Iqhutywa lutshintsho lwedijithali, iinethiwekhi zamashishini azisekho nje "ziintambo ezimbalwa ezidibanisa iikhompyutha." Ngenxa yokwanda kwezixhobo ze-IoT, ukufuduka kweenkonzo ukuya efini, kunye nokwamkelwa okwandayo komsebenzi okude, ithrafikhi yenethiwekhi iqhumile, njengethrafikhi kwindlela enkulu. Nangona kunjalo, oku kunyuka kwethrafikhi kukwazisa imingeni: izixhobo zokhuseleko azikwazi ukubamba idatha ebalulekileyo, iinkqubo zokubeka iliso zigcwele ulwazi olungafunekiyo, kwaye izoyikiso ezifihliweyo kwithrafikhi efihliweyo azifumaneki. Kulapho "umqeshi ongabonakaliyo" obizwa ngokuba yiNetwork Packet Broker (NPB) aluncedo khona. Isebenza njengebhulorho ekrelekrele phakathi kwethrafikhi yenethiwekhi kunye nezixhobo zokubeka iliso, iphatha ukuhamba kwethrafikhi okungalawulekiyo kuyo yonke inethiwekhi ngelixa inika izixhobo zokubeka iliso ngokuchanekileyo idatha eziyidingayo, inceda amashishini ukusombulula imingeni yenethiwekhi "engabonakaliyo, engafikelelekiyo". Namhlanje, siza kubonelela ngokuqonda okubanzi kwale ndima iphambili ekusebenzeni kwenethiwekhi kunye nokugcinwa kwayo.
1. Kutheni iinkampani zifuna ii-NPB ngoku? — "Imfuneko Yokubonakala" YeeNethiwekhi Ezintsonkothileyo
Cinga ngoku: Xa inethiwekhi yakho isebenzisa amakhulu ezixhobo ze-IoT, amakhulu eeseva zelifu, kunye nabasebenzi abafikelela kuyo bekude kuyo yonke indawo, ungaqinisekisa njani ukuba akukho traffic inobungozi engena? Ungafumanisa njani ukuba zeziphi iikhonkco ezixineneyo nezicothisa ukusebenza kweshishini?
Iindlela zokubeka esweni zemveli bezingonelanga ixesha elide: nokuba izixhobo zokubeka esweni zinokugxila kuphela kwiindawo ezithile zethrafikhi, zilahleke iindawo ezibalulekileyo; okanye zidlulisela zonke iithrafikhi kwisixhobo ngaxeshanye, nto leyo ebangela ukuba singakwazi ukugaya ulwazi kwaye sinciphise ukusebenza kakuhle kohlalutyo. Ngaphezu koko, njengoko ngaphezulu kwe-70% yethrafikhi ngoku ifihliwe, izixhobo zemveli azikwazi ukubona umxholo wayo.
Ukuvela kwee-NPB kujongana neyona ndawo ibuhlungu "yokungabikho kokubonakala kwenethiwekhi." Zihlala phakathi kweendawo zokungena kwezithuthi kunye nezixhobo zokubeka esweni, ziqokelela izithuthi ezisasazekileyo, zihluza idatha engafunekiyo, kwaye ekugqibeleni zisasaze izithuthi ezichanekileyo kwi-IDS (Intrusion Detection Systems), ii-SIEM (Security Information Management Platforms), izixhobo zohlalutyo lokusebenza, nokunye. Oku kuqinisekisa ukuba izixhobo zokubeka esweni azilambi kwaye azigcwali kakhulu. Ii-NPB zinokuphinda zikhuphe kwaye zibethele izithuthi, zikhusele idatha eyimfihlo kwaye zinike amashishini umbono ocacileyo wemeko yenethiwekhi yawo.
Kunokuthiwa ngoku logama nje ishishini linokhuseleko lwenethiwekhi, ukuphuculwa kokusebenza okanye iimfuno zokuthobela imithetho, i-NPB iye yaba yinxalenye ebalulekileyo engenakuphepheka.
