Kwimimandla yokusebenza nokugcinwa kwenethiwekhi, ukusombulula iingxaki, kunye nohlalutyo lokhuseleko, ukufumana ngokuchanekileyo nangokufanelekileyo imijelo yedatha yenethiwekhi sisiseko sokwenza imisebenzi eyahlukeneyo. Njengoko ubuchwepheshe obubini obuphambili bokufumana idatha yenethiwekhi, i-TAP (Test Access Point) kunye ne-SPAN (Switched Port Analyzer, ekwabizwa ngokuba yi-port mirroring) zidlala indima ebalulekileyo kwiimeko ezahlukeneyo ngenxa yeempawu zazo zobugcisa ezahlukeneyo. Ukuqonda okunzulu kweempawu zazo, izibonelelo, imida, kunye neemeko ezifanelekileyo kubalulekile kwiinjineli zenethiwekhi ukuba zenze izicwangciso zokuqokelela idatha ezifanelekileyo kwaye ziphucule ukusebenza kakuhle kolawulo lwenethiwekhi.
TAP: Isisombululo Esibanzi Nesibonakalayo Sokubamba Idatha "Engenalahleko"
I-TAP sisixhobo sehardware esisebenza kumaleko wekhonkco lomzimba okanye ledatha. Umsebenzi wayo ophambili kukufezekisa ukuphindaphindwa kwe-100% kunye nokubamba imijelo yedatha yenethiwekhi ngaphandle kokuphazamisa ithrafikhi yenethiwekhi yokuqala. Ngokuqhagamshelwa ngokulandelelana kwikhonkco lenethiwekhi (umz., phakathi kweswitshi kunye neseva, okanye i-router kunye neswitshi), iphinda zonke iipakethi zedatha ezisezantsi neziphezulu ezidlula kwikhonkco ukuya kwizibuko lokubeka iliso kusetyenziswa iindlela "zokwahlulahlula okubonakalayo" okanye "zokwahlulahlula ithrafikhi", ukuze kuqhutyekwe phambili ngezixhobo zohlalutyo (ezifana nabahlalutyi benethiwekhi kunye neeNkqubo zokuFumanisa ukuNgena - ii-IDS).
Iimpawu Eziphambili: Zigxile "kwiNgqibelelo" kunye "nozinzo"
1. Ukubanjwa kwePakethi yeDatha eyi-100% ngaphandle koMngcipheko wokulahleka
Le yeyona nzuzo iphambili ye-TAP. Ekubeni i-TAP isebenza kumaleko oqobo kwaye iphinda ngokuthe ngqo imiqondiso yombane okanye ye-optical kwikhonkco, ayixhomekekanga kwizixhobo ze-CPU zeswitshi zokudlulisela okanye ukuphindaphinda iipakethi zedatha. Ke ngoko, nokuba ithrafikhi yenethiwekhi ikwincopho yayo okanye ineepakethi zedatha ezinkulu (ezifana neeJumbo Frames ezinexabiso elikhulu le-MTU), zonke iipakethi zedatha zinokubanjwa ngokupheleleyo ngaphandle kokulahleka kwepakethi okubangelwa kukungabikho kwezixhobo zeswitshi. Olu phawu "lokubamba okungenalahleko" lwenza ukuba ibe sisisombululo esikhethwayo kwiimeko ezifuna inkxaso yedatha echanekileyo (ezifana nendawo yengxaki yemvelaphi kunye nohlalutyo olusisiseko lokusebenza kwenethiwekhi).
