Kwimimandla yokusebenza kwenethiwekhi kunye nokugcinwa, ukuxazulula iingxaki, kunye nohlalutyo lokhuseleko, ngokuchanekileyo nangokufanelekileyo ukufumana imijelo yedatha yenethiwekhi sisiseko sokuqhuba imisebenzi eyahlukeneyo. Njengobuchwephesha bokufunyanwa kwedatha yenethiwekhi, i-TAP (iNdawo yokuFikelela kuVavanyo) kunye ne-SPAN (I-Port Analyzer eTshintshiweyo, ekwabizwa ngokuqhelekileyo njenge-port mirroring) idlala indima ebalulekileyo kwiimeko ezahlukeneyo ngenxa yeempawu zabo zobugcisa. Ukuqonda okunzulu kweempawu zabo, iingenelo, imida, kunye neemeko ezisebenzayo kubalulekile kwiinjineli zenethiwekhi ukuba zenze izicwangciso ezifanelekileyo zokuqokelela idatha kunye nokuphucula ulawulo lwenethiwekhi.
I-TAP: Isisombululo esiBanzi kwaye esibonakalayo "Esingenakulahlekelwa" seDatha yokuThatha iDatha
I-TAP sisixhobo sehardware esisebenza kumaleko wekhonkco lomzimba okanye ledatha. Umsebenzi wayo ophambili kukufezekisa ukuphindaphindwa kwe-100% kunye nokubamba imijelo yedatha yenethiwekhi ngaphandle kokuphazamisa ithrafikhi yenethiwekhi yokuqala. Ngokuqhagamshelwa ngokulandelelana kwikhonkco lenethiwekhi (umz., phakathi kweswitshi kunye neseva, okanye i-router kunye neswitshi), iphinda zonke iipakethi zedatha ezisezantsi neziphezulu ezidlula kwikhonkco ukuya kwizibuko lokubeka iliso kusetyenziswa iindlela "zokwahlulahlula okubonakalayo" okanye "zokwahlulahlula ithrafikhi", ukuze kuqhutyekwe phambili ngezixhobo zohlalutyo (ezifana nabahlalutyi benethiwekhi kunye neeNkqubo zokuFumanisa ukuNgena - ii-IDS).
Iimpawu eziphambili: Isekelwe kwi "Integrity" kunye "Nozinzo"
1. I-100% iPakethi yeDatha yokuThwebula ngeNombolo yoLahleko
Olu lolona ncedo lubalaseleyo lwe-TAP. Ekubeni i-TAP isebenza kumaleko womzimba kwaye iphindaphinda ngokuthe ngqo imiqondiso yombane okanye i-optical kwikhonkco, ayixhomekekanga kwizixhobo ze-CPU zokutshintsha ukuhambisa ipakethi yedatha okanye ukuphindaphinda. Ngoko ke, kungakhathaliseki ukuba i-traffic yenethiwekhi ikwincopho yayo okanye iqulethe iipakethi zedatha ezinkulu (ezifana neJumbo Frames enexabiso elikhulu le-MTU), zonke iipakethi zedatha zingabanjwa ngokupheleleyo ngaphandle kokulahlekelwa kwepakethi okubangelwa ukungonelanga kwezixhobo zokutshintsha. Eli nqaku elithi "lossless capture" liyenza ibe sisisombululo esithandwayo kwiimeko ezifuna inkxaso yedatha echanekileyo (efana nengcambu yempazamo yendawo kunye nohlalutyo lwesiseko somsebenzi womnatha).
