Don tattauna hanyoyin ƙofofin VXLAN, dole ne mu fara tattauna VXLAN kanta. Ka tuna cewa VLANs na gargajiya (Virtual Local Area Networks) suna amfani da ID na VLAN 12-bit don rarraba cibiyoyin sadarwa, suna tallafawa cibiyoyin sadarwa masu ma'ana 4096. Wannan yana aiki da kyau don ƙananan cibiyoyin sadarwa, amma a cikin cibiyoyin bayanai na zamani, tare da dubban injunan kama-da-wane, kwantena, da mahallin masu haya da yawa, VLANs ba su isa ba. An haifi VXLAN, wanda Cibiyar Injiniya ta Intanet (IETF) ta bayyana a cikin RFC 7348. Manufarta ita ce fadada yankin watsa shirye-shiryen Layer 2 (Ethernet) akan cibiyoyin sadarwa na Layer 3 (IP) ta amfani da tunnels UDP.
A taƙaice, VXLAN yana ɗaukar firam ɗin Ethernet a cikin fakitin UDP kuma yana ƙara 24-bit VXLAN Network Identifier (VNI), a ka'ida yana goyan bayan cibiyoyin sadarwar kama-da-wane miliyan 16. Wannan yana kama da baiwa kowace hanyar sadarwa ta hanyar sadarwa "katin shaida," ba su damar motsawa cikin yardar kaina akan hanyar sadarwar zahiri ba tare da tsoma baki tsakanin juna ba. Babban abin da ke cikin VXLAN shine VXLAN Tunnel End Point (VTEP), wanda ke da alhakin tattarawa da kuma cire fakiti. VTEP na iya zama software (kamar Buɗe vSwitch) ko hardware (kamar guntu ASIC akan maɓalli).
Me yasa VXLAN ta shahara sosai? Domin ya yi daidai da buƙatun ƙididdiga na girgije da SDN (Networking-Defined Networking). A cikin gajimare na jama'a kamar AWS da Azure, VXLAN yana ba da damar fadada hanyoyin sadarwar masu haya mara kyau. A cikin cibiyoyin bayanai masu zaman kansu, yana goyan bayan gine-ginen cibiyar sadarwa mai rufi kamar VMware NSX ko Cisco ACI. Ka yi tunanin cibiyar bayanai tare da dubban sabobin, kowanne yana gudana da dama na VMs (Mashinan Gano). VXLAN yana ba da damar waɗannan VMs su fahimci kansu a matsayin ɓangare na hanyar sadarwar Layer 2 iri ɗaya, suna tabbatar da watsa shirye-shiryen ARP mai sauƙi da buƙatun DHCP.
Koyaya, VXLAN ba magani bane. Yin aiki akan hanyar sadarwa ta L3 yana buƙatar jujjuyawar L2-zuwa-L3, wanda shine inda ƙofa ya shigo. Ƙofar VXLAN ta haɗa cibiyar sadarwar VXLAN mai kama da hanyar sadarwa ta waje (kamar VLANs na al'ada ko cibiyoyin sadarwar IP), tabbatar da cewa bayanan suna gudana daga duniyar kama-da-wane zuwa duniyar gaske. Hanyar isarwa ita ce zuciya da ruhin ƙofa, ƙayyadaddun yadda ake sarrafa fakiti, tarwatsawa, da rarrabawa.
Tsarin isar da VXLAN yana kama da ballet mai laushi, tare da kowane mataki daga tushe zuwa makoma ana haɗe-haɗe. Bari mu karya shi mataki-mataki.
Na farko, ana aika fakiti daga mai watsa shiri (kamar VM). Wannan daidaitaccen firam ɗin Ethernet ne wanda ke ɗauke da adireshin MAC tushen, adireshin MAC na gaba, alamar VLAN (idan akwai), da kaya. Bayan karɓar wannan firam, tushen VTEP yana bincika adireshin MAC da ake nufi. Idan adireshin MAC ɗin da aka nufa yana cikin teburinsa na MAC (wanda aka samu ta hanyar koyo ko ambaliya), ya san wane VTEP mai nisa don tura fakitin zuwa.
Tsarin encapsulation yana da mahimmanci: VTEP yana ƙara madaidaicin VXLAN (ciki har da VNI, tutoci, da sauransu), sannan maɓallin UDP na waje (tare da tashar tashar tashar da ta dogara da zanta na firam na ciki da ƙayyadaddun tashar tashar jiragen ruwa na 4789), mai taken IP (tare da adireshin IP na tushen VTEP na gida da adireshin IP na gaba), kuma a ƙarshe VTEP adireshin IP na nesa. Duk fakitin yanzu yana bayyana azaman fakitin UDP/IP, yayi kama da zirga-zirga na yau da kullun, kuma ana iya bi da shi akan hanyar sadarwar L3.
