Okuqukethwe fihla
1 IJuniper NCE-511 AI-Driven SD-WAN Reference Architecture
2 Imiyalo yokusetshenziswa komkhiqizo
3 Izisekelo Zokucushwa
4 Lungiselela IPsec Umhubhe
5 Dala Isicelo
6 Buyekeza isifanekiso se-WAN Edge
7 Isixhumanisi esisodwa se-WAN ne-Zone Redundancy ku-Microsoft SSE Solution
8 FAQ
9 Amadokhumenti / Izinsiza
9.1 Izithenjwa

I-Juniper-LOGO

IJuniper NCE-511 AI-Driven SD-WAN Reference Architecture

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -PRODUCT

Imininingwane

  • Umkhiqizo Igama: I-Juniper AI-Driven SD-WAN
  • Ukuhlanganisa: Isixazululo se-Microsoft SSE
  • Ishicilelwe Usuku: 2024-12-16

Ulwazi Lomkhiqizo
I-Juniper AI-Driven SD-WAN ihlanganisa ne-Microsoft's SSE Solution ukuze inikeze i-ex yokucushwa kwenethiwekhi.amples ngezimo zokusatshalaliswa. Isixazululo sinikeza izinzuzo ezifana nokusebenza kwenethiwekhi okuthuthukisiwe kanye nokuhlelwa kokuthunyelwa okuthuthukisiwe.

Imiyalo yokusetshenziswa komkhiqizo

Ukucushwa kokuhamba komsebenzi
Isib. sokucushwaample ihlanganisa ukudala nokusebenzisa isifanekiso segatsha esiyisisekelo sokuxhuma idivayisi. Ngaphambi kokucushwa, qinisekisa ukuthi unolwazi oludingekayo lwesayithi ngayinye, okuhlanganisa amakheli esixhumanisi se-WAN, ububanzi bamakheli obunganga be-BGP, inombolo ye-BGP AS, izimvume zokufinyelela, izidingo zomkhawulokudonsa, kanye nemodeli yokuphinda isetshenziswe.

Izisekelo Zokucushwa

  1. Dala isifanekiso segatsha esiyisisekelo sokuxhuma idivayisi.
  2. Lungiselela umhubhe we-IPsec.
  3. Hlobanisa i-traffic profiles.
  4. View i-network profile.
  5. Dala izinhlelo zokusebenza.
  6. Buyekeza izifanekiso ze-WAN Edge.
  7. Qinisekisa ukusebenza.

Izinketho zokumisa
Izinketho eziningi zokucushwa ziyatholakala ngamaleveli ahlukahlukene okungasebenzi. Ngokuya ngokusetha, ungamisa izixhumanisi ze-WAN eyodwa noma ezimbili nge-Microsoft's SSE Solution. Qiniseka ukuthi ulandela imihlahlandlela ecacisiwe yokulungiselelwa kwe-WAN Edge kanye ne-Microsoft's SSE Solution.

IJuniper AI-Driven SD-WAN kanye neMicrosoft's SSE Solution Integration—Network Configuration ExampI-(NCE)
I-Juniper Networks Configuration Exampi-le (NCE) ichaza indlela yokumisa nokusebenzisa imikhiqizo yeJuniper esimweni sokusetshenziswa esijwayelekile. Kule NCE, uzothola isimo sokusebenzisa esine-topology, imininingwane yokumisa, nokuphuma kokuqinisekisa kokucushwa. Funda kabanzi ukuze uhlele futhi ulungiselele ukusetshenziswa kwenethiwekhi yakho.

