Domin tattauna hanyoyin shiga VXLAN, dole ne mu fara tattauna VXLAN da kanta. Ku tuna cewa VLANs na gargajiya (Virtual Local Area Networks) suna amfani da ID na VLAN mai bit 12 don raba hanyoyin sadarwa, suna tallafawa har zuwa hanyoyin sadarwa masu ma'ana 4096. Wannan yana aiki daidai ga ƙananan hanyoyin sadarwa, amma a cikin cibiyoyin bayanai na zamani, tare da dubban injunan kama-da-wane, kwantena, da muhallin haya da yawa, VLANs ba su isa ba. An haifi VXLAN, wanda Hukumar Ayyukan Injiniyan Intanet (IETF) ta ayyana a cikin RFC 7348. Manufarta ita ce faɗaɗa yankin watsa shirye-shiryen Layer 2 (Ethernet) akan hanyoyin sadarwa na Layer 3 (IP) ta amfani da ramukan UDP.
A taƙaice dai, VXLAN tana ƙunshe da firam ɗin Ethernet a cikin fakitin UDP kuma tana ƙara VXLAN Network Identifier (VNI) mai 24-bit, wanda a ka'ida yana tallafawa cibiyoyin sadarwa na kama-da-wane miliyan 16. Wannan kamar ba wa kowace cibiyar sadarwa ta kama-da-wane "katin shaida," yana ba su damar motsawa cikin 'yanci a kan hanyar sadarwa ta zahiri ba tare da tsangwama da juna ba. Babban ɓangaren VXLAN shine VXLAN Tunnel End Point (VTEP), wanda ke da alhakin ƙullawa da cire fakiti. VTEP na iya zama software (kamar Open vSwitch) ko hardware (kamar guntu na ASIC akan maɓallin).
Me yasa VXLAN ya shahara haka? Domin ya yi daidai da buƙatun lissafin girgije da SDN (Software-Defined Networking). A cikin gajimare na jama'a kamar AWS da Azure, VXLAN yana ba da damar faɗaɗa hanyoyin sadarwa na kama-da-wane na masu haya ba tare da wata matsala ba. A cikin cibiyoyin bayanai na sirri, yana tallafawa tsarin hanyoyin sadarwa masu rufewa kamar VMware NSX ko Cisco ACI. Ka yi tunanin cibiyar bayanai tare da dubban sabar, kowannensu yana gudanar da VMs da yawa (Virtual Machines). VXLAN yana bawa waɗannan VMs damar ɗaukar kansu a matsayin wani ɓangare na hanyar sadarwa iri ɗaya ta Layer 2, yana tabbatar da watsa shirye-shiryen ARP da buƙatun DHCP cikin sauƙi.
Duk da haka, VXLAN ba magani ba ne. Yin aiki akan hanyar sadarwa ta L3 yana buƙatar canza L2-zuwa-L3, wanda shine inda ƙofar ke shigowa. Ƙofar VXLAN tana haɗa hanyar sadarwa ta kama-da-wane ta VXLAN tare da hanyoyin sadarwa na waje (kamar VLANs na gargajiya ko hanyoyin sadarwa na IP), tana tabbatar da cewa bayanai suna kwarara daga duniyar kama-da-wane zuwa ainihin duniya. Tsarin tura bayanai shine zuciya da ruhin ƙofar, yana tantance yadda ake sarrafa fakiti, hanyar sadarwa, da rarrabawa.
Tsarin tura VXLAN kamar wasan rawa ne mai laushi, inda kowane mataki daga tushe zuwa wuri yana da alaƙa da juna. Bari mu raba shi mataki-mataki.
