Ukuze sixoxe ngamasango e-VXLAN, kumele siqale sixoxe nge-VXLAN uqobo. Khumbula ukuthi ama-VLAN endabuko (amaNethiwekhi Endawo Ebonakalayo) asebenzisa ama-ID e-VLAN angu-12-bit ukuhlukanisa amanethiwekhi, asekela amanethiwekhi anengqondo afinyelela ku-4096. Lokhu kusebenza kahle kumanethiwekhi amancane, kodwa ezikhungweni zedatha zanamuhla, ngemishini yawo eminingi ebonakalayo, izitsha, kanye nezindawo eziqasha abantu abaningi, ama-VLAN awanele. I-VXLAN yazalwa, ichazwa yi-Internet Engineering Task Force (IETF) ku-RFC 7348. Inhloso yayo ukukhulisa isizinda sokusakaza se-Layer 2 (Ethernet) phezu kwamanethiwekhi e-Layer 3 (IP) kusetshenziswa imigudu ye-UDP.
Kalula nje, i-VXLAN ihlanganisa ozimele be-Ethernet ngaphakathi kwamaphakethe e-UDP futhi ingeza i-VXLAN Network Identifier (VNI) engama-24-bit, esekela ngokomqondo amanethiwekhi ayizigidi eziyi-16. Lokhu kufana nokunikeza inethiwekhi ngayinye ebonakalayo "ikhadi lobunikazi," elibavumela ukuthi bahambe ngokukhululeka kunethiwekhi ebonakalayo ngaphandle kokuphazamisana. Ingxenye eyinhloko ye-VXLAN yi-VXLAN Tunnel End Point (VTEP), enesibopho sokuhlanganisa nokususa amaphakethe. I-VTEP ingaba isofthiwe (njenge-Open vSwitch) noma ihadiwe (njenge-chip ye-ASIC kuswishi).
Kungani i-VXLAN ithandwa kangaka? Ngoba ihambisana kahle nezidingo ze-cloud computing kanye ne-SDN (Software-Defined Networking). Emafwini omphakathi njenge-AWS ne-Azure, i-VXLAN inika amandla ukunwetshwa okungenamthungo kwamanethiwekhi abonakalayo abaqashiwe. Ezikhungweni zedatha ezizimele, isekela ukwakheka kwenethiwekhi ehlanganisiwe njenge-VMware NSX noma i-Cisco ACI. Cabanga ngesikhungo sedatha esinezinkulungwane zamaseva, ngalinye lisebenzisa ama-VM amaningi (i-Virtual Machines). I-VXLAN ivumela lawa ma-VM ukuthi azibone njengengxenye yenethiwekhi efanayo ye-Layer 2, okuqinisekisa ukudluliswa okubushelelezi kokusakazwa kwe-ARP kanye nezicelo ze-DHCP.
Kodwa-ke, i-VXLAN ayilona ikhambi. Ukusebenza kunethiwekhi ye-L3 kudinga ukuguqulwa kwe-L2-kuya-L3, okuyilapho isango lingena khona. Isango le-VXLAN lixhumanisa inethiwekhi ebonakalayo ye-VXLAN namanethiwekhi angaphandle (njenge-VLAN yendabuko noma amanethiwekhi okuqondisa i-IP), okuqinisekisa ukuthi idatha igeleza isuka ezweni elibonakalayo iye ezweni langempela. Indlela yokudlulisela phambili iyinhliziyo nomphefumulo wesango, okunquma ukuthi amaphakethe acutshungulwa kanjani, aqondiswa kanjani, futhi asatshalaliswa kanjani.
Inqubo yokudlulisa i-VXLAN ifana ne-ballet ebucayi, isinyathelo ngasinye ukusuka emthonjeni kuya endaweni sixhumene kakhulu. Ake sichaze isinyathelo ngesinyathelo.