2. Akukho Impembelelo kwiNtsebenzo yeNethiwekhi yokuqala
Indlela yokusebenza ye-TAP iqinisekisa ukuba ayibangeli nakuphi na ukuphazamiseka kwikhonkco lokuqala lenethiwekhi. Ayiwuguquli umxholo, idilesi yomthombo/indawo ekuyiwa kuyo, okanye ixesha leepakethi zedatha kwaye ayihlali kwi-port bandwidth, i-cache, okanye izixhobo zokusebenza. Nokuba isixhobo TAP ngokwayo ukungasebenzi (ezifana ukusilela umbane okanye umonakalo hardware), oko kuya kubangela kuphela akukho imveliso data evela kwizibuko esweni, ngelixa unxibelelwano ikhonkco womnatha yoqobo kuhlala eqhelekileyo, ukuphepha umngcipheko wokuphazamiseka womnatha okubangelwa ukusilela kwezixhobo zokuqokelela idatha.
3. Inkxaso ye-Full-Duplex Links kunye ne-Complex Network Environments
Iinethiwekhi zanamhlanje ikakhulu zisebenzisa imo yonxibelelwano olupheleleyo oluphindwe kabini (oko kukuthi, idatha ephezulu nesezantsi inokudluliselwa ngaxeshanye). I-TAP inokubamba imijelo yedatha kuzo zombini iindlela zekhonkco elipheleleyo eliphindwe kabini kwaye iyikhuphe ngee-ports ezizimeleyo zokubeka esweni, ukuqinisekisa ukuba isixhobo sohlalutyo sinokubuyisela ngokupheleleyo inkqubo yonxibelelwano oluneendlela ezimbini. Ukongeza, i-TAP ixhasa amazinga ahlukeneyo enethiwekhi (afana ne-100M, 1G, 10G, 40G, kunye ne-100G) kunye neentlobo zemidiya (isibini esijijekileyo, i-fiber yemo enye, i-fiber yemo ezininzi), kwaye inokuhlengahlengiswa kwiindawo zenethiwekhi ezinobunzima obahlukeneyo ezifana namaziko edatha, iinethiwekhi eziphambili zomqolo, kunye neenethiwekhi zekhampasi.
Iimeko zeSicelo: Ukugxila "kuHlalutyo oluchanekileyo" kunye "neNqanaba lokuHlola eliPhambili"
1. Ukusombulula iingxaki zenethiwekhi kunye nendawo eyintsusa yesizathu
Xa iingxaki ezinjengokulahleka kwepakethi, ukulibaziseka, i-jitter, okanye i-lag yesicelo kwenzeka kwinethiwekhi, kuyimfuneko ukubuyisela imeko xa impazamo yenzekile ngomlambo opheleleyo wepakethi yedatha. Ngokomzekelo, ukuba iinkqubo zeshishini ezingundoqo (ezifana ne-ERP kunye ne-CRM) zinamava okuphuma kwexesha lokufikelela, ukusebenza kunye nokugcinwa kwabasebenzi banokusebenzisa i-TAP phakathi komncedisi kunye nokutshintsha okungundoqo ukubamba zonke iipakethi zedatha ezijikelezayo, ukuhlalutya ukuba kukho imiba efana nokuhanjiswa kwe-TCP, ukulahleka kwepakethi, ukulibaziseka kwesisombululo se-DNS, okanye i-root-layer ye-protocol ngokukhawuleza ibangela ukuba i-protocol ifumaneke ngokukhawuleza. iingxaki, impendulo ecothayo kwiseva, okanye iimposiso zoqwalaselo oluphakathi).
2. UkuSekwa kweNtsebenzo yeNethiwekhi kunye nokuBeka iliso ngokungaqhelekanga
Kumsebenzi wothungelwano kunye nokugcinwa, ukuseka isiseko sokusebenza phantsi komthwalo oqhelekileyo weshishini (njengomndilili wokusetyenziswa kwe-bandwidth, ukulibaziseka kokuthunyelwa kwepakethi yedatha, kunye nezinga lempumelelo yokusekwa kwe-TCP) sisiseko sokubeka iliso kwizinto ezingaqhelekanga. I-TAP inokubamba ngokuzinzileyo idatha yevolumu epheleleyo yeekhonkco eziphambili (ezinje phakathi kokutshintsha okungundoqo kunye naphakathi kwe-egress routers kunye ne-ISPs) ixesha elide, ukunceda ukusebenza kunye nabasebenzi bokulondoloza ukubala izibonakaliso zokusebenza ezahlukeneyo kunye nokuseka imodeli echanekileyo yesiseko. Xa i-anomalies elandelayo efana ne-traffic surges, ukulibaziseka okungaqhelekanga, okanye i-protocol anomalies (njengezicelo ezingaqhelekanga ze-ARP kunye nenani elikhulu leepakethe ze-ICMP) zenzeke, i-anomalies inokubonwa ngokukhawuleza ngokuthelekisa kunye nesiseko, kunye nokungenelela ngexesha elifanelekileyo kunokwenziwa.