Yintoni i-NPB? — Uhlalutyo olulula ukusuka kwi-Architecture ukuya kwi-Core Capabilities
Abantu abaninzi bacinga ukuba igama elithi "packet broker" linomqobo omkhulu wobuchwephesha ekungeneni. Nangona kunjalo, umzekelo ofikelelekayo kukusebenzisa "iziko lokukhetha ukuhanjiswa ngokukhawuleza": ithrafikhi yenethiwekhi "ziipasela ezikhawulezayo," i-NPB "liziko lokukhetha," kwaye isixhobo sokujonga "yindawo yokufumana." Umsebenzi we-NPB kukuhlanganisa iipasela ezisasazekileyo (ukuhlanganiswa), ukususa iipasela ezingasebenziyo (ukucoca), kunye nokuzihlela ngokwedilesi (ukusasazwa). Ingakwazi nokukhupha nokuhlola iipasela ezikhethekileyo (ukususa ukubethela) kunye nokususa ulwazi lwabucala (ukuhlikihla) - yonke inkqubo isebenza kakuhle kwaye ichanekile.
1. Okokuqala, makhe sijonge "i-skeleton" ye-NPB: iimodyuli ezintathu eziphambili zokwakha
Umsebenzi we-NPB uxhomekeke ngokupheleleyo kwintsebenziswano yezi modyuli zintathu; akukho nanye kuzo enokuthi ingabikho:
○Imodyuli yokufikelela kwiTrafikhi: Ilingana "nezibuko lokuhambisa elikhawulezayo" kwaye isetyenziselwa ngokukodwa ukufumana ithrafikhi yenethiwekhi evela kwizibuko lesipili esitshintshayo (SPAN) okanye i-splitter (TAP). Nokuba yithrafikhi evela kwikhonkco elibonakalayo okanye kwinethiwekhi ebonakalayo, inokuqokelelwa ngendlela edibeneyo.
○Injini Yokucubungula:Le "yingqondo engundoqo yeziko lokuhlela" kwaye inoxanduva "lokucubungula" okubaluleke kakhulu - njengokudibanisa ithrafikhi yamakhonkco amaninzi (ukuhlanganiswa), ukucoca ithrafikhi kuhlobo oluthile lwe-IP (ukucoca), ukukopa ithrafikhi efanayo nokuyithumela kwizixhobo ezahlukeneyo (ukukopa), ukususa ukubethela ithrafikhi efihliweyo ye-SSL/TLS (ukususa ukubethela), njl. Zonke "imisebenzi emihle" zigqityiwe apha.
○Imodyuli yoSasazo: Kufana "nomthumeli" osasaza ngokuchanekileyo ithrafikhi ecutshungulwayo kwizixhobo zokubeka esweni ezifanelekileyo kwaye angenza nokulinganisela umthwalo - umzekelo, ukuba isixhobo sohlalutyo lokusebenza sixakeke kakhulu, inxalenye yethrafikhi iya kusasazwa kwisixhobo sokugcina idatha ukuze kuthintelwe ukugqithisa isixhobo esinye.
2. "IiHard Core Capabilities" zeNPB: imisebenzi eli-12 ephambili isombulula iingxaki zenethiwekhi ezingama-90%
I-NPB inemisebenzi emininzi, kodwa makhe sigxile kweyona isetyenziswa kakhulu ngamashishini. Ngayinye ihambelana nenqaku elibalulekileyo:
○Ukuphindaphinda kweTrafikhi / Ukuqokelelana + UkucocaUmzekelo, ukuba ishishini lineekhonkco zenethiwekhi ezili-10, i-NPB iqala ngokudibanisa ithrafikhi yeekhonkco ezili-10, ize ihluze "iipakethi zedatha eziphindwe kabini" kunye "nethrafikhi engafanelekiyo" (njengethrafikhi evela kubasebenzi ababukele iividiyo), kwaye ithumela kuphela ithrafikhi enxulumene neshishini kwisixhobo sokubeka esweni - iphucula ngokuthe ngqo ukusebenza kakuhle ngama-300%.