2. Akukho Mpembelelo kwiNtsebenzo yeNethiwekhi yoQoqo
Indlela yokusebenza ye-TAP iqinisekisa ukuba ayibangeli naluphi na uphazamiseko kwikhonkco lenethiwekhi yokuqala. Ayitshintshi umxholo, idilesi yomthombo/indawo ekuyiwa kuyo, okanye ixesha leepakethi zedatha kwaye ayithathi mandla kwi-bandwidth yezibuko zeswitshi, i-cache, okanye izixhobo zokucubungula. Nokuba isixhobo se-TAP ngokwaso asisebenzi kakuhle (njengokusilela kombane okanye umonakalo wehardware), asiyi kubangela kuphela ukuba kungabikho mveliso yedatha kwizibuko lokubeka iliso, ngelixa unxibelelwano lwekhonkco lenethiwekhi yokuqala luhlala luqhelekile, luphepha umngcipheko wokuphazamiseka kwenethiwekhi okubangelwa kukusilela kwezixhobo zokuqokelela idatha.
3. Inkxaso yeeFull-Duplex Links kunye neeComplex Network Environments
Iinethiwekhi zanamhlanje ikakhulu zisebenzisa imo yonxibelelwano olupheleleyo oluphindwe kabini (oko kukuthi, idatha ephezulu nesezantsi inokudluliselwa ngaxeshanye). I-TAP inokubamba imijelo yedatha kuzo zombini iindlela zekhonkco elipheleleyo eliphindwe kabini kwaye iyikhuphe ngee-ports ezizimeleyo zokubeka esweni, ukuqinisekisa ukuba isixhobo sohlalutyo sinokubuyisela ngokupheleleyo inkqubo yonxibelelwano oluneendlela ezimbini. Ukongeza, i-TAP ixhasa amazinga ahlukeneyo enethiwekhi (afana ne-100M, 1G, 10G, 40G, kunye ne-100G) kunye neentlobo zemidiya (isibini esijijekileyo, i-fiber yemo enye, i-fiber yemo ezininzi), kwaye inokuhlengahlengiswa kwiindawo zenethiwekhi ezinobunzima obahlukeneyo ezifana namaziko edatha, iinethiwekhi eziphambili zomqolo, kunye neenethiwekhi zekhampasi.
Imeko zoSetyenziso: Ukugxila "kuHlalutyo oluchanekileyo" kunye "nokubeka iliso kwiikhonkco ezibalulekileyo"
1. Ukusombulula iingxaki zenethiwekhi kunye nendawo eyintsusa yesizathu
Xa iingxaki ezinje ngokulahleka kwepakethi, ukulibaziseka, i-jitter, okanye ukulibaziseka kwesicelo kwenzeka kwinethiwekhi, kuyimfuneko ukubuyisela imeko xa impazamo yenzekile ngomjelo wepakethi yedatha epheleleyo. Umzekelo, ukuba iinkqubo zeshishini eziphambili zeshishini (ezifana ne-ERP kunye ne-CRM) zifumana ixesha lokuphelelwa lixesha lokufikelela, abasebenzi bokusebenza kunye nokugcinwa banokuthumela i-TAP phakathi kweseva kunye neswitshi eyintloko ukuze babambe zonke iipakethi zedatha ezijikelezayo, bahlalutye ukuba kukho imiba efana nokudluliselwa kwakhona kwe-TCP, ukulahleka kwepakethi, ukulibaziseka kwesisombululo se-DNS, okanye iimpazamo zeprotocol ye-application-layer, kwaye ngaloo ndlela bafumane ngokukhawuleza unobangela wempazamo (ezifana neengxaki zomgangatho wekhonkco, impendulo ecothayo yeseva, okanye iimpazamo zokumisela i-middleware).
