1、ACI方案,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,1,互联网电商大数据,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,2,应用服务器应用程序,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,3,文件服务器文件,数据库服务器数据库,2012 Cisco and/or its affiliates
2、.All rights reserved.,Cisco Confidential,4,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,5,基础架构,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,6,应用系统,业务需求,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential7,应用系统 语言,人工翻译由于相互之间
3、的不熟悉,如何确保需求翻译的正确性?#,高并发,大流量 高可用:#7*24 海量数据用户分布广泛安全:#网站受攻击,密码泄 露需求快速变更,发布频繁,基础架构 语言,端口数量核心层、接入层带宽速率,VLAN划分,IP地址规划 防火墙,QoS,负载均衡CPU、内存、网卡、存储,应用系统团队,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,8,Application Tiers,Provider/Consumer Relationships,基础架构团队,VLANs,SubnetsProtocols,
4、Ports,应用系统 和 基础架构人员必须相互翻译自己的语言,如何跨越这个障碍?#,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,9,架构师,懂业务,熟系统,熟悉网络、服务器、防 火墙,在哪里?#,有其他的办法吗?#,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,10,Soni Jiandani,2012 Cisco and/or its affiliates.All rights reserve
5、d.,Cisco Confidential,11,Application Centric Infrastucture以应用为中心的基础架构,安全保护,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,12,负载均衡,与数据库相连,应用需求,应用(WEB)高带宽,中间件,数据库与中间件相 连低延迟,数据库,WEB,防火墙 负载均 衡,负载均 衡,ACI将应用的语言翻译成网络的语言,网络需求,VM 1,Server1,Server 2,Server 1,中间件VM 2LXC 1,全系列产品线一览,201
6、2 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,13,应用策略架构控制 器,开放标准,拥抱开源,NEXUS9000 系列交换机,业界领先的合作伙伴,APIC,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,14,Servers,Servers,sticky-serverfarm sn_cookie,class FOO_APP_VIP_CLASS,2012 Cisco and/or its affiliate
7、s.All rights reserved.,Cisco Confidential,15,policy-lmoaapdbmaullatnic-emavticph iFnOsOeWrEvBi-cVeIPclass FOOWEB_VIP_CLASS,vLAN 666,DB,L3vLAN 111,FWvLAN 222,www,www,www,vLAN 444,App Servers,FW,SLB,app,app,FW,switch1(config)#switch1(config)#int eth 1/1switch1(config)#switch mode acc,switch1(config)#s
8、witch acc vlan 666,switch1(config)#no shut,switch2(config)#switch2(config)#int eth 1/2-3switch2(config)#switch mode acc switch2(config)#switch acc vlan 111sswwiitcthc2(hc3on(fcigo)n#fnio gs)hu#tswitch3(config)#int eth 1/4-5 switch3(config)#switch mode acc,switch3(config)#switch acc vlan 222,SSL SLBv
9、LAN 333,sswwiticth3c(hco4n(ficgo)#nfnoigsh)u#t switch4(config)#int eth 1/6 switch4(config)#switch mode acc switch4(config)#switch acc vlan 333 switch4(config)#no shut switch4(config)#int eth 1/7-9,switch4(config)#switch mode acc,switch4(config)#switch acc Wvleanb333,switch4(config)#no shut,vLAN 555,
10、vLAN 777,switch5(config)#switch5(config)#int eth 1/10-11switch5(config)#switch mode acc switch5(config)#switch acc vlan 444 switch5(config)#no shut switch5(config)#int eth 1/11-15 switch5(config)#switch mode acc switch5(config)#switch acc vlan 555 switch5(config)#no shutswitch5(config)#monitor sessi
11、on 1 source vlan,555,switch5(config)#monitor session 1 desteth 1/16,switch6(config)#switch6(config)#int eth 1/16-19switch6(config)#switch mode acc switch6(config)#switch acc vlan 777 switch6(config)#no shutswitch6(config)#monitor session 1 source vlan 777switch6(config)#monitor session 1 desteth 1/2
12、0,rserver websrvr2 80,crypto csr-params testparms,organization-unit you,cert fooyou.cer,router(config)#router(config)#int eth 1router(config)#ip add 6.6.6.1 255.255.255.0 router(config)#not shutrouter(config)#int eth 2router(config)#ip addr 1.1.1.1 255.255.255.0 router(config)#no shutrouter(config)#
13、router eigrp 100frowu1te(rc(coonnffiig)g#)n#etwork 6.6.6.0 mask 255.255.255.0frwo1u(tceorn(fciogn)f#igi)n#t neettwhor0k/1.1.1.0 mask 255.255.255.0frwo1u(tceorn(fciogn)f#ign)a#meiipf rouotuetsi0d.e0.0 0 0.0.0.0 6.6.6.254 fw1(config)#int eth 0/2fw1(config)#nameif webfront 20 fw1(config)#object network
14、 webfront_vip fw1(config)#host 6.6.6.6sfwl1b(c1onf(iCg)O#NFsItaGt)ic(webfront,outside)1.1.1.6pfrwo1b(ecohntftipg)h#ttapc-cpersosb-elist outside_webpermit tcp any host 6.6.6.6 eq 80fiwn1t(ecrovnaflig3)0#access-list outside_webpermit tcp any host 6.6.6.6 eq 443 fewx1p(eccotnfsitga)t#usac2c0e0ss2-0g0ro
15、up outside_webin interface outsiderserver host websrvr1 description foo web server ip address 3.3.3.1 inservicerserver host websrvr2description foo web serverfipw2ad(dcreosns f3i.3g.)3.#2fiwn2s(ecrovnifcieg)#int eth 0/1 rsefrwv2e(rcohnofsitg)w#ebnsarmveri3f webfront 20fdwe2s(ccroinpftigo)n#foiontwet
16、hse0r/v2er fiwp2(acdodnrfeisgs)#3.3n.a3m.e3if appfront 50 fiwn2s(ecrovnifcieg)#object network appfarm_vipserfvwe2r(fcaornmfihgo)s#t hFoOsOtWE5B.F5A.R5M.5,fpsrlo(bbe2onhft(tgpC-OprNnoFabteIG(a)ppfront,webfront)static 4.4.4.4,IDS/IPS frws2e(rcvoenrfiwheobsstrvarcpcpess8rs0v-rl1ist web_to_app permit tcp any host 4.4.4.4 eq 8081,idnescriipcteion foo app server,ip address 5.5.5.1,inservicerserver wheobsstrvarp3ps8r0vr2 inserdveiscceription foo app server,cryptiop gaednderreastse 5k.e5y.51.0224 fooyou.key,i
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1