3. Ukuthotyelwa koPhicotho-zincwadi kunye nokuFunyaniswa koMngcipheko ngeeMfuno zoKhuseleko oluPhezulu
Kumashishini aneemfuno eziphezulu zokhuseleko lwedatha kunye nokuthotyelwa njengemali, imicimbi karhulumente, kunye namandla, kuyimfuneko ukuqhuba inkqubo epheleleyo yophicotho lwenkqubo yokuhanjiswa kwedatha ebuthathaka okanye ukufumanisa ngokuchanekileyo izisongelo zenethiwekhi (ezifana nokuhlaselwa kwe-APT, ukuvuza kwedatha, kunye nokusabalalisa ikhowudi enobungozi). Uphawu lokubanjwa kwe-TAP olungalahlekiyo luqinisekisa ukuthembeka kunye nokuchaneka kwedatha yophicotho-zincwadi, enokufikelela kwiimfuno zemithetho nemimiselo efana ne "Network Security Law" kunye "noMthetho woKhuseleko lweDatha" yokugcina idatha kunye nophicotho; kwangaxeshanye, iipakethi zedatha ezipheleleyo zikwabonelela ngeesampulu zokuhlalutya ezityebileyo kwiinkqubo zokubona isoyikiso (ezifana ne-IDS/IPS kunye nezixhobo zebhokisi yesanti), inceda ukufumanisa i-frequency ephantsi kunye nezoyikiso ezifihliweyo ezifihliweyo kwi-traffic eqhelekileyo (njengekhowudi enobungozi kwi-encrypted traffic kunye nokuhlaselwa kokungena okufihliweyo njengeshishini eliqhelekileyo).
Unyino: Ukurhweba phakathi kweNdleko kunye nokuThuthwa kokuGuquguquka
Imida ephambili ye-TAP ilele kwiindleko zayo eziphezulu ze-hardware kunye nokuguquguquka okuphantsi kokuthunyelwa. Ngakolunye uhlangothi, i-TAP iyisixhobo esizinikezeleyo se-hardware, kwaye ngokukodwa, ii-TAP ezixhasa amaxabiso aphezulu (afana ne-40G kunye ne-100G) okanye i-fiber optical media zibiza kakhulu kunomsebenzi we-software-based SPAN; ngakolunye uhlangothi, i-TAP kufuneka idibaniswe kwi-series kwikhonkco yenethiwekhi yokuqala, kwaye ikhonkco kufuneka iphazamiseke okwethutyana ngexesha lokuthunyelwa (njengokufaka iplagi kunye nokukhupha iintambo zenethiwekhi okanye iintambo ze-optical fibers). Kwezinye iikhonkco ezingundoqo ezingavumeli ukuphazamiseka (ezifana neekhonkco zentengiselwano zemali ezisebenza nge-24/7), ukuthunyelwa kunzima, kwaye iindawo zokufikelela kwi-TAP zidla ngokufuneka zigcinwe kwangaphambili ngexesha lesigaba sokucwangcisa inethiwekhi.
