Isixhobo esiqhelekileyo sokujonga nokusombulula iingxaki zenethiwekhi namhlanje yiSwitch Port Analyzer (SPAN), eyaziwa ngokuba yiPort mirroring. Ivumela ukuba sijonge ithrafikhi yenethiwekhi ngaphandle kwemo yebhendi ngaphandle kokuphazamisana neenkonzo kwinethiwekhi ephilayo, kwaye ithumela ikopi yethrafikhi ejongiweyo kwizixhobo zasekuhlaleni okanye ezikude, kuquka iSniffer, i-IDS, okanye ezinye iintlobo zezixhobo zohlalutyo lwenethiwekhi.
Ezinye zeendlela eziqhelekileyo zokusetyenziswa zezi:
• Ukulungisa iingxaki zenethiwekhi ngokulandelela iifreyimu zolawulo/zedatha;
• Hlalutya ukubambezeleka kunye nokujija ngokujonga iipakethi zeVoIP;
• Hlalutya ukubambezeleka ngokubeka esweni ukusebenzisana kwenethiwekhi;
• Fumana izinto ezingaqhelekanga ngokujonga ithrafikhi yenethiwekhi.
I-SPAN Traffic ingaboniswa kwindawo ethile kwezinye iiports kwisixhobo esifanayo, okanye iboniswe kude kwezinye izixhobo zenethiwekhi ezikufutshane neLayer 2 yesixhobo somthombo (RSPAN).
Namhlanje siza kuthetha ngetekhnoloji yokujonga ithrafikhi ye-Intanethi ekude ebizwa ngokuba yi-ERSPAN (Encapsulated Remote Switch Port Analyzer) enokudluliselwa kwiileya ezintathu ze-IP. Olu lulwandiso lwe-SPAN kwi-Encapsulated Remote.
Imigaqo esisiseko yokusebenza kwe-ERSPAN
Okokuqala, makhe sijonge iimpawu ze-ERSPAN:
• Ikopi yepakethi evela kwi-source port ithunyelwa kwi-destination server ukuze ihlalutywe nge-Generic Routing Encapsulation (GRE). Indawo ebonakalayo ye-server ayithintelwanga.
• Ngoncedo lwesici se-User Defined Field (UDF) se-chip, naluphi na uhlengahlengiso oluvela kwi-1 ukuya kwi-126 bytes lwenziwa ngokusekelwe kwi-Base domain ngokusebenzisa uluhlu olude lwenqanaba lobuchwephesha, kwaye amagama angundoqo eseshoni ayahambelana ukuze kufezekiswe umbono weseshoni, njenge-TCP three-way handshake kunye ne-RDMA session;
• Izinga lokuseta iisampulu zenkxaso;
• Ixhasa ubude bokubanjwa kwepakethi (iPakethi yokuSika), inciphisa uxinzelelo kwiseva ekujoliswe kuyo.
Ngezi mpawu, ungabona ukuba kutheni i-ERSPAN isisixhobo esibalulekileyo sokujonga iinethiwekhi ngaphakathi kwamaziko edatha namhlanje.
Imisebenzi ephambili ye-ERSPAN ingashwankathelwa ngeendlela ezimbini:
• Ukubonakala kweSeshini: Sebenzisa i-ERSPAN ukuqokelela zonke iiseshoni ze-TCP ezintsha kunye ne-Remote Direct Memory Access (RDMA) ezenziweyo kwiseva yangasemva ukuze iboniswe;
• Ukusombulula iingxaki zenethiwekhi: Ibamba ithrafikhi yenethiwekhi ukuze kuhlalutywe iimpazamo xa kuvela ingxaki yenethiwekhi.
Ukuze kwenziwe oku, isixhobo senethiwekhi yomthombo kufuneka sihluze ithrafikhi enomdla kumsebenzisi ukusuka kumjelo omkhulu wedatha, senze ikopi, kwaye sifake isakhelo ngasinye sekopi kwisikhongozeli esikhethekileyo "se-superframe" esinolwazi olongezelelweyo olwaneleyo ukuze sikwazi ukuthunyelwa ngokuchanekileyo kwisixhobo esifumanayo. Ngaphezu koko, vumela isixhobo esifumanayo ukuba sikhuphe kwaye sibuyisele ngokupheleleyo ithrafikhi yokuqala ebekwe esweni.
Isixhobo esamkelayo sinokuba sesinye iseva esixhasa ukucocwa kweepakethi ze-ERSPAN.
Uhlalutyo lweFomathi yohlobo lwe-ERSPAN kunye nePakethe
Iipakethi ze-ERSPAN zifakwe kwi-capsule kusetyenziswa i-GRE kwaye zithunyelwa kuyo nayiphi na indawo enokusetyenziswa kwi-IP addressable nge-Ethernet. I-ERSPAN okwangoku isetyenziswa kakhulu kwiinethiwekhi ze-IPv4, kwaye inkxaso ye-IPv6 iya kuba yimfuneko kwixesha elizayo.
