N'oge a na-eji igwe ojii agwakọta igwe ojii na nhazi netwọk, VXLAN (Virtual Extensible LAN) aghọọla teknụzụ dị mkpa maka iwulite netwọk mkpuchi dị mfe ma dị mfe. Isi ihe dị na nhazi VXLAN bụ VTEP (VXLAN Tunnel Endpoint), ihe dị mkpa nke na-eme ka nnyefe okporo ụzọ oyi akwa 2 dị n'ofe netwọk oyi akwa 3. Ka okporo ụzọ netwọk na-etowanye mgbagwoju anya na usoro nchekwa dị iche iche, ọrụ nke Network Packet Brokers (NPBs) na ikike nchekwa Tunnel aghọwo ihe dị mkpa n'ịkwalite ọrụ VTEP. Blọọgụ a na-enyocha isi ihe dị mkpa nke VTEP na mmekọrịta ya na VXLAN, wee leba anya n'otú ọrụ nchekwa oghere NPBs si eme ka arụmọrụ VTEP na visibiliti netwọk dịkwuo mma.
Ịghọta VTEP na Mmekọrịta Ya na VXLAN
Nke mbụ, ka anyị kọwaa isi echiche ndị bụ isi: VTEP, nke a na-akpọ VXLAN Tunnel Endpoint, bụ ihe dị na netwọk nke na-ahụ maka ịkpuchi ma wepụ ngwugwu VXLAN na netwọk mkpuchi VXLAN. Ọ na-eje ozi dị ka ebe mmalite na njedebe nke ọwara VXLAN, na-arụ ọrụ dị ka "ọnụ ụzọ ámá" nke na-ejikọ netwọk mkpuchi mebere emebere na netwọk mkpuchi anụ ahụ. Enwere ike itinye VTEP dị ka ngwaọrụ anụ ahụ (dị ka swiichi ma ọ bụ rawụta nwere ike VXLAN) ma ọ bụ ihe dị na ngwanrọ (dị ka swiichi mebere emebere, ndị na-anabata akpa, ma ọ bụ ndị nnọchi anya na igwe mebere emebere).
Mmekọrịta dị n'etiti VTEP na VXLAN bụ nke a na-ejikọtaghị ọnụ—VXLAN na-adabere na VTEP iji mezuo ọrụ ya dị mkpa, ebe VTEP dị naanị iji kwado ọrụ VXLAN. Isi uru VXLAN bụ ịmepụta netwọk oyi akwa 2 mebere emebere n'elu netwọk IP oyi akwa 3 site na mkpuchi MAC-in-UDP, na-emeri oke scalability nke VLAN ọdịnala (nke na-akwado naanị 4096 VLAN ID) yana VXLAN Network Identifier 24-bit nke na-enye ohere ruo nde netwọk mebere 16. Lee otu VTEP si eme ka nke a kwe omume: Mgbe igwe mebere emebere (VM) na-eziga okporo ụzọ, VTEP mpaghara na-ekpuchi etiti Ethernet oyi akwa 2 mbụ site na ịgbakwunye isi VXLAN (nke nwere VNI), isi UDP (na-eji ọdụ ụgbọ mmiri 4789 na ndabara), isi IP mpụta (na isi iyi VTEP IP na ebe VTEP IP na-aga), na isi Ethernet mpụta. A na-ebufe ngwugwu a gbanyere n'ime ya n'elu netwọk nke dị n'okpuru oyi akwa 3 gaa na ebe VTEP na-aga, nke na-ewepụ ngwugwu ahụ site na iwepụ isi ihe niile dị n'èzí, weghachite etiti Ethernet mbụ, ma ziga ya na VM ebumnuche dabere na VNI.