2. Ukusekwa kwesiseko sokusebenza kwenethiwekhi kunye nokuBekwa esweni okungaqhelekanga
Kwindlela yokusebenza nokugcinwa kwenethiwekhi, ukumisela isiseko sokusebenza phantsi kwemithwalo yeshishini eqhelekileyo (njengokusetyenziswa kwe-bandwidth ephakathi, ukulibaziseka kokudluliselwa kwepakethi yedatha, kunye nezinga lempumelelo yokusekwa koqhagamshelo lwe-TCP) sisiseko sokujonga izinto ezingaqhelekanga. I-TAP inokubamba ngokuzinzileyo idatha epheleleyo yeekhonkco eziphambili (ezifana phakathi kokutshintsha okungundoqo kunye naphakathi kwee-routers zokuphuma kunye nee-ISP) ixesha elide, inceda abasebenzi bokusebenza kunye nokugcinwa ukubala izalathisi ezahlukeneyo zokusebenza kunye nokuseka imodeli echanekileyo yesiseko. Xa izinto ezingaqhelekanga ezilandelayo ezifana nokunyuka kwetrafikhi ngequbuliso, ukulibaziseka okungaqhelekanga, okanye izinto ezingaqhelekanga zeprotocol (ezifana nezicelo ze-ARP ezingaqhelekanga kunye nenani elikhulu leepakethi ze-ICMP) zisenzeka, izinto ezingaqhelekanga zinokufunyanwa ngokukhawuleza ngokuthelekisa nesiseko, kwaye ukungenelela ngexesha elifanelekileyo kunokwenziwa.
3. Uhlolo lokuthobela imithetho kunye nokuchongwa kwezoyikiso ezineemfuno zokhuseleko eziphezulu
Kwimizi-mveliso eneemfuno eziphezulu zokhuseleko lwedatha kunye nokuthobela imithetho efana nezemali, imicimbi karhulumente, kunye namandla, kuyimfuneko ukwenza uphicotho olupheleleyo lwenkqubo yokudlulisa idatha eyimfihlo okanye ukufumanisa ngokuchanekileyo izoyikiso ezinokubakho kwinethiwekhi (ezifana nokuhlaselwa kwe-APT, ukuvuza kwedatha, kunye nokusasazwa kwekhowudi enobungozi). Uphawu lokubamba olungenalahleko lwe-TAP luqinisekisa ukuthembeka kunye nokuchaneka kwedatha yophicotho, enokufezekisa iimfuno zemithetho nemigaqo efana "noMthetho woKhuseleko lweNethiwekhi" kunye "noMthetho woKhuseleko lweDatha" wokugcina idatha kunye nokuhlola; kwangaxeshanye, iipakethi zedatha ezipheleleyo zibonelela ngeesampulu zohlalutyo olutyebileyo kwiinkqubo zokufumanisa usongo (ezifana ne-IDS/IPS kunye nezixhobo ze-sandbox), ezinceda ekufumaneni izoyikiso ezingaphantsi kunye nezifihlakeleyo ezifihliweyo kwitrafikhi eqhelekileyo (ezifana nekhowudi enobungozi kwitrafikhi efihliweyo kunye nokuhlaselwa kokungena okufihliweyo njengeshishini eliqhelekileyo).
Imida: Ukutshintshiselana phakathi kweNdleko kunye nokuguquguquka kokusetyenziswa
Eyona mida iphambili ye-TAP ikwixabiso layo eliphezulu lehardware kunye nokuguquguquka okuphantsi kokusetyenziswa. Kwelinye icala, i-TAP sisixhobo sehardware esizinikeleyo, kwaye ngakumbi, ii-TAP ezixhasa amazinga aphezulu (afana ne-40G kunye ne-100G) okanye i-optical fiber media zibiza kakhulu kunomsebenzi we-SPAN osekwe kwisoftware; kwelinye icala, i-TAP kufuneka iqhagamshelwe kuthotho kwikhonkco lenethiwekhi yokuqala, kwaye ikhonkco kufuneka liphazanyiswe okwethutyana ngexesha lokusetyenziswa (njengokufaka kunye nokukhupha iintambo zenethiwekhi okanye ii-optical fibers). Kwezinye iikhonkco eziphambili ezingavumeli ukuphazamiseka (ezifana neekhonkco zentengiselwano yemali ezisebenza iiyure ezingama-24 ngosuku, iintsuku ezisixhenxe ngosuku), ukusetyenziswa kunzima, kwaye iindawo zokufikelela ze-TAP zihlala zifuna ukugcinelwa kwangaphambili ngexesha lesigaba socwangciso lwenethiwekhi.