Izinzuzo Isixazululo

  • Lokhu kulungiselelwa kwenethiwekhi isibampI-le (NCE) ichaza ukuhlanganiswa ongakuzuza phakathi kweJuniper AI-Driven SD-WAN nesixazululo se-Microsoft SSE. I-NCE ichaza izinzuzo zokuhlanganisa izixazululo futhi inikeze ama-ex amaningiample ukucupha okuhlanganisa izinyathelo zokuqinisekisa.
  • Isixazululo se-Microsoft se-Secure Service Edge (SSE) esisekelwe emafini sihlanganisa i-Microsoft Entra Internet Access kanye ne-Microsoft Private Access, ngaphansi komkhiqizo we-Global Secure Access. Isixazululo seJuniper AI-Driven SD-WAN sinikeza ukufinyelela okungenamthungo kusixazululo se-Microsoft SSE kusuka ezindaweni zamagatsha nehhovisi. Lokhu kuhlanganiswa kuzenzakalela kusetshenziswa izifanekiso zedivayisi ezikalayo ukuze kudambiswe umthwalo wokusebenza wokuphakela isevisi kumasayithi amaningi. Lo mhlahlandlela uchaza ukuthi ungasimisa kanjani isixazululo se-Microsoft SSE kanye nesifanekiso seJuniper Mist WAN Edge sokuxhuma.

Lo mbhalo unika amandla i-topology eboniswe kuMfanekiso 1 ekhasini 2. Umhubhe we-IPsec ulungiselelwe phakathi kwedivayisi ye-SD-WAN ye-Juniper AI-Driven, eyaziwa nangokuthi iJuniper Session Smart Router (SSR), kanye nesixazululo se-Microsoft SSE sisebenzisa i-Secure Edge Connector. ngaphakathi kwesifanekiso se-WAN Edge. Ukwengeza, i-BGP phezu koxhumano lwe-IPsec imisiwe ukuze ifunde ngokuguquguqukayo izindawo zomzila kusuka kusixazululo se-Microsoft SSE. Uma isetshenziselwa ukufinyelela kwe-Microsoft 365, amakheli akhangisiwe esixazululo se-SSE se-Microsoft asetshenziselwa ukunquma ithrafikhi ethunyelwa kusevisi kunesichazamazwi sohlelo esisekelwe ku-WAN Edge.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (1)

Ukucushwa kokuhamba komsebenzi
Ukulandelana kwemisebenzi kulesi sibample:

  1. Dala futhi usebenzise isifanekiso segatsha esiyisisekelo soxhumo lwedivayisi. Ukwakhiwa kwesifanekiso esiyisisekelo kungaphandle kwalo mhlahlandlela, kodwa ithempulethi ye-WAN Edge ingase ibe yodwa noma i-SD-WAN ngokuvikeleka kunikwe amandla.
  2. Lungiselela inethiwekhi ekude ngaphakathi kwengosi ye-Microsoft Entra. Lokhu kuchaza izici zomhubhe we-IPsec futhi kuchaze izindawo zokugcina zomzila ukuze zifinyeleleke.
  3. Lungiselela I-Secure Edge Connector kusifanekiso sedivayisi. Lokhu kudala umhubhe we-IPsec wangokwezifiso kusixazululo se-Microsoft SSE futhi kuchaza imingcele yokubethela.
  4. Lungiselela intanga ye-BGP yesevisi yesixazululo ye-Microsoft SSE ukuze ufunde izindawo okuyiwa kuzo ze-Microsoft 365 ngamandla.
  5. Lungiselela uhlelo lokusebenza ukuvumela ithrafikhi ukuthi iqondiswe emhubheni we-IPsec. Lolu hlelo lokusebenza luzosetshenziswa kunqubomgomo yohlelo lokusebenza ukuvumela amanethiwekhi amaklayenti ukuthi afinyelele imizila efundiwe ye-BGP.
  6. Lungiselela inqubomgomo yohlelo lokusebenza ngenethiwekhi kanye nohlelo lokusebenza, kodwa ayikho inqubomgomo yokuqondisa kwethrafikhi ebonisa ku-WAN Edge ukuthi ithebula lomzila kufanele lisetshenziselwe izindawo ezifundiwe.