Kwisakhiwo se-encapsulation esiqhelekileyo se-ERSAPN, oku kulandelayo kukufotwa kwepakethi yesipili yeepakethi ze-ICMP:
Iprotokholi ye-ERSPAN iye yaphuhliswa ixesha elide, kwaye ngokuphuculwa kwezakhono zayo, kuye kwenziwa iinguqulelo ezininzi, ezibizwa ngokuba yi-"ERSPAN Types". Iintlobo ezahlukeneyo zinefomathi ezahlukeneyo zentloko yesakhelo.
Ichazwe kwicandelo lokuqala leNguqulelo yesihloko se-ERSPAN:
Ukongeza, intsimi yohlobo lweProtocol kwi-GRE header ikwabonisa uhlobo lwangaphakathi lwe-ERSPAN. Intsimi yohlobo lweProtocol engu-0x88BE ibonisa uhlobo lwe-ERSPAN II, kwaye u-0x22EB ubonisa uhlobo lwe-ERSPAN III.
1. Uhlobo I
Isakhelo se-ERSPAN sohlobo lwe-I sigubungela i-IP kunye ne-GRE ngqo phezu kwentloko yesakhelo sesibuko sokuqala. Olu luhlu longeza ii-bytes ezingama-38 phezu kwesakhelo sokuqala: 14(MAC) + 20 (IP) + 4(GRE). Inzuzo yale fomathi kukuba inobukhulu bentloko encinci kwaye inciphisa iindleko zokudlulisela. Nangona kunjalo, kuba ibeka amasimi eFlegi ye-GRE kunye neVersion kwi-0, ayithwali naziphi na iisimi ezinde kwaye uhlobo lwe-I alusetyenziswa kakhulu, ngoko ke akukho mfuneko yokwandisa okungakumbi.
Ifomathi ye-GRE header yohlobo I yile ilandelayo:
2. Uhlobo II
Kwi-Type II, amasimi e-C, R, K, S, S, Recur, Flags, kunye ne-Version kwi-GRE header onke angama-0 ngaphandle kwe-S field. Ke ngoko, i-Sequence Number field iboniswa kwi-GRE header yohlobo lwesibini. Oko kukuthi, i-Type II inokuqinisekisa ulandelelwano lokufumana iipakethi ze-GRE, ukuze inani elikhulu leepakethi ze-GRE ezingaphandle kwe-order zingakwazi ukuhluzwa ngenxa yempazamo yenethiwekhi.
Ifomathi ye-GRE header yohlobo lwesibini yile ilandelayo:
Ukongeza, ifomathi yesakhelo se-ERSPAN Type II yongeza i-header ye-ERSPAN eyi-8-byte phakathi kwe-header ye-GRE kunye nesakhelo esibukwayo sokuqala.
Ifomathi yentloko ye-ERSPAN yohlobo lwesibini yile ilandelayo:
Okokugqibela, emva nje kwesakhelo somfanekiso wokuqala, kukho ikhowudi eqhelekileyo ye-4-byte Ethernet cyclic redundancy check (CRC).
Kubalulekile ukuqaphela ukuba ekusetyenzisweni, isakhelo sesibuko asinayo intsimi ye-FCS yesakhelo sokuqala, endaweni yoko ixabiso elitsha le-CRC liyabalwa kwakhona ngokusekelwe kwi-ERSPAN iyonke. Oku kuthetha ukuba isixhobo esamkelayo asinakuqinisekisa ukuchaneka kwe-CRC yesakhelo sokuqala, kwaye sinokucinga kuphela ukuba kuphela iifreyimu ezingamonakalanga ezibonisiweyo.
3. Uhlobo lwesithathu
Uhlobo lwesithathu luzisa i-composite header enkulu neguquguqukayo ukujongana neemeko zokubeka iliso kwinethiwekhi ezintsonkothileyo nezihlukeneyo, kuquka kodwa kungaphelelanga apho kulawulo lwenethiwekhi, ukubonwa kokungena, ukusebenza kunye nohlalutyo lokulibaziseka, nokunye. Ezi ndawo kufuneka zazi zonke iiparameter zokuqala zesakhelo sesibuko kwaye zibandakanye ezo zingekhoyo kwisakhelo sokuqala ngokwaso.
I-header ye-ERSPAN Type III edibeneyo ibandakanya i-header enyanzelekileyo ye-12-byte kunye ne-subheader ekhethiweyo ye-8-byte platform.
