Umthengisi wePakethi yeNethiwekhi yeMylinking™ kunye neSwitch ye-Inline Bypass ML-NPB-M2000
Imodyuli yokudlula: 8*10G SFP+ kunye ne-4*100GE, Imodyuli yokujonga: 16*10GE SFP+ kunye ne-4*100GE, Ubuninzi be-2.4Tbps
1-Izimvo ngokubanzi
Ngophuhliso olukhawulezayo lwe-Intanethi, isoyikiso sokhuseleko lolwazi lwenethiwekhi siya sisanda, ngoko ke ukusetyenziswa kwezicelo ezahlukeneyo zokhuseleko lolwazi ngokubanzi. Nokuba zizixhobo zokulawula ukufikelela (i-firewall) zemveli okanye uhlobo olutsha lweendlela zokukhusela eziphucukileyo ezifana nenkqubo yokuthintela ukungena (i-IPS), iqonga lolawulo lwezoyikiso ezidibeneyo (i-UTM), inkqubo yokuhlasela inkonzo echasene nokungavumi (i-Anti-DDoS), i-Anti-spam Gateway, i-Unified DPI Traffic Identification and Control System, kunye nezixhobo ezininzi zokhuseleko zisasazwa ngokulandelelana kwiindawo zezitshixo zenethiwekhi, ukuphunyezwa komgaqo-nkqubo wokhuseleko lwedatha ohambelanayo ukuchonga nokujongana nethrafikhi esemthethweni / engekho mthethweni. Nangona kunjalo, kwangaxeshanye, inethiwekhi yekhompyutha iya kuvelisa ukulibaziseka okukhulu kwenethiwekhi okanye ukuphazamiseka kwenethiwekhi kwimeko yokusilela, ukulungiswa, ukuphuculwa, ukutshintshwa kwezixhobo njalo njalo kwindawo yesicelo senethiwekhi yemveliso ethembekileyo kakhulu, abasebenzisi abanakuyinyamezela loo nto.
I-ML-NPB-M2000 Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch ziphandwe kwaye zaphuhliswa ukuze zisetyenziswe ekusetyenzisweni kwezixhobo ezahlukeneyo zokhuseleko oluhambelanayo ngelixa zibonelela ngokuthembeka okuphezulu kwenethiwekhi.
Ngokusebenzisa iMylinking™ Network Packet Broker kunye neInline Bypass Switch:
●Abasebenzisi bangafaka/bakhuphe izixhobo zokhuseleko ngokuguquguquka ngaphandle kokuphazamisa okanye ukuphazamisa inethiwekhi ekhoyo;
● Inomsebenzi wokuchonga impilo okrelekrele ukujonga imeko yokusebenza eqhelekileyo yezixhobo zokhuseleko eziqhagamshelweyo ngexesha langempela. Nje ukuba isixhobo sokhuseleko esiqhagamshelweyo singasebenzi kakuhle, umkhuseli uya kuzithintela ngokuzenzekelayo ukuze agcine unxibelelwano oluqhelekileyo lwenethiwekhi.
●Iteknoloji yokukhusela ithrafikhi ekhethiweyo ingasetyenziselwa ukusasaza izixhobo zokhuseleko ezithile zokucoca ithrafikhi, izixhobo zokuhlola ezisekelwe ekubetheleni, njl. Isebenzisa ngokufanelekileyo ukhuseleko lokufikelela kwi-intanethi kwiintlobo ezithile zethrafikhi, ikhuphe umthwalo wokucubungula ithrafikhi wezixhobo ezikwi-intanethi.
● Itekhnoloji yokukhusela ithrafikhi yokulinganisela umthwalo ingasetyenziselwa ukufaka izixhobo ezikhuselekileyo ezikwi-intanethi kwiiqela ukuhlangabezana neemfuno zokhuseleko olukwi-intanethi phantsi kweemeko zoxinzelelo oluphezulu lwe-bandwidth.
●Inamandla e-SSL proxy, ihlangabezana neemfuno zokubeka esweni nohlalutyo lwezixhobo zokukhusela umxholo wedatha engenanto.
● Inezakhono ezisisiseko zokucubungula ithrafikhi ezifana nokuphindaphinda ithrafikhi, ukuhlanganisa, ukucoca, kunye nokubhala iilebheli, kunye nezakhono eziphambili zokucubungula ithrafikhi ezifana nokunciphisa, ukufihla, ukuchongwa kweprotocol yeleya yesicelo, kunye nokubunjwa kwethrafikhi.
2-I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch Advanced Features kunye neTekhnoloji
Imo yoKhuselo yeMylinking™ “SpecFlow” kunye neTekhnoloji yeMo yoKhuselo ye-“FullLink”
Iteknoloji yoKhuseleko lokuTshintsha iMylinking™ ekhawulezayo
Iteknoloji ye-Mylinking™ “LinkSafeSwitch”
I-Mylinking™ “Inkonzo yeWebhu” Ubuchwephesha bokuThumela/ukukhupha uMgaqo-nkqubo oDynamic
Iteknoloji yokuHlola iPakethi yeNtliziyo yeMylinking™ ekrelekrele
Ukudibanisa kwam™ Iipakethi zeHeartbeat ezicacileyo zeTekhnoloji
Ukudibanisa kwam™ Itekhnoloji yokulinganisela umthwalo eneekhonkco ezininzi
Ukudibanisa kwam™ Itekhnoloji yoSasazo lweeNdlela eziBukrelekrele
Ukudibanisa kwam™ Itekhnoloji yokulinganisela umthwalo oguquguqukayo
Ukudibanisa kwam™ Iteknoloji yoLawulo olukude (HTTP/WEB, TELNET/SSH, “EasyConfig/AdvanceConfig” Characteristic)
3-I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch Configuration Guide
Njengoko kubonisiwe kumzobo ongentla, yonke iyunithi ineendawo ezine zemodyuli:
I-SLOT1, SLOT2, SLOT3, kunye ne-SLOT4 module slots zonke zinokuthwala iimodyuli ze-BYPASS protection port okanye iimodyuli ze-MONITOR port ezinamanani ahlukeneyo kunye neenombolo ze-port. Ngokutshintsha iimodeli ezahlukeneyo zeemodyuli, kunokwenzeka ukuxhasa ukhuseleko lwe-BYPASS kwiikhonkco ezininzi ze-10G/40G/100G, kunye nokusasazwa kwezixhobo zokubeka esweni i-Inline Bypass kwiikhonkco ezininzi ze-10G/40G/100G.
Qaphela: Zombini imodyuli ye-BYPASS kunye nemodyuli ye-MONITOR zixhasa ukutshintshiselana okushushu.
3.1-Uluhlu lweeNkcukacha zeModyuli
| Imodeli yeMveliso | Isebenza kakuhlePii-aramameter |
| Ci-hassis | |
| I-ML-NPB-M2000-CHS/AC | I-rackmount esemgangathweni ye-2U eyi-19-intshi; ukusetyenziswa kwamandla okuphezulu yi-300W; iyunithi ephambili yokukhusela i-BYPASS yemodyuli; iindawo ezine zemodyuli; ujongano lwe-1*RS232 Console, ujongano lwe-1*10/100/1000M RJ45 olunolawulo lwenethiwekhi yangaphandle; umbane ombini i-AC-220V; |
| I-NT-BYPASS-M2000-CHS/DC | I-rackmount esemgangathweni ye-2U eyi-19-intshi; ukusetyenziswa kwamandla okuphezulu yi-300W; iyunithi ephambili yokukhusela i-BYPASS yemodyuli; iindawo ezine zemodyuli; ujongano lwe-1*RS232 Console, ujongano lwe-1*10/100/1000M RJ45 olunolawulo lwenethiwekhi yangaphandle; umbane ombini we-DC-48V; |
| DLULAMi-odule | |
| INL-I8XM8X(LM/SM) | Ixhasa ukhuseleko loqhagamshelo lwe-10GE (ehambelana ne-1G) oluneendlela ezi-4, kunye ne-interfaces eziyi-8*10GE iyonke; ixhasa izibuko zokujonga ze-8*10G SFP+ (ngaphandle kweemodyuli ze-optical). |
| INL-I4HM2H (LM/SM) | Ixhasa ukhuseleko lwe-2-way 100GE (ehambelana ne-40GE) yokudibanisa ikhonkco, kunye ne-4 * 100GE interfaces iyonke; ixhasa izibuko zokujonga ze-2 * 100GE QSFP28 (ngaphandle kweemodyuli ze-optical). |
| Imodyuli yokubeka iliso | |
| MON-M16X | Iiports zokubeka esweni ze-16*10GE SFP+ (ngaphandle kweemodyuli ze-optical); |
| MON-M16X-CN98 | Iiports zokubeka esweni ze-16*10GE SFP+ (imodyuli ye-optical ayifakwanga); zixhotyiswe nge-injini yokusebenza ephucukileyo, exhasa imisebenzi yokucubungula ithrafikhi ephucukileyo efana nokucima i-SSL, i-SSL proxy, kunye nokunciphisa ithrafikhi; |
| UMVULO-UM4H | Iiports zokubeka esweni ze-4 * 100GE QSFP28 (iimodyuli ze-optical azifakwanga); |
| UMvulo-M4H-CN98 | Iiports zokubeka esweni ze-4*100GE QSFP28 (iimodyuli ze-optical azifakwanga); zixhotyiswe nge-injini yokusebenza ephucukileyo, exhasa imisebenzi yokucubungula ithrafikhi ephucukileyo efana nokucima i-SSL, i-SSL proxy, kunye nokunciphisa ithrafikhi; |
3.2-Imithetho yoKhetho lweeModyuli
Ngokusekelwe kwiikhonkco ezahlukeneyo ezikhuselweyo kunye neemfuno zokubeka esweni ukusasazwa kwezixhobo, ungakhetha ngokuguquguquka uqwalaselo lweemodyuli ezahlukeneyo ukuhlangabezana neemfuno zakho zokwenyani zokusingqongileyo; nceda ulandele le mithetho xa ukhetha:
1) I-chassis assembly yinxalenye eyimfuneko kwaye kufuneka ikhethwe ngaphambi kokukhetha naziphi na ezinye iimodyuli. Nceda ukhethe nendlela efanelekileyo yokubonelela ngombane (AC/DC) ngokweemfuno zakho.
2) Iyunithi ixhasa ubuninzi beendawo zemodyuli ezi-4; awunakukhetha iimodyuli ezingaphezulu kunenani leendawo zemodyuli zoqwalaselo. Ngokusekelwe kudibaniso oluguquguqukayo lweemodeli ezahlukeneyo zemodyuli, iyunithi inokuxhasa ukhuseleko lwe-serial ukuya kuthi ga kwi-16 10GE/GE links okanye i-8 100GE/40GE links.
4-Amandla okucubungula iiTrafikhi ezikrelekrele
4.1-Ukusasazwa okungaphakathi
Ukhuseleko oluthile olukwi-Traffic Inline
IxhasaNomgca(ngokulandelelana)indlela yokukhusela iintlobo ezithile zethrafikhi kuyo nayiphi nanomgcaikhonkco.Tothumela ezinye iintlobo zetrafikhi ezichazwe ngumsebenzisi kwinomgcaikhonkco eliya kwiNomgca Sukhuselekoisixhoboukuze kucutshungulwe, kwaye ezinye iitrafikhi zithunyelwa ngqo ngaphandle kokuntywilaNomgca Sukhuselekoisixhobo. Ngaxeshanye,ityenza ukujonga imeko yokusebenza ngexesha langempelaNomgca SukhuselekoisixhoboNje ukuba imeko yokucutshungulwa kweendlela ezingaqhelekanga ifumaneke,itiya kudlula ngokuzenzekelayo kwindlela yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwenkonzo yenethiwekhi.
Ukhuseleko Lonke Lwezithuthi Ezikwi-Intanethi
IxhasaNomgca(ngokulandelelana)indlela yokukhusela zonke iintlobo zethrafikhi kuyo nayiphi nanomgcaikhonkco.Toukuhambisa zonke iitrafikhi kwinomgcaikhonkco eliya kwiNomgca Sukhuselekoisixhoboyokucubungula, kunye nokujonga imeko yokusebenza kwe-Inline Securityisixhobongexesha langempela. Nje ukuba imeko yokucubungula ithrafikhi engaqhelekanga ifumaneke,itiya kudlula ngokuzenzekelayo kwindlela yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwenkonzo yenethiwekhi.
Ibhalansi yoMthwalo
Inamandla okulinganisela umthwalo wethrafikhi ngokukrelekrele. Xa ukusebenza kokucubungula kwe-singleNomgca Sukhuselekoisixhoboakwanelanga ukujongana nenomgcaithrafikhi yonxibelelwano lwekhonkco, inokwabelanomgcaqhagamshela ithrafikhi kwi-N Monitor interfaces ngokucwangcisa iqela lokulinganisela umthwalo. Ngokwe-MAC, ulwazi lwe-IP, inombolo yezibuko, iprotocol kunye nolunye ulwazi,ityenza imveliso yokulinganisela umthwalo ye-Hash algorithm ekhethiweyo, ukuzenomgcai-link traffic isasazwa ngokulinganayo kwiindawo ezininzinomgcaukhuselekoisixhobos yokucubungula amaqela, nto leyo ephucula ngempumelelo ukusebenza kokucubungula ngokubanzinomgcaukhuselekoisixhoboUkuze kuhlengahlengiswe iimfuno ze-bandwidth ephezulu kunye neemeko zesicelo sethrafikhi enkulu.
Ukufunyanwa kwePakethi yeNtliziyo
IxhasaTxkwayeRxiipakethi zokufumanisa ukubetha kwentliziyo nge-uplink kunye ne-downlink ye-connectednomgcaizixhobo zokhuseleko, kwaye ifumanisaizixhobo ezikwi-intanethiimeko yokusebenza kunye nokuba inkqubo yokucubungula ithrafikhi iqhelekile na. Ukubetha kwentliziyo kwicala ngalinyeipakethiindlela yokubhaqa inokubonisa ngokuchanekileyo imeko yokusebenza yangokunomgcaukhuselekoisixhobo, kwaye ngokufanelekileyo kuqinisekiswe ukusebenza okuqhelekileyo kwenethiwekhi.
Ingenza ngokwezifiso iiparameter zentliziyo yazo nayiphi nanomgcaisixhobo sokhuseleko, esifana nokubetha kwentliziyoTxixesha lokuphumla, amaxesha aphezulu okuvavanya ukubetha kwentliziyo kwakhona, ukubetha kwentliziyoTxulwalathiso, njl. Ingabona kwaye igwebe imeko yempazamonomgcaizixhobo zokhuseleko ngexesha, kwaye zikwazi ukucima ngokukhawuleza amakhonkco okhuseleko.
Iipakethi zokuchonga ukubetha kwentliziyo ziifreyimu ze-Ethernet layer 2 ezizenzekelayo. Xa imo yebhulorho yeLayer 2 ecacileyo (efana ne-IPS/FW) isetyenziswa, iifreyimu ze-Ethernet layer 2 ziya kuthunyelwa ngokuqhelekileyo ngaphandle kokuvala okanye ukuwisa. Kwangaxeshanye, inokuxhasa iipakethi zokuchonga ukubetha kwentliziyo ze-Ethernet ezenziwe ngokwezifiso, umaleko 3 kunye nomaleko 4 ukuze zilungelelanise nezinye izinto ezikhethekileyo.nomgcaIzixhobo zokhuseleko azikwazi ukuthumela iifreyimu eziqhelekileyo ze-Ethernet layer 2.
Ngokusekelwe kwindlela engentla, abasebenzisi banokuqonda isiphumo sokufumanisa impilo kwinqanaba lenkonzo yezixhobo zokhuseleko ezixhunyiweyo, ukuze ziqinisekise ukusebenza okuqhelekileyo kweenkonzo zokhuseleko ngempumelelo ngakumbi.
Ukutshintsha i-Bypass
Ixhasa ukudlula okuphantsi kakhuluukutshintshaukulibaziseka (<8ms), kwaye abasebenzisi abakwazi ukuziva impembelelo kwinethiwekhi xa isixhobo sidlulaukutshintshaKwangaxeshanye, iteknoloji yokutshintsha iLinki ethile yesixhobo inokuqinisekisa ukuba imeko yeLinki yeLinki ephambili ayichaphazeleki ngexesha lokudlulaukutshintshaLe teknoloji iya kuqinisekisa ukuba indlela yokudlulaukutshintshaikhuselekile ngakumbi, kwaye ayizukubangela ukuba iprotocol yetopology yomaleko 2 / Umaleko 3 weekhonkco ezikhuselweyo iphinde ibale kwaye ihlangane, ukuze kuncitshiswe impembelelo kwinethiwekhi yomsebenzisi ngexeshaukutshintsha.
Ukuthintela iiTrafikhi
Xa isixhobo sokhuseleko sibona uqhagamshelo lweseshoni olungekho mthethweni okanye olungaqhelekanga kwitrafikhi kwaye kufuneka siluvale ngexesha, isixhobo sinokuthintela naziphi na iipakethi ezichaziweyo kwitrafikhi ephezulu/esezantsi yenomgcaikhonkco elisekelwe kwiimeko zesihluzi sokufanisa i-tuple ukuqinisekisa ukusebenza ngokukhuselekileyo kweenkonzo zenethiwekhi.
Isibuko seTrafikhi
Ukongeza kukhuseleko lwetrafikhi yekhonkco elingaphakathi kunye nesixhobo soKhuseleko oluPhakathi (njenge-IPS, i-WAF), nayiphi na itrafikhi eboniswa yi-SPAN inokukhutshwa kwinkqubo yokubeka esweni ukhuseleko lwe-SPAN (njenge-IDS, i-APT), ukuze kuhlangatyezwane neemfuno zokubekwa esweni kwedatha yetrafikhi ye-SPAN okanye uvavanyo kunye nokuqinisekiswa kwetrafikhi.
I-SSL Proxy
Ngomsebenzi we-SSL proxy, ipakethi yokuqala efihliweyo iyasuswa ikhowudi yemfihlo ize ithunyelwe kwinkqubo yokhuseleko olusemgceni, ize idatha efihliweyo ibuyiselwe kwaye ithunyelwe kwikhonkco lokuqala, ukuze kubonelelwe ngedatha efihliweyo kwinkqubo yokhuseleko olusemgceni ngaphandle kokuchaphazela ukudluliselwa kwedatha efihliweyo kwikhonkco lokuqala lomsebenzisi, kwaye kuqatshelwe kwaye kuhlalutywe idatha efihliweyo yinkqubo yohlalutyo.
4.2-Ukusasazwa kwe-SPAN
Ukuphindaphinda kweTrafikhi yeNethiwekhi
IxhasaNomgca(ngokulandelelana)indlela yokukhusela iintlobo ezithile zethrafikhi kuyo nayiphi nanomgcaikhonkco.Tothumela ezinye iintlobo zetrafikhi ezichazwe ngumsebenzisi kwinomgcaikhonkco eliya kwiNomgca Sukhuselekoisixhoboukuze kucutshungulwe, kwaye ezinye iitrafikhi zithunyelwa ngqo ngaphandle kokuntywilaNomgca Sukhuselekoisixhobo. Ngaxeshanye,ityenza ukujonga imeko yokusebenza ngexesha langempelaNomgca SukhuselekoisixhoboNje ukuba imeko yokucutshungulwa kweendlela ezingaqhelekanga ifumaneke,itiya kudlula ngokuzenzekelayo kwindlela yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwenkonzo yenethiwekhi.
Uqokelelo lweTrafikhi yeNethiwekhi
Ithrafikhi yokungenisa yokuqala kunye nethrafikhi esele isetyenzisiwe inokukopishwa kwisignali yetshaneli ye-N ngokwesignali yetshaneli enye okanye ikotshelwe kwisignali yetshaneli ye-M emva kokuhlanganiswa kwesignali yetshaneli ye-N kwi-GE, 10GE, 40G kunye ne-100G isantya sokudlulisela phambili, nto leyo esombulula ngokugqibeleleyo iimfuno zokusasaza izixhobo ezingaphezu kwezibini zokumamela ii-port ezininzi kwinethiwekhi ngaxeshanye.
Ukusasazwa/Ukudluliselwa Kwedatha
Ukwahlulahlula i-metadata engenayo ngokuchanekileyo waza walahla okanye wathumela iinkonzo ezahlukeneyo zedatha kwiziphumo ezininzi ze-interface ngokwemigaqo echazwe kwangaphambili ngumsebenzisi.
Ukucoca Idatha Yepakethi
Idatha yokufakaithrafikhiinokuhlelwa ngokuchanekileyo, kwaye iinkonzo ezahlukeneyo zedatha zingaba yimithetho yoluhlu olumhlophe okanye uluhlu olumnyama, kwaye iziphumo ezininzi ze-interface zinokulahlwa okanye zithunyelwe. Ixhasa indibaniselwano eguquguqukayo ngokusekelwe kuhlobo lwe-Ethernet, i-vlan tag, i-IP five-tuple,I-TCPisihlonzi, iimpawu zepakethi kunye nezinye izinto ukuze kuhlangatyezwane neemfuno zokusasazwa kwezixhobo ezahlukeneyo zokhuseleko lwenethiwekhi, uhlalutyo lweprotocol, uhlalutyo lwesignali, kunye nokunye ukujonga ithrafikhi.
Ibhalansi yoMthwalo
Ukulinganisela umthwalo we-algorithm ye-Hash yokuzikhethela kungenziwa ngokweempawu zomaleko wangaphakathi nowangaphandle we-L2-L4 ukuqinisekisa ukuthembeka kweseshoni yokuhamba kwedatha efunyenwe yiI-SPANisixhobo sokujonga. Xa imeko yekhonkco itshintsha, amalungu eqela lezibuko lokukhupha umthwalo anokuphuma (adibanise i-DOWN) okanye ajoyine (adibanise i-UP) ngokuguquguquka, kwaye iqela lokukhupha umthwalo linokusasaza ngokuzenzekelayo i-traffic ukuqinisekisa ukulungelelaniswa komthwalo oguqukayo we-traffic ye-output yezibuko.
I-VLAN iphawulwe
I-VLAN Ayinawo amathegi
I-VLAN Itshintshiwe
Ixhase ukufana kwanoma yiliphi icandelo lesitshixo kwiibhayithi zokuqala ezili-128 zephakethi. Umsebenzisi angenza ngokwezifiso ixabiso le-offset kunye nobude becandelo lesitshixo kunye nomxholo, aze amisele umgaqo-nkqubo wesiphumo sethrafikhi ngokwendlela yokumisela umsebenzisi.
Ukunyathela Ixesha
Ixhaswe kwi vumelanisa iseva ye-NTP ukuze ulungise ixesha kwaye ubhale umyalezo kwipakethi ngendlela yethegi yexesha elihambelanayo kunye nophawu lwesitampu sexesha ekupheleni kwesakhelo, ngokuchaneka kwe-nanoseconds
Ukuhlutywa kweTunnel Encapsulation
Ixhase i-header ye-VxLAN, VLAN, GRE, GTP, MPLS, IPIP ehluthwe kwiphakheji yedatha yokuqala kwaye ikhuphe imveliso ethunyelweyo.
Ukusikwa kwedatha/kwepakethi
Ixhasaisilayi sepakethiUkufaka idatha yokuqala ngokusekelwe kujongano lokufaka ithrafikhi kwinqanaba lomgaqo-nkqubo kunye nojongano lokukhupha (64, 96, 128, 160, 192, 224, 256, 288, 320, 384, 512, 640, 768, 896, 960 bytes azinyanzelekanga), kwaye umgaqo-nkqubo wokukhupha ithrafikhi unokusetyenziswa ngokwendlela yomsebenzisi yokumisela.
Ukuchonga iProtokholi yoThungelwano
Ixhaswa ngokuzenzekela ichonga iiprotokholi ezahlukeneyo ze-tunneling ezifana ne-GTP / GRE / VxLAN / PPTP / L2TP / PPPOE / IPIP. Ngokwesimo somsebenzisi, icebo lokukhupha ithrafikhi linokusetyenziswa ngokwemaleko yangaphakathi okanye yangaphandle ye-tunnel.
Eyona nto iphambili ekudluliseleni iipakethi
Ixhasa inkcazo yokubaluleka kweepakethi zedatha ngokwendlela ebaluleke ngayo inkonzo kwizibuko elingenayo, kwaye iipakethi eziphambili zithunyelwa ngokukhethekileyo xa kuphuma imveliso. Emva kokuba iipakethi eziphambili zithunyelwe, ezinye iipakethi eziphakathi neziphantsi ziyathunyelwa. Ziphephe i-alamu yenkqubo yohlalutyo ebangelwa kukungabikho kweepakethi zedatha ezibalulekileyo.
Isilumkiso esingaqhelekanga
Ixhasa i-alamu yokujonga ngexesha langempela kunye neerekhodi ze-alamu zembali zeendlela zethrafikhi ye-interface ngokusekelwe kulungiselelo lwe-threshold. Ixhasa i-alamu yokujonga ngexesha langempela kunye neerekhodi ze-alamu zembali ngokusekelwe kwimeko yempilo yehardware yesixhobo (i-CPU, imemori, ubushushu, ifeni, umbane, njl.njl.).
Isipele esishushu se-Interface
Ixhasa uqwalaselo lwe-input interface 1+1 primary/standby, uqwalaselo lwe-output interface 1+1 primary/standby, kunye noqwalaselo lwe-load balancing group N+1 primary/standby ukuze kufezekiswe ukuthembeka okuphezulu kwinkqubo yetrafikhi ukusuka kwi-input ukuya kwi-output.
Ukulinganiswa kwe-Traffic Microburst
Ingabona ixesha, ubude kunye nesantya sokuqhuma kwe-traffic micro-burst ngexesha langempela, kwaye ibonelele ngokugcinwa kwerekhodi yokulinganisa imbali, ebonelela ngeendlela ezinokulinganiswa nezibonakalayo kunye nesiseko seengxaki zokusebenza nokugcinwa kunye nokufunyanwa kwelahleko yephakheji.
Ukhuseleko lokuxinana koMdibaniso
Ixhasa ukubhaqwa nokukhuselwa kweziganeko zokushukuma kwekhonkco phezulu/ezantsi zalo naliphi na ikhonkco, ukuze kuthintelwe ukulahleka kwethrafikhi yokufaka kunye neyokukhupha ebangelwa kukudibana rhoqo kwekhonkco phezulu/ezantsi kwekhonkco, kwaye kuphuculwe uzinzo lokuqokelelwa kunye nokudluliselwa kwethrafikhi.
Isiphumo sokuVala iTunnel
Ixhasa ukufakwa kwe-tunnel yohlobo lwe-ERSPAN2, GRE, VXLAN, NVGRE kuyo nayiphi na i-traffic eqokelelweyo kunye nemveliso ukuhlangabezana neemfuno zesicelo sokudluliselwa kwe-traffic eqokelelweyo kwinkqubo yohlalutyo olukude.
Ukupheliswa kwePakethi yeTunnel
Ixhasa umsebenzi wokuphelisa imiyalezo ye-tunnel. Lo msebenzi uvumela ukumisela iidilesi ze-IP/imaski kunye needilesi ze-MAC kwi-port yokufaka i-traffic. Ivumela ukuhanjiswa ngokuthe ngqo kwe-traffic ekufuneka iqokelelwe kwinethiwekhi yomsebenzisi ngeendlela zokufaka i-tunnel ezifana ne-GRE, i-GTP, kunye ne-VXLAN kwi-port yokuqokelela yesixhobo.
Ukususwa kwe-Span SSL
Ixhaswe ukulayisha ukususwa kokubethela kwesatifikethi se-SSL esihambelanayo. Emva kokususwa kokubethela kwedatha efihliweyo ye-HTTPS yethrafikhi echaziweyo, iya kuthunyelwa kwiinkqubo zokubeka esweni nokuhlaziya ezingasemva njengoko kufuneka. Ixhaswe yi-TLS1.0, i-TLS1.2 kunye ne-SSL3.0
Ukususwa kweDatha/Ipakethi
I-granularity yezibalo esekwe kwizibuko okanye kwinqanaba lomgaqo-nkqubo exhaswayo ukuthelekisa idatha yomthombo wokuqokelela emininzi kunye nokuphindaphinda kwepakethi yedatha efanayo ngexesha elithile. Abasebenzisi banokukhetha izihlonzi zepakethi ezahlukeneyo (dst.ip, src.port, dst.port, tcp.seq, tcp.ack, dst.mac, src.mac, vlan.id)
Ukufihla Umhla Okhethiweyo
Ixhasa ubuncinci obusekelwe kumgaqo-nkqubo ukuze kuthathelwe indawo naliphi na icandelo eliphambili kwidatha eluhlaza ukuze kufezekiswe injongo yokukhusela ulwazi oluyimfihlo. Ngokwesimo somsebenzisi, umgaqo-nkqubo wokuphuma kwetrafikhi unokusetyenziswa.
Ukuchonga iProtokholi yoLuhlu lwe-APP
Ixhasa ukuchongwa, ukukhutshwa kunye nokulahla iiProtocols zeLayer yeSicelo ngokusekelwe kwimo yokufanisa i-DNS/URL. Ilayibrari yeempawu ze-DPI inokudityaniswa ukuze iqaphele, ikhutshwe kwaye ilahle ubuncinane iintlobo ezili-1800 zeempawu zeprotocol yesicelo (ezifana nesandi kunye nevidiyo, umdlalo, imiyalezo ekhawulezileyo, isiseko sedatha, i-imeyile, i-P2P, njl.njl.), kwaye ilayibrari yeempawu ze-DPI inokuphuculwa kwaye ihlaziywe. Ukuba kukho iimfuno ezizodwa, uphuhliso lwesibini lunokwenziwa.
Ipakethi Ukususwa kweekapsule okuchazwe ngumsebenzisi
Ixhasa umsebenzi we-self-defined packet unencapsulation, enokuhluba amasimi e-encapsulation kunye nomxholo kuyo nayiphi na indawo yee-bytes zokuqala ezili-128 zepakethi kwaye iyikhuphe.
Ukuyila iiNdlela
Kwangaxeshanye, iteknoloji yokubumba ithrafikhi isetyenziswa kwi-output interface ukukhupha ukuhamba kwedatha kakuhle kwisixhobo sohlalutyo, esisombulula ngokusisiseko ingxaki yokulahleka kwepakethi ebangelwa kukuqhuma okuncinci kwaye siphephe i-alamu engaqhelekanga ebangelwa kukulahleka kwethrafikhi kwinkqubo yohlalutyo.
Ukuthelekiswa kwamagama angundoqo epakethi
Emva kokuba nawuphi na umxholo wentsimi kwinxalenye yomthwalo wepakethi ufanisiwe kwaye ubethelelwe, ipakethi okanye ukuhamba kweseshoni okunxulumeneyo kuyathunyelwa kwaye kukhutshwe okanye kulahlwe ukuze kuhlangatyezwane neemfuno zokulungiswa kwangaphambili kwedatha ethile yethrafikhi.
Ukuhlutywa kweTunnel Encapsulation
Ixhasa imveliso ye-VXLAN, MPLS, GRE, SRV6, FABRICPATCH, GENEVE kunye nezinye ii-packet headers kwi-data packet yokuqala emva kokuyisusa.
Ukukhuphela uQhagamshelo oluhlala ixesha elide
Ngokweemfuno zomsebenzisi, naluphi na uhambo lweseshoni lungathunyelwa kwaye luphume ngokwenani leebhayithi ezidluliselweyo kunye nenani leepakethi ezidluliselweyo, kwaye uhambo lweseshoni olulandelayo lungalahlwa, ukuze kuhlangatyezwane neemfuno zenkqubo yohlalutyo lwangasemva kwiimeko ezithile, ekufuneka kuphela ukufumana inxalenye yethrafikhi yokuhamba kweseshoni, ukunciphisa uxinzelelo lohlalutyo lwethrafikhi kunye nokuphucula ukusebenza kakuhle kwenkqubo yohlalutyo.
Uhlalutyo lwezibalo zeTrafikhi
Ixhasa izibalo zezinto ezikwi-interface yokungena, kwaye ingabonisa ubungakanani bayo bendlela yokuhamba, ubungakanani bendlela/umlinganiselo we-IP address, ubungakanani bendlela/umlinganiselo we-IP address, ubukhulu bendlela/umlinganiselo we-IP address address, ubukhulu bendlela/umlinganiselo we-application protocol category, ubungakanani bendlela/umlinganiselo we-application protocol name kunye nolwazi lwe-traffic session ngendlela yeetshathi ngexesha langempela, kwaye ibonelela ngokuthunyelwa kweziphumo zezibalo kwiifayile zasekuhlaleni. Ke ngoko, abasebenzisi banokuqonda ngokucacileyo ulwakhiwo lwalo naliphi na i-traffic eqokelelweyo, kwaye banike isiseko senkxaso yedatha ethe ngqo yokwenza izicwangciso zendlela ngokwezifiso kunye neemfuno zeshishini ezitshintshayo.
Ukubonakala kweTrafikhi - Uhlalutyo lweDatha oluSisiseko
Imodyuli yohlalutyo olusisiseko lomsebenzi wokufumanisa ukubonwa kwethrafikhi ingabonisa ulwazi olusisiseko lwedatha yethrafikhi ekujoliswe kuyo ebanjiweyo, efana nokubalwa kweepakethi, ukusasazwa kweepakethi ze-unicast/multicast/broadcast, inombolo yoqhagamshelo lweseshoni, ukusasazwa kweprotocol yeepakethi, kunye nobungakanani bethrafikhi ebanjiweyo.
Ukubonakala kweTrafikhi - Uhlalutyo oluNzulu lweDPI
Imodyuli yohlalutyo olunzulu lwe-DPI yomsebenzi wokufumanisa ukubonakala kwethrafikhi inokwenza uhlalutyo olunzulu lwedatha yethrafikhi ebanjiweyo kwiimbono ezahlukeneyo, kwaye ibonise iinkcukacha-manani ngendlela yeegrafu kunye neetafile.
Ukubonakala Kwendlela Ehamba Ngayo - Uhlalutyo Lomlinganiselo Wendlela Ehamba Ngayo
● Uhlalutyo lomlinganiselo weprotokholi yothutho: olufana ne-TCP, i-UDP, i-ICMP, i-IGMP, i-ARP kunye nezinye izibalo zomlinganiselo wepakethi kunye nethrafikhi kunye nomboniso wetshathi yephayi
● Uhlalutyo lwe-IP traffic proportional: njengezibalo ze-traffic eziveliswa ziidilesi ze-IP ezahlukeneyo, udidi lwe-traffic olusekelwe kwi-IP TOP N kunye nomboniso wetshathi yebha
● Uhlalutyo lwesilinganiso sesicelo se-DPI: njenge-HTTP, i-QQ, i-FTP kunye nezinye iiprotokholi zesicelo, inani lee-byte, usasazo lwezibalo zethrafikhi yonxibelelwano kunye nomboniso wetshathi yephayi
Ukubonakala Kwetrafikhi - Uhlalutyo Lwexesha Letrafikhi
Ngokweemeko ezahlukeneyo zokucoca, ezifana ne-IP, izibuko, iprotokholi yomaleko wokuthutha, iprotokholi yomaleko wokusetyenziswa kunye neminye imixholo echaziweyo, idatha yethrafikhi yokubamba ekujoliswe kuyo ngoku inokuhlalutywa kwaye iboniswe ngokusekelwe kwixesha lokuvavanya, kwaye ubungakanani bethrafikhi kunye nomkhwa unokubuzwa ngokuhambisa isilayidi sexesha kunye nokulinganiswa kwe-statistical granularity, kwaye ukuchaneka kunokufikelela kwi-millisecond enye.
Ukubonakala kweTrafikhi - Uhlalutyo lweTheyibhile yokuHamba
Ngokweemeko ezahlukeneyo zesihluzo, ezifana ne-flow ID, i-IP, i-port, i-transport layer protocol, i-application layer protocol kunye nomnye umxholo ochaziweyo, idatha yetrafikhi efunyenweyo ekujoliswe kuyo ngoku inokuhlalutywa kwaye ibalwe ngokusekelwe kwimo yokuhamba kweseshoni, oko kukuthi, ukubonakaliswa okuneenkcukacha kolwazi lokuhamba kweseshoni, kubandakanya ulwazi olu-five-tuple lokuhamba ngakunye, uhlobo lwesicelo sokuthwala, inani kunye neebhayithi zokudluliselwa kwepakethi, kunye nokuhamba kwedatha okunxulumeneyo. Kwaye inomboniso wokubeka ireyithi ngokusekelwe kulwazi olungasentla. Ngokusekelwe kolu lwazi, abasebenzisi banokuthatha ngokulula iintlobo zetrafikhi abazikhathaleleyo, nto leyo ebonelela ngesiseko esithe ngqo kubasebenzisi sokwenza imigaqo-nkqubo yokudlulisela itrafikhi.
Ukubonakala kweTrafikhi - Uhlalutyo lwePakethi
Ngokusekelwe kwiikhrayitheriya ezahlukeneyo zokucoca, ezifana ne-packet ID, i-IP, i-port, i-transport layer protocol, i-application layer protocol kunye nomnye umxholo ochaziweyo, idatha yetrafikhi ebanjiweyo inokubonelelwa ngengcaciso yohlalutyo lwenqanaba ngalinye lepakethi, kuquka:
● Uhlalutyo lwexesha lokuqokelela iipakethi
● Uhlalutyo lolwazi lwepakethi ephambili, olufana nokusip, ukudipha, i-smac, i-dmac, iprotocol, iflegi, i-TTL, ubude bomyalezo, iziganeko eziphambili
● Uhlalutyo lwendlela yokudlulisa iipakethi kunye nomboniso we-animation, ezinje: amaxesha okudlulisela phambili, ukulibaziseka kokudlulisela phambili, uhlobo lokudlulisela phambili (ukuhambisa indlela, ukutshintsha, i-firewall, ukulinganisela umthwalo, i-NAT)
● Isishwankathelo solwazi lwepakethi kunye nomboniso oneenkcukacha zesakhiwo
● Uhlalutyo lwenani leepakethi eziqokelelweyo eziphindaphindwayo
Ukubonakala kweTrafikhi – Uhlalutyo oluchanekileyo lweMpazamo
Imodyuli yohlalutyo lweempazamo yomsebenzi wokufumanisa ukubonakala kwethrafikhi inokubonelela ngendawo eyahlukileyo yohlalutyo lweempazamo ezibonakalayo kwidatha yethrafikhi ekujoliswe kuyo, kuquka:
● Isishwankathelo esingaqhelekanga, esifana: neziphumo zohlalutyo lwenkonzo yenethiwekhi, iziphumo zohlalutyo lweziganeko ezingaqhelekanga, inkqubo yenethiwekhi esekelwe kuhlalutyo lokuziphatha (njengenani lezixhobo zokuhambisa, izixhobo ze-NAT, izixhobo zomlilo, izixhobo zokulinganisela umthwalo ezidluliswa yipakethi yokudlulisela)
● Uhlalutyo lokusilela kwinqanaba letafile yokuhamba, njengeentlobo zeziganeko ezingaqhelekanga (uqhagamshelo olulahliweyo/uqhagamshelo olungaphenduliyo/uqhagamshelo aludluliswanga/uqhagamshelo aluvulekanga/indlela yeseshoni engafikelelekiyo, njl.njl.), ● Uhlalutyo lokusilela kwinqanaba lepakethi, olufana: uhlobo lwesiganeko esingaqhelekanga (impazamo ye-packet checksum /TTL 0/ impazamo engafikelelekiyo /impazamo ye-FCS checksum, njl.njl.), inkcazo eneenkcukacha yolwazi olungaqhelekanga, kunye neenkcukacha zokuhamba kwedatha okunxulumeneyo
● Uhlalutyo lwempazamo yokhuseleko, olufana: uhlobo lwesiganeko esingaqhelekanga (uhlaselo lwe-DDOS/ukuvalwa komlilo/uhlaselo lwe-ARP/ukhukula lwe-UDP/ukhukula lwe-SYN, njl.njl.), inkcazo eneenkcukacha yolwazi olungaqhelekanga, kunye neenkcukacha zokuhamba kwedatha okunxulumene nayo
● Uhlalutyo lwempazamo yenethiwekhi, olufana: uhlobo lwesiganeko esingaqhelekanga (ukutshintsha iluphu/iluphu yendlela/indlela engafikelelekiyo/ukuphazamiseka kwekhonkco, njl.njl.), inkcazo eneenkcukacha yolwazi olungaqhelekanga, kunye neenkcukacha zokuhamba kwedatha okunxulumene nayo
5-I-Mylinking™ Network Packet Broker kunye neenkcukacha ze-Inline Bypass Switch
| ML-NPB-M2000 Umthengisi wePakethi yeMylinking™ Network kunye neInline Bypass Switch Iinkcukacha zomsebenzi | ||||
| Ujongano lwenethiwekhi | Isithuba semodyuli | Izithuba zemodyuli ze-BYPASS okanye ze-MONITOR ezi-4 | ||
| Inani leekhonkco ezikwi-intanethi | Ixhasa ukhuseleko kwiikhonkco ze-optical ezifikelela kwi-16 ze-1G/10G okanye iikhonkco ze-optical ezisi-8 ze-40G/100G. | |||
| Ujongano lokujonga iliso | Ixhasa ubuninzi beendawo zokujonga ii-64*1G/10GE okanye iindawo zokujonga ii-16*40G/100G. | |||
| Ujongano lolawulo olungaphandle kwebhendi | Izibuko le-Ethernet eli-1*10/100/1000M; | |||
| Imo yokusasazwa | Ukusasazwa okungaphakathi | Inkxaso | ||
| Ukusasazwa kwe-SPAN | Inkxaso | |||
| Imisebenzi yeNkqubo | Imo yokusasazwa emgceni | Ukhuseleko oluthile lokuxinana kokuhamba kwamanzi | Inkxaso | |
| Ukhuseleko lwe-flow series yonke | Inkxaso | |||
| Ukulinganisela umthwalo | Inkxaso | |||
| Ukuchonga ukubetha kwentliziyo | Inkxaso | |||
| Ukutshintsha nge-BYPASS | Inkxaso | |||
| Ukuvalwa kwezithuthi | Inkxaso | |||
| Ukujonga iitrafikhi | Inkxaso | |||
| I-SSL Proxy | Inkxaso | |||
| Imo yokusasazwa kwe-SPAN | Ukucutshungulwa kweendlela ezisisiseko | Ukuphindaphinda/ukuqokelelana/ukusasazwa kwezithuthi | Inkxaso | |
| Ukulinganisela umthwalo | Inkxaso | |||
| Ukucoca ithrafikhi ngokusekelwe kwisazisi se-IP/protocol/port 5-tuple | Inkxaso | |||
| Ukuthegisha/ukuguqula/ukususa i-VLAN | Inkxaso | |||
| Ukubeka ixesha | Inkxaso | |||
| Ukuhluba i-tunnel encapsulation | Inkxaso | |||
| Ukusikwa kwedatha | Inkxaso | |||
| Ukuchongwa kweProtocol yoThungelwano | Inkxaso | |||
| Ukubaluleka kokudlulisela ipakethi | Inkxaso | |||
| Isilumkiso esingaqhelekanga | Inkxaso | |||
| I-interface eshushu yokulinda | Inkxaso | |||
| Umlinganiselo wokuqhuma okuncinci | Inkxaso | |||
| Ukhuseleko lokushukuma kojongano | Inkxaso | |||
| Isiphumo sokuVala iTunnel | Inkxaso | |||
| Ukupheliswa kwepakethi yomjelo | Inkxaso | |||
| Ukucutshungulwa kwetrafikhi okuphambili | Dlula i-SSL Decryption | Inkxaso | ||
| Ukususwa kwedatha | Inkxaso | |||
| Ukufihla idatha | Inkxaso | |||
| Ukuchongwa kweprotocol yomaleko wesicelo | Inkxaso | |||
| Ukususa iicapsule ngokwezifiso | Inkxaso | |||
| Ukubumba ukuhamba komoya | Inkxaso | |||
| Ukuthelekiswa kwamagama angundoqo | Inkxaso | |||
| Ukuhluba i-tunnel encapsulation | Inkxaso | |||
| Ukukhulula uqhagamshelo oluhlala ixesha elide | Inkxaso | |||
| Ukujongwa kwenxalenye yokuhamba kwamanzi | Inkxaso | |||
| Ukuxilongwa kunye nokubeka esweni | Ukubeka iliso ngexesha langempela | Inkxaso | ||
| Umbuzo wembali yethrafikhi | Inkxaso | |||
| Ukubanjwa kwetrafikhi | Inkxaso | |||
| Ukufunyanwa kwembonakalo yetrafikhi | Uhlalutyo oluSisiseko | Ixhasa ukuboniswa kweenkcukacha-manani okufingqiweyo okusekelwe kulwazi olusisiseko olufana nokubalwa kweepakethi, ukusasazwa kohlobo lweepakethi, ukubalwa koqhagamshelo lweseshoni, kunye nokusasazwa kweprotocol yeepakethi. | ||
| Uhlalutyo olunzulu lwe-DPI | Ixhasa uhlalutyo lwenxalenye yeenkqubo zothutho, umlinganiselo we-unicast, usasazo kunye ne-multicast, umlinganiselo wethrafikhi ye-IP, kunye nomlinganiselo wezicelo ze-DPI. Ixhasa uhlalutyo kunye nokuboniswa komxholo wedatha ngokusekelwe kwixesha lokuthathwa kwesampulu kunye nomthamo wedatha. Ixhasa uhlalutyo lwedatha kunye nezibalo ezisekelwe kwimithombo yeseshoni. | |||
| Uhlalutyo oluchanekileyo lweZiphene | Ixhasa uhlalutyo lweempazamo kunye nolwahlulo lwendawo kusetyenziswa idatha yetrafikhi evela kwiimbono ezahlukeneyo, kubandakanya: Uhlalutyo lokuziphatha kokudluliselwa kwepakethi, uhlalutyo lweempazamo kwinqanaba lokusasazwa kwedatha, uhlalutyo lweempazamo kwinqanaba lepakethi yedatha, uhlalutyo lweempazamo ezinxulumene nokhuseleko, kunye nohlalutyo lweempazamo ezinxulumene nenethiwekhi. | |||
| Umthamo wokucubungula | 2.4 Tbsp | |||
| Lawula | Ulawulo lweNethiwekhi yeCONSOLE | Inkxaso | ||
| Ulawulo lweNethiwekhi ye-IP/WEB | Inkxaso | |||
| Ulawulo lwenethiwekhi ye-SNMP | Inkxaso | |||
| Ulawulo lwenethiwekhi ye-TELNET/SSH | Inkxaso | |||
| Iprotokholi ye-SYSLOG | Inkxaso | |||
| Ukuqinisekiswa kogunyaziso oluphakathi lweRADIUS okanye iTADACS+ | Inkxaso | |||
| Umsebenzi wokuqinisekisa umsebenzisi | Ukuqinisekiswa kwegama lomsebenzisi kunye negama lokugqitha | |||
| Umbane | Ixabiso lombane wombane | I-AC-220V/DC-48V [Ukhetho] | ||
| Ireyithi yamandla elinganisiweyo | I-AC-50HZ | |||
| Ixabiso lokufaka langoku | I-AC-3A / DC-10A | |||
| Amandla okusebenza alinganisiweyo | Ubuninzi be-300W | |||
| Okusingqongileyo | Ubushushu bokusebenza | 0-50℃ | ||
| Ubushushu bokugcina | -20-70℃ | |||
| Ukufuma okusebenzayo | 10% -95%, ayifumi | |||
| Uqwalaselo Lomsebenzisi | Uqwalaselo lwekhonsoli | Ujongano lwe-RS232, 115200, 8, N, 1 | ||
| Ukuqinisekiswa kwegama eligqithisiweyo | Sinkxaso | |||
| Ubungakanani beRakhi | Indawo yerekhi (U) | 2U 444mm*88mm*670mm | ||
6-Umthengisi wePakethi yeMylinking™ Network kunye neSicelo sokuTshintsha i-Inline Bypass
6.1IRisk ofI-Inline SukhuselekoEizixhobo (IPS / FW)
Oku kulandelayo yi-IPS (Intrusion Prevention System) eqhelekileyo, imo yokusasazwa kwe-FW (Firewall), i-IPS / FW isasazwa ngokulandelelana kwizixhobo zenethiwekhi (ii-routers, iiswitshi, njl.njl.) phakathi kwetrafikhi ngokusebenzisa ukwenziwa kokuhlolwa kokhuseleko, ngokwemigaqo-nkqubo yokhuseleko ehambelanayo yokumisela ukukhululwa okanye ukuvalwa kwetrafikhi ehambelanayo, ukufezekisa isiphumo sokhuselo lokhuseleko.
Oku kulandelayo yi-IPS (Intrusion Prevention System) eqhelekileyo, imo yokusasazwa kwe-FW (Firewall), i-IPS / FW isasazwa ngokulandelelana kwizixhobo zenethiwekhi (ii-routers, iiswitshi, njl.njl.) phakathi kwetrafikhi ngokusebenzisa ukwenziwa kokuhlolwa kokhuseleko, ngokwemigaqo-nkqubo yokhuseleko ehambelanayo yokumisela ukukhululwa okanye ukuvalwa kwetrafikhi ehambelanayo, ukufezekisa isiphumo sokhuselo lokhuseleko.
6.2 Ukhuseleko lwezixhobo ze-Inline Link Series
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch zisetyenziswa kuthotho phakathi kwezixhobo zenethiwekhi (ii-routers, iiswitshi, njl.njl.), kwaye ukuhamba kwedatha phakathi kwezixhobo zenethiwekhi akusakhokeleli ngqo kwi-IPS / FW, "Smart Inline Bypass Switch" ukuya kwi-IPS / FW, xa i-IPS / FW ngenxa yokugqithiswa kakhulu, ukuphahlazeka, uhlaziyo lwesoftware, uhlaziyo lomgaqo-nkqubo kunye nezinye iimeko zokungaphumeleli, "Smart Inline Bypass Switch" ngokusebenzisa umyalezo wokuqonda ukubetha kwentliziyo okrelekrele Umsebenzi wokufumanisa ngexesha elifanelekileyo, kwaye ngaloo ndlela utsibe isixhobo esingalunganga, ngaphandle kokuphazamisa isiseko senethiwekhi, izixhobo zenethiwekhi ezikhawulezayo eziqhagamshelwe ngqo ukukhusela inethiwekhi eqhelekileyo yonxibelelwano; xa ukusilela kwe-IPS / FW kubuyiselwa, kodwa nakwiipakethi zentliziyo ezikrelekrele Ukufumanisa ukufunyanwa ngexesha elifanelekileyo komsebenzi, ikhonkco lokuqala lokubuyisela ukhuseleko lokujonga ukhuseleko lwenethiwekhi yeshishini.
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch inomsebenzi onamandla wokufumanisa imiyalezo yokubetha kwentliziyo, umsebenzisi angenza ngokwezifiso ixesha lokubetha kwentliziyo kunye nenani eliphezulu lokuphinda ajonge, ngokusebenzisa umyalezo wentliziyo olungiselelweyo kwi-IPS / FW wovavanyo lwempilo, njengokuthumela umyalezo wokujonga ukubetha kwentliziyo kwi-upstream / downstream port ye-IPS / FW, aze emva koko afumane kwi-upstream / downstream port ye-IPS / FW, aze agwebe ukuba i-IPS / FW isebenza ngokuqhelekileyo ngokuthumela nokufumana umyalezo wokubetha kwentliziyo.
6.3 Ukuhamba koMgaqo-nkqubo we-“SpecFlow”UkhuselekoUkhuseleko lweNgqungquthela
Xa isixhobo senethiwekhi yokhuseleko sifuna kuphela ukujongana nokhuseleko oluthile lwethrafikhi, ngokusebenzisa iMylinking™ Network Packet Broker kunye nomsebenzi we-Inline Bypass Switch traffic per-processing, ngokusebenzisa umgaqo-nkqubo wokuhlola ithrafikhi ukuze uqhagamshele isixhobo sokhuseleko esikwi-inline "Ithrafikhi ekhathazekileyo" ithunyelwa ngqo kwikhonkco lenethiwekhi, kwaye "icandelo lethrafikhi elichaphazelekayo" litsalwa kwisixhobo sokhuseleko esikwi-in-line ukuze kwenziwe uhlolo lokhuseleko. Oku akuyi kugcina kuphela ukusetyenziswa okuqhelekileyo komsebenzi wokuchonga ukhuseleko lwesixhobo sokhuseleko, kodwa kuya kunciphisa ukuhamba okungafanelekanga kwezixhobo zokhuseleko ukujongana noxinzelelo; kwangaxeshanye, "iSmart Inline Bypass Switch" inokubhaqa imeko yokusebenza kwesixhobo sokhuseleko ngexesha langempela. Isixhobo sokhuseleko sisebenza ngokungaqhelekanga sidlula ngokuthe ngqo ithrafikhi yedatha ukuze kuthintelwe ukuphazamiseka kwenkonzo yenethiwekhi.
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch inokuchonga ithrafikhi ngokusekelwe kwi-L2-L4 layer header identifier, njenge-VLAN tag, i-source/destination MAC address, i-source IP address, i-IP packet type, i-transport layer protocol port, i-protocol header key tag, njalo njalo. Iindidi ezahlukeneyo zeemeko ezihambelanayo zinokuchazwa ngendlela eguquguqukayo ukuchaza iintlobo ezithile zethrafikhi ezinomdla kwisixhobo esithile sokhuseleko kwaye zingasetyenziswa ngokubanzi ekusetyenzisweni kwezixhobo ezizodwa zokuhlola ukhuseleko (RDP, SSH, uphicotho lwedathabheyisi, njl.njl.).
6.4LibhalansiUkhuseleko olusemgceniUkhuseleko lweNgqungquthela
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch zisetyenziswa kuthotho phakathi kwezixhobo zenethiwekhi (ii-routers, iiswitshi, njl.njl.). Xa ukusebenza kwe-IPS / FW enye kunganelanga ukujongana ne-network link peak traffic, umsebenzi wokulinganisela umthwalo wethrafikhi womkhuseli, "ukuhlanganisa" kwe-IPS / FW cluster processing network link traffic ezininzi, unokunciphisa ngempumelelo uxinzelelo lwe-IPS / FW enye processing pressure, uphucule ukusebenza kwe-processing iyonke ukuze kuhlangatyezwane ne-bandwidth ephezulu yendawo yokuthunyelwa.
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch inomsebenzi onamandla wokulinganisela umthwalo, ngokwethegi yesakhelo se-VLAN, ulwazi lwe-MAC, ulwazi lwe-IP, inombolo yezibuko, iprotocol kunye nolunye ulwazi malunga nokusasazwa kwe-Hash load balancing yethrafikhi ukuqinisekisa ukuba i-IPS / FW nganye ifumene ukuthembeka kweSeshini yokuhamba kwedatha.
6.5Uthotho oluninziIzixhobo ezikwi-Inline FiphantsiTingxwabangxwabaPukhuselo(UtshintshoOkoqoboUqhagamshelo oluQhelekileyo oluya kwiIngqiqoUqhagamshelo oluhambelanayo)
Kwezinye iikhonkco eziphambili (ezifana neendawo ze-intanethi, ikhonkco lokutshintshiselana kwendawo yeseva) indawo idla ngokuba ngenxa yeemfuno zeempawu zokhuseleko kunye nokuthunyelwa kwezixhobo ezininzi zokuvavanya ukhuseleko ezikwi-intanethi (ezifana ne-firewall, izixhobo zokuhlasela ze-DDOS, i-firewall yesicelo se-WEB, izixhobo zokuthintela ukungena, njl.njl.), izixhobo ezininzi zokuchonga ukhuseleko ngaxeshanye kuthotho kwikhonkco ukwandisa ikhonkco lenqaku elinye lokusilela, ukunciphisa ukuthembeka ngokubanzi kwenethiwekhi. Kwaye kwizixhobo zokhuseleko ezikhankanyiweyo apha ngasentla ezifakwe kwi-intanethi, ukuphuculwa kwezixhobo, ukutshintshwa kwezixhobo kunye neminye imisebenzi, kuya kubangela ukuphazamiseka kwenethiwekhi ixesha elide kunye nesenzo esikhulu sokunqunyulwa kweprojekthi ukugqiba ukuphunyezwa ngempumelelo kweeprojekthi ezinjalo.
Ngokusebenzisa iMylinking™ Network Packet Broker kunye neInline Bypass Switch ngendlela edibeneyo, indlela yokusetyenziswa kwezixhobo ezininzi zokhuseleko ezidityaniswe kuthotho kwikhonkco elinye inokutshintshwa ukusuka kwi "Physical Serial Connection Mode" ukuya kwi "Physical Parallel Connection but Logical Serial Connection Mode". Oku kunciphisa ngempumelelo imithombo yokusilela kwenqaku elinye kwikhonkco le-serial kwaye kuphucula ukuthembeka kwekhonkco. Kwangaxeshanye, iMylinking™ Network Packet Broker kunye neInline Bypass Switch zinokukhokela ithrafikhi yekhonkco xa ifunwa, zifezekisa isiphumo esifanayo sokucubungula ukhuseleko lwethrafikhi njengemo yoqhagamshelwano lwe-serial yokuqala.
Izixhobo ezingaphezu kwesinye zoKhuseleko olukwi-Inline ngaxeshanye kumzobo wokusasazwa kochungechunge:
Umthengisi wePakethi yeMylinking™ Network kunye nomzobo woTshintsho lwe-Inline Bypass:
(Tshintsha uQhagamshelo lwePysical Serial lube yiLogical Parallel Connection)
6.6Ngokusekelwe kwiDUmgaqo-nkqubo we-synamic weTi-raffic InlineSukhuselekoDukuthintelaPukhuselo
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch, enye imeko yesicelo esiphambili isekelwe kumgaqo-nkqubo oguqukayo wezicelo zokukhusela ukufunyanwa kokhuseleko lokubanjwa kwethrafikhi, ukusasazwa kwendlela njengoko kubonisiwe ngezantsi:
Thatha izixhobo zovavanyo lokhuseleko ze-"Anti-DDoS attack protection and detection", umzekelo, ngokusebenzisa ukusasazwa kwe-"Smart Bypass Switch" kunye nezixhobo zokukhusela ze-anti-DDOS uze uqhagamshele kwi-"Smart Bypass Switch", kwi-"Smart Bypass Switch" eqhelekileyo ukuya kwinani elipheleleyo lokudluliselwa kwesantya sethrafikhi ngaxeshanye nesiphumo sesibuko sokuhamba ukuya kwisixhobo sokukhusela uhlaselo lwe-Anti-DDOS, xa sele sifunyenwe kwi-IP yeseva (okanye icandelo lenethiwekhi ye-IP) emva kohlaselo, "isixhobo sokukhusela uhlaselo lwe-Anti-DDOS" siya kuvelisa imithetho yokufanisa ukuhamba kwethrafikhi ekujoliswe kuyo kwaye siyithumele kwi-"Smart Bypass Switch" ngokusebenzisa ujongano lokuhambisa umgaqo-nkqubo onamandla. I-"Bypass Switch" inokuhlaziya "i-traffic traction dynamic" emva kokufumana imithetho yomgaqo-nkqubo onamandla. Umgaqo-nkqubo "kwaye ngoko nangoko" umthetho ubethe i-attack server traffic "traction" kwisixhobo sokukhusela nokufumanisa uhlaselo lwe-anti-DDoS ukuze sicutshungulwe, ukuze sisebenze emva kohlaselo size siphinde sifakwe kwinethiwekhi.
Inkqubo yesicelo esekelwe kwi-"Smart Bypass Switch" kulula ukuyisebenzisa kunendlela yendabuko ye-BGP injection okanye enye indlela yokudonsa ithrafikhi, kwaye okusingqongileyo akuxhomekekanga kakhulu kwinethiwekhi kwaye ukuthembeka kuphezulu.
"I-Smart Bypass Switch" ineempawu ezilandelayo zokuxhasa ukhuseleko lokufunyanwa kokhuseleko lomgaqo-nkqubo oguqukayo:
1. "I-Smart Bypass Switch" ukubonelela ngaphandle kwemithetho esekwe kwi-interface ye-WEBSERIVCE, ukuhlanganiswa okulula nezixhobo zokhuseleko zomntu wesithathu.
2. "I-Smart Bypass Switch" esekelwe kwi-hardware pure ASIC chip yokudlulisela phambili ukuya kwi-100Gbps wire-speed packets ngaphandle kokuthintela i-switch forwarding, kunye "ne-traffic traction dynamic rule library" nokuba inani lithini.
3. Umsebenzi we-BYPASS owakhelwe ngaphakathi "yiSmart Bypass Switch", nokuba isikhuseli ngokwaso asiphumeleli, sinokudlula ikhonkco lokuqala le-serial ngoko nangoko, asichaphazeli ikhonkco lokuqala lonxibelelwano oluqhelekileyo.
6.7I-Inline Serial Traffic MirroringyoKhuseleko olungaphandle kwebhendi (ekwi-Inline + SPAN)
I-Mylinking™ Network Packet Broker kunye ne-Inline Bypass Switch zihlala zisetyenziswa kwinethiwekhi ye-IT yomthengi okanye kwinethiwekhi yeqonga lefu ukubonelela ngokhuseleko olukwi-intanethi kwizixhobo ze-WAF/IPS kunye nekhonkco lokuqala. Abasebenzisi banokuba neemfuno ezongezelelweyo zokuvavanya, ukuqinisekiswa, okanye ukuthunyelwa kwezixhobo zokubeka esweni i-bypass, nto leyo ebangela ukuba kufunyanwe idatha yethrafikhi kule khonkco.
Ngoko ke, ngokusebenzisa umsebenzi wokujonga ithrafikhi weMylinking™ Network Packet Broker kunye neInline Bypass Switch, ithrafikhi yekhonkco le-inline serial inokujongwa kwizibuko lemonitha, njengoko kubonisiwe kumfanekiso olandelayo:
Umzobo ongezantsi ubonisa imeko ende yesicelo se-inline link traffic kunye ne-switch mirrored port traffic. Oku kuvumela ukhuseleko lwe-inline link traffic ngaphandle kokuchaphazeleka yi-switch mirrored port traffic. Inkqubo yohlalutyo lwe-IDS inokufumana ngaxeshanye zombini i-inline link traffic kunye ne-switch mirrored port traffic. Indlela yokusasazwa iboniswe kumzobo ongezantsi:
6.8Ukususwa kweDatha/IpakethiIsicelo
Njengoko kubonisiwe kwisakhiwo sokusasazwa kwesicelo esingentla, ukuqinisekisa ukuthembeka kokuqokelelwa kwedatha yokuqala kuyo yonke ikhonkco, ezinye iipakethi zedatha ezifanayo zinokuqokelelwa amaxesha amaninzi ngaphakathi kwendlela enye. Oku kukhokelela ekwandeni kwee-alamu zobuxoki kunye nokudluliselwa kwakhona kwinkqubo yasemva, okonyusa ukusebenza okuphezulu kwenkqubo yohlalutyo kwaye kuchaphazela ukuchaneka nokusebenza kakuhle kohlalutyo. Ngokusekelwe kwisisombululo, okokuqala, iipakethi zedatha eziphindaphindwayo ezichithwa kwiindawo ezahlukeneyo zokubamba. Ipakethi yedatha enye kuphela ethunyelwa kwinkqubo yohlalutyo lokusebenza kwenethiwekhi ye-backend NPM kunye nenkqubo yohlalutyo lokusebenza kwesicelo se-APM, ngaloo ndlela kugcinwa ukusebenza kwenkqubo yohlalutyo kunye nokuphucula ukusebenza kakuhle kunye nokuchaneka kohlalutyo.
6.9Idatha/IpakethiI-VLAN TaggingIsicelo
Kwindawo yenethiwekhi eboniswe kumzobo ongentla, isisombululo sisetyenziselwa ukumaka ilebhile yedatha eluhlaza evela kwizixhobo ezahlukeneyo zenethiwekhi kunye neekhonkco. Xa kuvela ithrafikhi engaqhelekanga okanye iipakethi zedatha kwinethiwekhi, izixhobo zohlalutyo lwe-backend zinokufumana ngokukhawuleza nangokuchanekileyo umthombo wedatha engaqhelekanga ngokulandelela ngasemva ngokusekelwe kwiilebhile zedatha.
6.10 Itrafikhi yoNxibelelwanoIshedyuli EdibeneyoIsicelo
Kwindawo yenethiwekhi eboniswe kumzobo ongentla, idatha yekhonkco yomthombo we-10GE, 25GE, 40GE kunye ne-100GE ifakwa ngokupheleleyo kwiMylinking™ Network Packet Broker kunye neInline Bypass Switch kusetyenziswa i-optical splitting okanye i-port mirror. Emva koko, ukucoca kunye nokwahlulahlula ithrafikhi kusetyenziswa ukuvelisa ithrafikhi yedatha yenkonzo eyahlukeneyo kwizixhobo ezahlukeneyo zokujonga inethiwekhi yangaphandle kwebhendi kunye neenkqubo zokhuseleko. Xa ukungalingani kwepakethi yenethiwekhi okanye ukuguquguquka okungaqhelekanga kwethrafikhi kufuna ukungenelela ngesandla, ukubanjwa kwepakethi ngexesha langempela kunye nohlalutyo lweepakethi zedatha zokuqala kunokwenziwa ngoko nangoko ukunceda abasebenzisi bahlalutye ngokukhawuleza kwaye bafumane impazamo.
6.11InethiwekhiUhlalutyo lokubonakala kwedatha yetrafikhiIsicelo
Ingabonisa nayiphi na idatha efunyenweyo nefunyenweyo ngendlela enemilinganiselo emininzi nembono emininzi ngokusebenzisa ujongano olusebenziseka lula lwemizobo kunye nombhalo, kubandakanya ulwakhiwo lwendlela yokwakheka kwethrafikhi, usasazo lweprotocol yesicelo, usasazo lwendlela yokuthutha kuzo zonke iindawo zenethiwekhi, indlela yokudlulisela idatha, ukufunyanwa kweziganeko ezingaqhelekanga, indawo echanekileyo yento yenethiwekhi/iimpazamo zekhonkco, imeko yokusebenzisana kwemiyalezo, indlela yophuhliso lwendlela kunye nezinye izinto zokubeka esweni kunye nohlalutyo, ukuze kusekwe iqonga elibanzi, elibonakalayo nelilawulekayo lokuqokelelwa kwedatha kunye nokhuseleko kwiinethiwekhi zeshishini.
Iindidi zemveliso
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-4810P
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-54...
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-3210+
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-6410+
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-3210L
-
Umthengisi wePakethi yeNethiwekhi yeMylinking™ (NPB) ML-NPB-2410