Ukuhlela Ukuhlela
Ngaphambi kokucushwa, ulwazi olulandelayo kufanele lutholakale kusayithi ngalinye:

  1. Ikheli lomphakathi lezixhumanisi ze-WAN ezisetshenziswa ukufinyelela isevisi yesixazululo ye-SSE ye-Microsoft. Ngalesi sikhathi, amakheli e-WAN amile kuphela angasetshenziswa ukuze kufinyelelwe isevisi.
  2. Ibanga elilodwa noma amabili/29 amakheli atholakalayo ku-BGP yokubuka phakathi kwe-WAN Edge loopback nesixazululo se-Microsoft SSE. Lapho kudingeka ukuphinda kusetshenziswe indawo, izigaba zamakheli ezimbili ziyadingeka.
  3. I-BGP AS ezosetshenziswa isixazululo se-Microsoft SSE. Lokhu kungase kube kububanzi be-AS obuyimfihlo obungasetshenziswa kwenye indawo kunethiwekhi yebhizinisi.
  4. Amanethiwekhi nabasebenzisi abanikezwe ukufinyelela kusixazululo se-Microsoft SSE.
  5. Ububanzi obufiselekayo kusayithi ngalinye. Lokhu kusetshenziswa ekucushweni kwenethiwekhi okukude ngaphakathi kwengosi ye-Microsoft Entra.
  6. Imodeli efiselekayo yokuphinda isetshenziswe kusayithi ngalinye. Izinketho zifaka i-WAN eyodwa/embili ye-WAN Edge kanye neNdawo eyodwa/embili yesixazululo se-Microsoft SSE. Ukucushwa kwe-WAN eyodwa/okukabili kungase kusetshenziswe ne-SSR eyodwa noma i-HA SSR.

Izinketho zokucushwa kanye nokugeleza komsebenzi
Izinketho ezimbalwa zokucushwa ziyatholakala ngamaleveli ahlukahlukene wokuphelelwa umsebenzi. NgeJuniper SSR WAN Edge, kungenzeka ukuthi ulungiselele indawo eyodwa enokuxhumana okukodwa noma okubili kwe-WAN okuxhunywe kusixazululo se-Microsoft SSE. Irutha ye-HA SSR enenodi embaxambili kufanele imiswe ngezisetshenziswa ezimbili ze-WAN ezixhunywe kusixazululo se-Microsoft SSE.

QAPHELA: Uma ukuphindaphinda kwendawo kulungiselelwa kusixazululo se-SSE se-Microsoft, bese kulungiselelwa ontanga ababili be-BGP njengomzila omakhelwane emhubheni owodwa.

Izinketho ezintathu zokumisa zifakwe kulo mhlahlandlela:

  1. Isixhumanisi esisodwa se-WAN kanye nontanga kusixazululo se-Microsoft SSE. Lokhu kulungiselelwa kungase kusetshenziselwe ukusetshenziswa okuncane nokuhlola lapho ukuphinda kungadingeki.
  2. Isixhumanisi esisodwa se-WAN esinokwesekwa kwezindawo kusixazululo se-Microsoft SSE. Lokhu kulungiselelwa akuhlinzeki nge-redndancy ku-SSR WAN Edge kodwa kuhlanganisa ukwehluleka kwendawo etholakalayo kusixazululo se-Microsoft SSE. Le nketho ifakiwe ukukhombisa ukuthi ontanga ababili be-BGP bangase balungiselelwe kanjani kuwo wonke umhubhe ofanayo we-IPsec.
  3. Isixhumanisi se-Dual WAN sisebenzisa i-HA SSR enezindawo ezingafuneki umsebenzi ngomhubhe ngamunye kusixazululo se-Microsoft SSE. Lokhu kunikeza izinga eliphezulu lokungafuneki kwakho kokubili i-WAN Edge kanye nesixazululo se-Microsoft SSE. Ukuhluleka kwe-SSR node, isixhumanisi se-WAN noma indawo etholakalayo ye-Microsoft akuthinti ukuhamba kwethrafikhi kulokhu kulungiselelwa.

Ukungafuneki okwengeziwe nokuhluka kwesixhumanisi se-WAN kungase kulungiselelwe kusetshenziswa amabhulokhi okwakha ayisisekelo achazwe kulokhu kuhluka ngakunye.