I-SPAN: Isisombululo Sokuhlanganisa Idatha "Esisebenza Ngeendleko Ezininzi" Nesiguquguqukayo
I-SPAN ngumsebenzi wesoftware owakhelwe kwiiswitshi (ezinye ii-routers eziphezulu nazo ziyayixhasa). Umgaqo wayo kukumisela iswitshi ngaphakathi ukuze iphindaphinde ithrafikhi ukusuka kwizibuko enye okanye ezingaphezulu zomthombo (ii-Source Ports) okanye ii-VLAN zomthombo ukuya kwizibuko elimiselweyo lokubeka iliso (i-Destination Port, ekwaziwa njengezibuko lesibuko) ukuze yamkelwe kwaye icutshungulwe sisixhobo sohlalutyo. Ngokungafaniyo ne-TAP, i-SPAN ayifuni zixhobo zehardware ezongezelelweyo kwaye inokuphumeza ukuqokelelwa kwedatha kuphela ngokuxhomekeka kulungiselelo lwesoftware yeswitshi.
Iimpawu Eziphambili: Zigxile "Ekusebenziseni Iindleko Ngokufanelekileyo" kunye "Nokuguquguquka"
1. Akukho zindleko zehardware ezongezelelweyo kunye nokusasazwa okulula
Ekubeni i-SPAN ilumsebenzi owakhelwe kwi-firmware yokutshintsha, akukho mfuneko yokuthenga izixhobo zehardware ezizinikeleyo. Ukuqokelelwa kwedatha kungenziwa ngokukhawuleza kuphela ngokucwangcisa nge-CLI (Command Line Interface) okanye i-interface yolawulo lweWebhu (njengokucacisa i-source port, i-monitoring port, kunye ne-mirroring direction (inbound, outbound, okanye bidirectional)). Olu phawu "lwe-zero hardware cost" lwenza ukuba lube lukhetho olufanelekileyo kwiimeko ezinebhajethi encinci okanye iimfuno zokujonga okwethutyana (ezifana novavanyo lwesicelo sexesha elifutshane kunye nokusombulula iingxaki okwethutyana).
2. Inkxaso ye-Multi-Source Port / Multi-VLAN Traffic Aggregation
Inzuzo enkulu ye-SPAN kukuba inokuphinda ithrafikhi ukusuka kwiichweba ezininzi zemithombo (ezifana neechweba zomsebenzisi zeeswitshi ezininzi zokufikelela) okanye ii-VLAN ezininzi ukuya kwichweba elifanayo lokubeka esweni ngaxeshanye. Umzekelo, ukuba abasebenzi bokusebenza nokugcinwa kweshishini kufuneka babeke esweni ithrafikhi yabasebenzi kwii-terminals ezininzi (ezihambelana nee-VLAN ezahlukeneyo) befikelela kwi-Intanethi, akukho mfuneko yokubeka izixhobo zokuqokelela ezahlukeneyo ekuphumeni kwe-VLAN nganye. Ngokuhlanganisa ithrafikhi yezi VLAN kwichweba elinye lokubeka esweni nge-SPAN, uhlalutyo oluphakathi lunokuphunyezwa, luphucula kakhulu ukuguquguquka nokusebenza kakuhle kokuqokelelwa kwedatha.
3. Akukho mfuneko yokuphazamisa ikhonkco lenethiwekhi yokuqala
Ngokungafaniyo nokusasazwa kwe-TAP ngochungechunge, zombini i-source port kunye ne-monitoring port ye-SPAN zii-port eziqhelekileyo zeswitshi. Ngexesha lenkqubo yokumisela, akukho mfuneko yokuxhuma nokukhupha iintambo zenethiwekhi zekhonkco lokuqala, kwaye akukho mpembelelo ekudlulisweni kwetrafikhi yokuqala. Nokuba kuyimfuneko ukulungisa i-source port okanye ukukhubaza umsebenzi we-SPAN kamva, oku kungenziwa kuphela ngokuguqula uqwalaselo ngomgca womyalelo, olula ukuwusebenzisa kwaye alunakuphazamiseka kwiinkonzo zenethiwekhi.