I-SPAN: Isicombululo sokuHlanganisa iDatha "eSizibuko esiNinzi" esinexabiso kunye nesiVumelayo
I-SPAN ngumsebenzi wesoftware owakhelwe kwiiswitshi (ezinye iirotha ezikwisiphelo esiphezulu nazo ziyayixhasa). Umgaqo wayo kukuqwalasela ukutshintshela ngaphakathi ukuphindaphinda i-traffic ukusuka kwizibuko enye okanye ngaphezulu (Izibuko zoMthombo) okanye i-VLAN yomthombo kwi-port ekhethiweyo yokubeka iliso (i-Destination Port, eyaziwa ngokuba yi-mirror port) yokwamkelwa kunye nokuqhutyelwa yisixhobo sokuhlalutya. Ngokungafaniyo ne-TAP, i-SPAN ayifuni izixhobo ezongezelelweyo ze-hardware kwaye inokuqonda ukuqokelelwa kwedatha kuphela ngokuthembela kuqwalaselo lwesoftware yokutshintsha.
Iimpawu eziphambili: Ezisekelwe ku "Iindleko-zokusebenza" kunye "nokuguquguquka"
1. Zero Iindleko ezongezelelweyo zeHardware kunye nokuBekwa okuLungileyo
Ekubeni i-SPAN ngumsebenzi owakhiwe kwi-firmware yokutshintsha, akukho mfuneko yokuthenga izixhobo ze-hardware ezizinikeleyo. Uqokelelo lwedatha lunokwenziwa ukuba lusebenze ngokukhawuleza kuphela ngokulungelelanisa ngeCLI (Ujongano lweMilayini yoMyalelo) okanye ujongano lolawulo lweWebhu (njengokucacisa izibuko lomthombo, izibuko lokubeka iliso, kunye nesalathiso sesipili (esingangeniyo, esiphumayo, okanye esiphindwe kabini)). Eli nqaku elithi "zero hardware cost" liyenza ibe lolona khetho lufanelekileyo kwiimeko ezinohlahlo lwabiwo-mali olulinganiselweyo okanye iimfuno zokubeka iliso zexeshana (ezifana novavanyo lwesicelo sexesha elifutshane kunye nokusombulula ingxaki okwethutyana).
2. Inkxaso yePort-Source Port / Multi-VLAN Traffic Aggregation
Inzuzo enkulu ye-SPAN kukuba inokuphindaphinda i-traffic ukusuka kumazibuko omthombo amaninzi (njengabasebenzisi bokutshintsha kofikelelo oluninzi) okanye ii-VLAN ezininzi kwizibuko elifanayo lokubeka iliso ngexesha elinye. Umzekelo, ukuba umsebenzi weshishini kunye nokugcinwa kwabasebenzi kufuneka babeke iliso kwi-traffic ye-terminals zabasebenzi kumasebe amaninzi (ehambelana ne-VLAN eyahlukeneyo) ukufikelela kwi-Intanethi, akukho mfuneko yokubeka izixhobo zokuqokelela ezahlukileyo ekuphumeni kwe-VLAN nganye. Ngokuhlanganisa ukuthuthwa kwezi VLAN kwizibuko elinye lokubeka iliso nge-SPAN, uhlalutyo olusembindini lunokwenziwa, luphucule kakhulu ukuguquguquka nokusebenza kakuhle kokuqokelelwa kwedatha.
3. Akukho mfuneko yokuphazamisa i-Original Network Link
Okwahlukileyo kuthotho lobeko lwe-TAP, zombini izibuko lomthombo kunye nezibuko lokubeka iliso le-SPAN zizibuko eziqhelekileyo zokutshintsha. Ngexesha lenkqubo yoqwalaselo, akukho mfuneko yokuplaga kunye nokukhupha iintambo zenethiwekhi yekhonkco yokuqala, kwaye akukho mpembelelo ekuhanjisweni kwetrafikhi yokuqala. Nangona kuyimfuneko ukulungelelanisa i-port yomthombo okanye ukukhubaza umsebenzi we-SPAN kamva, kunokwenziwa kuphela ngokuguqula uqwalaselo ngomgca womyalelo, olungele ukusebenza kwaye akukho kuphazamiseka kwiinkonzo zenethiwekhi.