Isixhumanisi esisodwa se-WAN kanye Nontanga ku-Microsoft's SSE Solution
Le nketho yokumisa ikhonjisiwe kumdwebo ongezansi.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (2)

Izisekelo Zokucushwa

Ngena ngemvume ku-Microsoft Entra portal ngalokhu URL, https://entra.microsoft.com, usebenzisa izifakazelo ezinezimvume zokuphatha ukuze ulungiselele isixazululo se-Microsoft SSE.

  1. Ku-Microsoft Entra Portal, zulazulela ku-Global Secure Access > Amadivayisi > Inethiwekhi yesilawuli kude.
  2. Khetha okuthi Dala inethiwekhi yesilawuli kude futhi unikeze Igama nemininingwane Yesifunda. Isifunda sicacisa isifunda se-Azure lapho esinye isiphetho somhubhe wakho sizoba khona (ukuphela kwesinye irutha ye-WAN Edge SSR egatsheni).
  3. Chofoza Okulandelayo.

DALA INETHEKISI EKUDE

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (3)

Lungiselela IPsec Umhubhe

  1. Khetha inkinobho ethi + Engeza isixhumanisi.
  2. Faka imininingwane elandelayo:
    1. Igama lesixhumanisi: Igama ledivayisi yakho ye-WAN Edge.
    2. Uhlobo lwedivayisi: Khetha okukodwa kokukhethwa kukho ohlwini lokudonsela phansi (Okunye noma iJuniper).
    3. Ikheli le-IP ledivayisi: Ikheli lasesizindeni se-inthanethi lomphakathi lesixhumanisi se-WAN esisetshenziselwa ukuxhuma ku-Microsoft.
    4. Ikheli ledivayisi ye-BGP: Ikheli lephrothokholi yesango lomngcele le-WAN Edge. Leli kuzoba ikheli le-Local BGP le-WAN Edge futhi lizoba phakathi kwebanga /29 elikhethelwe ukuxhuma. Ukuhlehla kontanga kuzokwenziwa kuphothali ye-Entra.
    5. I-ASN Yedivayisi: Nikeza ngenombolo yesistimu ezimele yenethiwekhi ye-WAN Edge. Ngokuzenzakalelayo, leli nani lingu-65000 kodwa lingase lilungiswe kusetshenziswa ama-Mist API.
    6. Ukungadingeki: Khetha okuthi Akukho ukuphinda usebenzise kabusha noma Ukuphinda usebenzise indawo yomhubhe wakho we-IPsec. Uma ukhetha ukunganakwa Kwendawo, kuzobe sekucushwa elinye ikheli lendawo le-BGP elingasadingeki.
      QAPHELA: I-Microsoft ikhawulela ukucushwa ohlwini lwama-ASN avumelekile.
    7. Umthamo womkhawulokudonsa (Mbps): Khetha umkhawulokudonsa womhubhe wakho we-IPsec.
    8. Ikheli lendawo le-BGP: Leli ikheli le-IP eliyimfihlo ngaphandle kwenethiwekhi yasendaweni ngaphakathi kwebanga /29 elikhethelwe ukuxhuma. Okwesiboneloample, uma idivayisi ye-BGP ikheli elikhethelwe kontanga ye-WAN Edge ngenhla ingu-10.99.99.1, bese usebenzisa 10.99.99.2.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (4)
  3. Chofoza Okulandelayo.
  4. Inqubomgomo ye-IPsec/IKE isethwe kokuthi Okuzenzakalelayo kodwa ishintshe iye kokuthi Ngokwezifiso.
  5. Ngemva kokukhetha Okwezifiso, khetha inhlanganisela yezilungiselelo ezifana ne-WAN Edge. Kulesi example, izilungiselelo ezilandelayo zikhethiwe:
    • Ukubethela
    • IKEv2 ubuqotho
    • Iqembu le-DH
    • Ukubethela kwe-IPSec
    • IPSec ubuqotho
    • Iqembu le-PFS
    • SA impilo yonke
      QAPHELA: Inqubomgomo ye-IPsec/IKE eshiwo kufanele ifane nenqubomgomo eku-WAN Edge.
  6. Review izilungiselelo ezivumelekile zenethiwekhi yesilawuli kude.
  7. Chofoza Okulandelayo.
  8. Faka ukhiye owabiwe ngaphambilini (PSK). Ukhiye ofanayo oyimfihlo kufanele usetshenziswe ku-CPE yakho.
  9. Khetha Engeza isixhumanisi.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (5)