Imeko zoSetyenziso: Ukugxila "kwiCandelo loLawulo oluneendleko eziphantsi" kunye "noHlahlelo oluPhakathi"
1. Ukubeka iliso kwindlela abaziphatha ngayo abasebenzisi kwiiNethiwekhi zeKhampasi / iiNethiwekhi zeShishini
Kwiinethiwekhi zekhampasi okanye kwiinethiwekhi zeshishini, abalawuli badla ngokufuna ukujonga ukuba ii-terminals zabasebenzi zinokufikelela ngokungekho mthethweni na (njengokufikelela kwiiwebhusayithi ezingekho mthethweni kunye nokukhuphela isoftware ephangiweyo) kunye nokuba kukho inani elikhulu lee-P2P downloads okanye iividiyo ezithatha i-bandwidth. Ngokuhlanganisa i-traffic ye-user ports ye-access-layer switches kwi-monitoring port nge-SPAN, kunye nesoftware yohlalutyo lwe-traffic (njengeWireshark kunye neNetFlow Analyzer), ukujonga ngexesha langempela ukuziphatha komsebenzisi kunye nezibalo zomsebenzi we-bandwidth kunokufezekiswa ngaphandle kotyalo-mali olongezelelweyo lwe-hardware.
2. Ukusombulula iingxaki zexeshana kunye novavanyo lwezicelo zexesha elifutshane
Xa kuvela iimpazamo zexeshana nezingaqhelekanga kwinethiwekhi, okanye xa kufuneka kwenziwe uvavanyo lwethrafikhi kwisicelo esitsha esisetyenzisiweyo (njengenkqubo yangaphakathi ye-OA kunye nenkqubo yeenkomfa zevidiyo), i-SPAN ingasetyenziselwa ukwakha ngokukhawuleza indawo yokuqokelelwa kwedatha. Umzekelo, ukuba isebe libika ukuminza rhoqo kwiinkomfa zevidiyo, abasebenzi bokusebenza kunye nokugcinwa banokumisela okwethutyana i-SPAN ukuze ibonise ithrafikhi yezibuko apho iseva yenkomfa yevidiyo ikhoyo kwizibuko lokubeka esweni. Ngokuhlalutya ukulibaziseka kwepakethi yedatha, izinga lokulahleka kwepakethi, kunye nokusebenza kwe-bandwidth, kunokugqitywa ukuba ingxaki ibangelwa yi-bandwidth enganeleyo yenethiwekhi okanye ukulahleka kwepakethi yedatha. Emva kokuba ukusombulula iingxaki kugqityiwe, uqwalaselo lwe-SPAN lunokukhubazeka ngaphandle kokuchaphazela imisebenzi yenethiwekhi elandelayo.
3. Izibalo zeTrafikhi kunye noHlolo oluLula kwiiNethiwekhi ezincinci neziphakathi
Kwinethiwekhi ezincinci neziphakathi (ezifana namashishini amancinci kunye neelabhoratri zekhampasi), ukuba imfuneko yokuthembeka kokuqokelelwa kwedatha ayiphezulu, kwaye kufuneka izibalo ezilula zethrafikhi kuphela (ezifana nokusetyenziswa kwe-bandwidth ye-port nganye kunye ne-traffic proportions ye-Top N applications) okanye uphicotho olusisiseko lokuthobela imithetho (ezifana nokurekhoda amagama eedomain zewebhusayithi afikelelwa ngabasebenzisi) , i-SPAN inokuhlangabezana ngokupheleleyo neemfuno. Iimpawu zayo ezingabizi kakhulu nezilula ukuzisebenzisa zenza ukuba ibe lukhetho olungabizi kakhulu kwiimeko ezinjalo.