Iimeko zeSicelo: Ugxininiso "kuHlolo lweendleko eziphantsi" kunye "noHlalutyo olusembindini"
1. Ukubeka iliso kwindlela yokuziphatha yabasebenzisi kwiiNethiwekhi zeKhampasi / iiNethiwekhi zeShishini
Kuthungelwano lwekhampasi okanye uthungelwano lwamashishini, abalawuli badla ngokufuna ukubeka esweni ukuba iitheminali zabasebenzi zinofikelelo olungekho mthethweni (njengokufikelela kwiiwebhusayithi ezingekho mthethweni kunye nokukhuphela isoftware yepirated) nokuba kukho inani elikhulu lokukhutshelwa kweP2P okanye imijelo yevidiyo ekwi-bandwidth. Ngokudibanisa i-traffic ye-traffic port of access-layer switches to the monitoring port through SPAN, zidibaniswe ne-software yokuhlalutya i-traffic (efana ne-Wireshark kunye ne-NetFlow Analyzer), ukubeka iliso ngexesha lokwenyani lokuziphatha komsebenzisi kunye nezibalo zomsebenzi we-bandwidth inokuphunyezwa ngaphandle kotyalo-mali olongezelelweyo kwi-hardware.
2. Iingxaki zeXeshana kunye noVavanyo lweSicelo seXesha elifutshane
Xa kuvela iimpazamo zexeshana nezingaqhelekanga kwinethiwekhi, okanye xa kufuneka kwenziwe uvavanyo lwethrafikhi kwisicelo esitsha esisandula ukuthunyelwa (njengenkqubo ye-OA yangaphakathi kunye nenkqubo yeenkomfa zevidiyo), i-SPAN ingasetyenziselwa ukwakha ngokukhawuleza indawo yokuqokelelwa kwedatha. Umzekelo, ukuba isebe libika ukuminza rhoqo kwiinkomfa zevidiyo, abasebenzi bokusebenza kunye nokugcinwa banokumisela okwethutyana i-SPAN ukuze ibonise ithrafikhi yezibuko apho iseva yenkomfa yevidiyo ikhoyo kwizibuko lokubeka esweni. Ngokuhlalutya ukulibaziseka kwepakethi yedatha, izinga lokulahleka kwepakethi, kunye nokusebenza kwe-bandwidth, kunokugqitywa ukuba ingxaki ibangelwa yi-bandwidth enganeleyo yenethiwekhi okanye ukulahleka kwepakethi yedatha. Emva kokuba ukusombulula iingxaki kugqityiwe, uqwalaselo lwe-SPAN lunokukhubazeka ngaphandle kokuchaphazela imisebenzi yenethiwekhi elandelayo.
3. Iinkcukacha-manani zeTrafikhi kunye noPhicotho oluLula kwiiNethiwekhi ezincinci kunye neziPhakathi
Kwinethiwekhi ezincinci neziphakathi (ezifana namashishini amancinci kunye neelabhoratri zekhampasi), ukuba imfuneko yokuthembeka kokuqokelelwa kwedatha ayiphezulu, kwaye kufuneka izibalo ezilula zethrafikhi kuphela (ezifana nokusetyenziswa kwe-bandwidth ye-port nganye kunye ne-traffic proportions ye-Top N applications) okanye uphicotho olusisiseko lokuthobela imithetho (ezifana nokurekhoda amagama eedomain zewebhusayithi afikelelwa ngabasebenzisi) , i-SPAN inokuhlangabezana ngokupheleleyo neemfuno. Iimpawu zayo ezingabizi kakhulu nezilula ukuzisebenzisa zenza ukuba ibe lukhetho olungabizi kakhulu kwiimeko ezinjalo.