Da farko, ana aika fakiti daga mai masaukin tushe (kamar VM). Wannan firam ɗin Ethernet ne na yau da kullun wanda ke ɗauke da adireshin MAC na tushe, adireshin MAC na wuri, alamar VLAN (idan akwai), da kuma nauyin da ake buƙata. Da zarar an karɓi wannan firam ɗin, tushen VTEP yana duba adireshin MAC na wuri. Idan adireshin MAC na wuri yana cikin teburin MAC ɗinsa (wanda aka samu ta hanyar koyo ko ambaliyar ruwa), ya san wanne VTEP mai nisa zai tura fakitin zuwa gare shi.
Tsarin rufewa yana da matuƙar muhimmanci: VTEP yana ƙara taken VXLAN (gami da VNI, tutoci, da sauransu), sannan taken UDP na waje (tare da tashar tushe bisa ga hash na firam ɗin ciki da tashar da aka saita ta 4789), taken IP (tare da adireshin IP na tushen VTEP na gida da adireshin IP na wurin da aka nufa na VTEP mai nisa), kuma a ƙarshe taken Ethernet na waje. Duk fakitin yanzu yana bayyana azaman fakitin UDP/IP, yana kama da zirga-zirgar ababen hawa ta al'ada, kuma ana iya tura shi zuwa hanyar sadarwa ta L3.
A kan hanyar sadarwa ta zahiri, ana tura fakitin ta hanyar na'ura mai ba da hanya tsakanin hanyoyin sadarwa ko maɓalli har sai ya isa wurin da VTEP ta nufa. VTEP ɗin da za a nufa yana cire kan waje, yana duba kan VXLAN don tabbatar da cewa VNI ya dace, sannan yana isar da firam ɗin Ethernet na ciki zuwa ga mai masaukin baki. Idan fakitin ba a san zirga-zirgar unicast, watsa shirye-shirye, ko multicast (BUM) ba, VTEP yana kwafi fakitin zuwa duk VTEP masu dacewa ta amfani da ambaliya, yana dogara da ƙungiyoyin multicast ko kwafi kan unicast (HER).
Babban ƙa'idar tura bayanai ita ce raba tsarin sarrafawa da tsarin bayanai. Tsarin sarrafawa yana amfani da hanyar Ethernet VPN (EVPN) ko kuma tsarin Flood and Learn don koyon taswirar MAC da IP. EVPN ya dogara ne akan tsarin BGP kuma yana bawa VTEP damar musayar bayanai na hanyar sadarwa, kamar MAC-VRF (Virtual Routing and Forwarding) da IP-VRF. Tsarin bayanai yana da alhakin tura bayanai ta zahiri, ta amfani da ramukan VXLAN don watsa bayanai masu inganci.
Duk da haka, a zahirin tura bayanai, ingancin tura bayanai kai tsaye yana shafar aiki. Ambaliyar ruwa ta gargajiya na iya haifar da guguwar watsa labarai cikin sauƙi, musamman a manyan hanyoyin sadarwa. Wannan yana haifar da buƙatar inganta hanyar shiga: ƙofofi ba wai kawai suna haɗa hanyoyin sadarwa na ciki da na waje ba, har ma suna aiki a matsayin wakilan ARP, suna kula da ɓullar hanya, da kuma tabbatar da hanyoyin tura bayanai mafi guntu.
Ƙofar VXLAN Mai Tsaka-tsaki
Ƙofar shiga ta tsakiya ta VXLAN, wadda kuma ake kira ƙofar shiga ta tsakiya ko ƙofar shiga ta L3, yawanci ana sanya ta ne a gefen ko babban layin cibiyar bayanai. Tana aiki a matsayin cibiyar tsakiya, wadda dole ne duk zirga-zirgar VNI ko ta ƙasa ta ratsa ta.
