大数据架构图
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
ACI方案
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
互联网—电商 大数据
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
在哪里?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
有其他的办法吗?
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Cisco Confidential
4
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
业务需求
应用系统
基础架构
© 2012 Cisco and/or its affiliates. All rights reserved.
与数据库相连
数据库
与中间件相 连
低延迟
网络需求
防火墙 负载均 衡
WEB
VM 1, Server 1
中间件
负载均 衡
VM 2 LXC 1
数据库
Server 2, Server 1
ACI 将应用的语言翻译成网络的语言
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco ConfidLeabharlann Baiduntial 12
Cisco Confidential
14
router(config)# switch1(config)#
switch1(config)# switch1(config)# switch1(config)# switch1(config)# router(config)# int eth 1 router(config)# ip add 6.6.6.1 255.255.255.0 router(config)# not shut vLAN 666 router(config)# int eth 2 router(config)# ip addr 1.1.1.1 255.255.255.0 L3 router(config)# no shut switch2(config)# router(config)# router eigrp 100 vLAN 111 switch2(config)# int eth 1/2 - 3 router(config)# network 6.6.6.0 mask 255.255.255.0 fw1(config)# switch2(config)# switch mode acc router(config)# fw1(config)# int network eth 0/1 1.1.1.0 mask 255.255.255.0 switch2(config)# switch acc vlan 111 router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254 FW fw1(config)# nameif outside 0 switch2(config)# no shut switch3(config)# fw1(config)# int eth 0/2 vLAN 222 switch3(config)# int eth 1/4 - 5 fw1(config)# nameif webfront 20 switch3(config)# switch mode acc fw1(config)# object network webfront_vip switch3(config)# switch acc vlan 222 fw1(config)# host 6.6.6.6 SSL switch4(config)# switch3(config)# no shut fw1(config)# static (webfront,outside) 1.1.1.6 slb1 (CONFIG) SLB switch4(config)# int eth 1/6 fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80 probe http http-probe switch4(config)# switch mode acc fw1(config)# interval 30 access-list outside_web permit tcp any host 6.6.6.6 eq 443 vLAN 333 switch4(config)# switch acc vlan 333 fw1(config)# access-group outside_web in interface outside expect status 200 200 switch4(config)# no shut rserver host websrvr1 switch4(config)# int eth 1/7 - 9 description foo web server switch4(config)# switch mode acc ip address 3.3.3.1 switch4(config)# switch acc vlan 333 inservice switch4(config)# no shut rserver host websrvr2 www www www description foo web server ip address 3.3.3.2 fw2(config)# inservice fw2(config)# int eth 0/1 rserver host websrvr3 fw2(config)# nameif webfront 20 FW description fw2(config)# foo intweb ethserver 0/2 switch5(config)# ip address 3.3.3.3 fw2(config)# nameif appfront 50 switch5(config)# int eth 1/10 - 11 vLAN 444 inservice fw2(config)# object network appfarm_vip switch5(config)# switch mode acc serverfarm hosthost FOOWEBFARM fw2(config)# 5.5.5.5 switch5(config)# switch acc vlan 444 probe fw2(config)# nat (appfront,webfront) static 4.4.4.4 slb2 http-probe (CONFIG) switch5(config)# no shut SLB IDS/IPS rserver 80 fw2(config)# web_to_app permit tcp any host 4.4.4.4 eq 8081 switch5(config)# int eth 1/11 - 15 rserver websrvr1 host access-list appsrvr1 inservice switch5(config)# switch mode acc description foo app server rserver websrvr2 80 switch5(config)# switch acc vlan 555 ip address 5.5.5.1 inservice switch5(config)# no