Imida: Iintsilelo kwiNgqibelelo yeDatha kunye neMpembelelo yokuSebenza
1. Umngcipheko wokulahleka kwepakethi yedatha kunye nokubanjwa okungaphelelanga
Ukuphindaphinda kweepakethi zedatha yi-SPAN kuxhomekeke kwi-CPU kunye nezixhobo ze-cache zeswitshi. Xa ithrafikhi ye-source port ikwinqanaba eliphezulu (njengokudlula umthamo we-cache yeswitshi) okanye iswitshi icubungula inani elikhulu lemisebenzi yokudlulisa ngaxeshanye, i-CPU iya kunika kuqala ukuqinisekisa ukudluliselwa kwethrafikhi yokuqala, kwaye inciphise okanye imise ukuphindaphinda kwe-SPAN traffic, okubangela ukulahleka kwepakethi kwi-monitoring port. Ukongeza, ezinye iiswitshi zinemida kwi-mirroring ratio ye-SPAN (njengokuxhasa kuphela ukuphindaphinda kwe-80% yethrafikhi) okanye azixhasi ukuphindaphinda okupheleleyo kweepakethi zedatha ezinkulu (ezifana neeJumbo Frames). Zonke ezi zinto ziya kukhokelela kwidatha engaphelelanga eqokelelweyo kwaye zichaphazele ukuchaneka kweziphumo zohlalutyo olulandelayo.
2. Ukusebenzisa Izixhobo Zokutshintsha kunye Nempembelelo Enokubakho Ekusebenzeni Kwenethiwekhi
Nangona i-SPAN ingaphazamisi ngqo ikhonkco lokuqala, xa inani lee-source ports likhulu okanye i-traffic inzima, inkqubo yokuphindaphinda iipakethe zedatha iya kuthatha izixhobo ze-CPU kunye ne-bandwidth yangaphakathi yeswitshi. Umzekelo, ukuba i-traffic yee-ports ezininzi ze-10G ijongwa njenge-port yokubeka iliso ye-10G, xa i-traffic iyonke yee-source ports idlula i-10G, ayizukuphela nje kokuba i-monitoring port iya kulahlekelwa yipakethe ngenxa ye-bandwidth enganeleyo, kodwa ukusetyenziswa kwe-CPU yeswitshi nako kunokwanda kakhulu, ngaloo ndlela kuchaphazela ukusebenza kakuhle kwe-data packet forwarding kwezinye ii-ports kwaye kubangele nokwehla kokusebenza kweswitshi iyonke.
3. Ukuxhomekeka komsebenzi kwiModeli yoTshintsho kunye nokuhambelana okulinganiselweyo
Inqanaba lenkxaso yomsebenzi we-SPAN lahluka kakhulu phakathi kweeswitshi zabavelisi kunye neemodeli ezahlukeneyo. Umzekelo, iiswitshi ezisezantsi zinokuxhasa izibuko elinye lokujonga kwaye azixhasi i-VLAN mirroring okanye i-full-duplex traffic mirroring; umsebenzi we-SPAN wezinye iiswitshi unomda "wokujonga indlela enye" (oko kukuthi, ukubonisa kuphela i-traffic engenayo okanye ephumayo, kwaye akunakubonisa i-traffic ye-bidirectional ngaxeshanye); ukongeza, i-cross-switch SPAN (njengokubonisa i-port traffic yeswitshi A ukuya kwizibuko lokujonga leswitshi B) kufuneka ixhomekeke kwiiprotokholi ezithile (ezifana ne-RSPAN yeCisco kunye ne-ERSPAN yeHuawei), enoqwalaselo oluntsonkothileyo kunye nokuhambelana okuphantsi, kwaye kunzima ukuziqhelanisa nemeko-bume yothungelwano oluxutyiweyo lwabavelisi abaninzi.