Unyino: Iintsilelo kwiMfezeko yeDatha kunye neMpembelelo yokuSebenza
1. Ingozi yoLahleko lwePakethi yeDatha kunye nokuTshiswa okungagqibekanga
Ukuphindaphinda kweepakethi zedatha yi-SPAN kuxhomekeke kwi-CPU kunye nezixhobo ze-cache zeswitshi. Xa ithrafikhi ye-source port ikwinqanaba eliphezulu (njengokudlula umthamo we-cache yeswitshi) okanye iswitshi icubungula inani elikhulu lemisebenzi yokudlulisa ngaxeshanye, i-CPU iya kunika kuqala ukuqinisekisa ukudluliselwa kwethrafikhi yokuqala, kwaye inciphise okanye imise ukuphindaphinda kwe-SPAN traffic, okubangela ukulahleka kwepakethi kwi-monitoring port. Ukongeza, ezinye iiswitshi zinemida kwi-mirroring ratio ye-SPAN (njengokuxhasa kuphela ukuphindaphinda kwe-80% yethrafikhi) okanye azixhasi ukuphindaphinda okupheleleyo kweepakethi zedatha ezinkulu (ezifana neeJumbo Frames). Zonke ezi zinto ziya kukhokelela kwidatha engaphelelanga eqokelelweyo kwaye zichaphazele ukuchaneka kweziphumo zohlalutyo olulandelayo.
2. Ukusebenzisa Izixhobo Zokutshintsha kunye Nempembelelo Enokubakho Ekusebenzeni Kwenethiwekhi
Nangona i-SPAN ayiphazamisi ngokuthe ngqo ikhonkco lokuqala, xa inani lamazibuko omthombo likhulu okanye i-traffic inzima, inkqubo yokuphindaphinda ipakethe yedatha iya kuhlala kwizixhobo ze-CPU kunye ne-bandwidth yangaphakathi yokutshintsha. Ngokomzekelo, ukuba i-traffic yamachweba amaninzi e-10G ibonakaliswe kwi-port ye-10G yokubeka iliso, xa i-traffic iyonke yamachweba omthombo idlula i-10G, kungekhona nje ukuba i-port yokubeka iliso iya kuba nelahleko yepakethi ngenxa yokungonelanga kwe-bandwidth, kodwa ukusetyenziswa kwe-CPU yokutshintsha kunokwandisa kakhulu, ngaloo ndlela kuchaphazela ukuhanjiswa kwepakethi yedatha kwamanye amachweba kwaye kubangele ukuhla kokutshintsha kwintsebenzo yonke.
3. Ukuxhomekeka koMsebenzi kwiModeli yoTshintsho kunye nokuHambisana okulinganiselweyo
Inqanaba lokuxhasa umsebenzi we-SPAN lihluka kakhulu phakathi kokutshintsha kwabakhiqizi abahlukeneyo kunye neemodeli. Ngokomzekelo, ukutshintshwa kwesiphelo esisezantsi kunokuxhasa kuphela i-port eyodwa yokubeka iliso kwaye ayixhasi i-VLAN mirroring okanye i-full-duplex traffic mirroring; umsebenzi we-SPAN wolunye utshintsho unothintelo "lwendlela enye yesipili" (okt, isipili kuphela setrafikhi ephumayo okanye ephumayo, kwaye ayinakukwazi ukubukisa itrafikhi yendlela ezimbini ngaxeshanye); ukongeza, cross-switsha SPAN (ezifana nesipili kwi-port traffic yokutshintsha A ukuya kwizibuko esweni lokutshintsha B) kufuneka uthembele kwiiprothokholi ezithile (ezifana ne-RSPAN ye-Cisco kunye ne-Huawei ye-ERSPAN), enobumbeko olunzima kunye nokuhambelana okuphantsi, kwaye kunzima ukuziqhelanisa nokusingqongileyo kothungelwano oluxubeneyo lwabavelisi abaninzi.