Ọzọkwa, VTEP na-arụ ọrụ dị mkpa dịka mmụta adreesị MAC (ịhazi adreesị MAC nke ndị ọbịa mpaghara na ndị dịpụrụ adịpụ na VTEP IP) na nhazi nke okporo ụzọ Broadcast, Unknown Unicast, na Multicast (BUM) - ma site na otu multicast ma ọ bụ mmegharị isi na ọnọdụ unicast naanị. N'ikwu ya n'ụzọ dị mfe, VTEP bụ ihe owuwu nke na-eme ka nhazi netwọk VXLAN na ikewapụ ọtụtụ ndị na-ebi n'otu ebe kwe omume.
Ihe Ịma Aka nke Okporo ụzọ Ekpuchiri Maka VTEP
N'ebe a na-edebe data nke oge a, okporo ụzọ VTEP anaghị adịkarị naanị na VXLAN encapsulation. Okporo ụzọ na-agafe na VTEP na-ebu ọtụtụ oyi akwa nke isi ihe mkpuchi, gụnyere VLAN, GRE, GTP, MPLS, ma ọ bụ IPIP, na mgbakwunye na VXLAN. Nsogbu mkpuchi a na-eweta nnukwu ihe ịma aka maka ọrụ VTEP na nlekota netwọk, nyocha, na mmanye nchekwa na-esote:
○ - Mbelata Anya: E mepụtara ọtụtụ ngwaọrụ nlekota na nchekwa netwọk (dịka IDS/IPS, ndị na-enyocha mmiri, na ndị na-amị amị ngwugwu) iji hazie okporo ụzọ oyi akwa 2/layer 3 nke obodo. Isi ihe ndị e tinyere n'ime ya na-ekpuchi ibu ọrụ mbụ, na-eme ka ọ ghara ikwe omume maka ngwaọrụ ndị a inyocha ọdịnaya okporo ụzọ nke ọma ma ọ bụ ịchọpụta ihe ndị na-adịghị mma.
○ - Mmụba ọrụ nhazi: Ndị VTEP n'onwe ha ga-emefu ego mgbakọ na mwepụ ndị ọzọ iji hazie ngwugwu ndị nwere ọtụtụ oyi akwa, ọkachasị n'ebe ndị mmadụ na-agakarị. Nke a nwere ike ibute mmụba nke oge, mbelata mmepụta, na nsogbu arụmọrụ nwere ike ime.
○ - Nsogbu Mmekọrịta: Ngalaba netwọk dị iche iche ma ọ bụ gburugburu ebe ndị na-ere ahịa nwere ike iji usoro nchekwa dị iche iche. Ọ bụrụ na e wepụghị isi ihe kwesịrị ekwesị, okporo ụzọ nwere ike ghara ịgafe ma ọ bụ hazie nke ọma mgbe a na-agafe VTEP, nke na-ebute nsogbu njikọta.
Otu Ịkwụsị Ọwara Ntuchi NPBs Si Enye Ndị VTEP Ike
Ndị ọrụ Mylinking™ Network Packet Brokers (NPBs) nwere ikike ịchapu Tunnel na-edozi nsogbu ndị a site n'ịrụ ọrụ dị ka "ihe nhazi okporo ụzọ" maka VTEP. NPBs nwere ike iwepụ isi ihe dị iche iche na-etinye ihe (gụnyere VXLAN, VLAN, GRE, GTP, MPLS, na IPIP) site na ngwugwu data mbụ tupu izipu okporo ụzọ ahụ na VTEP ma ọ bụ ngwaọrụ nlekota/nchekwa. Ọrụ a na-enye uru atọ dị mkpa maka ọrụ VTEP:
1. Nhụta na Nchekwa Netwọkụ Emelitere
Site n'iwepụ isi ihe mkpuchi, NPBs na-ekpughe ibu mbụ nke ngwugwu, na-eme ka ngwaọrụ nlekota na nchekwa "hụ" ọdịnaya okporo ụzọ n'ezie. Dịka ọmụmaatụ, mgbe e zigara okporo ụzọ VTEP na IDS/IPS, NPB na-ebu ụzọ wepụ isi ihe VXLAN na MPLS, na-enye IDS/IPS ohere ịchọpụta ihe ọjọọ (dịka malware ma ọ bụ mgbalị ịnweta na-enweghị ikike) na etiti mbụ. Nke a dị oke mkpa na gburugburu ebe obibi ọtụtụ ndị bi ebe VTEP na-ejikwa okporo ụzọ sitere na ọtụtụ ndị bi ebe ahụ—NPBs na-ahụ na ngwaọrụ nchekwa nwere ike inyocha okporo ụzọ kpọmkwem nke ndị bi ebe ahụ na-enweghị mgbochi site na mkpuchi.