Uthelekiso loMntu oPhambili kunye neengcebiso zoKhetho phakathi kweTAP kunye neSPAN
Uthelekiso loMmahluko oPhambili
Ukuze sibonise ngokucacileyo umahluko phakathi kwezi zimbini, sizithelekisa ngokwemilinganiselo yeempawu zobugcisa, impembelelo yokusebenza, iindleko, kunye neemeko ezifanelekileyo:
| Umlinganiselo wokuthelekisa | I-TAP (Indawo yoVavanyo lokufikelela) | I-SPAN (i-Switched Port Analyzer) |
| Ukunyaniseka kokuBamba idatha | Ukubanjwa ngaphandle kokulahlekelwa yi-100%, akukho mngcipheko wokulahlekelwa yilahleko | Ixhomekeke kwizixhobo zokutshintsha, isengozini yokulahleka kwepakethi xa kukho ithrafikhi eninzi, i-capture engaphelelanga |
| Impembelelo kwiNethiwekhi yoQoqo | Akukho kuphazamiseka, impazamo ayichaphazeli ikhonkco lokuqala | I-Occupies itshintsha i-CPU/bandwidth xa inabantu abaninzi, inokubangela ukwehla kokusebenza kwenethiwekhi |
| Ixabiso lehardware | Ifuna ukuthengwa kwezixhobo ezizinikeleyo, ezibiza kakhulu | Umsebenzi wokutshintsha owakhelwe ngaphakathi, akukho zindleko zongezelelweyo zehardware |
| Ukuguquguquka kokusetyenziswa | Kufuneka iqhagamshelwe ngochungechunge kwikhonkco, kufuneka ukuphazamiseka kwenethiwekhi ukuze ithunyelwe, kwaye kufuneka kube lula ukuguquguquka | Uqwalaselo lwesoftware, akukho kuphazamiseka kwenethiwekhi okufunekayo, ixhasa ukuhlanganiswa kwemithombo emininzi, ukuguquguquka okuphezulu |
| Imeko Ezisebenzayo | Iikhonkco eziphambili, indawo echanekileyo yempazamo, uhlolo oluphezulu, iinethiwekhi ezikumgangatho ophezulu | Ukubeka esweni okwethutyana, uhlalutyo lokuziphatha kwabasebenzisi, iinethiwekhi ezincinci neziphakathi, iimfuno ezingabizi kakhulu |
| Ukuhambelana | Ixhasa amazinga/imidiya emininzi, ngaphandle kwemodeli yokutshintsha | Kuxhomekeke kumenzi/imodeli yeswitshi, umahluko omkhulu kwinkxaso yomsebenzi, uqwalaselo oluntsonkothileyo lwezixhobo ezinqamlezileyo |
Iingcebiso zokukhetha: "Ukufanisa ngokuchanekileyo" ngokusekwe kwiimfuno zemeko
1. Imeko apho iTAP ikhethwa khona
○Ukubeka esweni amakhonkco eshishini angundoqo (afana nee-data center core switches kunye namakhonkco e-egress router), okufuna ukuqinisekisa ukuthembeka kokubanjwa kwedatha;
○Indawo yengxaki yenethiwekhi (njengokudluliselwa kwakhona kwe-TCP kunye nokulibaziseka kwesicelo), okufuna uhlalutyo oluchanekileyo olusekelwe kwiipakethi zedatha ezipheleleyo;
○Amashishini aneemfuno eziphezulu zokhuseleko kunye nokuthobela imithetho (ezemali, imicimbi karhulumente, amandla), afuna ukuhlangabezana nokuthembeka kunye nokungaphazanyiswa kwedatha yophicotho-zincwadi;
○Iindawo zenethiwekhi ezikumgangatho ophezulu (10G nangaphezulu) okanye iimeko ezineepakethi zedatha ezinkulu, ezifuna ukuphepha ukulahleka kwepakethi kwi-SPAN.