Ifomathi yentloko ye-ERSPAN yohlobo lwesithathu yile ilandelayo:
Kwakhona, emva kwesakhelo sesibuko sokuqala kukho i-CRC eyi-4-byte.
Njengoko kunokubonwa kwifomathi yentloko yeType III, ukongeza ekugcineni amasimi eVer, VLAN, COS, T kunye neSession ID ngokusekelwe kwiType II, amasimi amaninzi akhethekileyo ayongezwa, afana nala:
• I-BSO: isetyenziselwa ukubonisa ukuthembeka komthwalo weefreyimu zedatha ezithwalwa nge-ERSPAN. I-00 yifreyimu elungileyo, i-11 yifreyimu embi, i-01 yifreyimu emfutshane, i-11 yifreyimu enkulu;
• Isitampu sexesha: sithunyelwe kwiwotshi yehardware ehambelana nexesha lenkqubo. Le ntsimi ye-32-bit ixhasa ubuncinci ii-microsecond ezili-100 ze-Timestamp granularity;
• Uhlobo lweSakhelo (P) kunye nohlobo lweSakhelo (FT): esokuqala sisetyenziselwa ukucacisa ukuba i-ERSPAN ithwala iifreyimu zeprotocol ze-Ethernet (iifreyimu ze-PDU), kwaye esokugqibela sisetyenziselwa ukucacisa ukuba i-ERSPAN ithwala iifreyimu ze-Ethernet okanye iipakethi ze-IP.
• I-HW ID: isichazi esikhethekileyo senjini ye-ERSPAN ngaphakathi kwenkqubo;
• I-Gra (i-Timestamp Granularity): Icacisa i-Granularity ye-Timestamp. Umzekelo, i-00B imele i-100 microsecond Granularity, i-01B 100 nanosecond Granularity, i-10B IEEE 1588 Granularity, kwaye i-11B ifuna ii-sub-headers ezithile zeplatifomu ukuze ifumane i-Granularity ephezulu.
• I-Platf ID vs. Ulwazi oluQhelekileyo lwePlatf: Amasimi oLwazi oluQhelekileyo lwePlatf aneefomathi ezahlukeneyo kunye nomxholo ngokuxhomekeke kwixabiso le-Platf ID.
Kufuneka kuqatshelwe ukuba amasimi eentloko ahlukeneyo axhaswayo apha ngasentla angasetyenziswa kwizicelo ze-ERSPAN eziqhelekileyo, nokuba kujongwa iifreyimu zeempazamo okanye iifreyimu ze-BPDU, ngelixa kugcinwa iphakheji yokuqala yeTrunk kunye ne-VLAN ID. Ukongeza, ulwazi oluphambili lwesitampu sexesha kunye nezinye iindawo zolwazi zingongezwa kwifreyimu nganye ye-ERSPAN ngexesha lojongwa.
Ngeentloko zeempawu ze-ERSPAN, singafikelela kuhlalutyo olucokisekileyo lwethrafikhi yenethiwekhi, size emva koko sifake i-ACL ehambelanayo kwinkqubo ye-ERSPAN ukuze ihambelane nethrafikhi yenethiwekhi esinomdla kuyo.
I-ERSPAN Iphumeza Ukubonakala Kweseshoni ye-RDMA
Masithathe umzekelo wokusebenzisa itekhnoloji ye-ERSPAN ukufezekisa umbono weseshoni ye-RDMA kwimeko ye-RDMA:
I-RDMA: I-Remote Direct Memory Access ivumela i-adaptha yenethiwekhi yeseva A ukuba ifunde kwaye ibhale iMemori yeseva B ngokusebenzisa amakhadi e-interface yenethiwekhi akrelekrele (ii-inics) kunye neeswitshi, ifezekisa i-bandwidth ephezulu, i-latency ephantsi, kunye nokusetyenziswa okuphantsi kwezixhobo. Isetyenziswa kakhulu kwi-big data kunye ne-high-performance distribution storage.
I-RoCEv2: I-RDMA phezu kwe-Converged Ethernet Version 2. Idatha ye-RDMA ifakiwe kwi-UDP Header. Inombolo yezibuko lendawo ekuyiwa kuyo yi-4791.
Ukusebenza nokugcinwa kwe-RDMA imihla ngemihla kufuna ukuqokelela idatha eninzi, esetyenziselwa ukuqokelela imigca yereferensi yamanzi yemihla ngemihla kunye nee-alamu ezingaqhelekanga, kunye nesiseko sokufumana iingxaki ezingaqhelekanga. Idityaniswe ne-ERSPAN, idatha enkulu ingabanjwa ngokukhawuleza ukuze kufunyanwe idatha yomgangatho wokudlulisela i-microsecond kunye nemeko yokusebenzisana kweprotocol ye-switching chip. Ngezibalo zedatha kunye nohlalutyo, uvavanyo lomgangatho wokudlulisela i-RDMA ukusuka ekuqaleni ukuya ekupheleni kunye nokuqikelela kunokufumaneka.