Ọzọkwa, NPBs nwere ike iwepụ isi okwu dabere na ụdị okporo ụzọ ma ọ bụ VNI, na-enye ohere ịhụ ihe dị iche iche na netwọk mebere emebere. Nke a na-enyere ndị nchịkwa netwọk aka idozi nsogbu (dịka mfu ngwugwu ma ọ bụ oge nkwụsị) site n'itinye aka na nyocha ziri ezi nke okporo ụzọ n'ime ngalaba VXLAN nke ọ bụla.
2. Arụmọrụ VTEP Kachasị Mma
NPBs na-ebupụ ọrụ iwepụ isi ihe site na VTEP, na-ebelata oke nhazi na ngwaọrụ VTEP. Kama VTEPs na-emefu ego CPU na iwepụ ọtụtụ oyi akwa nke isi ihe (dịka ọmụmaatụ, VLAN + GRE + VXLAN), NPBs na-ejikwa usoro nhazi a tupu nhazi, na-enye VTEP ohere ilekwasị anya na ọrụ ha bụ isi: ịgbachi/ịkwụsị ngwugwu VXLAN na njikwa ọwara. Nke a na-eme ka obere latency, mmepụta dị elu, na arụmọrụ ka mma nke netwọk mkpuchi VXLAN - karịsịa na gburugburu ebe obibi virtualization dị elu nwere ọtụtụ puku VM na ibu ibu okporo ụzọ dị arọ.
Dịka ọmụmaatụ, n'ebe data nwere NPBs na Switches na-arụ ọrụ dị ka VTEPs, NPB (dịka Mylinking™ Network Packet Brokers) nwere ike iwepụ isi VLAN na MPLS na okporo ụzọ na-abata tupu ọ rute VTEPs. Nke a na-ebelata ọnụọgụ ọrụ nhazi isi nke VTEP kwesịrị ịrụ, na-enye ha ohere ijikwa ọwara na usoro okporo ụzọ ndị ọzọ n'otu oge.
3. Mmeziwanye Mmekọrịta n'ofe Netwọk Dị Iche Iche
Na netwọk ndị na-ere ọtụtụ ma ọ bụ nke nwere ọtụtụ akụkụ, akụkụ dị iche iche nke akụrụngwa nwere ike iji usoro nchekwa dị iche iche. Dịka ọmụmaatụ, okporo ụzọ sitere na ebe nchekwa data dịpụrụ adịpụ nwere ike iru na VTEP mpaghara nwere GRE encapsulation, ebe okporo ụzọ mpaghara na-eji VXLAN. NPB nwere ike iwepụ isi okwu ndị a dị iche iche (GRE, VXLAN, IPIP, wdg) ma ziga usoro okporo ụzọ na-agbanwe agbanwe na VTEP, na-ewepụ nsogbu mmekọrịta. Nke a bara uru karịsịa na gburugburu igwe ojii ngwakọ, ebe okporo ụzọ sitere na ọrụ igwe ojii ọha (na-ejikarị GTP ma ọ bụ IPIP encapsulation) kwesịrị ijikọ na netwọk VXLAN dị n'ime ụlọ site na VTEP.