shut inservice vLAN 555 rserver 80 switch5(config)# monitor session 1 source vlan 555 rserver websrvr3 host appsrvr2 inservice switch5(config)# monitor session 1 dest eth 1/16 description foo app server crypto key 1024 fooyou.key ip generate address 5.5.5.2 crypto csr-params testparms inservice country rserver hostUS appsrvr3 state California description foo app server Jose app app iplocality address San 5.5.5.3 organization-name foo inservice organization-unit you serverfarm host FOOAPPFARM common-name www.fooyou.com probe http-probe switch6(config)# fw3(config)# serial-number crisco123 rserver appsrvr1 8081 switch6(config)# int eth 1/16 - 19 fw3(config)# int eth 0/1 crypto inservice generate csr testparms fooyou.key switch6(config)# switch mode acc fw3(config)# nameif appfront 70anonymous fooyou.cer crypto import ftp 12.13.14.15 FW IDS/IPS rserver int appsrvr2 8081 switch6(config)# switch acc vlan 777 fw3(config)# eth 0/2 parameter-map type ssl SSL_PARAMETERS inservice switch6(config)# no shut fw3(config)# dbfront 90 cipher nameif RSA_WITH_RC4_128_MD5 rserver appsrvr3 8081 switch6(config)# monitor session 1 source vlan fw3(config)# object version TLS1 network db_cluster vLAN 777 inservice 777 fw3(config)# host 7.7.7.7 ssl-proxy service FOOWEB_SSL class-map type(dbfront,appfront) http loadbalance match-any FOO_APP switch6(config)# monitor session 1 dest eth 1/20 fw3(config)# nat static 5.5.5.50 key 2 fooyou.key match http virtual-address 4.4.4.44 tcp host eq 8081 fw3(config)# access-list web_to_app permit tcp any 5.5.5.50 eq 1433 cert fooyou.cer class-map match-all FOO_APP_VIP_CLASS class-map match-all FOOSSL_VIP_CLASS policy-map type loadbalance first-match FOO_APP-MATCH 2 match 2.2.2.22 tcp eq https class virtual-address FOO_APP policy-map type loadbalance first-match L7-SSL-MATCH sticky-serverfarm sn_cookie class L7_WEB policy-map multi-match FOO_APP-VIP db db sticky-serverfarm sn_cookie class FOO_APP_VIP_CLASS Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. policy-map multi-match FOOWEB-VIP loadbalance vip inservice class FOOWEB_VIP_CLASS int eth 1/1 switch mode acc switch acc vlan 666 no shut
2
文件服务器 文件
应用服务器
应用程序
数据库服务器
数据库
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
© 2012 Cisco and/or its affiliates. All rights reserved.
时间 1993 2002 2009 2013
价格 USD 94M 750M 678M 1Billion
最终变成的产品线 Cat5500/6500 MDS9000/Nexus7 000 N5K2K/UCS ACI
Cisco Confidential 11
应用需求
应用 (WEB)
高带宽
安全保护
中间件
负载均衡
全系列产品线一览
NEXUS 9000 系列交换机 应用策略架构控制 器 业界领先的合作伙伴
APIC
开放标准,拥抱开源
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
应用系统 语言
基础架构 语言
• • • • • •
高并发,大流量 高可用: 7*24 海量数据 用户分布广泛 安全: 网站受攻击,密码泄 露 需求快速变更,发布频繁
• • • • • • • •
端口数量 核心层、接入层带宽速率 VLAN划分 IP地址规划 防火墙 QoS 负载均衡 CPU、内存、网卡、存储
10
Application Centric Infrastucture 以应用为中心的基础架构
他们创建继而 被收购的公司 Crescendo Andiamo Soni Jiandani Nuova Insieme
© 2012 Cisco and/or its affiliates. All rights reserved.
人工翻译 由于相互之间的不熟悉,如何确保需求翻译的正确性?
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
应用系统团队
VLANs Subnets Protocols
Provider / Consumer Relationships
基础架构团队
Application Tiers
Ports
应用系统 和 基础架构人员必须相互翻译自己的语言
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
如何跨越这个障碍?
架构师
懂业务 熟系统 熟悉网络、 服务器、防 火墙……
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
互联网—电商 大数据
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
在哪里?