Hlanganisa i-Traffic Profile

  1. Chofoza okuthi Okulandelayo noma ukhethe i-Traffic profileithebhu.
  2. Khetha iMicrosoft 365 traffic profile. Lokhu kuqinisekisa ukuthi ithrafikhi ye-Microsoft 365 kuphela ethunyelwa kusixazululo se-Microsoft SSE. Yonke ithrafikhi izolandela Inqubomgomo Yohlelo Lokusebenza emisiwe.
  3. Khetha u-Review + Dala.

QAPHELA: Khetha Dala inethiwekhi yesilawuli kude ukuze uqedele ukulungiselelwa kwenethiwekhi yesilawuli kude.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (6)

View Inethiwekhi Profile
Uma inethiwekhi yesilawuli kude isidaliwe, hamba ohlwini lwamanethiwekhi akude bese ukhetha View ukumisa. Lokhu kubonisa ifasitelana lomsebenzi elinemininingwane yokuxhuma yesango le-Microsoft. Imininingwane ihlanganisa izindawo zokugcina ezisesidlangalaleni zesango le-Microsoft SSE elingezwe ku-WAN, kanye namanani e-BGP kanye ne-ASN.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (7)

Dala Isicelo

  • Enye yezinzuzo zesisombululo se-SSE seMicrosoft ukuthi izinhlelo zokusebenza zeMicrosoft 365 zikhangiswa ngamandla ku-WAN Edge. Lokhu kusho ukuthi, njengoba izindawo ezivikelwe zibuyekezwa namakheli esevisi eshintshwa ngokuhamba kwesikhathi, isixazululo se-Microsoft SSE singakhangisa le mizila eya ku-WAN Edge ukuze ithuthwe ibheke kusevisi.
  • Enye yezinzuzo zeJuniper's AI-Driven SD-WAN ukuthi inqubomgomo yomzila ithi “Zero Trust.” Lokhu kusho ukuthi ngenxa yokuthi umzila ufundiwe, akusho ukuthi inethiwekhi ingafinyelela izindawo okufinyelelwa kuzo ngomzila okhangiswayo. Inqubomgomo yesicelo kufanele ivumele ngokusobala Inethiwekhi ukuthi ifinyelele isicelo.
  • Isici esiyingqayizivele se-Session Smart Router (SSR) ukuthi ingase ilungiselelwe ukuba ihambe ngaphandle kwemibandela iye endaweni kusetshenziswa Inqubomgomo Yokuqondisa, noma ilandele imizila efundwe ngaphakathi kwe-RIB (isisekelo solwazi lomzila noma ithebula lomzila). Uma inqubomgomo yokuqondisa ichazwa ukuze ithrafikhi idluliselwe endaweni kusixhumanisi se-WAN noma se-LAN (isibample, DIA), le nqubomgomo ibhala ngaphezulu noma yimiphi imizila efundiwe. Ngakho-ke, isevisi ye-inthanethi eqondiswe kusixhumi esibonakalayo sendawo (hhayi imizila efundiwe ngendlela eguquguqukayo ngembondela), ithatha indawo yokuqala kunemizila efundiwe uma ilungiselelwe kusifanekiso se-WAN Edge.
  • Uma isixazululo se-Microsoft SSE sisetshenziswa kukho konke ukugcwala kwe-inthanethi, bese kusetshenziswa uhlelo lwe-inthanethi olulula olunesiqalo esingu-0.0.0.0/0, futhi umsebenzisi unikezwa ukufinyelela ngaphandle kwenqubomgomo yokuqondisa njengoba kuboniswe ngezansi:Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (8)
  • Lokhu kuzotshela unqenqema lwe-WAN ukuthi luvumele “Ilebhu” Yenethiwekhi ukuthi isebenzise noma yimiphi imizila efundiwe noma ngembondela noma nge-IPsec kuya kusixazululo se-Microsoft SSE.
  • Nokho, uma isevisi ye-inthanethi isivele idaliwe futhi isebenzisa izinqubomgomo ze-DIA njengoba kuboniswe ku-example ngezansi, kufanele kudalwe uhlelo lokusebenza oluhlukile ukuze kusetshenziswe imizila efundiwe kuqala.
  • Indlela yokwenza lokhu ukuchaza uhlelo lwe-“IPSec” olucaciswe kakhulu kunohlelo lwe-inthanethi lwe-0.0.0.0/0. Uma iziqalo ezizofundwa zingaziwa (azikwazi ukulungiselelwa), bese udala uhlelo lokusebenza lwe-IPsec ngesiqalo esicaciswe kakhulu kuqinisekisa ukuthi ithebula lomzila lingeniswa lisuka kontanga ye-IPsec BGP futhi lisetshenziselwa amanethiwekhi avunyelwe.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (9)
  1. Kungosi ye-Mist, zulazula uye kokuthi Inhlangano > WAN > Izinhlelo zokusebenza.
  2. Chofoza Engeza Izinhlelo zokusebenza.
  3. Chaza igama lesicelo (isibample, IPSec). Bheka isithombe esingezansi.
  4. Khetha Izinhlelo zokusebenza zangokwezifiso.
  5. Faka iziqalo 128.0.0.0/1 kanye no-0.0.0.0/1 zamakheli e-IP. Lezi ziqalo zicaciswe kakhulu kunezihleliwe ezithi 0.0.0.0/0.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (10)
  6. Chofoza okuthi Londoloza bese uzulazulela kokuthi Inhlangano > WAN > Izifanekiso ze-WAN Edge.

