The modern data center migration network architecture looks different because business requirements have changed.Once relatively simple data centers have become the unified infrastructure platform for application running.The data center runs as a whole;It is the engine that the application delivers.
More and more infrastructure is transparent to developers and their applications.A thorough modern infrastructure is an abstraction for developers to deploy applications on top of it.Resource pools are required, and developers don't have to worry about infrastructure.On the contrary, infrastructure is just work.
Modern data centers also handle security in a distributed manner, in coordination with dynamic and dismantled workloads.You no longer need to enforce security policies through a central physical firewall.Instead, build a central security policy, and a security manager installs the relevant parts of the policy on the affected host, virtual machine, or container.There is no infrastructure bottleneck, and there are no difficult routing requirements to implement such a strategy.
At a higher level, we have been describing the private cloud architecture.The physical infrastructure abstracted in this way allows for a simpler collaboration with the public cloud.As a result, hybrid cloud architectures are becoming more and more popular, enabling public cloud workloads to have the same security and connectivity as private cloud workloads.
layered
As the hybrid cloud architecture becomes the new normal, it is important to note the impact of these trends on the data center network.The data center is no longer as simple as it used to be between an IP address and another IP address, and when a failure occurs, the routing and bridge tables will negotiate to leave.
The infrastructure that provides the flexibility of modern data centers relies on complex networks.Driving this complexity is the need for workload isolation, implementation of service policies, and security.As a result, modern data centers look more like layers of cake than a large number of IP addresses.
At the bottom of our layer cake is the underlying network.This network is the foundation of all other web services.This is also the most familiar network for network engineers.When they enter their routing and bridge tables, they see the underlying network, the base of the data center.
However, the underlying network itself does not provide all that the cloud needs.A growing demand is isolated, known as multi-tenancy.A tenant can be an application or a business unit or a customer.
The traffic of a tenant is isolated from the traffic of other tenants through a virtual extendable LAN(VXLAN) encapsulation technology.Traffic from a segment is encapsulated in a VXLAN group, delivered through the network in the wrapper and unmarshaled on the other side.VXLAN is the second layer, covering layer, which is above our base.
Not only does it provide traffic isolation, but VXLAN can also be used to route traffic through specific paths on the network.Assume that the data center needs to forward traffic through a specific firewall and load balancer.In modern networks, firewalls and load balancers may exist as virtualized network functions and may exist anywhere in the data center.To accurately route traffic to where it needs to go, VXLAN encapsulation can be used to transfer traffic from the device to the device, until they traverse all the necessary devices.
In our superposition layer and the underlying cake, the firewall rules form another layer.A central policy manager host inserts firewall rules.Each host eventually has its own set of rules to control the forwarding of incoming and outgoing devices.Called a differential segment, this is a practical way to ensure the security of an extensible data center.
The wildcard that adds more network complexity is the container.Container container type network is an emerging technology, by the namespace, proxy server and network address conversion to make container can communicate with each other and external work, this is another layer.
Data center operators are in trouble.
The complexity of modern data center network architecture is a potential problem for data center operators.Most network problems are related to connectivity or performance.Two terminals should be able to connect but fail to connect is a class of problems.However, it is a different kind of problem that the two terminal connections cannot be realized as expected fast.
The packet walk method is used to troubleshoot the connection problem.From one network device to another, follow the path the packet needs to reach its destination.This is straightforward when the actual IP endpoint is known.
In a modern data center, the underlying layer is used to transport VXLAN or other coverage packages.In addition, we add firewall rules and may add network address translation or proxy services.Packet walking is more difficult and nuanced.To diagnose connection problem, data center operation operation researchers need to know the packet's source and destination - including container, a virtual machine or bare-metal host, firewall policy governing the packets, packet encapsulation and to follow the service chain.
IT is not so bad to assume that the operating operator understands the process of the application and works in an IT enterprise with a flat structure.But it is not easy.Finding media access control and IP addresses in bridge and routing tables is only a small part of the more elaborate troubleshooting process.In addition, modern infrastructure is usually short, and operators can solve the problems of the past, but they cannot be rebuilt.
Performance challenges are even harder to diagnose.Absolute number of management established communication network equipment may involve a virtual operating system, a virtual management program soft exchange, a virtual firewall, frame at the top of the switch, switch, spine and then reverse to another endpoint.
When some workloads are in public cloud services, the problem becomes more complex.Putting infrastructure or platforms in place means adding high latency and extra tunneling to our troubleshooting process.
Industry response
We're stuck with IP.Because we insist on using IP, and we need additional functionality, the overlay is here to play its role.The coverage layer allows us to guide and isolate traffic, and it is important.With this capability, we can use our infrastructure as a resource pool to add and reduce capacity at will.This issue becomes one of the problems of managing the complexity of the network we add to our environment.
The Internet industry has responded to this challenge in several ways.The first is acceptance.If we recognize the existence of complexity, we will provide tools that enable us to discover or visualize what is happening on the network.Cisco, for example, provides carriers with enhanced tools to solve end-to-end connectivity issues on an application-based infrastructure platform.VMware company recently bought a start-up Arkin, Arkin company provides a visual tools, will be associated with a firewall policy and VXLAN segmented workload in GUI used with natural language search engine.
Effective troubleshooting and visualization tools have become an increasingly important advantage in modern data center platforms.However, some people are opposed to responding to the complexity by creating a reversion that avoids coverage (if possible).
For example, the Romana. IO open source project relies on a hierarchical IP addressing scheme, which combines host firewall rules to create segmentation and central security policies.Calico, the open source project, is similar.Romana. IO and Project the Calico is very interesting, because they provide the forward solution, could extend to large data centers, still be able to handle security and segmented demand at the same time, and in this process will not cover.
Perhaps the biggest problem is not how to deal with the complexity of the network, but the solutions that are supported.One idea is that automated applications will reduce labor costs.As a veteran with 20 years of experience in the IT infrastructure industry, I don't think so.Great complexity certainly requires a lot of technical support.When this magic disappears, business organizations don't want to shelve problems like their suppliers.They want professionals to know exactly what's going on in the system and be ready to fix it.
沒有留言:
張貼留言