A kan hanyar sadarwa ta zahiri, na'ura mai ba da hanya tsakanin hanyoyin sadarwa ko sauyawa ana tura fakitin har sai ta isa wurin VTEP. Wurin da aka nufa na VTEP yana cire babban kan kai na waje, yana duba taken VXLAN don tabbatar da matches na VNI, sannan ya ba da firam ɗin Ethernet na ciki ga mai masaukin baki. Idan fakitin ba a sani ba na unicast, watsa shirye-shirye, ko multicast (BUM) zirga-zirga, VTEP tana kwafin fakitin zuwa duk VTEPs masu dacewa ta amfani da ambaliya, dogaro da ƙungiyoyin multicast ko kwafi na kai na unicast (HER).
Jigon ka'idar isarwa shine rabuwa da jirgin sama mai sarrafawa da jirgin bayanai. Jirgin sarrafawa yana amfani da Ethernet VPN (EVPN) ko Tsarin Ruwa da Koyi don koyan taswirar MAC da IP. EVPN ya dogara ne akan ka'idar BGP kuma yana ba da damar VTEPs don musayar bayanan motsi, kamar MAC-VRF (Virtual Routing and Forwarding) da IP-VRF. Jirgin bayanan yana da alhakin turawa ta ainihi, ta amfani da ramukan VXLAN don ingantaccen watsawa.
Koyaya, a zahirin turawa, isar da ingantaccen aiki yana tasiri kai tsaye. Ambaliyar al'ada na iya haifar da guguwar watsa shirye-shirye cikin sauki, musamman a manyan hanyoyin sadarwa. Wannan yana haifar da buƙatar inganta hanyar ƙofa: ƙofofin ba kawai haɗa hanyoyin sadarwa na ciki da na waje ba har ma suna aiki azaman wakilai na ARP, sarrafa leaks na hanya, da tabbatar da mafi guntun hanyoyin isarwa.
Matsakaicin Ƙofar VXLAN
Ƙofar VXLAN mai tsattsauran ra'ayi, wanda kuma ake kira madaidaicin ƙofa ko ƙofa ta L3, yawanci ana tura shi a gefen ko ainihin Layer na cibiyar bayanai. Yana aiki azaman cibiya ta tsakiya, ta inda duk zirga-zirgar giciye-VNI ko giciye-tsalle dole ne su wuce.
A ka'ida, ƙofa ta tsakiya tana aiki azaman tsohuwar ƙofa, tana ba da sabis na kewayawa Layer 3 don duk hanyoyin sadarwar VXLAN. Yi la'akari da VNI guda biyu: VNI 10000 (subnet 10.1.1.0/24) da VNI 20000 (subnet 10.2.1.0/24). Idan VM A a cikin VNI 10000 yana son samun damar VM B a cikin VNI 20000, fakitin ya fara isa VTEP na gida. VTEP na gida yana gano cewa adireshin IP ɗin da aka nufa baya kan gidan yanar gizo na gida kuma ya tura shi zuwa ƙofa ta tsakiya. Ƙofar ta cire fakitin, ta yanke shawarar zaɓe, sannan ta sake shigar da fakitin cikin rami zuwa wurin VNI.
Abubuwan da ake amfani da su a bayyane suke:
○ Gudanar da SauƙiDuk saitin hanyar sadarwa an daidaita su akan na'urori ɗaya ko biyu, yana bawa masu aiki damar kula da ƴan ƙofofin kawai don rufe duk hanyar sadarwa. Wannan hanya ta dace da ƙananan da matsakaitan cibiyoyin bayanai ko mahalli da ke tura VXLAN a karon farko.
○Ingantaccen albarkatun albarkatuHanyoyin ƙofofin galibi kayan aiki ne masu inganci (kamar Cisco Nexus 9000 ko Arista 7050) waɗanda ke da ikon sarrafa ɗimbin zirga-zirga. Jirgin sarrafawa yana tsakiya, yana sauƙaƙe haɗin kai tare da masu kula da SDN kamar NSX Manager.
○Sarrafa tsaro mai ƙarfiDole ne zirga-zirgar zirga-zirga ta wuce ta ƙofa, tana sauƙaƙe aiwatar da ACLs (Jess ɗin Sarrafa Shiga), Firewalls, da NAT. Ka yi tunanin yanayin yanayin masu haya da yawa inda ƙofa mai tsaka-tsaki zai iya keɓe zirga-zirgar masu haya cikin sauƙi.