○Ukususwa kwe-SSL/TLSKule mihla, uhlaselo oluninzi olunobungozi lufihliwe kwi-HTTPS encrypted traffic. I-NPB ingayisusa ngokukhuselekileyo le traffic, ivumela izixhobo ezifana ne-IDS kunye ne-IPS ukuba "zibone" umxholo ofihliweyo kwaye zibambe izoyikiso ezifihlakeleyo ezifana neekhonkco ze-phishing kunye nekhowudi enobungozi.
○Ukufihla idatha / Ukususa uvakalelo: Ukuba ithrafikhi ineenkcukacha eziyimfihlo ezifana neenombolo zekhadi letyala kunye neenombolo zokhuseleko loluntu, i-NPB iya "kucima" ngokuzenzekelayo olu lwazi ngaphambi kokuba iluthumele kwisixhobo sokubeka iliso. Oku akuyi kuchaphazela uhlalutyo lwesixhobo, kodwa kuya kuhambelana neemfuno ze-PCI-DSS (ukuthobela intlawulo) kunye ne-HIPAA (ukuthobela imiqathango yezempilo) ukuthintela ukuvuza kwedatha.
○Ukulinganisela Umthwalo + UkusilelaUkuba ishishini linezixhobo ze-SIEM ezintathu, i-NPB iya kusasaza izithuthi ngokulinganayo phakathi kwazo ukuthintela ukuba nasiphi na isixhobo esinye singaphazanyiswa. Ukuba isixhobo esinye siyasilela, i-NPB iya kutshintshela izithuthi kwangoko kwisixhobo sokugcina idatha ukuqinisekisa ukuba kukho ukubekwa esweni okungaphazanyiswayo. Oku kubaluleke kakhulu kumashishini afana nezezimali kunye nokhathalelo lwempilo apho ixesha lokungasebenzi lingamkelekanga.
○Ukupheliswa komjelo: I-VXLAN, i-GRE kunye nezinye "iiProtocols zeTunnel" ngoku zisetyenziswa kakhulu kwiinethiwekhi zelifu. Izixhobo zemveli azikwazi ukuqonda ezi protocols. I-NPB inokuyi "chitha" le tunnels ize ikhuphe itrafikhi yokwenyani ngaphakathi, ivumela izixhobo ezindala ukuba ziqhube itrafikhi kwiindawo zelifu.
Ukudityaniswa kwezi mpawu kwenza i-NPB ingabi "nokubona" kuphela ithrafikhi efihliweyo, kodwa ikwakhusela idatha eyimfihlo kwaye "ilungelelanise" neendawo ezahlukeneyo zenethiwekhi ezintsonkothileyo - yiyo loo nto inokuba yinxalenye ephambili.
III. Isetyenziswa phi i-NPB? — Iimeko ezintlanu eziphambili ezijongana neemfuno zamashishini okwenyani
I-NPB ayisosixhobo esifanela zonke izinto; endaweni yoko, iyakwazi ukuzivumelanisa nezimo ezahlukeneyo. Nokuba liziko ledatha, inethiwekhi ye-5G, okanye indawo yelifu, ifumana usetyenziso oluchanekileyo. Makhe sijonge iimeko ezimbalwa eziqhelekileyo ukubonisa le ngongoma:
1. Iziko leDatha: Isitshixo sokujonga iTrafikhi eMpuma-Ntshona
Amaziko edatha emveli agxila kuphela kwitrafikhi esuka emantla ukuya emazantsi (itrafikhi esuka kwiiseva ukuya kwihlabathi langaphandle). Nangona kunjalo, kumaziko edatha e-virtualized, i-80% yetrafikhi isuka empuma-ntshona (itrafikhi phakathi koomatshini ababonakalayo), izixhobo zemveli ezingenakubamba. Kulapho ii-NPB ziluncedo khona:
Umzekelo, inkampani enkulu ye-intanethi isebenzisa i-VMware ukwakha iziko ledatha elibonakalayo. I-NPB idityaniswe ngokuthe ngqo ne-vSphere (iqonga lolawulo lwe-VMware) ukuze ibambe ngokuchanekileyo ithrafikhi empuma-ntshona phakathi koomatshini ababonakalayo kwaye isasaze kwi-IDS kunye nezixhobo zokusebenza. Oku akupheleli nje ekususeni "ukubeka esweni iindawo ezingabonakaliyo," kodwa kwandisa ukusebenza kakuhle kwezixhobo ngama-40% ngokucoca ithrafikhi, kunciphisa ngokuthe ngqo i-mean-time-to-repair yeziko ledatha (MTTR) phakathi.
