Amadivayisi Aphethwe yi-Apstra
Imininingwane
- Umkhiqizo: I-Juniper Apstra Config Rendering
- Kushicilelwe: 2024-05-29
Ulwazi Lomkhiqizo
Umkhiqizo weJuniper Apstra Config Rendering uklanyelwe uku
phatha ukucushwa kwedivayisi futhi uqinisekise ukuvumelana phakathi kwesevisi
ukucushwa kanye nokucushwa kwegolide. Ivumela kube lula
ukufakwa kwama-ejenti kumadivayisi futhi inikeza indlela yokusingatha
umehluko ekucushweni ngempumelelo.
Imiyalo yokusetshenziswa komkhiqizo
Faka Umenzeli Wangaphambili
Ukucushwa Okuzenzakalelayo Kwefekthri: Okuzenzakalelayo Kwemboni
config wukucushwa kokuqala lapho idivayisi iqala
okokuqala. Iqukethe izilungiselelo ezizenzakalelayo ezivela kumthengisi.
Ukulungiselelwa Okudingekayo Umsebenzisi: Ngemva Kwefekthri Okuzenzakalelayo
config, umlawuli uqala ukufakwa komenzeli wedivayisi ye-Apstra
kungaba nge-Apstra Server noma nge-ZTP boot script.
Faka i-post-ejenti
Ukucushwa Okuhlanzekile: Noma yikuphi okukhona
ukucushwa kudivayisi kuba yingxenye ye-Pristine Config
ngemva kokufaka i-ejenti. Ukulungisa ukucushwa kulesi siqeshanatage
kungaba nomthelela kumasevisi.
I-Discovery-1 (Vuma Idivayisi): Evuma
idivayisi ivimbela ukususwa okulula. Ukuze ususe idivayisi ku-Apstra
abaphathi, landela ukuhamba komsebenzi okuphelele.
Idivayisi Yengezwe Ku-Blueprint
I-Discovery-2 (Nika idivayisi): Lesi sinyathelo siyaba
idivayisi kupulani, ngokukhetha ivule i-L2/L3
amasevisi.
Ukucushwa kwegolide: Ngemva kwempumelelo ngayinye
config deploy, ukulungiselelwa okusebenzayo kugcinwa ngaphakathi njenge-
Ukucushwa okusagolide. Noma yikuphi ukuchezuka phakathi kokuqalisa okunikeziwe
config futhi i-golden config imakwe njenge-anomaly ku-
ideshibhodi.
FAQ
Kuphushwa nini ukucushwa?
Ukucushwa kuphushwa ngemva kokuphumelela ngakunye
ukuthunyelwa.
Yini eku-Discovery-1 Config?
Umgomo we-Discovery-1 Config ukunika amandla ukutholakala okuzenzakalelayo
ngaphandle kokuthinta ukushintsha kumodi yomzila.
Yini ekulungiselelo lwesevisi?
Ukulungiselelwa kwesevisi kubeka idivayisi kusevisi futhi kunika amandla
ukuqinisekiswa kwekhebula ngaphambi kokuphakela ukulungiselelwa kwesevisi.
I-Juniper Apstra Config Rendering
Ishicilelwe
2024-05-29
ii
Okuqukethwe
Isingeniso Umenzeli Wangaphambili Faka Idivayisi Yokufaka I-Post-ejenti Yengezwe Ku-Blueprint Yokuphatha Umehluko Phakathi Kokucushwa Kwesevisi Nokucushwa Okusagolide.
1
Isingeniso
IJuniper Apstra idala ukulungiselelwa kwamadivayisi aphethwe yi-Apstra. Lo mbhalo uchaza ukulungiselelwa okuhlukile okunikezwa yi-Juniper Apstra ngokusekelwe esimweni samadivayisi aphethwe yi-Apstra. Lo mbhalo uchaza ukunikezwa kokulungiselelwa njengoba kuhlobana nomjikelezo wempilo ojwayelekile wedivayisi yenethiwekhi ngaphakathi kwe-topology ephethwe yi-Apstra. Isithombe esingezansi sibonisa ukugeleza kwe-lifeycle okujwayelekile. Ukuze uthole ulwazi olwengeziwe mayelana nomjikelezo wempilo wedivayisi ephethwe i-Apstra, bona Umjikelezo Wokuphila Wokucushwa Kwedivayisi.