Umahluko ongundoqo wokuthelekisa kunye neengcebiso zokuKhetha phakathi kwe-TAP kunye ne-SPAN
Umahluko ongundoqo uthelekiso
Ukubonisa ngokucacileyo umahluko phakathi kwezi zimbini, sizithelekisa ukusuka kwimilinganiselo yeempawu zobugcisa, impembelelo yokusebenza, iindleko, kunye neemeko ezisebenzayo:
| Umlinganiselo wokuthelekisa | I-TAP (Indawo yoVavanyo lokufikelela) | I-SPAN (Isihlalutyi seZibuko esiTshintshiweyo). |
| IMfezeko yokuThatha idatha | I-100% yokubanjwa okungalahlekanga, akukho mngcipheko welahleko | Ithembela kwizixhobo zokutshintsha, etyekele ekulahlekeni kwepakethi kwitrafikhi ephezulu, ukubanjwa okungaphelelanga |
| Impembelelo kwiNethiwekhi yokuqala | Akukho ukuphazamiseka, impazamo ayichaphazeli ikhonkco lokuqala | Ukutshintsha i-CPU / i-bandwidth kwitrafikhi ephezulu, kunokubangela ukuthotywa kokusebenza kwenethiwekhi |
| Iindleko zeHardware | Ifuna ukuthengwa kwehardware ezinikeleyo, ixabiso eliphezulu | Umsebenzi wokutshintsha owakhelwe-ngaphakathi, zero iindleko ezongezelelweyo zehardware |
| Ukuhanjiswa bhetyebhetye | Idinga ukudityaniswa kuthotho kwikhonkco, ukuphazamiseka kwenethiwekhi okufunekayo ukuthunyelwa, ukuguquguquka okuphantsi | Ulungelelwaniso lwesoftware, akukho siphazamiso sothungelwano esifunekayo, sixhasa ukuhlanganiswa kwemithombo emininzi, ukuguquguquka okuphezulu |
| Imeko Ezisebenzayo | Amakhonkco aphambili, indawo enempazamo echanekileyo, uphicotho olunokhuseleko oluphezulu, uthungelwano olukwizinga eliphezulu | Ukubeka iliso okwethutyana, uhlalutyo lokuziphatha kwabasebenzisi, amanethiwekhi amancinci naphakathi, iimfuno eziphantsi kweendleko |
| Ukuhambelana | Ixhasa amaxabiso amaninzi / imithombo yeendaba, ezimeleyo kwimodeli yokutshintsha | Kuxhomekeke kumenzi wokutshintsha / imodeli, umahluko omkhulu kwinkxaso yomsebenzi, ulungelelwaniso oluntsonkothileyo lwesixhobo |
Iingcebiso zokuKhetha: "Ukuhambelana okuchanekileyo" Ngokusekwe kwiiMfuno zemeko
1. Iimeko apho i-TAP ikhethwa khona
○Ukubeka iliso kwiikhonkco zoshishino eziphambili (ezifana neziko ledatha yokutshintsha i-core kunye ne-egress router links), efuna ukuqinisekisa ukunyaniseka kokubanjwa kwedatha;
○I-Network fault root cause indawo (efana ne-TCP retransmission kunye ne-application lag), efuna uhlalutyo oluchanekileyo olusekelwe kwiipakethi zedatha epheleleyo;
○Amashishini anokhuseleko oluphezulu kunye neemfuno zokuthotyelwa (ezemali, imicimbi karhulumente, amandla), efuna ukuhlangabezana nesidima kunye nokungaphazamisi idatha yophicotho-zincwadi;
○Iimeko zenethiwekhi eziphezulu (i-10G nangaphezulu) okanye iimeko ezineepakethi zedatha enkulu, ezifuna ukuphepha ukulahleka kwepakethi kwi-SPAN.