A ƙa'ida, ƙofar shiga ta tsakiya tana aiki azaman ƙofar shiga ta asali, tana ba da ayyukan layin layi na 3 ga duk hanyoyin sadarwa na VXLAN. Yi la'akari da VNI guda biyu: VNI 10000 (subnet 10.1.1.0/24) da VNI 20000 (subnet 10.2.1.0/24). Idan VM A a cikin VNI 10000 yana son samun damar VM B a cikin VNI 20000, fakitin da farko ya isa ga VTEP na gida. VTEP na gida yana gano cewa adireshin IP na wurin da ake nufi ba ya kan ƙaramin hanyar sadarwa ta gida kuma yana tura shi zuwa ƙofar tsakiya. Ƙofar shiga tana cire fakitin, tana yanke shawarar layin sadarwa, sannan ta sake lulluɓe fakitin zuwa rami zuwa VNI na wurin da ake nufi.
Fa'idodin a bayyane suke:
○ Gudanarwa mai sauƙiDuk tsarin hanyoyin sadarwa suna da tsari ɗaya ko biyu, wanda ke bawa masu aiki damar kula da ƙofofi kaɗan kawai don rufe dukkan hanyar sadarwar. Wannan hanyar ta dace da ƙananan da matsakaitan cibiyoyin bayanai ko muhalli waɗanda ke amfani da VXLAN a karon farko.
○Ingantaccen albarkatuGateways galibi kayan aiki ne masu inganci (kamar Cisco Nexus 9000 ko Arista 7050) waɗanda ke da ikon sarrafa zirga-zirgar ababen hawa masu yawa. Tsarin sarrafawa yana da tsakiya, wanda ke sauƙaƙa haɗa kai da masu sarrafa SDN kamar NSX Manager.
○Ƙarfin iko na tsaroDole ne zirga-zirgar ababen hawa ta ratsa ta ƙofar shiga, wanda hakan ke sauƙaƙa aiwatar da ACLs (Jerin Kula da Samun Dama), firewalls, da NAT. Ka yi tunanin wani yanayi na masu haya da yawa inda ƙofar tsakiya za ta iya ware zirga-zirgar masu haya cikin sauƙi.
Amma ba za a iya yin watsi da gazawar ba:
○ Maki ɗaya na gazawaIdan ƙofar ta gaza, sadarwa ta L3 a faɗin hanyar sadarwa za ta lalace. Duk da cewa ana iya amfani da VRRP (Virtual Router Redundancy Protocol) don yin aiki ba tare da wani sharaɗi ba, har yanzu tana da haɗari.
○Matsi a aikiDuk zirga-zirgar gabas zuwa yamma (sadarwa tsakanin sabar) dole ne ta wuce ƙofar shiga, wanda hakan zai haifar da rashin ingantacciyar hanya. Misali, a cikin rukunin 1000-node, idan bandwidth ɗin ƙofar ya kai 100Gbps, akwai yiwuwar cunkoso ya faru a lokacin da ake yawan cunkoso.
○Rashin iya daidaitawaYayin da girman hanyar sadarwa ke ƙaruwa, nauyin ƙofa yana ƙaruwa sosai. A cikin wani misali na zahiri, na ga cibiyar bayanai ta kuɗi tana amfani da ƙofar shiga ta tsakiya. Da farko, tana aiki cikin sauƙi, amma bayan adadin VMs ya ninka, jinkirin ya tashi daga ƙananan daƙiƙa zuwa milliseconds.
Yanayin Aikace-aikace: Ya dace da muhallin da ke buƙatar sauƙin sarrafawa, kamar girgije na sirri na kamfanoni ko hanyoyin sadarwa na gwaji. Tsarin ACI na Cisco sau da yawa yana amfani da samfurin tsakiya, tare da tsarin tushen ganye-ƙafafun baya, don tabbatar da ingantaccen aiki na ƙofofin tsakiya.
Ƙofar VXLAN da aka Rarraba
Ƙofar VXLAN da aka rarraba, wadda kuma aka sani da ƙofar shiga mai rarrabawa ko kuma ƙofar shiga ta kowane irin tsari, tana sauke ayyukan ƙofar shiga zuwa kowane maɓallin buɗe ido ko kuma mai nuna haske na VTEP. Kowace VTEP tana aiki a matsayin ƙofar shiga ta gida, tana sarrafa tura L3 ga ƙaramin gidan yanar gizo na gida.