2
Faka Umenzeli Wangaphambili
KULESI sigaba Ukucushwa Okuzenzakalelayo Kwefekthri | 2 Ukulungiselelwa Okudingekayo Umsebenzisi | 2
I-Factory Default Config
I-Factory Default config iwukulungiselelwa kudivayisi lapho iqalisa okokuqala ngemva kokukhishwa esitsheni sokuqala sokuthumela (ngaphambi kokuthi uyixhume kunethiwekhi). Zonke izilungiselelo zalokhu kulungiselelwa ziyizilungiselelo ezizenzakalelayo ezivela kumthengisi wenguqulo ye-OS efakiwe.
Ukulungiselelwa Okudingwa Ngumsebenzisi
Abasebenzisi kufanele balungise amadivayisi ngaphambi kokuba atholakalele ukulungiselelwa yiJuniper Apstra. Lokhu kungafezwa ngalezi zindlela ezilandelayo: · Isikripthi se-ZTP esizenzakalelayo sokuqalisa · Ukucushwa okwenziwa ngesandla nge-console port Ungasebenzisa noma iyiphi indlela, kodwa ikheli lasesizindeni se-inthanethi kufanele lengezwe embotsheni yokuphatha ye-Ethernet ngaphambi kokuba i-ejenti ye-Apstra ifakwe. Abaphathi bavamise ukusetha lezi zinketho ezilandelayo ngaphambi kokuqhubeka: · Ikheli lasesizindeni se-inthanethi · Isango Elizenzakalelayo Lokuphatha · Shintsha igama lomsebenzisi/iphasiwedi ezenzakalelayo (uyazikhethela kwezinye izinkundla) · Engeza okhiye abathembekile kudivayisi ukuze ufinyelele ukude (uyazikhethela) · Engeza ama-IP noma amanethiwekhi angaphansi ukuze ungene ukude. (uma uthanda) · Khubaza izinsiza ngokuya ngezidingo zokuphepha (uma uthanda)
3
Ngemva kokuba lokhu sekuqediwe, umlawuli uqalisa ukufakwa komenzeli wedivayisi ye-Apstra ngokusebenzisa Iseva ye-Apstra noma ngeskripthi sokuqalisa se-ZTP sangaphambilini.
Faka i-post-ejenti
KULESI sigaba Ukucushwa Okuhlanzekile | 3 I-Discovery-1 (Vuma Idivayisi) | 4
Ukucushwa Okuhlanzekile
Uma ufaka umenzeli we-onbox kudivayisi (noma umenzeli we-offbox kuseva), idivayisi ixhuma futhi ibhalise neJuniper Apstra esimweni sokuvalelwa. Kuye ngohlobo lomthengisi ne-ejenti, i-Juniper Apstra isebenzisa ukucushwa kwengxenye ekucushweni kwangaphambi kwe-Apstra. Lokhu kulungiselelwa kubizwa ngokuthi ukucushwa kwe-Pristine. Ukucushwa kwe-Pristine kuyisisekelo sakho konke ukulungiselelwa kwedivayisi okulandelayo. Uma i-enable_push_quarantine_config variable inikwe amandla ku-aos.conf file, izinguquko ezilandelayo zenziwa kumadivayisi: · Zonke izimbobo zendwangu ziyavalwa lapho idivayisi igibele. Ukucushwa kwe-Pristine akuqinisekisiwe; yamukelwa yiJuniper Apstra ngaphandle kokuhlolwa. Ukuqinisekisa akuvimbeli kulokhu kulungiselelwa ngoba i-Apstra ithatha ukuthi ukucushwa kwe-pristine kulungile futhi sikungenisa kusuka kudivayisi. Qaphela ukuthi amaphutha ekucushweni kwe-Pristine angabangela izinkinga ezinkulu kumjikelezo wempilo wedivayisi.