Okokuqala, iphakethe lithunyelwa lisuka kumphathi womthombo (njenge-VM). Lolu uhlaka olujwayelekile lwe-Ethernet oluqukethe ikheli le-MAC lomthombo, ikheli le-MAC yendawo oya kuyo, ithegi ye-VLAN (uma ikhona), kanye nomthwalo okhokhelwayo. Lapho ithola lolu hlaka, i-VTEP yomthombo ihlola ikheli le-MAC yendawo oya kuyo. Uma ikheli le-MAC yendawo oya kuyo likuthebula layo le-MAC (elitholwe ngokufunda noma ngokugcwala), iyazi ukuthi iyiphi i-VTEP ekude okufanele ithumele kuyo iphakethe.
Inqubo yokufaka i-capsulation ibalulekile: i-VTEP ingeza i-VXLAN header (kufaka phakathi i-VNI, amafulegi, njalo njalo), bese kuba i-UDP header yangaphandle (ene-source port esekelwe ku-hash yohlaka lwangaphakathi kanye ne-destination port engu-4789), i-IP header (ene-IP address yomthombo we-VTEP yendawo kanye ne-IP address ye-destination ye-VTEP ekude), bese ekugcineni kube i-Ethernet header yangaphandle. Lonke iphakethe manje livela njengephakethe le-UDP/IP, libukeka njengethrafikhi evamile, futhi lingahanjiswa kunethiwekhi ye-L3.
Kunethiwekhi ebonakalayo, iphakethe lidluliselwa yi-router noma iswishi kuze kube yilapho lifika endaweni okuyiwa kuyo i-VTEP. Indawo okuyiwa kuyo i-VTEP isusa i-header yangaphandle, ihlole i-header ye-VXLAN ukuqinisekisa ukuthi i-VNI iyahambisana, bese iletha uhlaka lwangaphakathi lwe-Ethernet kumphathi wendawo okuyiwa kuyo. Uma iphakethe lingaziwa njenge-unicast, i-streamed, noma i-multicast (BUM), i-VTEP iphinda iphakethe kuzo zonke i-VTEP ezifanele isebenzisa i-flooding, ithembele kumaqembu amaningi noma i-unicast header replication (HER).
Ingqikithi yesimiso sokudlulisela phambili ukuhlukaniswa kwendiza yokulawula kanye nendiza yedatha. Indiza yokulawula isebenzisa i-Ethernet VPN (EVPN) noma indlela ye-Flood and Learn ukuze ifunde ukumepha kwe-MAC kanye ne-IP. I-EVPN isekelwe kuphrothokholi ye-BGP futhi ivumela ama-VTEP ukushintshanisa ulwazi lokudlulisela phambili, njenge-MAC-VRF (Virtual Routing and Forwarding) kanye ne-IP-VRF. Indiza yedatha inesibopho sokudlulisela phambili kwangempela, isebenzisa imigudu ye-VXLAN ukuze idlulisele kahle.
Kodwa-ke, ekusetshenzisweni kwangempela, ukusebenza kahle kokudlulisela phambili kuthinta ngqo ukusebenza. Izikhukhula zendabuko zingadala kalula iziphepho zokusakaza, ikakhulukazi kumanethiwekhi amakhulu. Lokhu kuholela esidingweni sokwenza ngcono isango: amasango awaxhumanisi nje kuphela amanethiwekhi angaphakathi nangaphandle kodwa futhi asebenza njengezithunywa ze-ARP ezimele, aphatha ukuvuza komzila, futhi aqinisekise izindlela zokudlulisela phambili ezimfushane kakhulu.
Isango le-VXLAN eliphakathi
Isango le-VXLAN eliphakathi nendawo, elibizwa nangokuthi isango eliphakathi nendawo noma isango le-L3, livame ukufakwa emaphethelweni noma ungqimba oluphakathi lwesikhungo sedatha. Lisebenza njengehabhu eliphakathi nendawo, lapho yonke ithrafikhi ye-cross-VNI noma i-cross-subnet kumele idlule khona.