Ka'idar ta fi sassauƙa: kowace VTEP an tsara ta da IP iri ɗaya (VIP) kamar ƙofar da aka saba, ta amfani da tsarin Anycast. Ana tura fakitin subnet na giciye da VMs ke aikawa kai tsaye akan VTEP na gida, ba tare da sai sun wuce ta tsakiyar ma'ana ba. EVPN yana da amfani musamman a nan: ta hanyar BGP EVPN, VTEP tana koyon hanyoyin masu masaukin nesa kuma tana amfani da haɗin MAC/IP don guje wa ambaliyar ARP.
Misali, VM A (10.1.1.10) yana son samun damar shiga VM B (10.2.1.10). Babban hanyar shiga VM A ita ce VIP na VTEP na gida (10.1.1.1). VTEP na gida yana tafiya zuwa babban hanyar sadarwa ta inda za a je, yana lulluɓe fakitin VXLAN, sannan yana aika shi kai tsaye zuwa VTEP na VM B. Wannan tsari yana rage hanya da jinkiri.
Fa'idodi Masu Kyau:
○ Babban ƙarfin daidaitawaRarraba ayyukan ƙofa ga kowace maɓalli yana ƙara girman hanyar sadarwa, wanda hakan yana da amfani ga manyan hanyoyin sadarwa. Manyan masu samar da girgije kamar Google Cloud suna amfani da irin wannan tsari don tallafawa miliyoyin VMs.
○Mafi kyawun aikiAna sarrafa zirga-zirgar ababen hawa daga gabas zuwa yamma a cikin gida don guje wa cikas. Bayanan gwaji sun nuna cewa yawan fitarwa na iya ƙaruwa da kashi 30%-50% a yanayin rarrabawa.
○Maido da kurakurai cikin sauriRashin nasarar VTEP guda ɗaya yana shafar mai masaukin baki na gida ne kawai, yana barin sauran ƙwayoyin cuta ba su da illa. Idan aka haɗa su da saurin haɗuwa na EVPN, lokacin murmurewa yana cikin daƙiƙa.
○Amfani da albarkatu mai kyauYi amfani da guntuwar ASIC mai canza Leaf don haɓaka kayan aiki, tare da ƙimar turawa ta kai matakin Tbps.
Menene rashin amfaninsa?
○ Tsarin rikitarwaKowace VTEP tana buƙatar tsarin hanyar sadarwa, EVPN, da sauran fasaloli, wanda hakan ke sa fara aiwatarwa ya ɗauki lokaci. Dole ne ƙungiyar gudanarwa ta san BGP da SDN.
○Babban buƙatun kayan aikiƘofar da aka rarraba: Ba duk maɓallan suna tallafawa ƙofofin da aka rarraba ba; ana buƙatar guntun Broadcom Trident ko Tomahawk. Aiwatar da software (kamar OVS akan KVM) ba sa aiki yadda ya kamata kamar kayan aiki.
○Kalubalen DaidaitoRarraba yana nufin cewa daidaitawar jiha ta dogara ne akan EVPN. Idan zaman BGP ya canza, yana iya haifar da ramin baƙi na hanya.
Yanayin Aikace-aikace: Ya dace da cibiyoyin bayanai masu girman gaske ko gajimare na jama'a. Na'urar sadarwa mai rarrabawa ta VMware NSX-T misali ne na yau da kullun. Idan aka haɗa ta da Kubernetes, tana tallafawa hanyar sadarwa ta kwantena cikin sauƙi.
Ƙofar VxLAN Mai Tsaka-tsaki vs Ƙofar VxLAN Mai Rarraba
Yanzu ga ƙarshen: wanne ya fi kyau? Amsar ita ce "ya dogara", amma dole ne mu zurfafa cikin bayanai da nazarin shari'o'i don mu shawo kan ku.
