{"id":3912,"date":"2021-05-11T16:49:36","date_gmt":"2021-05-11T13:49:36","guid":{"rendered":"https:\/\/blog.3kgroup.ee:443\/?p=3912"},"modified":"2021-05-24T13:11:44","modified_gmt":"2021-05-24T10:11:44","slug":"sz-vdp-virtual-dataplane-naide","status":"publish","type":"post","link":"https:\/\/blog.3kgroup.ee:443\/?p=3912","title":{"rendered":"SZ vDP virtual dataplane n\u00e4ide"},"content":{"rendered":"\n

Virtual dataplane v\u00f5imaldab luua L2 tunneleid iga AP SSID k\u00fcljest dataplane konsentraatorisse (dataplane virtuaalmasin v\u00f5i f\u00fc\u00fcsiline appliance). Dataplane toode on litsenseeritud virtuaalmasina p\u00f5hiselt ja ei s\u00f5ltu AP-de arvust, milledes tunneleid kasutatakse.<\/p>\n\n\n\n

AP-d ja virtuaalmasinad v\u00f5ivad m\u00f5lemad paikneva NAT tulem\u00fc\u00fcride taga, selleks saab kasutada UDP kapseldust, et tagada tunneli NAT-ist l\u00e4biminek.<\/p>\n\n\n\n

Lisaks NAT toele t\u00f6\u00f6tavad j\u00e4rgmised SZ funktsionaalsused Captive portal, 802.1x, HS2.0, VLANs, DHCP Relay, Proxy ARP. Oluline on m\u00e4rkida DHCP Relay omadust, sest see omadus tehakse AP p\u00f5hiselt ja seejuures ei pea koos ARP prpxyga tegelikult broadcast pakette \u00fcle tunneli saatma ja need v\u00f5ib ka \u00e4ra keelata. Suurtes v\u00f5rkudes on alati selline l\u00e4henemine t\u00f6\u00f6kindluse parandaja.<\/p>\n\n\n\n

Dataplane v\u00e4hendab oluliselt keerukust ja t\u00f5stab turvalisust. Antud n\u00e4ite puhul luuakse ilma vlan dot1q arhitektuurita v\u00f5rku (operaatori ruuter) tunneldatud avalik v\u00f5rk, mille tulem\u00fc\u00fcr v\u00f5ib paikneda peakontoris koos dataplane masinaga v\u00f5i ka teenusepakkuja juures. Miks on selline lahendus parem:<\/p>\n\n\n\n

  1. Kohalik liiklus on t\u00e4ielikult k\u00fclaliste liiklusest eristatud.<\/li>
  2. Kohapealses v\u00f5rgus ei pea tegema lisaseadistusi<\/li>
  3. S\u00e4ilib ka r\u00e4ndlus avaliku v\u00f5rgu kasutajatele<\/li>
  4. AP-d v\u00f5ivad paikneda mitme eri interneti\u00fchenduse taga<\/li>
  5. Avalik liiklus l\u00e4bi keskuses suurt tulem\u00fc\u00fcri, kus pole piiranguid sessioonidele ja ip aadresside arvule, mida v\u00e4ikekontori ruuterid tihti sooritada ei suuda.<\/li>
  6. Lahendus skaleerub, AP-d v\u00f5ivad olla k\u00fcmnetes harukontorites v\u00f5i n\u00e4iteks asula territooriumil.<\/li>
  7. Vajadusel v\u00f5ib kasutada ka etherneti porti mille saab \u00fchendada tunneliga, enamasti kasutatakse privaatv\u00f5rgu tunneldamise puhul.<\/li>
  8. Vajadusel saab tunneli liiklus kr\u00fcteerida kuni 256 bitise v\u00f5tmega.<\/li>
  9. Lahendus toimib 10Gb\/s kiirustel (f\u00fc\u00fcsiline dataplane sade v\u00f5i 10 Gb\/s kaardid VMWARE v\u00f5i KVM masinas)<\/li>
  10. V\u00f5imalik teha igale kasutajale p\u00e4\u00e4s oma (osakonna) VLAN-i sama SSID puhul ja p\u00e4\u00e4seda n\u00e4iteks 40 eri VLANi haldamisest switchides kui organisatsioon on suur.<\/li>
  11. AP-s saab kasutada DHCP relay zone p\u00f5hist teenust, v\u00e4hendades sellega broadcast pakettide hulka v\u00f5rgus ja t\u00f5sta oluliselt t\u00f6\u00f6kindlust (siis saab \u00fclej\u00e4\u00e4nud broadcast paketid ka \u00e4ra keelata kogu SSID l\u00f5ikes).<\/li><\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    Litsentsid: <\/em>#L09-vSZD-WW00<\/strong> agregeeritud kiirus kuni 1 Gbps.#L09-vSZD-BW10<\/strong> agregeeritud kiirus kuni 10 Gbps ja erinevad upgrade litsentsid samuti.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Virtual dataplane v\u00f5imaldab luua L2 tunneleid iga AP SSID k\u00fcljest dataplane konsentraatorisse (dataplane virtuaalmasin v\u00f5i f\u00fc\u00fcsiline appliance). Dataplane toode on litsenseeritud virtuaalmasina p\u00f5hiselt ja ei s\u00f5ltu AP-de arvust, milledes tunneleid […]<\/p>\n","protected":false},"author":1,"featured_media":3914,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[29],"tags":[822,26],"class_list":["post-3912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-3k-support-teenused","tag-dataplane","tag-smartzone"],"acf":[],"_links":{"self":[{"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/posts\/3912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3912"}],"version-history":[{"count":14,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/posts\/3912\/revisions"}],"predecessor-version":[{"id":3933,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/posts\/3912\/revisions\/3933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=\/wp\/v2\/media\/3914"}],"wp:attachment":[{"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.3kgroup.ee:443\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}