QAPHELA: Uma ufaka i-ejenti kudivayisi, noma yikuphi ukucushwa obekuvele kukhona kuba yingxenye ye-Pristine Config, okusho ukuthi ifakiwe kuwo wonke umjikelezo wempilo wokulungiselelwa kwedivayisi. Noma yiziphi izilungiso ozenzayo zizoba nomthelela wesevisi.
Izinto ezivame ukusethwa ekucushweni okumsulwa zihlanganisa: · Isibhengezo
4
· Izilungiselelo ze-Tacacs AAA · Izilungiselelo ze-TCAM · Izilungiselelo zokungena · Okunye ukucushwa ukuze unike amandla ukuqapha okuvela eceleni. Ukucushwa kwe-Pristine kuphinda kusetshenziswe kukho konke ukuphusha kokucushwa Okugcwele okuvela kwa-Apstra. I-Apstra ihlanganisa ukucushwa kwe-Pristine kanye nokucushwa okukhiqizwa yi-Apstra ukuze idale ukucushwa Okugcwele okutshalwe kuswishi. Ngaphambi kokukhishwa kwe-Apstra 3, ukungeza into entsha yokusetha ku-Pristine config ngemva kokuthi idivayisi isiqalile ukusebenza, (ukusebenza kosuku4.2) kwakudinga ukuthi idivayisi ikhishwe Kusistimu ye-Apstra futhi ingeniswe kabusha. Ku-AOS 2 kanye nokukhishwa okulandelayo, izinguquko ekucushweni okuhlanzekile zingenziwa ngenkathi iswishi iku-Blueprint.
I-Discovery-1 (Vuma Idivayisi)
Uma wazisa idivayisi, uyibeka esimweni Sokulungela futhi uyayivuma ku-Apstra UI. Lokhu kuvuma kukhombisa i-Apstra ukuthi ufuna i-Apstra iphathe idivayisi. Njengomphumela, i-Apstra yengeza ukucushwa kwesisekelo esincane (I-Discovery-1) ku-Pristine config. Lokhu kulungiselelwa kwesisekelo, noma i-Discovery-1, ibalulekile ekusebenzeni komenzeli we-Apstra futhi isebenzisa ukucushwa okuphelele (Ukuphusha okugcwele kokulungiselelwa), okuvala konke ukulungiselelwa okukhona ukuze kuqinisekiswe ubuqotho bokucushwa. Lokhu kulungiselelwa kokuphusha kwenza lokhu okulandelayo: · Zonke izixhumi ezibonakalayo zinikezwa ngesivinini esibonakalayo kuchwepheshe wedivayisi owabelwefile · Zonke izixhumanisi azikho ukuvala shaqa okukuvumela ukuthi wenze kanjalo view Imininingwane yomakhelwane be-LLDP · Zonke izixhumanisi zithuthelwa kumodi ye-L3 (okuzenzakalelayo) ukuze kuvinjwe idivayisi ekubeni ibambe iqhaza endwangu.
QAPHELA: Amadivayisi avunyiwe awakwazi ukumane asuswe. Njengoba idivayisi isenomenzeli osebenzayo ofakiwe, amadivayisi azovela kabusha phakathi kwamasekhondi. Ukuze ususe idivayisi kusukela kubaphathi be-Apstra, bona okuthi Khipha (Yeka amandla) Idivayisi kokuthi Amadivayisi Aphethwe ukuze uthole ukugeleza komsebenzi okuphelele.