Empeleni, isango eliphakathi lisebenza njengesango elizenzakalelayo, linikeza izinsizakalo zokuqondisa ze-Layer 3 kuwo wonke amanethiwekhi e-VXLAN. Cabanga ngama-VNI amabili: i-VNI 10000 (i-subnet 10.1.1.0/24) kanye ne-VNI 20000 (i-subnet 10.2.1.0/24). Uma i-VM A ku-VNI 10000 ifuna ukufinyelela i-VM B ku-VNI 20000, iphakethe liqala lifike ku-VTEP yendawo. I-VTEP yendawo ithola ukuthi ikheli le-IP lendawo alikho ku-subnet yendawo bese ilidlulisela ku-gateway ephakathi. Isango lihlukanisa iphakethe, lenze isinqumo sokuqondisa, bese liphinda lihlanganise iphakethe emhubheni liye ku-VNI yendawo.
Izinzuzo zisobala:
○ Ukuphathwa okululaZonke izilungiselelo zomzila zibekwe phakathi kudivayisi eyodwa noma ezimbili, okuvumela opharetha ukuthi bagcine amasango ambalwa kuphela ukumboza yonke inethiwekhi. Le ndlela ifanele izikhungo zedatha ezincane neziphakathi nendawo noma izindawo ezisebenzisa i-VXLAN okokuqala.
○Isebenzisa kahle izinsizaAmasango ngokuvamile ayihadiwe esebenza kahle kakhulu (njengeCisco Nexus 9000 noma i-Arista 7050) ekwazi ukuphatha inani elikhulu lethrafikhi. Indiza yokulawula iphakathi nendawo, okwenza kube lula ukuhlanganiswa nabalawuli be-SDN njenge-NSX Manager.
○Ukulawula okuqinile kokuphephaIthrafikhi kumele idlule esangweni, okwenza kube lula ukuqaliswa kwama-ACL (Uhlu Lokulawula Ukufinyelela), ama-firewall, kanye ne-NAT. Cabanga ngesimo sabaqashi abaningi lapho isango eliphakathi lingahlukanisa kalula ithrafikhi yabaqashi.
Kodwa amaphutha awakwazi ukunakwa:
○ Iphuzu elilodwa lokwehlulekaUma isango lihluleka, ukuxhumana kwe-L3 kuyo yonke inethiwekhi kuyaphazamiseka. Nakuba i-VRRP (Virtual Router Redundancy Protocol) ingasetshenziswa ekuphindaphindeni, isaphethe izingozi.
○Inkinga yokusebenzaYonke ithrafikhi esuka empumalanga iye entshonalanga (ukuxhumana phakathi kwamaseva) kumele idlule isango, okuholela endleleni engaphansi kakhulu. Isibonelo, eqenjini lama-node ayi-1000, uma i-bandwidth yesango ingu-100Gbps, ukuminyana kungenzeka kwenzeke ngesikhathi samahora aphezulu.
○Ukungakhuli kahleNjengoba isikali senethiwekhi sikhula, umthwalo wesango uyanda kakhulu. Esibonelweni sangempela, ngibone isikhungo sedatha yezezimali sisebenzisa isango eliphakathi. Ekuqaleni, sasebenza kahle, kodwa ngemva kokuba inani lama-VM liphindwe kabili, ukubambezeleka kwanda kakhulu kusukela kuma-microsecond kuya kuma-millisecond.
Isimo Sokusetshenziswa: Kufanelekile ezindaweni ezidinga ukuphathwa okulula okuphezulu, njengamafu azimele ebhizinisi noma amanethiwekhi okuhlola. Ukwakhiwa kwe-ACI ye-Cisco kuvame ukusebenzisa imodeli ephakathi, ehlanganiswe ne-topology ye-leaf-spine, ukuqinisekisa ukusebenza kahle kwamasango ayinhloko.
Isango le-VXLAN elisakazwe
Isango le-VXLAN elisakaziwe, elaziwa nangokuthi isango elisakaziwe noma isango le-anycast, lilayisha ukusebenza kwesango ku-leaf switch ngayinye noma i-hypervisor VTEP. I-VTEP ngayinye isebenza njengesango lendawo, iphatha ukuthunyelwa kwe-L3 kwe-subnet yendawo.