Ọzọkwa, NPBs nwere ike ibuga isi ndị a gbapụrụ agbahapụ dị ka metadata gaa na ngwaọrụ nlekota, na-ahụ na ndị nchịkwa na-ejigide ihe gbasara encapsulation mbụ (dịka VNI ma ọ bụ MPLS label) ma ka na-enye ohere inyocha ibu ọrụ nke ibu ọrụ obodo. Nguzozi a dị n'etiti iwepụ isi na nchekwa ọnọdụ bụ isi ihe dị mkpa maka njikwa netwọk dị irè.
Kedu otu esi etinye ọrụ mwepụ ngwugwu ọwara na VTEP?
Enwere ike itinye mwepụ nke oghere n'ime VTEP site na nhazi ọkwa ngwaike, atumatu akọwapụtara na ngwanrọ, na mmekorita ya na ndị njikwa SDN, yana isi ihe na-elekwasị anya na ịchọpụta isi ihe ndị dị n'ọwara → ime ihe ndị na-ewepụ ihe → izipu ibu ọrụ mbụ. Usoro mmejuputa akọwapụtara dị iche iche dabere na ụdị VTEP (anụ ahụ/ngwanrọ), ụzọ ndị dị mkpa bụ ndị a:
Ugbu a, anyị na-ekwu maka Mmejuputa na VTEP nke Ahụ (dịka ọmụmaatụ,Ndị na-ere ahịa Netwọk Packet nke nwere ike ịrụ ọrụ na Mylinking™ VXLAN) Ebe a.
VTEP anụ ahụ (dịka Mylinking™ VXLAN nwere ike ịrụ ọrụ na Network Packet Brokers) na-adabere na ibe ngwaike na iwu nhazi raara onwe ya nye iji nweta mwepụ nchekwa dị irè, nke dabara adaba maka ọnọdụ ebe nchekwa data dị elu:
Njiko nke dabere na njikọ: Mepụta obere ihe ngosi na ọdụ ụgbọ mmiri nnweta anụ ahụ nke VTEP ma hazie ụdị ihe ngosi iji dakọọ ma wepụ isi ihe ngosi ọwara kpọmkwem. Dịka ọmụmaatụ, na Mylinking™ VXLAN nwere ike Network Packet Brokers, hazie obere ihe ngosi Layer 2 iji mata akara VLAN 802.1Q ma ọ bụ fremu ndị a na-anaghị ede akara, ma wepụ isi ihe ngosi VLAN tupu izipu okporo ụzọ gaa na ọwara VXLAN. Maka okporo ụzọ GRE/MPLS nke e tinyere na ya, mee ka nhazi protocol kwekọrọ na sub-interface ahụ iji wepụ isi ihe mpụga.
Ịkwụsị isi dabere na amụma: Jiri ACL (Ndepụta Njikwa Nnweta) ma ọ bụ amụma okporo ụzọ kọwaa iwu ndị dakọtara (dịka ọmụmaatụ, ijikọ ọdụ ụgbọ mmiri UDP 4789 maka VXLAN, ụdị protocol 47 maka GRE) ma jikọta omume iwepụ ihe. Mgbe okporo ụzọ dabara na iwu ndị ahụ, mgbawa ngwaike VTEP na-ewepụ isi ọwara akọwapụtara (isi mpụta VXLAN/UDP/IP, akara MPLS, wdg) na akpaghị aka wee bufee ibu mbụ nke Layer 2.
Mmekọrịta ọnụ ụzọ ámá kesara: Na nhazi Spine-Leaf VXLAN, VTEP anụ ahụ (Nọdụ akwụkwọ) nwere ike ijikọ ọnụ ụzọ ámá Layer 3 iji mezue mwepụ ọtụtụ oyi akwa. Dịka ọmụmaatụ, mgbe Nọdụ Spine gasịrị, okporo ụzọ MPLS nke ejiri VXLAN kpuchie gaa na Leaf VTEP, VTEP na-ebu ụzọ kpọọ MPLS akara, wee mee mwepụ VXLAN.