5
Idivayisi Yengezwe Ku-Blueprint
KULESI SIGABA I-Discovery-2 (Nika Idivayisi) | 5 Ukucushwa Kwegolide | 6
I-Discovery-2 (Nika idivayisi)
Uma wabela idivayisi kupulani futhi usetha Imodi Yokuphakelwa kokuthi Ilungile, uyibeka esimweni SokuLungela (Ukuthola 2). Idivayisi ingu-staged, kodwa ayikazibophezeli (isetshenzisiwe) kupulani elisebenzayo. I-Ready config isebenzisa ukucushwa okuphelele (Ukuphusha okugcwele kokusetha) ukuze kuqinisekiswe ubuqotho bokucushwa. Ukucushwa okukulungele kuletha izixhumi ezibonakalayo zenethiwekhi futhi kulungise izincazelo zokusetshenziswa kubonwa futhi kuqinisekisa i-telemetry, njenge-LLDP, ukuze kuqinisekiswe ukuthi ifakwe izintambo ngendlela efanele futhi yamiswa. Lokhu kulungiselelwa akuphazamisi kwezinye izinsiza kule ndwangu. Izixhumanisi ziphezulu, kodwa zicushwe kumodi ye-L3 ukuvimbela ukusebenza kwe-STP/L2.
Ithebula elingezansi libonisa i-Discovery-1 nge-Service Config, kanye nezinsizakalo ze-L2/L3 ezenziwa ngokukhetha.
Ukucushwa kwe-Discovery-1 (Vuma Idivayisi).
Ukucushwa kwe-Discovery-2 (Nika idivayisi).
Ukumiswa kwesevisi
Idivayisi isilungele ukuphathwa yi-Apstra
Idivayisi yabelwe ipulani kodwa Idivayisi yabelwe ipulani ayizange isetshenziswe
6
Iphushwa nini?
Iphushwa nini?
Iphushwa nini?
· Idivayisi exhunywe ku-Apstra
· Idivayisi exhunywe ku-Apstra
· Idivayisi exhunywe ku-Apstra
· Ilungele Isevisi
· Ulungele isevisi
· Ulungele isevisi
· Ayabelwe ku-Blueprint
Yini eku-Discovery-1 Config?
· Zonke izimbobo phezulu ngemodi yomzila & ngesivinini esizenzakalelayo
· Akukho ukucushwa kwe-BGP
· I-LLDP inikwe amandla kudivayisi
Umgomo: Nika amandla ukutholakala okuzenzakalelayo (phezulu) kodwa ungaphazamisi ukushintsha (imodi yomzila)
· Kwabelwe ipulani · Imodi yokuphakela yedivayisi “isilungile” Yini ekulungiselelo lwe-Discovery-2? · Zonke izimbobo up in mode umzila & at
isivinini/ukuphuma njengoba kuchazwe epulanini · izincazelo zesixhumi esibonakalayo · Igama lomethuleli · Akukho ukucushwa kwe-BGP
· Kwabelwe ipulani, imodi yokuphakela yedivayisi ithi “khipha”
Yini ekulungiselelo lwesevisi?
· Wonke amachweba phezulu ngemodi yomzila & ngesivinini/ukuqhuma njengoba kuchazwe kupulani
· Ukucushwa kwegama lomethuleli
· Ukucushwa kwe-BGP
Umgomo: Faka idivayisi kusevisi
Umgomo: Nika amandla ukuqinisekiswa kwekhebula ngaphambi kokuphakela ukulungiselelwa kwesevisi kudivayisi
Ukucushwa Kwegolide
Ngemuva kokuthunyelwa okuphumelelayo ngakunye okuphumelelayo, ukucushwa okusebenzayo kuyaqoqwa futhi kugcinwe ngaphakathi njengokucushwa kweGolide.
I-Rendered config iwukucushwa okukhiqizwe kusuka ku-stagipulani ye-ed. Noma yimuphi umehluko phakathi kokusebenza kwangempela okulungiselelwe okunikelwe kanye nokucushwa okusagolide kuphumela ekuphambukeni kokucushwa kudeshibhodi yepulani. Ukulungiselelwa okusagolide kubuyekezwa ngaso sonke isikhathi lapho ukusunduza okulungiselelwe kusetshenziswa ngempumelelo kudivayisi.