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
有其他的办法吗?
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Cisco Confidential
4
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
业务需求
应用系统
基础架构
© 2012 Cisco and/or its affiliates. All rights reserved.
与数据库相连
数据库
与中间件相 连
低延迟
网络需求
防火墙 负载均 衡
WEB
VM 1, Server 1
中间件
负载均 衡
VM 2 LXC 1
数据库
Server 2, Server 1
ACI 将应用的语言翻译成网络的语言
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco ConfidLeabharlann Baiduntial 12
Cisco Confidential
14
router(config)# switch1(config)#
switch1(config)# switch1(config)# switch1(config)# switch1(config)# router(config)# int eth 1 router(config)# ip add 6.6.6.1 255.255.255.0 router(config)# not shut vLAN 666 router(config)# int eth 2 router(config)# ip addr 1.1.1.1 255.255.255.0 L3 router(config)# no shut switch2(config)# router(config)# router eigrp 100 vLAN 111 switch2(config)# int eth 1/2 - 3 router(config)# network 6.6.6.0 mask 255.255.255.0 fw1(config)# switch2(config)# switch mode acc router(config)# fw1(config)# int network eth 0/1 1.1.1.0 mask 255.255.255.0 switch2(config)# switch acc vlan 111 router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254 FW fw1(config)# nameif outside 0 switch2(config)# no shut switch3(config)# fw1(config)# int eth 0/2 vLAN 222 switch3(config)# int eth 1/4 - 5 fw1(config)# nameif webfront 20 switch3(config)# switch mode acc fw1(config)# object network webfront_vip switch3(config)# switch acc vlan 222 fw1(config)# host 6.6.6.6 SSL switch4(config)# switch3(config)# no shut fw1(config)# static (webfront,outside) 1.1.1.6 slb1 (CONFIG) SLB switch4(config)# int eth 1/6 fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80 probe http http-probe switch4(config)# switch mode acc fw1(config)# interval 30 access-list outside_web permit tcp any host 6.6.6.6 eq 443 vLAN 333 switch4(config)# switch acc vlan 333 fw1(config)# access-group outside_web in interface outside expect status 200 200 switch4(config)# no shut rserver host websrvr1 switch4(config)# int eth 1/7 - 9 description foo web server switch4(config)# switch mode acc ip address 3.3.3.1 switch4(config)# switch acc vlan 333 inservice switch4(config)# no shut rserver host websrvr2 www www www description foo web server ip address 3.3.3.2 fw2(config)# inservice fw2(config)# int eth 0/1 rserver host websrvr3 fw2(config)# nameif webfront 20 FW description fw2(config)# foo intweb ethserver 0/2 switch5(config)# ip address 3.3.3.3 fw2(config)# nameif appfront 50 switch5(config)# int eth 1/10 - 11 vLAN 444 inservice fw2(config)# object network appfarm_vip switch5(config)# switch mode acc serverfarm hosthost FOOWEBFARM fw2(config)# 5.5.5.5 switch5(config)# switch acc vlan 444 probe fw2(config)# nat (appfront,webfront) static 4.4.4.4 slb2 http-probe (CONFIG) switch5(config)# no shut SLB IDS/IPS rserver 80 fw2(config)# web_to_app permit tcp any host 4.4.4.4 eq 8081 switch5(config)# int eth 1/11 - 15 rserver websrvr1 host access-list appsrvr1 inservice switch5(config)# switch mode acc description foo app server rserver websrvr2 80 switch5(config)# switch acc vlan 555 ip address 5.5.5.1 inservice switch5(config)# no shut inservice vLAN 555 rserver 