Daga hangen nesa na aiki, tsarin rarrabawa ya fi kyau a fili. A cikin ma'aunin cibiyar bayanai na yau da kullun (bisa ga kayan aikin gwaji na Spirent), matsakaicin jinkirin ƙofar tsakiya shine 150μs, yayin da na tsarin rarrabawa shine 50μs kawai. Dangane da fitarwa, tsarin rarrabawa zai iya cimma isar da saurin layi cikin sauƙi saboda suna amfani da hanyar Spine-Leaf Equal Cost Multi-Path (ECMP).
Ƙarfin daidaitawa wani fagen fama ne. Cibiyoyin sadarwa na tsakiya sun dace da cibiyoyin sadarwa masu ƙusoshi 100-500; bayan wannan sikelin, cibiyoyin sadarwa da aka rarraba suna samun rinjaye. Misali, ɗauki Alibaba Cloud. VPC ɗinsu (Virtual Private Cloud) yana amfani da ƙofofin VXLAN da aka rarraba don tallafawa miliyoyin masu amfani a duk duniya, tare da jinkirin yanki ɗaya ƙasa da 1ms. Hanyar tsakiya da ta lalace tun da daɗewa.
Yaya batun farashi? Maganin tsakiya yana ba da ƙananan jari na farko, yana buƙatar ƙofofi masu inganci kaɗan. Maganin da aka rarraba yana buƙatar duk ƙusoshin ganye don tallafawa cire VXLAN, wanda ke haifar da ƙarin farashin haɓaka kayan aiki. Duk da haka, a cikin dogon lokaci, maganin da aka rarraba yana ba da ƙananan farashin O&M, kamar yadda kayan aikin sarrafa kansa kamar Ansible ke ba da damar daidaitawar rukuni.
Tsaro da aminci: Tsarin tsakiya yana sauƙaƙa kariya ta tsakiya amma yana haifar da babban haɗarin kai hari guda ɗaya. Tsarin da aka rarraba yana da juriya amma yana buƙatar ingantaccen tsarin sarrafawa don hana hare-haren DDoS.
Wani bincike na zahiri: Wani kamfanin kasuwanci ta intanet ya yi amfani da VXLAN mai tsakiya don gina shafinsa. A lokacin da ake fuskantar cunkoso, amfani da CPU mai shiga ƙofar ya karu zuwa kashi 90%, wanda hakan ya haifar da korafe-korafe game da jinkirin aiki. Sauya zuwa tsarin rarrabawa ya warware matsalar, wanda hakan ya ba kamfanin damar ninka girmansa cikin sauƙi. Akasin haka, wani ƙaramin banki ya dage kan tsarin tsakiya saboda sun fi mai da hankali kan binciken bin ƙa'idodi kuma sun ga cewa gudanarwa ta tsakiya ta fi sauƙi.
Gabaɗaya, idan kuna neman aikin cibiyar sadarwa mai tsauri da girma, hanyar rarrabawa ita ce hanya mafi dacewa. Idan kasafin kuɗin ku yana da iyaka kuma ƙungiyar gudanarwarku ba ta da ƙwarewa, hanyar tsakiya ta fi dacewa. A nan gaba, tare da haɓakar 5G da ƙididdigar gefe, hanyoyin sadarwa da aka rarraba za su zama sananne, amma hanyoyin sadarwa na tsakiya za su kasance masu mahimmanci a cikin takamaiman yanayi, kamar haɗin ofishin reshe.
Dillalan Fakitin Sadarwa na Mylinking™tallafawa VxLAN, VLAN, GRE, MPLS Header Stripping
An goyi bayan kanun VxLAN, VLAN, GRE, da MPLS da aka cire a cikin fakitin bayanai na asali kuma an tura fitarwa.
Lokacin Saƙo: Oktoba-09-2025