Ị chọrọ ihe atụ nhazi maka ngwaọrụ VTEP nke onye na-ere ahịa (dịkaNdị na-ere ahịa Netwọk Packet nke nwere ike ịrụ ọrụ na Mylinking™ VXLAN) iji tinye ihe mgbochi mkpuchi ọwara?
Ihe Omume Ngwa Bara Uru
Tụlee nnukwu ebe nchekwa data ụlọ ọrụ na-eji netwọk VXLAN overlay nwere switches H3C dị ka VTEP, na-akwado ọtụtụ VM ndị na-ebi n'ụlọ. Ebe nchekwa data na-eji MPLS maka nnyefe okporo ụzọ n'etiti switches isi na VXLAN maka nkwukọrịta VM-na-VM. Na mgbakwunye, ụlọ ọrụ alaka dịpụrụ adịpụ na-eziga okporo ụzọ na ebe nchekwa data site na ọwara GRE. Iji hụ na nchekwa na visibiliti, ụlọ ọrụ ahụ na-etinye NPB nwere Tunnel Encapsulation Stripping n'etiti netwọk isi na VTEP.
Mgbe okporo ụzọ rutere na ebe data:
(1) NPB na-ebu ụzọ wepụ isi MPLS site na okporo ụzọ sitere na netwọk isi na isi GRE site na okporo ụzọ alaka ụlọ ọrụ.
(2) Maka okporo ụzọ VXLAN dị n'etiti VTEP, NPB nwere ike iwepụ isi VXLAN dị n'èzí mgbe ọ na-ebuga okporo ụzọ gaa na ngwaọrụ nlekota, na-enye ngwaọrụ ohere inyocha okporo ụzọ VM mbụ.
(3) NPB na-ebuga okporo ụzọ e mebere (nke nwere isi) gaa na VTEP, nke naanị ihe dị mkpa bụ ijikwa VXLAN encapsulation/decapsulation maka ibu ọrụ nke obodo. Ntọala a na-ebelata ibu ọrụ nhazi VTEP, na-eme ka nyocha okporo ụzọ zuru oke, ma na-ahụ na enwere ike ijikọ ya nke ọma n'etiti akụkụ MPLS, GRE, na VXLAN.
VTEP bụ isi ihe dị mkpa na netwọk VXLAN, na-eme ka virtualization dịkwuo mma na nkwukọrịta ọtụtụ ndị na-akwụ ụgwọ. Agbanyeghị, mgbagwoju anya nke okporo ụzọ e tinyere na netwọk ọgbara ọhụrụ na-eweta nnukwu ihe ịma aka na arụmọrụ VTEP na visibiliti netwọk. Ndị na-ere ahịa Netwọk Packet nwere ikike iwepụ Tunnel na-edozi ihe ịma aka ndị a site na ịhazi okporo ụzọ tupu oge eruo, iwepụ isi okwu dị iche iche (VXLAN, VLAN, GRE, GTP, MPLS, IPIP) tupu ọ rute VTEP ma ọ bụ ngwaọrụ nlekota. Nke a abụghị naanị na ọ na-eme ka arụmọrụ VTEP ka mma site na ibelata oke nhazi kamakwa ọ na-eme ka visibiliti netwọk dịkwuo mma, na-eme ka nchekwa sie ike, ma na-eme ka mmekọrịta dịkwuo mma na gburugburu ebe dị iche iche.
Ka òtù dị iche iche na-anọgide na-anabata usoro nhazi nke igwe ojii na ntinye igwe ojii ngwakọ, njikọ dị n'etiti NPBs na VTEP ga-adị oke mkpa. Site n'iji ọrụ mwepụ oghere nke NPBs, ndị nchịkwa netwọk nwere ike imepe ikike zuru oke nke netwọk VXLAN, na-ahụ na ha dị irè, nchekwa, ma na-agbanwe agbanwe maka mkpa azụmaahịa na-agbanwe agbanwe.
Oge ozi: Jenụwarị-09-2026
