行业研究公司研究宏观策略财报招股书会议纪要中央经济工作会议低空经济 DeepSeek AIGC 大模型

Context技术白皮书

信息技术2024-12-19-新华三杨***

AI智能总结

Context技术实现与应用总结

1. 产生背景与技术优点

Context是一种虚拟化技术，允许单个物理网络设备承载多个独立逻辑分区，每个分区拥有专属配置、资源和策略，如同独立设备。其产生背景主要应用于数据中心、云服务提供商和企业网，以实现资源优化、可扩展性、租户隔离、增强管理和节约成本。技术优点包括：

资源优化：物理设备资源（接口、CPU、内存、磁盘）可灵活分配和回收，最大化利用率。
可扩展性：无需大规模改造即可轻松扩展网络，适应业务变化。
租户隔离：每个Context独立运行，互不影响，确保安全性和独立性。
增强管理：统一配置界面，简化维护，节省机房空间。
节约成本：最小化硬件要求和优化资源分配，降低运营支出。

2. Context技术实现

2.1 Context的创建

缺省Context：设备自带的默认Context（名称Admin，编号1），拥有所有权限，不可删除。
非缺省Context：由缺省Context管理员创建，状态为inactive，需启动后才能使用。

2.2 Context资源分配

进驻安全引擎：用户Context需部署到安全引擎组（由管理员创建），获得安全业务板使用权。安全引擎组支持多Context共享，主从引擎自动切换。
软硬件资源分配：
- 接口：支持独占或共享方式分配，逻辑接口仅支持共享。
- VLAN：可选择共享或独立创建和管理。
- VXLAN：每个Context可分配专属VXLAN。
- CPU资源：共享但可调整权重，高权重Context优先使用。
- 内存空间：可限制上限，防止资源占用过载。
- 磁盘空间：可限制上限，用于存储配置和日志。

2.3 限制Context使用的资源

为防止资源滥用，需限制：

出方向吞吐量：设置限制值，超限报文可丢弃并生成日志。
安全策略规则数：设置上限，超限后无法新增规则。
会话并发数：限制上限，超限后无法新建会话。
会话新建速率：限制上限，超限后发送告警。
SSL VPN登录用户数：受License限制，可单独配置上限。

2.4 Context的启动

Context-OS：分布式设备中，每个单板运行Context虚拟化环境。
数据同步：仅在本Context内单板间同步。
进程隔离：数据平面、控制平面、管理平面完全虚拟化，业务互不影响。

2.5 Context访问和管理

登录通道：通过内联接口（Console方式）或物理接口登录。
配置方式：支持命令行、Web、SNMP、Netconf等。
配置文件：每个Context独立保存和恢复配置。
日志输出：独立生成Syslog，可输出到日志服务器。
用户管理：基于角色权限管理（物理设备级和Context级）。

2.6 Context入方向报文限速

限制广播/组播报文速率，通过整机和单个Context限速共同实现，仅限制使用共享接口的Active状态Context。

2.7 停止Context

将Context状态从active转为inactive，删除Context-OS环境，但资源不释放，可重新启动。

2.8 删除Context

删除操作可对active或inactive状态执行，释放Context占用的资源。

3. RBM+Context综合应用

RBM技术：实现设备级高可靠性，N:1虚拟化。
Context技术：1:N虚拟化，将RBM设备进一步虚拟化。
优势：最大化资源整合，提高可用性，增强扩展性和灵活性。
RBM通道：缺省Context通道用于系统交互和跨设备流量，用户Context通道仅转发本Context流量。
典型应用：云计算中心出口网关，实现高可靠性和企业间隔离。

4. 典型组网应用

大中型企业网隔离：一台设备虚拟成多台网关，隔离部门业务。
云计算数据中心网关：虚拟成多台网关，隔离企业网络流量。
跨VPC互通：通过VPN实例和静态路由实现VPC间流量隔离和互通。
RBM+Context综合应用：RBM主备组网结合Context虚拟化，实现高可靠性和企业隔离。