Ukongeza, i-NPB inokujonga umthwalo weseva kwaye iqinisekise ukuba idatha yentlawulo iyahambelana ne-PCI-DSS, ibe "yimfuno ebalulekileyo yokusebenza nokugcinwa" kwamaziko edatha.
2. Imeko-bume ye-SDN/NFV: Iindima eziguquguqukayo zokuziqhelanisa neNethiwekhi echazwe yiSoftware
Iinkampani ezininzi ngoku zisebenzisa i-SDN (Software Defined Networking) okanye i-NFV (Network Function Virtualization). Iinethiwekhi azisasebenzi njengezixhobo ezizinzileyo, kodwa ziinkonzo zesoftware eziguquguqukayo. Oku kufuna ukuba ii-NPB zibe bhetyebhetye ngakumbi:
Umzekelo, iyunivesithi isebenzisa i-SDN ukuphumeza i-"Bring Your Own Device (BYOD)" ukuze abafundi nootitshala bakwazi ukunxibelelana nenethiwekhi yekhampasi besebenzisa iifowuni kunye neekhompyutha zabo. I-NPB idityaniswe nesilawuli se-SDN (esifana ne-OpenDaylight) ukuqinisekisa ukwahlukana kwezithuthi phakathi kweendawo zokufundisa nezeofisi ngelixa isasaza ngokuchanekileyo izithuthi ukusuka kwindawo nganye ukuya kwizixhobo zokubeka esweni. Le ndlela ayichaphazeli ukusetyenziswa kwabafundi nootitshala, kwaye ivumela ukubonwa ngexesha elifanelekileyo konxibelelwano olungaqhelekanga, njengokufikelela kwiidilesi ze-IP ezinobungozi ngaphandle kwekhampasi.
Kunjalo nakwiindawo ze-NFV. I-NPB inokujonga ithrafikhi yee-firewalls ezibonakalayo (ii-vFW) kunye nee-virtual load balancers (ii-vLB) ukuqinisekisa ukusebenza okuzinzileyo kwezi "zixhobo zesoftware", eziguquguqukayo ngakumbi kunokujonga izixhobo zesiqhelo.
3. Iinethiwekhi ze-5G: Ukulawula iiNode zeTrafikhi eziSliced kunye neeEdge
Iimpawu eziphambili ze-5G "ziisantya esiphezulu, i-latency ephantsi, kunye noqhagamshelo olukhulu", kodwa oku kuzisa nemingeni emitsha ekubekeni esweni: umzekelo, itekhnoloji ye-5G "yokusika inethiwekhi" inokwahlulahlula inethiwekhi efanayo ebonakalayo ibe ziinethiwekhi ezininzi ezinengqondo (umzekelo, i-slice ye-low-latency yokuqhuba ngokuzimela kunye ne-slice ye-large-connection ye-IoT), kwaye ithrafikhi kwisilayi ngasinye kufuneka ijongwe ngokuzimeleyo.
Omnye umqhubi usebenzise i-NPB ukusombulula le ngxaki: isebenzise ukujonga i-NPB ngokuzimeleyo kwisilayi ngasinye se-5G, esingakwaziyo ukujonga kuphela ukubambezeleka kunye nokufikelela kwesilayi ngasinye ngexesha langempela, kodwa sikwathintela ithrafikhi engaqhelekanga (njengokufikelela okungagunyaziswanga phakathi kwezilayi) ngexesha elifanelekileyo, ukuqinisekisa iimfuno eziphantsi zokubambezeleka kwamashishini aphambili afana nokuqhuba ngokuzimela.