2. Imeko apho i-SPAN ikhethwa khona
○Iinethiwekhi ezincinci neziphakathi ezineebhajethi ezilinganiselweyo, okanye iimeko ezifuna kuphela izibalo zethrafikhi ezilula (ezifana nokusebenza kwe-bandwidth kunye nezicelo eziphezulu);
○Uvavanyo lwexeshana lokusombulula iingxaki okanye uvavanyo lwesicelo sexesha elifutshane (njengovavanyo lokuqaliswa kwenkqubo entsha), olufuna ukuthunyelwa ngokukhawuleza ngaphandle kokusetyenziswa kwezixhobo ixesha elide;
○Ukubeka esweni okuphakathi kweeports/ii-VLAN ezininzi (ezifana nokubeka esweni ukuziphatha kwabasebenzisi benethiwekhi yekhampasi), okufuna ukuhlanganiswa kwetrafikhi okuguquguqukayo;
○Ukubeka esweni iikhonkco ezingezizo eziphambili (ezifana neeports zomsebenzisi zeeswitshi zokufikelela-umgangatho), kunye neemfuno eziphantsi zokuthembeka kokuthathwa kwedatha.
3. Imizekelo yokusetyenziswa kweHybrid
Kwezinye iindawo ezintsonkothileyo zenethiwekhi, indlela yokusasazwa kwe-hybrid ye-"TAP + SPAN" nayo inokusetyenziswa. Umzekelo, sebenzisa i-TAP kwiikhonkco eziphambili zeziko ledatha ukuqinisekisa ukubanjwa kwedatha epheleleyo yokusombulula iingxaki kunye nokuhlolwa kokhuseleko; lungiselela i-SPAN kwiiswitshi ze-access-layer okanye ze-aggregation-layer ukuze uhlanganise i-traffic yabasebenzisi abasasazekileyo ukuze kuhlalutywe ukuziphatha kunye nezibalo ze-bandwidth. Oku akupheleli nje ekuhlangabezaneni neemfuno zokubeka esweni ezichanekileyo zeekhonkco eziphambili kodwa kunciphisa neendleko zokusasazwa zizonke.
Ngoko ke, njengeetekhnoloji ezimbini eziphambili zokufumana idatha yenethiwekhi, i-TAP kunye ne-SPAN azinazo "iingenelo okanye iingxaki" ngokupheleleyo kodwa "zinomahluko kuphela ekuhlengahlengisweni kwesimo". I-TAP igxile "ekubambeni ngaphandle kokulahlekelwa" kunye "nokuthembeka okuzinzileyo", kwaye ifanelekile kwiimeko eziphambili ezineemfuno eziphezulu zokuthembeka kwedatha kunye nozinzo lwenethiwekhi, kodwa ineendleko eziphezulu kunye nokuguquguquka okuphantsi kokusasazwa; i-SPAN ineengenelo "zexabiso eliphantsi" kunye "nokuguquguquka kunye nokulula", kwaye ifanelekile kwiimeko ezingabizi kakhulu, zexeshana, okanye ezingezizo eziphambili, kodwa ineengozi zokulahleka kwedatha kunye nempembelelo yokusebenza.
Kwindlela yokusebenza nokugcinwa kwenethiwekhi, iinjineli zenethiwekhi kufuneka zikhethe isisombululo sobugcisa esifanelekileyo ngokusekwe kwiimfuno zazo zoshishino (ezifana nokuba likhonkco eliphambili na kwaye kufuneka uhlalutyo oluchanekileyo), iindleko zohlahlo lwabiwo-mali, ubungakanani benethiwekhi, kunye neemfuno zokuthobela imithetho. Kwangaxeshanye, ngokuphuculwa kwamanani enethiwekhi (afana ne-25G, 100G, kunye ne-400G) kunye nokuphuculwa kweemfuno zokhuseleko lwenethiwekhi, iteknoloji ye-TAP nayo iphuhliswa rhoqo (njengokuxhasa ukwahlulwahlulwa kwetrafikhi ekrelekrele kunye nokuhlanganiswa kweeport ezininzi), kwaye abavelisi beswitshi nabo baqhubeka nokwenza ngcono umsebenzi we-SPAN (njengokuphucula umthamo we-cache kunye nokuxhasa i-mirroring engenalahleko). Kwixesha elizayo, ezi teknoloji zimbini ziya kudlala indima yazo kwiindawo zazo kwaye zibonelele ngenkxaso yedatha esebenzayo nechanekileyo kulawulo lwenethiwekhi.
Ixesha leposi: Disemba-08-2025