Isimiso siguquguquka kakhudlwana: i-VTEP ngayinye ihlelwe nge-IP ebonakalayo (VIP) efanayo nesango elizenzakalelayo, kusetshenziswa indlela ye-Anycast. Amaphakethe e-cross-subnet athunyelwa ama-VM aqondiswa ngqo ku-VTEP yendawo, ngaphandle kokudlula endaweni ephakathi. I-EVPN iwusizo kakhulu lapha: nge-BGP EVPN, i-VTEP ifunda imizila yama-host akude futhi isebenzisa ukubopha kwe-MAC/IP ukugwema ukukhukhuleka kwe-ARP.
Isibonelo, i-VM A (10.1.1.10) ifuna ukufinyelela i-VM B (10.2.1.10). Isango elizenzakalelayo le-VM A yi-VIP ye-VTEP yendawo (10.1.1.1). I-VTEP yendawo iya ku-subnet yendawo, ihlanganisa iphakethe le-VXLAN, bese ilithumela ngqo ku-VTEP ye-VM B. Le nqubo inciphisa indlela kanye nokubambezeleka.
Izinzuzo Ezivelele:
○ Ukusabalala okuphezuluUkusabalalisa ukusebenza kwesango kuyo yonke i-node kwandisa usayizi wenethiwekhi, okuzuzisa amanethiwekhi amakhulu. Abahlinzeki bamafu amakhulu njenge-Google Cloud basebenzisa indlela efanayo ukusekela izigidi zama-VM.
○Ukusebenza okuphezulu kakhuluIthrafikhi esuka empumalanga iye entshonalanga icutshungulwa endaweni ukuze kugwenywe izithiyo. Idatha yokuhlola ikhombisa ukuthi ukugeleza kunganda ngo-30%-50% kwimodi esakazwayo.
○Ukulungiswa kwamaphutha okusheshayoUkwehluleka okukodwa kwe-VTEP kuthinta kuphela i-host yendawo, kushiya amanye ama-node engathinteki. Uma kuhlanganiswa nokuhlangana okusheshayo kwe-EVPN, isikhathi sokutakula singemizuzwana.
○Ukusetshenziswa kahle kwezinsizakusebenzaSebenzisa i-chip ye-ASIC ye-Leaf switch ekhona ukuze usheshise ihadiwe, amazinga okudlulisa afinyelela ezingeni le-Tbps.
Yiziphi izinkinga?
○ Ukucushwa okuyinkimbinkimbiI-VTEP ngayinye idinga ukucushwa komzila, i-EVPN, nezinye izici, okwenza ukufakwa kokuqala kuthathe isikhathi. Ithimba lokusebenza kumele lijwayelene ne-BGP kanye ne-SDN.
○Izidingo zehadiwe eziphezuluIsango Elisabalalisiwe: Akuwona wonke amaswishi asekela amasango asabalalisiwe; ama-chip e-Broadcom Trident noma e-Tomahawk ayadingeka. Ukuqaliswa kwesofthiwe (njenge-OVS ku-KVM) akwenzi kahle njengehadiwe.
○Izinselele ZokungaguquguqukiUkusabalalisa kusho ukuthi ukuvumelanisa kwesimo kuncike ku-EVPN. Uma iseshini ye-BGP ishintshashintsha, ingabangela umgodi omnyama wokuqondisa.
Isimo Sohlelo Lokusebenza: Ilungele izikhungo zedatha ezisezingeni eliphezulu noma amafu omphakathi. I-router esakazwayo ye-VMware NSX-T iyisibonelo esijwayelekile. Uma ihlanganiswe ne-Kubernetes, isekela kalula ukuxhumana kweziqukathi.
Isango le-VxLAN elihlanganisiwe vs. Isango le-VxLAN elisabalalisiwe
Manje sekuyiwa esicongweni: yikuphi okungcono? Impendulo ithi "kuya ngokuthi kuncike kuphi", kodwa kufanele singene sijule kudatha kanye nezifundo zamacala ukuze sikukholise.
