebenzisi malunga nokubambezeleka. Ukutshintshela kwimodeli esasaziweyo kuzisombulule umba, kwavumela inkampani ukuba iphinde kabini isikali sayo. Ngokuchaseneyo, ibhanki encinci yanyanzelisa imodeli ebekwe kwindawo enye kuba ibeke phambili uphicotho lothotyelo kwaye yafumanisa lula ulawulo oluphakathi.
Ngokubanzi, ukuba ujonge ukusebenza ngokugqithisileyo kwenethiwekhi kunye nesikali, indlela esasaziweyo yindlela yokuhamba. Ukuba uhlahlo lwabiwo-mali lwakho lunqongophele kwaye neqela lakho lolawulo liswele amava, indlela ebekwe kwindawo esembindini iyasebenza ngakumbi. Kwixesha elizayo, ngokunyuka kwe-5G kunye ne-edge computing, amanethiwekhi asasazwayo aya kuthandwa kakhulu, kodwa uthungelwano oluphakathi luya kuba lubalulekile kwiimeko ezithile, ezifana noqhagamshelwano lweofisi yesebe.
I-Mylinking™ Network Packet Brokersinkxaso VxLAN, VLAN, GRE, MPLS Header Stripping
Ixhaswe i-VxLAN, i-VLAN, i-GRE, i-header ye-MPLS ehluthwe kwipakethi yedatha yokuqala kunye nesiphumo esithunyelwe.
Ixesha lokuposa: Oct-09-2025