Amma ba za a iya watsi da gazawar ba:
○ Batu ɗaya na gazawaIdan ƙofa ta gaza, sadarwar L3 a duk hanyar sadarwar ta lalace. Ko da yake VRRP (Virtual Router Redundancy Protocol) za a iya amfani dashi don sakewa, har yanzu yana da haɗari.
○Ƙunƙarar aikiDuk zirga-zirgar gabas-yamma (sadar da zumunci tsakanin sabobin) dole ne ya ketare ƙofa, yana haifar da ingantacciyar hanya. Misali, a cikin gungu na node 1000, idan bandwidth na ƙofa ya kasance 100Gbps, ƙila cunkoso zai iya faruwa a cikin sa'o'i mafi girma.
○Rashin daidaituwaYayin da ma'aunin cibiyar sadarwa ke girma, nauyin ƙofa yana ƙaruwa sosai. A cikin wani misali na zahiri na duniya, na ga cibiyar bayanan kuɗi ta amfani da ƙofa ta tsakiya. Da farko, yana gudana ba tare da wata matsala ba, amma bayan adadin VMs ya ninka sau biyu, latency ya haura daga microseconds zuwa milliseconds.
Yanayin aikace-aikacen: Ya dace da yanayin da ke buƙatar babban sauƙin gudanarwa, kamar girgije masu zaman kansu na kasuwanci ko hanyoyin sadarwar gwaji. Gine-ginen ACI na Cisco yakan yi amfani da tsari na tsakiya, haɗe tare da leaf-spine topology, don tabbatar da ingantaccen aiki na manyan ƙofofin.
Rarraba Ƙofar VXLAN
Ƙofar VXLAN da aka rarraba, kuma aka sani da ƙofa da aka rarraba ko kowane ƙofa na watsawa, yana kashe ayyukan ƙofa zuwa kowane canjin ganye ko VTEP mai ɗaukar hoto. Kowane VTEP yana aiki azaman ƙofa ta gida, yana sarrafa tura L3 don gidan yanar gizon gida.
Ƙa'idar ta fi sassauƙa: kowane VTEP an saita shi tare da IP (VIP) iri ɗaya kamar tsohuwar ƙofa, ta amfani da hanyar Anycast. Fakitin ketare-subnet da VMs suka aika ana fatattakar su kai tsaye akan VTEP na gida, ba tare da an bi ta tsakiya ba. EVPN yana da amfani musamman anan: ta hanyar BGP EVPN, VTEP yana koyon hanyoyin runduna masu nisa kuma yana amfani da ɗaurin MAC/IP don gujewa ambaliya ta ARP.
Misali, VM A (10.1.1.10) yana son shiga VM B (10.2.1.10). Tsohuwar ƙofar VM A ita ce VIP na VTEP na gida (10.1.1.1). Hanyoyi na gida na VTEP zuwa gunkin yanki na manufa, yana ɗaukar fakitin VXLAN, kuma yana aika shi kai tsaye zuwa VTEP na VM B. Wannan tsari yana rage girman hanya da latency.
Fitattun Fa'idodi:
○ Haɓaka haɓakaRarraba ayyukan ƙofa zuwa kowane kumburi yana ƙara girman cibiyar sadarwa, wanda ke da fa'ida ga manyan cibiyoyin sadarwa. Manyan masu samar da girgije kamar Google Cloud suna amfani da irin wannan tsarin don tallafawa miliyoyin VMs.
○Babban aikiAna sarrafa zirga-zirgar zirga-zirgar gabas-yamma a cikin gida don guje wa cikas. Bayanan gwaji sun nuna cewa kayan aiki na iya karuwa da 30% -50% a yanayin rarraba.
○Saurin dawo da kuskureRashin gazawar VTEP guda ɗaya yana shafar mai gida ne kawai, yana barin sauran nodes ɗin da ba ya shafa. Haɗe tare da saurin haɗuwar EVPN, lokacin dawowa yana cikin daƙiƙa.
○Kyakkyawan amfani da albarkatuYi amfani da guntuwar ASIC ɗin da ke akwai don haɓaka kayan aiki, tare da ƙimar turawa ta kai matakin Tbps.
Menene rashin amfani?
○ Hadadden tsariKowane VTEP yana buƙatar saitin hanyar tuƙi, EVPN, da sauran fasalulluka, yana ɗaukar lokaci na farko na turawa. Dole ne ƙungiyar ayyukan ta saba da BGP da SDN.
○Babban buƙatun hardwareƘofar Rarraba: Ba duk masu sauyawa ke goyan bayan ƙofofin da aka rarraba ba; Ana buƙatar kwakwalwan kwamfuta na Broadcom Trident ko Tomahawk. Aiwatar da software (kamar OVS akan KVM) ba sa aiki kamar kayan masarufi.