Ngokombono wokusebenza, izinhlelo ezisatshalaliswe zisebenza kahle kakhulu. Ku-benchmark ejwayelekile yesikhungo sedatha (esekelwe emishinini yokuhlola ye-Spirent), ukubambezeleka okumaphakathi kwesango eliphakathi kwakungu-150μs, kuyilapho okwesistimu esatshalaliswe kwakungu-50μs kuphela. Ngokuphathelene nokusetshenziswa, izinhlelo ezisatshalaliswe zingafinyelela kalula ukudluliselwa kwesilinganiso somugqa ngoba zisebenzisa umzila we-Spine-Leaf Equal Cost Multi-Path (ECMP).
Ukusabalala kungenye indawo yokulwa. Amanethiwekhi ahlanganisiwe afaneleka kumanethiwekhi anama-node ayi-100-500; ngale kwalesi sikali, amanethiwekhi ahlanganisiwe athola amandla aphezulu. Thatha i-Alibaba Cloud, isibonelo. I-VPC yabo (i-Virtual Private Cloud) isebenzisa amasango e-VXLAN ahlanganisiwe ukusekela izigidi zabasebenzisi emhlabeni jikelele, ngokubambezeleka kwesifunda esisodwa ngaphansi kwama-1ms. Indlela ehlanganisiwe ngabe yawa kudala.
Kuthiwani ngezindleko? Isixazululo esihlanganisiwe sinikeza ukutshalwa kwezimali okuphansi kokuqala, okudinga amasango ambalwa aphezulu kuphela. Isixazululo esisatshalalisiwe sidinga wonke ama-leaf node ukusekela ukulayisha kwe-VXLAN, okuholela ezindleleni eziphezulu zokuthuthukisa ihadiwe. Kodwa-ke, ngokuhamba kwesikhathi, isixazululo esisatshalalisiwe sinikeza izindleko eziphansi ze-O&M, njengoba amathuluzi okwenza ngokuzenzakalela njenge-Ansible evumela ukucushwa kwe-batch.
Ukuphepha nokuthembeka: Izinhlelo ezihlanganisiwe zenza kube lula ukuvikelwa okuhlanganisiwe kodwa zibeka ingozi enkulu yokuhlaselwa ngamaphuzu athile. Izinhlelo ezihlanganisiwe ziqinile kodwa zidinga indiza yokulawula eqinile ukuvimbela ukuhlaselwa kwe-DDoS.
Ucwaningo lwezwe langempela: Inkampani ye-e-commerce isebenzise i-VXLAN ephakathi ukwakha isayithi layo. Ngesikhathi sokushisa okukhulu, ukusetshenziswa kwe-CPU yesango kukhuphuke kwafika ku-90%, okwaholela ezikhalweni zabasebenzisi mayelana nokubambezeleka. Ukushintshela kumodeli esabalele kuxazulule inkinga, okuvumela inkampani ukuthi iphindwe kabili kalula isikali sayo. Ngokuphambene nalokho, ibhange elincane laphikelela kumodeli ephakathi ngoba lalibeka phambili ukuhlolwa kokuthobela imithetho futhi lathola ukuphathwa okuphakathi kulula.
Ngokuvamile, uma ufuna ukusebenza kwenethiwekhi okweqile kanye nobukhulu, indlela esabalele iyindlela okufanele uhambe ngayo. Uma isabelomali sakho silinganiselwe futhi ithimba lakho lokuphatha lingenalo ulwazi, indlela ebambile iyasebenza kakhulu. Esikhathini esizayo, ngokukhula kwe-5G kanye ne-edge computing, amanethiwekhi asabalele azoba athandwa kakhulu, kodwa amanethiwekhi abambezelekayo azoba usizo ezimweni ezithile, njengokuxhumana kwehhovisi legatsha.
Abathengisi Bephakethe Lenethiwekhi ye-Mylinking™ukusekela i-VxLAN, i-VLAN, i-GRE, i-MPLS Header Stripping
Kusekelwe i-header ye-VxLAN, VLAN, GRE, MPLS ekhishwe kuphakethe ledatha lokuqala kanye nomphumela odluliselwe.
Isikhathi sokuthunyelwe: Okthoba-09-2025
