大数据架构设计方案 ppt课件PPT格式课件下载.pptx

1、ACI方案,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,1,互联网电商大数据,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,2,应用服务器应用程序,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,3,文件服务器文件,数据库服务器数据库,2012 Cisco and/or its affiliates

2、.All rights reserved.,Cisco Confidential,4,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,5,基础架构,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,6,应用系统,业务需求,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential7,应用系统 语言,人工翻译由于相互之间

3、的不熟悉，如何确保需求翻译的正确性？#,高并发，大流量 高可用：#7*24 海量数据用户分布广泛安全：#网站受攻击，密码泄 露需求快速变更，发布频繁,基础架构 语言,端口数量核心层、接入层带宽速率,VLAN划分,IP地址规划 防火墙,QoS,负载均衡CPU、内存、网卡、存储,应用系统团队,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,8,Application Tiers,Provider/Consumer Relationships,基础架构团队,VLANs,SubnetsProtocols,

4、Ports,应用系统 和 基础架构人员必须相互翻译自己的语言,如何跨越这个障碍？#,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,9,架构师,懂业务,熟系统,熟悉网络、服务器、防 火墙,在哪里？#,有其他的办法吗？#,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,10,Soni Jiandani,2012 Cisco and/or its affiliates.All rights reserve

5、d.,Cisco Confidential,11,Application Centric Infrastucture以应用为中心的基础架构,安全保护,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,12,负载均衡,与数据库相连,应用需求,应用（WEB）高带宽,中间件,数据库与中间件相 连低延迟,数据库,WEB,防火墙 负载均 衡,负载均 衡,ACI将应用的语言翻译成网络的语言,网络需求,VM 1,Server1,Server 2,Server 1,中间件VM 2LXC 1,全系列产品线一览,201

6、2 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,13,应用策略架构控制 器,开放标准，拥抱开源,NEXUS9000 系列交换机,业界领先的合作伙伴,APIC,2012 Cisco and/or its affiliates.All rights reserved.,Cisco Confidential,14,Servers,Servers,sticky-serverfarm sn_cookie,class FOO_APP_VIP_CLASS,2012 Cisco and/or its affiliate

7、s.All rights reserved.,Cisco Confidential,15,policy-lmoaapdbmaullatnic-emavticph iFnOsOeWrEvBi-cVeIPclass FOOWEB_VIP_CLASS,vLAN 666,DB,L3vLAN 111,FWvLAN 222,www,www,www,vLAN 444,App Servers,FW,SLB,app,app,FW,switch1（config）#switch1（config）#int eth 1/1switch1（config）#switch mode acc,switch1（config）#s

8、witch acc vlan 666,switch1（config）#no shut,switch2（config）#switch2（config）#int eth 1/2-3switch2（config）#switch mode acc switch2（config）#switch acc vlan 111sswwiitcthc2（hc3on（fcigo）n#fnio gs）hu#tswitch3（config）#int eth 1/4-5 switch3（config）#switch mode acc,switch3（config）#switch acc vlan 222,SSL SLBv

9、LAN 333,sswwiticth3c（hco4n（ficgo）#nfnoigsh）u#t switch4（config）#int eth 1/6 switch4（config）#switch mode acc switch4（config）#switch acc vlan 333 switch4（config）#no shut switch4（config）#int eth 1/7-9,switch4（config）#switch mode acc,switch4（config）#switch acc Wvleanb333,switch4（config）#no shut,vLAN 555,

10、vLAN 777,switch5（config）#switch5（config）#int eth 1/10-11switch5（config）#switch mode acc switch5（config）#switch acc vlan 444 switch5（config）#no shut switch5（config）#int eth 1/11-15 switch5（config）#switch mode acc switch5（config）#switch acc vlan 555 switch5（config）#no shutswitch5（config）#monitor sessi

11、on 1 source vlan,555,switch5（config）#monitor session 1 desteth 1/16,switch6（config）#switch6（config）#int eth 1/16-19switch6（config）#switch mode acc switch6（config）#switch acc vlan 777 switch6（config）#no shutswitch6（config）#monitor session 1 source vlan 777switch6（config）#monitor session 1 desteth 1/2

12、0,rserver websrvr2 80,crypto csr-params testparms,organization-unit you,cert fooyou.cer,router（config）#router（config）#int eth 1router（config）#ip add 6.6.6.1 255.255.255.0 router（config）#not shutrouter（config）#int eth 2router（config）#ip addr 1.1.1.1 255.255.255.0 router（config）#no shutrouter（config）#

13、router eigrp 100frowu1te（rc（coonnffiig）g#）n#etwork 6.6.6.0 mask 255.255.255.0frwo1u（tceorn（fciogn）f#igi）n#t neettwhor0k/1.1.1.0 mask 255.255.255.0frwo1u（tceorn（fciogn）f#ign）a#meiipf rouotuetsi0d.e0.0 0 0.0.0.0 6.6.6.254 fw1（config）#int eth 0/2fw1（config）#nameif webfront 20 fw1（config）#object network

14、 webfront_vip fw1（config）#host 6.6.6.6sfwl1b（c1onf（iCg）O#NFsItaGt）ic（webfront,outside）1.1.1.6pfrwo1b（ecohntftipg）h#ttapc-cpersosb-elist outside_webpermit tcp any host 6.6.6.6 eq 80fiwn1t（ecrovnaflig3）0#access-list outside_webpermit tcp any host 6.6.6.6 eq 443 fewx1p（eccotnfsitga）t#usac2c0e0ss2-0g0ro

15、up outside_webin interface outsiderserver host websrvr1 description foo web server ip address 3.3.3.1 inservicerserver host websrvr2description foo web serverfipw2ad（dcreosns f3i.3g.）3.#2fiwn2s（ecrovnifcieg）#int eth 0/1 rsefrwv2e（rcohnofsitg）w#ebnsarmveri3f webfront 20fdwe2s（ccroinpftigo）n#foiontwet

16、hse0r/v2er fiwp2（acdodnrfeisgs）#3.3n.a3m.e3if appfront 50 fiwn2s（ecrovnifcieg）#object network appfarm_vipserfvwe2r（fcaornmfihgo）s#t hFoOsOtWE5B.F5A.R5M.5,fpsrlo（bbe2onhft（tgpC-OprNnoFabteIG（a）ppfront,webfront）static 4.4.4.4,IDS/IPS frws2e（rcvoenrfiwheobsstrvarcpcpess8rs0v-rl1ist web_to_app permit tcp any host 4.4.4.4 eq 8081,idnescriipcteion foo app server,ip address 5.5.5.1,inservicerserver wheobsstrvarp3ps8r0vr2 inserdveiscceription foo app server,cryptiop gaednderreastse 5k.e5y.51.0224 fooyou.key,i