Ukongeza, ii-node ze-5G edge computing zisasazeke kulo lonke ilizwe, kwaye i-NPB inokubonelela "ngenguqulelo elula" esetyenziswa kwiindawo ezisemaphethelweni ukujonga ithrafikhi esasazekileyo kunye nokuthintela ukulibaziseka okubangelwa kukudluliselwa kwedatha ukuya phambili nangasemva.
4. Imeko-bume yeLifu/i-Hybrid IT: Ukwaphula imiqobo yokubeka iliso kwiLifu likaRhulumente nelaBucala
Uninzi lwamashishini ngoku asebenzisa uyilo lwamafu oluxutyiweyo—ezinye iinkqubo zihlala kwi-Alibaba Cloud okanye kwi-Tencent Cloud (amafu kawonke-wonke), ezinye zikwi-cloud zazo zabucala, kwaye ezinye zikwi-server zasekuhlaleni. Kule meko, ithrafikhi isasazeka kwiindawo ezininzi, okwenza ukuba ukujonga kuphazamiseke lula.
IBhanki yaseChina iMinsheng isebenzisa i-NPB ukusombulula le ngongoma inzima: ishishini layo lisebenzisa iiKubernetes ukusasazwa kweekhonteyina. I-NPB inokubamba ngokuthe ngqo ithrafikhi phakathi kweekhonteyina (iiPod) kwaye idibanise ithrafikhi phakathi kweeseva zelifu kunye namafu abucala ukwenza "ukubeka esweni ukusuka ekuqaleni ukuya ekupheleni" - nokuba ishishini likwilifu likawonke-wonke okanye ilifu labucala, logama nje kukho ingxaki yokusebenza, iqela lokusebenza kunye nokugcinwa lingasebenzisa idatha yethrafikhi ye-NPB ukufumana ngokukhawuleza ukuba yingxaki ngeefowuni eziphakathi kwekhonteyina okanye ukuxinana kweekhonkco zelifu, ukuphucula ukusebenza kakuhle kokuxilongwa ngama-60%.
Kwi-clouds kawonke-wonke enabantu abaninzi abaqeshayo, i-NPB inokuqinisekisa ukuba abantu bayahlukana phakathi kwamashishini ahlukeneyo, ithintele ukuvuza kwedatha, kwaye ihlangabezane neemfuno zokuthobela imithetho yeshishini lezemali.
Ukuqukumbela: I-NPB ayisiyo "indlela" kodwa "yinto ekufuneka yenziwe"
Emva kokuphonononga ezi meko, uza kufumanisa ukuba i-NPB ayiseyiyo iteknoloji ekhethekileyo kodwa sisixhobo esiqhelekileyo samashishini sokujongana neenethiwekhi ezintsonkothileyo. Ukusuka kumaziko edatha ukuya kwi-5G, ukusuka kumafu abucala ukuya kwi-IT exutyiweyo, i-NPB inokudlala indima naphi na apho kukho imfuneko yokubonakala kwenethiwekhi.
Njengoko ukwanda kwe-AI kunye ne-edge computing kusanda, i-network traffic iya kuba nzima ngakumbi, kwaye amandla e-NPB aya kuphuculwa ngakumbi (umzekelo, ukusebenzisa i-AI ukuchonga ngokuzenzekelayo i-traffic engaqhelekanga kunye nokwenza kube lula ukuziqhelanisa ne-edge nodes). Kumashishini, ukuqonda kunye nokusebenzisa ii-NPB kwangethuba kuya kubanceda ukuba bathathe amanyathelo enethiwekhi kwaye baphephe iindlela eziphambukayo ekutshintsheni kwabo kwedijithali.
Ngaba wakha wadibana nemingeni yokubeka esweni inethiwekhi kwishishini lakho? Umzekelo, awukwazi ukubona ithrafikhi efihliweyo, okanye ukubek' esweni i-hybrid cloud kuyaphazamiseka? Zive ukhululekile ukwabelana ngeengcinga zakho kwicandelo lezimvo kwaye makhe sihlole izisombululo kunye.
Ixesha leposi: Sep-23-2025
