I-Bypass TAP (ekwabizwa ngokuba yi-bypass switch) ibonelela ngezibuko zofikelelo ezingaphumeleliyo kwizixhobo zokhuseleko ezisebenzayo ezifana ne-IPS kunye nesizukulwana esilandelayo somlilo (NGFWS).Ukutshintsha kwe-bypass kufakwe phakathi kwezixhobo zenethiwekhi kunye naphambi kwezixhobo zokhuseleko zenethiwekhi ukubonelela ngenqaku elithembekileyo lokuzihlukanisa phakathi kwenethiwekhi kunye nokhuseleko lokhuseleko.Bazisa inkxaso epheleleyo kuthungelwano kunye nezixhobo zokhuseleko ukuphepha umngcipheko wokuphela kwenethiwekhi.
Isisombululo 1 1 I-Link Bypass Network Tap (Bypass Switch) - Independent
Isicelo:
I-Bypass Network Tap (I-Bypass Switch) idibanisa kwizixhobo ezibini zenethiwekhi ngokusebenzisa i-Link port kwaye idibanisa umncedisi womntu wesithathu ngokusebenzisa izibuko zeDivaysi.
Umqalisi weTap yeNethiwekhi yokuNgena (Bypass switch) imiselwe kwi-Ping, ethumela izicelo ze-Ping ezilandelelanayo kumncedisi.Nje ukuba iseva iyeke ukuphendula kwiipings, iTephu yeNethiwekhi ye-Bypass (I-Bypass Switch) ingena kwindlela yokudlula.
Xa umncedisi eqalisa ukuphendula kwakhona, iTap yeNethiwekhi yokuNgena (Bypass Switch) itshintshela emva kwimowudi yokuphuma.
Esi sicelo sinokusebenza kuphela nge-ICMP(Ping).Akukho zipakethi zokubetha kwentliziyo ezisetyenziswayo ukujonga uqhakamshelwano phakathi komncedisi kunye ne Thinta yeNethiwekhi ye-Bypass (Iswitshi yokuBypass).
Isisombululo se-2 I-Bypass Packet Broker + I-Bypass Network Tap (I-Bypass Switch)
I-Bypass Packet Broker (NPB) + I-Bypass Network Tap (I-Bypass Switch) -- Imo eqhelekileyo
Isicelo:
I-Bypass Network Tap (I-Bypass Switch) idibanisa kwizixhobo ezibini zenethiwekhi ngokusebenzisa i-Link port kunye ne-Network Packet Broker (NPB) ngokusebenzisa i-Device port.Umncedisi wesithathu udibanisa kwi-Network Packet Broker (NPB) usebenzisa i-2 x 1G iintambo zethusi.I-Network Packet Broker (NPB) ithumela iipakethe zokubetha kwentliziyo kumncedisi ngezibuko #1 kwaye ifuna ukuzifumana kwakhona kwizibuko #2.
Isiqhagisi seTap yeNethiwekhi yokuNgena (Bypass Switsha) imiselwe ku-REST, kwaye i-Network Packet Broker (NPB) iqhuba usetyenziso lokugqitha.
Itrafikhi kwimowudi yokuphuma:
Isixhobo 1 ↔ I-Bypass Switch/Tap ↔ NPB ↔ Iseva ↔ NPB ↔ I-Bypass Switch/Tap ↔ Isixhobo 2
I-Bypass Packet Broker (NPB) + Itephu yeNethiwekhi yokuNgena (Bypass Switch) -- I-Software Bypass
Inkcazo yokugqitha kwisoftware:
Ukuba i-Network Packet Broker (NPB) ayiboni iipakethi zokubetha kwentliziyo, iya kwenza ukuba isoftware idlule.
Ukucwangciswa kwe-Network Packet Broker (NPB) iguqulwa ngokuzenzekelayo ukuthumela i-traffic engenayo emva kwe-Bypass Network Tap (Bypass Switch), ngaloo ndlela ibuyisela i-traffic kwikhonkco eliphilayo kunye nelahleko encinci yepakethe.
I-Bypass Network Tap (I-Bypass Switch) ayifuni ukuphendula konke ngenxa yokuba zonke iindlela zokudlula zenziwa yi-Network Packet Broker (NPB).
ITrafikhi kwiSoftware Bypass:
Isixhobo 1 ↔ I-Bypass Switch/Tap ↔ NPB ↔ I-Bypass Switch/Tap ↔ Isixhobo 2
Umthengisi wePakethe yeNethiwekhi(NPB) + Itephu yeNethiwekhi yokuNgena (Bypass Switch) -- i-hardware bypass
Inkcazo yokudlula kwi-Hardware:
Kwimeko apho i-Network Packet Broker (NPB) yasilela okanye udibaniso phakathi kweNethiwekhi yePakethi yeBroker(NPB) kunye neNethiwekhi yeTap yeTap (Bypass switch) icinyiwe, iTephu yoThungelwano lweBypass(Bypass Switsha) itshintshela kwimowudi yokugqitha ukugcina eyona- ikhonkco lexesha lisebenza.
Xa iTephu yeNethiwekhi yokuNgena (Bypass Switch) ingena kwimo yokudlula, iBroker yePakethe yeNethiwekhi(NPB) kunye nomncedisi wangaphandle ugqithe kwaye akafumani nayiphi na itrafikhi de iTephu yeNethiwekhi yokuNgena (Bypass Switch) itshintshele umva kwindlela yokuphuma.
Imo yokugqitha iqaliswa xa iTephu yeNethiwekhi yokuNgena (Bypass switch) ingasaqhagamshelwa kunikezelo lwamandla.
I-Hardware ngaphandle kwe-intanethi traffic:
Isixhobo soku-1 ↔ I-Bypass Switch/Tap ↔ Isixhobo sesi-2
Isisombululo 3 Iimpompo ezimbini zeNethiwekhi yokuNgena (i-Bypass Switches) kwikhonkco ngalinye
Imiyalelo yoqwalaselo:
Kolu cwangciso, ikhonkco eli-1 lobhedu lezixhobo ezi-2 eziqhagamshelwe kumncedisi owaziwayo zigqithwa ziiTaps ezimbini zeNethiwekhi ye-Bypass (I-Bypass Switches).Inzuzo yale phezu kwesisombululo se-bypass ye-1 kukuba xa uxhulumaniso lwepakethe yenethiwekhi (NPB) luphazamiseka, umncedisi useyinxalenye yekhonkco ephilayo.
I-2 * I-Bypass Network Taps (I-Bypass Switches) kwikhonkco nganye - i-Software Bypass
Inkcazo yokugqitha kwisoftware:
Ukuba i-Network Packet Broker (NPB) ayiboni iipakethi zokubetha kwentliziyo, iya kwenza ukuba isoftware idlule.I-Bypass Network Tap (I-Bypass Switch) ayifuni kusabela konke konke ngenxa yokuba zonke iindlela zokudlula zenziwa yi-Network Packet Broker (NPB).
Itrafikhi kwisoftware yokudlula:
Isixhobo 1 ↔ I-Bypass Switch/Tap 1 ↔ I-Network Packet Broker(NPB) ↔ I-Bypass Switch/Tap 2 ↔ Isixhobo 2
I-2 * I-Bypass Network Taps (I-Bypass Switches) kwikhonkco nganye - i-Hardware Bypass
Inkcazo yokudlula kwi-Hardware:
Kwimeko apho iNethiwekhi yePakethi yeBroker(NPB) isilele okanye uxhulumaniso phakathi kweTephu yoThungelwano lweBypass(Iswitshi yokugqitha) kunye neBroker yePakethe yeNethiwekhi (NPB) iqhawulwe, zombini iiTaps zeNethiwekhi yeBypass(IZitshixo zokugqitha) zitshintshelwa kwindlela yokugqitha ukugcina ikhonkco elisebenzayo.
Ngokuchaseneyo nesetingi ye-"Bypass e-1 ngekhonkco ngalinye", iseva isaqukiwe kwikhonkco eliphilayo.
I-Hardware ngaphandle kwe-intanethi traffic:
Isixhobo 1 ↔ I-Bypass Switch/Tap 1 ↔Iseva ↔ I-Bypass Switch/Cinezela 2 ↔ Isixhobo 2
Isisombululo 4 Iimpompo ezimbini zeNethiwekhi yokuNgena (iZitshixo zokugqitha) ziqwalaselwe kwikhonkco ngalinye kwiziza ezimbini.
Ukumisela imiyalelo:
Ukuzikhethela: IiBroker ezimbini zeePakethi zeNethiwekhi (NPBs) zingasetyenziselwa ukudibanisa iisayithi ezimbini ezahlukeneyo phezu kwetonela ye-GRE endaweni ye-Network Packet Broker (NPB).Kwimeko apho umncedisi odibanisa iisayithi ezimbini ahluleka, uya kudlula umncedisi kunye ne-traffic enokuthi ihanjiswe nge-GRE tunnel ye-Network Packet Broker (NPB) (njengoko kuboniswe kwiMifanekiso engezantsi).
Ixesha lokuposa: Mar-06-2023