Ukucushwa okusagolide ukucushwa kwedivayisi ngemva kokuphumelela kokugcina kohlelo lokusebenza. Ezimweni ezithile ezikhethekile, abasebenzisi bangashintsha ukucushwa ngokuqondile kudivayisi futhi batshele i-Apstra ukuthi ibambe lokhu kuchezuka njengeGolden. Lokhu akunconyiwe kunoma iyiphi ingxenye yedivayisi i-Apstra eyilungisa ngokuqondile. Sincoma kakhulu ukuthi usebenzise izilungiselelo ukuze ulawule lokhu kulungiselelwa. Kubalulekile ukuqaphela, ukwamukela izinguquko zokumisa akuphikisi.
Amaphuzu abalulekile:
7 · Ukuthunyelwa kokucushwa okuyimpumelelo ngakunye kuphumela ku-Golden Config ebuyekeziwe. · Uma ukuthunyelwa kokucushwa kwehluleka, i-Golden Config ayisethiwe. Lokhu kusho kokubili ukuchezuka kokucushwa kanye
ukwehluleka kokuthunyelwa kuyaphakanyiswa. · I-telemetry yokumisa esebenzayo iqoqwa ngokuqhubekayo futhi ifaniswe ne-Golden Config.
Noma yimuphi umehluko uholela ekuphambukeni okudidayo. · Ukucushwa okudidayo 'kungacindezelwa' kusetshenziswa isici esithi "Yamukela Izinguquko". Lokhu akukwenzi
kusho ukuthi uguquko lwengezwe ku-golden config noma Inhloso.
Ukucushwa okusagolide kuyisisekelo se-Apstra sokuqinisekisa ukuthi idivayisi isesimweni esamukelekayo, ngokuvumelana nenhloso emisiwe. Lokhu kuvumelanisa kuphoqelelwa ngemonitha esebenza kanye njalo ngemva kweminyaka engu-60 kudivayisi.
Ukuphatha Umehluko Phakathi Kokucushwa Kwesevisi kanye Nokucushwa Kwegolide
KULESI sigaba Imisebenzi Yokulungisa | 8 Khipha/Vula | 8 Yehlisa | 9
8
Imisebenzi Yokulungisa
Khipha/Khipha
I-Apstra ivumela opharetha ukuthi akhiphe kalula ithrafikhi kudivayisi esendwangu ngaphandle kokuba nomthelela ekuhambeni kwe-TCP ekhona. Izinguquko zokumisa kulesi simo zifaka: · Amamephu omzila angenayo/aphumayo komakhelwane be-L3 · Izimbobo ezibheke kwiseva ye-L2 zivaliwe · Izimbobo zontanga ze-MLAG/ESI zivalekile Kumaseva e-L2 · Iziteshi zembobo ze-MLAG zontanga kanye nezixhumanisi zebhondi kunoma iyiphi i-NOS azivalekile. ishintshile. · Ku-Arista EOS, Cisco NX-OS, zonke izixhumanisi eziya kumaseva e-L2 kupulani ziyavaleka. Kumaswishi Enethiwekhi ye-L3 Lolu cingo lisebenzisa amamephu emizila angenayo/yaphumayo anezitatimende 'zokuphika' ukuvimbela izikhangiso eziya ku-0.0.0.0/0 le 32. Lokhu kuqinisekisa ukugeleza kwe-L3 TCP okungaphazamiseki. Amaseshini e-TCP aphinde amiswe ngemva kwemizuzwana embalwa, noma axoxisane ngembobo entsha ye-TCP. Imbobo entsha ye-TCP ikhuthaza ukuthi amadivayisi ahanjiswe kumzila omusha we-ECMP kusukela kuzixhumanisi ezitholakalayo. Njengoba ingekho imizila ye-ECMP etholakalayo phambi kwemephu yomzila, ithrafikhi idlula idivayisi