○Kalubalen daidaitoRarraba yana nufin cewa aiki tare na jiha ya dogara da EVPN. Idan zaman BGP ya canza, zai iya haifar da ramin baƙar fata.
Yanayin aikace-aikacen: Cikakke don cibiyoyin bayanan hyperscale ko gajimare na jama'a. Rarraba na'ura mai ba da hanya tsakanin hanyoyin sadarwa VMware NSX-T misali ne na yau da kullun. Haɗe tare da Kubernetes, yana goyan bayan sadarwar kwantena ba tare da matsala ba.
Ƙofar VxLAN ta tsakiya vs. Ƙofar VxLAN Rarraba
Yanzu zuwa kololuwa: wanne ya fi kyau? Amsar ita ce "ya dogara", amma dole ne mu yi zurfafa cikin bayanai da nazarin shari'ar don shawo kan ku.
Daga yanayin aikin, tsarin da aka rarraba ya fi kyau a fili. A cikin ma'auni na cibiyar bayanai na yau da kullun (dangane da kayan gwajin Spirent), matsakaicin latency na ƙofa ta tsakiya shine 150μs, yayin da na tsarin rarraba ya kasance 50μs kawai. Dangane da kayan aiki, tsarin da aka rarraba na iya samun sauƙin isar da ƙimar layi saboda suna yin amfani da layin Spine-Leaf Equal Cost Multi-Path (ECMP).
Scalability wani filin yaƙi ne. Cibiyoyin cibiyoyin sadarwa sun dace da cibiyoyin sadarwa tare da nodes 100-500; bayan wannan ma'auni, cibiyoyin sadarwa da aka rarraba suna samun nasara. Dauki Alibaba Cloud, misali. VPC su (Virtual Private Cloud) suna amfani da ƙofofin VXLAN da aka rarraba don tallafawa miliyoyin masu amfani a duk duniya, tare da jinkirin yanki ɗaya ƙarƙashin 1ms. Hanyar da aka haɗa kai da ta ruguje tun da dadewa.
Farashin fa? Magani na tsakiya yana ba da ƙaramin saka hannun jari na farko, yana buƙatar ƙofofin ƙofofi kaɗan kaɗan kawai. Maganin da aka rarraba yana buƙatar duk nodes na ganye don tallafawa kashe VXLAN, yana haifar da ƙimar haɓaka kayan masarufi. Koyaya, a cikin dogon lokaci, mafita da aka rarraba yana ba da ƙarancin farashi na O&M, azaman kayan aikin sarrafa kansa kamar Canjin batch daidaitawa.
Tsaro da dogaro: Tsarukan da aka keɓe suna sauƙaƙe kariya ta tsakiya amma suna haifar da babban haɗarin maki guda na hari. Tsarukan da aka rarraba sun fi ƙarfin ƙarfi amma suna buƙatar jirgin sama mai ƙarfi don hana harin DDoS.
Binciken shari'a na ainihi: Kamfanin e-commerce ya yi amfani da VXLAN na tsakiya don gina rukunin yanar gizonsa. A cikin lokuttan kololuwa, amfani da ƙofa na CPU ya ƙaru zuwa 90%, wanda ke haifar da gunaguni game da jinkirin mai amfani. Canja zuwa samfurin da aka rarraba ya warware matsalar, yana bawa kamfanin damar sauƙaƙa ma'auninsa. Akasin haka, wani ƙaramin banki ya dage kan ƙirar ƙira saboda sun ba da fifikon bin diddigin bin ka'ida kuma sun sami sauƙin gudanarwa ta tsakiya.
Gabaɗaya, idan kuna neman matsananciyar aikin cibiyar sadarwa da sikelin, hanyar da aka rarraba ita ce hanyar da za ku bi. Idan kasafin kuɗin ku yana da iyaka kuma ƙungiyar gudanarwar ku ba ta da gogewa, hanya ta tsakiya ta fi dacewa. A nan gaba, tare da haɓakar 5G da ƙididdiga na gefe, cibiyoyin sadarwar da aka rarraba za su zama mafi shahara, amma cibiyoyin sadarwa na tsakiya za su kasance masu mahimmanci a cikin takamaiman yanayi, kamar haɗin gwiwar ofisoshin reshe.
Mylinking™ Network Packet Dillalangoyan bayan VxLAN, VLAN, GRE, MPLS Stripping Header
Ya goyi bayan VxLAN, VLAN, GRE, MPLS da aka cire a cikin fakitin bayanan asali da fitarwa da aka tura.
Lokacin aikawa: Oktoba-09-2025