2. Iimeko apho i-SPAN Ikhethwa
○Uthungelwano oluncinci noluphakathi olunohlahlo lwabiwo-mali olulinganiselweyo, okanye iimeko ezifuna kuphela iinkcukacha-manani ezilula zetrafikhi (ezifana nomsebenzi we-bandwidth kunye nezicelo eziphezulu);
○Ukujongana neengxaki zexeshana okanye uvavanyo lwesicelo sexesha elifutshane (njengovavanyo lokuqaliswa kwenkqubo entsha), efuna ukuthunyelwa ngokukhawuleza ngaphandle kokusebenza kwexesha elide;
○Ukubeka iliso kwindawo enye kumazibuko anemithombo emininzi/iiVLAN ezininzi (ezifana nokubekwa esweni kokuziphatha kwabasebenzisi bekhampasi), efuna ukudityaniswa kwezithuthi okubhetyebhetye;
○Ukubekw'esweni kwamakhonkco angewona angundoqo (afana namachweba omsebenzisi wofikelelo-kwi-switch switch), kunye neemfuno ezisezantsi zokuthembeka kokubanjwa kwedatha.
3. Iimeko zokuSetyenziswa kweHybrid
Kwezinye iimeko zothungelwano ezintsonkothileyo, indlela yosasazo exubileyo ye "TAP + SPAN" inokwamkelwa. Ngokomzekelo, sebenzisa i-TAP kwiikhonkco ezingundoqo zeziko ledatha ukuqinisekisa ukubamba idatha epheleleyo yokujongana neengxaki kunye nokuhlolwa kokhuseleko; misela i-SPAN kuluhlu lofikelelo okanye umaleko-maleko odityanisiweyo ukudibanisa ukugcwala komsebenzisi osasazekileyo kuhlalutyo lokuziphatha kunye neenkcukacha-manani. Oku akuhlangabezani kuphela neemfuno ezichanekileyo zokubeka iliso kwiikhonkco eziphambili kodwa kunciphisa iindleko zokuthunyelwa ngokubanzi.
Ke, njengetekhnoloji ezimbini ezingundoqo zokufunyanwa kwedatha yenethiwekhi, i-TAP kunye ne-SPAN azinayo "izinto eziluncedo okanye ezingeloncedo" ngokupheleleyo kodwa "umahluko kwimeko yolungelelwaniso". I-TAP igxile kwi-"lossless capture" kunye "nokuthembeka okuzinzile", kwaye ifanelekile kwiimeko eziphambili ezineemfuno eziphezulu zokuthembeka kwedatha kunye nokuzinza kwenethiwekhi, kodwa ineendleko eziphezulu kunye nokuguquguquka okuphantsi kokuthunyelwa; I-SPAN ineenzuzo ze "zero cost" kunye "nokuguquguquka kunye nokulula", kwaye ifanelekile kwiimeko eziphantsi kweendleko eziphantsi, okwethutyana, okanye ezingekho ngundoqo, kodwa inomngcipheko wokulahleka kwedatha kunye nefuthe lokusebenza.
Kumsebenzi wokwenene womnatha kunye nokugcinwa, iinjineli zenethiwekhi kufuneka zikhethe esona sisombululo sifanelekileyo sobugcisa ngokusekelwe kwiimfuno zabo zoshishino (ezifana nokuba likhonkco eliphambili kunye nokuba uhlalutyo oluchanekileyo luyafuneka), iindleko zebhajethi, isikali senethiwekhi, kunye neemfuno zokuthotyelwa. Kwangaxeshanye, kunye nokuphuculwa kweereyithi zenethiwekhi (ezifana ne-25G, 100G, kunye ne-400G) kunye nokuphuculwa kweemfuno zokhuseleko lwenethiwekhi, itekhnoloji ye-TAP iphinda iphuhliswe rhoqo (njengokuxhasa ukwahlula kwetrafikhi ekrelekrele kunye nokuhlanganiswa kwee-multi-port), kunye nabavelisi bokutshintsha nabo ngokuqhubekayo baphucula umsebenzi we-SPAN (njengokuphucula i-cache yokulahlekelwa amandla kunye nokuxhasa ilahleko). Kwixesha elizayo, iitekhnoloji ezimbini ziya kuphinda zidlale indima yazo kwiinkalo zazo kwaye zibonelele ngenkxaso yedatha echanekileyo nechanekileyo yolawulo lwenethiwekhi.
Ixesha lokuposa: Dec-08-2025