Buyekeza isifanekiso se-WAN Edge

Kungosi ye-Mist, zulazulela ku-WAN Edge Template yedivayisi ye-Session Smart Router WAN Edge.

  1. Khetha Engeza Abahlinzeki ngaphansi kwe-Secure Edge Connectors ukuze uvule iphaneli yokumisa.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (11)
  2. Faka okufakiwe okulandelayo ukuze uhambisane nesixazululo se-Microsoft SSE:
    • Igama: (isibample, MicrosoftSSE)
    • Umhlinzeki: Ngokwezifiso
    • Iphrothokholi: IPSec
    • LocalID:
    • Ukhiye owabiwe ngaphambilini:
    • I-IP noma Igama Lomethuleli:
    • Umthombo we-IP:
    • I-ID yesilawuli kude:
    • I-WAN Interface:
    • Iziphakamiso ze-IPSec:
      • Ukubethela: aes256
      • I-algorithm yokuqinisekisa: sha2
      • Iqembu le-DH: 14
    • Iziphakamiso ze-IPSec:
      • I-Algorithm Yokubethela: aes_gcm256
      • Iqembu le-DH: 14
      • Ukuphila kwe-SA: imizuzwana engu-1800Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (12)Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (13)
  3. Chofoza Londoloza ezansi kwewindi.
  4. Dala Iqembu elisha le-BGP usebenzisa ibhokisi lengxoxo le-BGP.
    Sebenzisa amanani akhethwe ngaphambilini:
    • Igama:
    • Uhlobo: Kwangaphandle
    • Local AS: <65000 noma i-AS engeyona ezenzakalelayo ye-WAN Edge>Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (14)
  5. Khetha Engeza umakhelwane ebhokisini lengxoxo le-BGP.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (15)
  6. 6. Faka amanani alandelayo ontanga ye-BGP:
    • Ikheli lasesizindeni se-inthanethi: Ikheli lontanga le-BGP lesixazululo se-Microsoft SSE
    • Ongakukhetha: Engeza inqubomgomo ye-BGP yokungenisa/ukuthekelisa kwemizilaJuniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (16)
  7. Zulazulela kokuthi Izinqubomgomo Zohlelo bese uchofoza okuthi Engeza Inqubomgomo Yohlelo.
    • Inqubomgomo Yesicelo Yokungenisa
    • Engeza Inqubomgomo Yohlelo Lokusebenza
    • Hlela izinhlelo zokusebenza
  8. Usebenzisa igama lohlelo lokusebenza elidalwe ezinyathelweni ezingenhla, engeza inqubomgomo ukuze uvumele amanethiwekhi afiswayo ukuthi afinyelele kuhlelo lokusebenza oluqondile lwe-“IPSec” kusetshenziswa ithebula lomzila. Ukushiya Inqubomgomo Yokuqondisa ingenalutho kuyala i-SSR ukuthi isebenzise ithebula lomzila ngeziqalo ngaphakathi kwebanga lohlelo lokusebenza oluchaziwe.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (17)
  9. Zulazulela phezulu Kwesifanekiso bese uchofoza Londoloza.