kumodi ye-Drain. Idivayisi ikhishwe ithrafikhi futhi ingakhishwa ngokuphephile endwangu ngokushintsha imodi ethi Khipha iye kokuthi Undeploy. Phakathi nenqubo yokukhipha amaseshini e-TCP (okungase kuthathe isikhathi, ikakhulukazi kuzimo ze-EVPN), ungalindela okudidayo kwe-BGP. Lokhu okudidayo kungokwesikhashana kodwa, futhi kuyaxazululwa ngemva kokuqedwa kokuthunyelwa kokucushwa. Ukushintsha imodi yokuphakela ku-Drain kudivayisi nakho kungathinta ukucushwa kwamadivayisi angomakhelwane, ngokwesibonelo.ample, lapho idivayisi yomgogodla ikhishwa, ukucushwa kwawo wonke amadivayisi axhunyiwe amaqabunga kuyashintsha. Imishini yamaqabunga angomakhelwane isebenzisa izihlungi zemizila yangaphakathi/ephumayo (amamephu wendlela) anezitatimende 'zokwenqaba (phika)' ukuze kuvinjelwe izikhangiso eziya ku-0.0.0.0/0 le 32, kuzo zombili i-EVPN (imbondela) kanye ne-FABRIC (ngaphansi). Ngokufanayo, lapho ukhipha idivayisi yeqabunga, ukucushwa kumadivayisi axhunyiwe omgogodla kuyashintsha. Imishini engumakhelwane yomgogodla isebenzisa izihlungi zemizila Engenayo/Ephumayo (amamephu wendlela) 'yenqaba (phika)' izitatimende ukuze uvimbele noma yiziphi izikhangiso ku-0.0.0.0/0 le 32, kuzo zombili i-EVPN (imbondela) kanye ne-FABRIC (i-underlay).
9 Endabeni ye-topology esekelwe ku-MLAG, ngaphezu kokucushwa kwemishini yomgogodla exhunyiwe eshintshayo, ukucushwa kwedivayisi yamaqabunga abhanqiwe nakho kuyashintsha.
Yehlisa ukusetshenziswa
Ukungasebenzisi idivayisi kususa ukucushwa kwesevisi okuphelele. Lawa madivayisi asenokulungiselelwa kwesevisi yawo evuliwe kodwa okudidayo kuyacindezelwa njengoba idivayisi cishe izokhishwa u-opharetha ekungaxhunyiwe ku-inthanethi. Uma ithrafikhi ikhona kudivayisi, sincoma ukuthi uyibeke kumodi ye-Drain (futhi wenze ushintsho) ngaphambi kokuthi uyisethe ku-Undeploy. IMIBHALO EHLOBANE
Sebenzisa Amamodi
I-Juniper Networks, ilogo ye-Juniper Networks, i-Juniper, ne-Junos yizimpawu zokuthengisa ezibhalisiwe ze-Juniper Networks, Inc. e-United States nakwamanye amazwe. Zonke ezinye izimpawu zokuthengisa, izimpawu zesevisi, amamaki abhalisiwe, noma izimpawu zesevisi ezibhalisiwe ziyimpahla yabanikazi bazo. IJuniper Networks ayinaso isibopho sanoma yikuphi ukungalungi kulo mbhalo. I-Juniper Networks igodla ilungelo lokushintsha, ukulungisa, ukudlulisa, noma ukubuyekeza lokhu kushicilelwa ngaphandle kwesaziso. Copyright © 2024 Juniper Networks, Inc. Wonke amalungelo agodliwe.
Amadokhumenti / Izinsiza
 |
Juniper NETWORKS Apstra Managed Amadivayisi [pdf] Umhlahlandlela Womsebenzisi Amadivayisi Aphethwe yi-Apstra, Amadivayisi Aphethwe, Amadivayisi |