目录 1.1产生背景··············································································································································· 11.2技术优点··············································································································································· 1 2Context技术实现·····································································································································22.1 Context的创建····································································································································· 22.2 Context资源分配·································································································································· 22.2.1将Context进驻安全引擎··········································································································· 22.2.2为Context分配软硬件资源········································································································ 32.3限制Context使用的资源······················································································································ 42.4 Context的启动····································································································································· 62.4.1 Context-OS································································································································ 62.4.2 Context的数据同步··················································································································· 72.4.3 Context的进程隔离··················································································································· 72.5 Context访问和管理······························································································································ 72.5.1登录通道···································································································································· 72.5.2配置方式···································································································································· 82.5.3配置文件···································································································································· 82.5.4日志输出···································································································································· 82.5.5用户管理···································································································································· 82.6 Context入方向报文限速······················································································································· 92.7停止Context········································································································································· 92.8删除Context········································································································································· 9 4.1大中型企业网隔离典型组网应用········································································································· 104.2云计算数据中心网关典型组网应用····································································································· 114.3跨VPC互通典型组网应用·················································································································· 124.4 RBM+Context综合组网应用·············································································································· 13 1概述 1.1产生背景 Context是一种虚拟化技术，可以使单个物理网络设备承载多个独立的逻辑分区，每个分区作为独立网络设备运行，拥有专属的配置、资源和策略。对于用户来说，每个Context就是一台独立的设备，方便管理和维护；对于管理者来说，可以将一台物理设备虚拟成多台逻辑设备供不同的分支机构使用，提高组网灵活性。 Context技术的常见应用场景包括： •数据中心：数据中心可以在单个网络设备上独立管理不同企业、部门的业务，确保对共享网络资源的灵活控制。•云服务提供商：云服务提供商可以在同一物理设备上为多个客户提供量身定制的安全服务，同时确保租户隔离。•企业网：企业可以在不增加资金投入的前提下，为新增的业务需求分配独立的网络环境，确保新增业务快速上线。本文档主要探讨Context技术的实现原理和典型应用。 1.2技术优点 Context具有以下优点： •资源优化：同一物理设备上创建的所有Context共用物理设备的物理接口、CPU、内存、磁盘资源，管理员可以根据需要为Context分配资源，或者将一个Context的资源收回分配给其它Context，使这些资源能得到最大利用。 •可扩展性：随着组织的发展，Context能够在无需对物理设施进行大规模改造的情况下，轻松实现网络的扩展。这种灵活性使组织能够快速适应不断变化的业务需求，同时节省时间和成本，提高整体的运营效率。•租户隔离：每个Context拥有自己专属的软硬件资源，独立运行、独立转发、独立提供业务。创建、启动、重启、删除一个Context，不会影响其它Context的运行。•增强管理：多台Context集成在一台物理设备上，配置界面统一，可由一人维护，也可为每个Context分派管理员，免去维护多台物理设备的烦恼，还可以节省机房空间。•节约成本：通过最小化硬件要求和优化资源分配，Context显著降低了硬件设备和运营支出。 2Context技术实现 2.1 Context的创建创建Context相当于构造了一台新的设备。设备支持Context功能后，整台物理设备就是一个Context，称为缺省Context。当用户登录物理设备时，实际登录的就是缺省Context。用户在物理设备上的配置实质就是对缺省Context的配置。缺省Context的名称为Admin，编号为1。缺省Context不需要创建，不能删除。缺省Context拥有对整台物理设备的所有权限，它可以使用和管理设备所有的硬件资源。缺省Context下可以创建/删除非缺省Context。与缺省Context相对应的是非缺省Context，也称为用户Context。用户Context由缺省Context管理员创建，用户Context下不可再创建/删除用户Context。用户Context只能使用缺省Context分配给自己的资源，并在指定的资源限制内处理业务。创建完成的用户Context状态为inactive，此状态下的Context并没有启动。Context的创建相当于组建了一台具有硬件基础的虚拟设备。如无特殊说明，下文中的Context均指用户Context。 2.2 Context资源分配 2.2.1将Context进驻安全引擎本功能仅适用于配备安全业务板的设备。安全引擎是设备中专门用于处理安全业务的硬件单元，每一个安全引擎对应安全业务板上的一个CPU。如果一个安全业务板有多个CPU，则此安全业务板存在多个安全引擎。

点击免费查看完整报告