    Qinisekisa Ukusebenza
    • Uma isifanekiso sesibuyekeziwe, ukucushwa kwe-IPsec kuzophushwa kudivayisi ye-WAN Edge. Uma kungokokuqala ngqa ukusetshenziswa kwe-IPsec, lokhu kuzothatha isikhathi ukulanda isofthiwe/ukulungiselela.
    • Uma ukucushwa kwe-IPsec sekusetshenzisiwe, ungakwazi view isimo se-IPsec ngaphansi kwe-WAN Edge > > Imininingwane Yesixhumi Se-Edge.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (18)
    • Isimo somakhelwane be-BGP singatholakala ngaphansi kwe-Monitor > Insights > WAN Edge.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (19)
    • Kungase kube usizo ukuya kumathuluzi okuhlola ukuze ubone imizila efundiwe ngaphansi kwe-WAN Edge > Izinsiza > Amathuluzi Okuhlola > Imizila > Bonisa Imizila. Esibonisini esingezansi, imizila efundwe nge-IPsec izoboniswa ne-Microsoft's SSE solution BGP peer njenge-hop elandelayo.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (20)

Isixhumanisi esisodwa se-WAN ne-Zone Redundancy ku-Microsoft SSE Solution

Le nketho yokumisa ikhonjisiwe kumdwebo ongezansi.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (21)

Kulokhu kucushwa, untanga wesibili we-BGP uyadalwa kusetshenziswa ukuphindaphindeka kwendawo ngaphakathi kwesixazululo se-Microsoft SSE. Landela izinyathelo ezichazwe ngenhla ngokungeza okulandelayo:

  1. Qiniseka ukuthi ukhetha ukuphinda usebenzise indawo lapho udala isixhumanisi senethiwekhi ekude ngaphakathi kwesixazululo se-Microsoft SSE njengoba kukhonjisiwe ngezansi. Lokhu kudala untanga wesibili we-BGP ongafinyelelwa ngesixhumanisi senethiwekhi esikude kanye nomhubhe we-IPsec kusukela ku-SSR.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (22)
  2. Dala untanga wesibili we-BGP usebenzisa iqembu elifanayo le-BGP ngaphakathi kwesifanekiso sedivayisi ku-Mist. Ikheli lontanga lingase litholakale ngaphakathi kokucushwa kwe-SSE njengoba kukhonjisiwe.Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (23)

I-Dual WAN Link Esebenzisa i-HA SSR ene-Zone Redundancy Per Tunnel ku-Microsoft SSE Solution
Le nketho yokumisa ikhonjisiwe kumdwebo ongezansi.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (24)

Kulokhu kucushwa, kokubili isixhumanisi sesibili kanye ne-BGP yesibili kontanga isixhumanisi ngasinye kwakhiwa kusetshenziswa ukuphindaphindeka kwendawo ngaphakathi kwesixazululo se-Microsoft SSE. Landela izinyathelo ezichazwe ngenhla ngokungeza okulandelayo:

  1. Qiniseka ukuthi ukhetha ukuphinda usebenzise indawo lapho udala izixhumanisi njengoba kuchazwe ngenhla.
  2. Dala intanga yesibili ye-BGP ngaphakathi kokucushwa kweqembu le-BGP okufanayo elikhomba ku-SEC Tunnel njengenethiwekhi yokubuka.
  3. Dala isixhumanisi sesibili ngaphakathi kwesixazululo se-Microsoft SSE senethiwekhi efanayo yesilawuli kude. Lesi sixhumanisi singase sengezwe phakathi nokulungiselelwa kwenethiwekhi kokuqala noma sengezwe kusetshenziswa ibhokisi lengxoxo lenethiwekhi yesilawuli kude eliboniswe ngezansi. Khetha Inethiwekhi Ekude > Igama Lenethiwekhi Ekude > Izixhumanisi > Engeza isixhumanisi.
  4. Phinda izinyathelo ezingenhla ukuze ungeze esinye Isixhumi Se-Edge Evikelekile ngaphakathi kwesifanekiso sedivayisi ku-Mist. Lokhu kunikeza ithuba lokuqondisa umhubhe ngaphandle kwesixhumi esibonakalayo sesibili ekucushweni kokutholakala okuphezulu.
  5. Dala Iqembu lesibili le-BGP elabelwe Isixhumi Se-Secure Edge sesibili. Leli qembu labelwe isixhumi sesibili (umhubhe we-SEC) njengesixhumi esibonakalayo esiphumayo.
  6. Dala ipheya yesibili yontanga be-BGP ngaphakathi kweQembu le-BGP usebenzisa isixhumanisi esengeziwe kanye nokucushwa kokubuka kwe-BGP ngaphakathi kwesixazululo se-Microsoft SSR.

Juniper-NCE-511-AI-Driven-SD-WAN-Reference-Architecture -FIG- (25)

I-Juniper Networks, ilogo ye-Juniper Networks, i-Juniper, ne-Junos yizimpawu zokuthengisa ezibhalisiwe ze-Juniper Networks, Inc. e-United States nakwamanye amazwe. Zonke ezinye izimpawu zokuthengisa, izimpawu zesevisi, amamaki abhalisiwe, noma izimpawu zesevisi ezibhalisiwe ziyimpahla yabanikazi bazo. IJuniper Networks ayinaso isibopho sanoma yikuphi ukungalungi kulo mbhalo. I-Juniper Networks igodla ilungelo lokushintsha, ukulungisa, ukudlulisa, noma ukubuyekeza lokhu kushicilelwa ngaphandle kwesaziso. Copyright © 2024 Juniper Networks, Inc. Wonke amalungelo agodliwe.

FAQ

Q: Yiluphi ulwazi oludingekayo ngaphambi kokumisa inethiwekhi?
A: Ngaphambi kokucushwa, udinga ukuba namakheli omphakathi ezixhumanisi ze-WAN, ububanzi bamakheli obunganga be-BGP, inombolo ye-BGP AS, izimvume zokufinyelela, izidingo zomkhawulokudonsa, kanye nemininingwane yemodeli yokungadingeki kusayithi ngalinye.

Q: Zingaki izinketho zokumisa ezifakwe kumhlahlandlela? 
A: Umhlahlandlela uhlanganisa izinketho ezintathu zokumisa: Isixhumanisi esisodwa se-WAN kanye nontanga ku-Microsoft's SSE Solution, isixhumanisi esisodwa se-WAN esinokungadingeki kwezindawo ku-Microsoft's SSE Solution, kanye nesixhumanisi se-Dual WAN sisebenzisa i-HA SSR enokungafuneki kwendawo ngomhubhe ngamunye ku-Microsoft's SSE Solution.

Amadokhumenti / Izinsiza

IJuniper NCE-511 AI-Driven SD-WAN Reference Architecture [pdf] Umhlahlandlela Womsebenzisi
I-NCE-511 AI-Driven SD-WAN Reference Architecture, NCE-511, I-AI-Driven SD-WAN Reference Architecture, Reference Architecture, Architecture

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *