I-Bypass TAP (ekwabizwa ngokuba yi-bypass switch) ibonelela ngeendawo zokufikelela ezikhuselekileyo kwizixhobo zokhuseleko ezisebenzayo ezifana ne-IPS kunye nee-firewalls zesizukulwana esilandelayo (NGFWS). I-bypass switch isetyenziswa phakathi kwezixhobo zenethiwekhi naphambi kwezixhobo zokhuseleko lwenethiwekhi ukubonelela ngendawo ethembekileyo yokwahlulwa phakathi kwenethiwekhi kunye nomaleko wokhuseleko. Zizisa inkxaso epheleleyo kwiinethiwekhi kunye nezixhobo zokhuseleko ukuthintela umngcipheko wokungabikho kwenethiwekhi.
Isisombululo 1 1 Ikhonkco leNethiwekhi yeBypass Tap (iBypass Switch) - Ezimeleyo
Isicelo:
I-Bypass Network Tap (Bypass Switch) iqhagamshela kwizixhobo ezimbini zenethiwekhi ngee-Link ports kwaye iqhagamshela kwiseva yomntu wesithathu ngee-Device ports.
Isixhobo sokutsala i-Bypass Network Tap(Bypass Switch) simiselwe kwi-Ping, ethumela izicelo ze-Ping ezilandelelanayo kwiseva. Nje ukuba iseva iyeke ukuphendula kwiipings, i-Bypass Network Tap(Bypass Switch) ingena kwimo ye-bypass.
Xa iseva iqala ukuphendula kwakhona, i-Bypass Network Tap (Bypass Switch) ibuyela kwimowudi yokuphuma.
Olu setyenziso lunokusebenza kuphela nge-ICMP(Ping). Akukho zipakethi zentliziyo ezisetyenziselwa ukujonga unxibelelwano phakathi kweseva kunye ne-Bypass Network Tap(Bypass Switch).
Isisombululo sesi-2 sePakethi yeNethiwekhi + iTap yeNethiwekhi yeBypass (iSwitch yeBypass)
Umthengisi wePakethi yeNethiwekhi (NPB) + i-Bypass Network Tap (i-Bypass Switch) -- Imeko eqhelekileyo
Isicelo:
I-Bypass Network Tap (Bypass Switch) iqhagamshela kwizixhobo ezimbini zenethiwekhi ngee-Link ports kunye ne-Network Packet Broker (NPB) ngee-Device ports. Iseva yomntu wesithathu iqhagamshela kwi-Network Packet Broker (NPB) isebenzisa iintambo zobhedu ezi-2 x 1G. I-Network Packet Broker (NPB) ithumela iipakethi zentliziyo kwiseva nge-port #1 kwaye ifuna ukuzifumana kwakhona kwi-port #2.
Isixhobo sokubangela i-Bypass Network Tap(Bypass Switch) simiselwe kwi-REST, kwaye i-Network Packet Broker(NPB) isebenzisa usetyenziso lwe-bypass.
Itrafikhi kwimo yokuphuma:
Isixhobo 1 ↔ Ukutshintsha/Ukucofa nge-Bypass ↔ I-NPB ↔ Iseva ↔ I-NPB ↔ Ukutshintsha/Ukucofa nge-Bypass ↔ Isixhobo 2
Umthengisi wePakethi yeNethiwekhi (NPB) + iBypass Network Tap (Bypass Switch) -- iSoftware Bypass
Inkcazo ye-Software Bypass:
Ukuba iNetwork Packet Broker (NPB) ayiboni iipakethi zentliziyo, iya kuvumela isoftware ukuba idlule.
Uqwalaselo lweNetwork Packet Broker (NPB) lutshintshwa ngokuzenzekelayo ukuze luthumele ithrafikhi engenayo kwi-Bypass Network Tap (Bypass Switch), ngaloo ndlela luphinda lufake ithrafikhi kwikhonkco eliphilayo kwaye ilahleko encinci yephakethi.
I-Bypass Network Tap (Bypass Switch) ayidingi kuphendula konke konke kuba zonke iindlela zokudlula zenziwa yiNetwork Packet Broker (NPB).
I-Traffic kwiSoftware Bypass:
Isixhobo 1 ↔ Ukutshintsha/Ukucofa nge-Bypass ↔ NPB ↔ Ukutshintsha/Ukucofa nge-Bypass ↔ Isixhobo 2
Umthengisi wePakethi yeNethiwekhi (NPB) + i-Bypass Network Tap (i-Bypass Switch) -- i-Hardware bypass
Inkcazo ye-Hardware Bypass:
Kwimeko apho i-Network Packet Broker(NPB) ingaphumeleli okanye unxibelelwano phakathi kwe-Network Packet Broker(NPB) kunye ne-Bypass Network Tap(Bypass Switch) luqhawukile, i-Bypass Network Tap(Bypass Switch) itshintshela kwi-bypass mode ukuze igcine ikhonkco lexesha langempela lisebenza.
Xa i-Bypass Network Tap(Bypass Switch) ingena kwi-bypass mode, i-Network Packet Broker(NPB) kunye neseva yangaphandle ziyagqithwa kwaye azifumani traffic de i-Bypass Network Tap(Bypass Switch) itshintshele kwi-throughput mode.
Imo ye-bypass iyasebenza xa i-Bypass Network Tap (Bypass Switch) ingasaqhagamshelwanga kumbane.
Itrafikhi yehardware ngaphandle kwe-intanethi:
Isixhobo 1 ↔ Ukutshintsha/Ukucofa i-Bypass ↔ Isixhobo 2
Isisombululo sesi-3 IiTaps ezimbini zeNethiwekhi yeBypass (iiSwitshi zeBypass) kwikhonkco ngalinye
Imiyalelo yoqwalaselo:
Kolu seto, ikhonkco eli-1 lekopolo lezixhobo ezi-2 eziqhagamshelwe kwiseva eyaziwayo lidlula ii-Bypass Network Taps ezimbini (ii-Bypass Switches). Inzuzo yoku ngaphezu kwesisombululo esi-1 se-bypass kukuba xa uqhagamshelo lwe-network packet broker (NPB) luphazamisekile, iseva iseyinxalenye yekhonkco eliphilayo.
IiTaps zeNethiwekhi zeBypass ezi-2 * (iiSwitshi zeBypass) ngekhonkco ngalinye - iBypass yeSoftware
Inkcazo ye-Software Bypass:
Ukuba iNetwork Packet Broker (NPB) ayiboni iipakethi zentliziyo, iya kuvumela isoftware ukuba idlule. I-Bypass Network Tap (Bypass Switch) ayidingi kusabela konke konke kuba zonke ii-bypass zenziwa yiNetwork Packet Broker (NPB).
Itrafikhi kwisoftware edlulayo:
Isixhobo 1 ↔ Iswitshi ye-Bypass/Thepha 1 ↔ Umthengisi wePakethi yeNethiwekhi (NPB) ↔ Iswitshi ye-Bypass/Thepha 2 ↔ Isixhobo 2
IiTaps zeNethiwekhi zeBypass ezi-2 * (iiSwitshi zeBypass) ngekhonkco ngalinye - iHardware Bypass
Inkcazo ye-Hardware Bypass:
Kwimeko apho i-Network Packet Broker (NPB) ingaphumeleli okanye unxibelelwano phakathi kwe-Bypass Network Tap (Bypass Switch) kunye ne-Network Packet Broker (NPB) luqhawukile, zombini ii-Bypass Network Taps (Bypass Switches) zitshintshelwa kwi-bypass mode ukugcina ikhonkco elisebenzayo.
Ngokwahlukileyo kwisetingi ethi "1 Bypass per link", iseva isafakiwe kwikhonkco elibukhoma.
Itrafikhi yehardware ngaphandle kwe-intanethi:
Isixhobo 1 ↔ Ukutshintsha i-Bypass/Cofa 1 ↔Iseva ↔ Ukutshintsha i-Bypass/Cofa 2 ↔ Isixhobo 2
Isisombululo sesi-4 IiTaps ezimbini zeNethiwekhi ye-Bypass (iiSwitshi ze-Bypass) zilungiselelwe ikhonkco ngalinye kwiindawo ezimbini
Imiyalelo yokuseta:
Ukhetho: IiNetwork Packet Brokers ezimbini (ii-NPB) zingasetyenziselwa ukuqhagamshela iisayithi ezimbini ezahlukeneyo phezu kwetonela ye-GRE endaweni yeNetwork Packet Broker enye (i-NPB). Kwimeko apho iseva edibanisa ezi ndawo zimbini ingaphumeleli, iya kudlula iseva kunye nethrafikhi enokusasazwa ngetonela ye-GRE yeNetwork Packet Broker (i-NPB) (njengoko kubonisiwe kwiMifanekiso engasezantsi).
Ixesha lokuthumela: Matshi-06-2023