80 switch5(config)# monitor session 1 source vlan 555 rserver websrvr3 host appsrvr2 inservice switch5(config)# monitor session 1 dest eth 1/16 description foo app server crypto key 1024 fooyou.key ip generate address 5.5.5.2 crypto csr-params testparms inservice country rserver hostUS appsrvr3 state California description foo app server Jose app app iplocality address San 5.5.5.3 organization-name foo inservice organization-unit you serverfarm host FOOAPPFARM common-name www.fooyou.com probe http-probe switch6(config)# fw3(config)# serial-number crisco123 rserver appsrvr1 8081 switch6(config)# int eth 1/16 - 19 fw3(config)# int eth 0/1 crypto inservice generate csr testparms fooyou.key switch6(config)# switch mode acc fw3(config)# nameif appfront 70anonymous fooyou.cer crypto import ftp 12.13.14.15 FW IDS/IPS rserver int appsrvr2 8081 switch6(config)# switch acc vlan 777 fw3(config)# eth 0/2 parameter-map type ssl SSL_PARAMETERS inservice switch6(config)# no shut fw3(config)# dbfront 90 cipher nameif RSA_WITH_RC4_128_MD5 rserver appsrvr3 8081 switch6(config)# monitor session 1 source vlan fw3(config)# object version TLS1 network db_cluster vLAN 777 inservice 777 fw3(config)# host 7.7.7.7 ssl-proxy service FOOWEB_SSL class-map type(dbfront,appfront) http loadbalance match-any FOO_APP switch6(config)# monitor session 1 dest eth 1/20 fw3(config)# nat static 5.5.5.50 key 2 fooyou.key match http virtual-address 4.4.4.44 tcp host eq 8081 fw3(config)# access-list web_to_app permit tcp any 5.5.5.50 eq 1433 cert fooyou.cer class-map match-all FOO_APP_VIP_CLASS class-map match-all FOOSSL_VIP_CLASS policy-map type loadbalance first-match FOO_APP-MATCH 2 match 2.2.2.22 tcp eq https class virtual-address FOO_APP policy-map type loadbalance first-match L7-SSL-MATCH sticky-serverfarm sn_cookie class L7_WEB policy-map multi-match FOO_APP-VIP db db sticky-serverfarm sn_cookie class FOO_APP_VIP_CLASS Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. policy-map multi-match FOOWEB-VIP loadbalance vip inservice class FOOWEB_VIP_CLASS int eth 1/1 switch mode acc switch acc vlan 666 no shut
2
文件服务器 文件
应用服务器
应用程序
数据库服务器
数据库
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
3
© 2012 Cisco and/or its affiliates. All rights reserved.
时间 1993 2002 2009 2013
价格 USD 94M 750M 678M 1Billion
最终变成的产品线 Cat5500/6500 MDS9000/Nexus7 000 N5K2K/UCS ACI
Cisco Confidential 11
应用需求
应用 (WEB)
高带宽
安全保护
中间件
负载均衡
全系列产品线一览
NEXUS 9000 系列交换机 应用策略架构控制 器 业界领先的合作伙伴
APIC
开放标准,拥抱开源
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
应用系统 语言
基础架构 语言
• • • • • •
高并发,大流量 高可用: 7*24 海量数据 用户分布广泛 安全: 网站受攻击,密码泄 露 需求快速变更,发布频繁
• • • • • • • •
端口数量 核心层、接入层带宽速率 VLAN划分 IP地址规划 防火墙 QoS 负载均衡 CPU、内存、网卡、存储
10
Application Centric Infrastucture 以应用为中心的基础架构
他们创建继而 被收购的公司 Crescendo Andiamo Soni Jiandani Nuova Insieme
© 2012 Cisco and/or its affiliates. All rights reserved.
人工翻译 由于相互之间的不熟悉,如何确保需求翻译的正确性?
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
应用系统团队
VLANs Subnets Protocols
Provider / Consumer Relationships
基础架构团队
Application Tiers
Ports
应用系统 和 基础架构人员必须相互翻译自己的语言
© 2012 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
如何跨越这个障碍?
架构师
懂业务 熟系统 熟悉网络、 服务器、防 火墙……