Ukuze sifezekise umbono weseshoni ye-RDAM, sidinga i-ERSPAN ukuba ihambelane namagama angundoqo kwiiseshoni zonxibelelwano lwe-RDMA xa sijonga ithrafikhi, kwaye kufuneka sisebenzise uluhlu olude lweengcali.
Inkcazo yecandelo lokufanisa uluhlu olude oluphezulu lwengcali:
I-UDF inamacandelo amahlanu: igama elingundoqo le-UDF, intsimi yesiseko, intsimi ye-offset, intsimi yexabiso, kunye nentsimi yemaski. Ilinganiselwe kumthamo wezinto ezifakiweyo kwi-hardware, i-UDF iyonke ingasetyenziswa. I-UDF enye ingalingana nee-bytes ezimbini ubuninzi.
• Igama elingundoqo le-UDF: UDF1... I-UDF8 Iqulethe amagama angundoqo asibhozo edomeyini yokufanisa i-UDF
• Intsimi esisiseko: ichonga indawo yokuqala yentsimi ehambelana ne-UDF. Oku kulandelayo
I-L4_header (isebenza kwi-RG-S6520-64CQ)
I-L5_header (ye-RG-S6510-48VS8Cq)
• I-Offset: ibonisa i-offset ngokusekelwe kwintsimi yesiseko. Ixabiso liqala ku-0 ukuya kwi-126
• Intsimi yexabiso: ixabiso elihambelanayo. Ingasetyenziswa kunye nentsimi yemaski ukumisela ixabiso elithile eliza kuhambelana. Ibhithi esebenzayo ziibhayithi ezimbini
• Intsimi yemaski: imaski, ibhithi esebenzayo ziibhayithi ezimbini
(Yongeza: Ukuba kusetyenziswa amangenelo amaninzi kwindawo efanayo yokufanisa i-UDF, isiseko kunye ne-offset fields kufuneka zifane.)
Iipakethi ezimbini eziphambili ezinxulumene nemeko yeseshoni yeRDMA yiCongestion Notification Packet (CNP) kunye neNegative Acknowledgment (NAK):
Eyokuqala iveliswa yisamkeli se-RDMA emva kokufumana umyalezo we-ECN othunyelwe yiswitshi (xa i-eout Buffer ifikelela kumda), equlethe ulwazi malunga nokuhamba okanye i-QP ebangela ukuxinana. Eyokugqibela isetyenziselwa ukubonisa ukuba uthumelo lwe-RDMA lunomyalezo wempendulo yokulahleka kwepakethi.
Makhe sijonge indlela yokuthelekisa le miyalezo mibini sisebenzisa uluhlu olude lweengcali:
uluhlu lokufikelela lweengcali olwandisiweyo lwe-rdma
vumela i-udp nayiphi na nayiphi na nayiphi na i-eq 4791udf 1 l4_header 8 0x8100 0xFF00(Ihambelana ne-RG-S6520-64CQ)
vumela i-udp nayiphi na nayiphi na nayiphi na i-eq 4791udf 1 l5_header 0 0x8100 0xFF00(Ihambelana ne-RG-S6510-48VS8CQ)
uluhlu lokufikelela lweengcali olwandisiweyo lwe-rdma
vumela i-udp nayiphi na nayiphi na nayiphi na i-eq 4791udf 1 l4_header 8 0x1100 0xFF00 udf 2 l4_header 20 0x6000 0xFF00(Ihambelana ne-RG-S6520-64CQ)
vumela i-udp nayiphi na nayiphi na nayiphi na i-eq 4791udf 1 l5_header 0 0x1100 0xFF00 udf 2 l5_header 12 0x6000 0xFF00(Ihambelana ne-RG-S6510-48VS8CQ)
Njengenyathelo lokugqibela, unokuyibona iseshoni ye-RDMA ngokufaka uluhlu lolwandiso lweengcali kwinkqubo efanelekileyo ye-ERSPAN.
Bhala kwinqaku lokugqibela
I-ERSPAN yenye yezixhobo ezibalulekileyo kwiinethiwekhi zeziko ledatha ezikhula ngokukhawuleza namhlanje, ithrafikhi yenethiwekhi eyandayo, kunye neemfuno zokusebenza nokugcinwa kwenethiwekhi eziya ziphucuka ngakumbi.
Ngenxa yokwanda kokwenziwa kwe-O&M automation, ubuchwepheshe obufana neNetconf, RESTconf, kunye ne-gRPC buthandwa kakhulu ngabafundi be-O&M kwi-network automatic O&M. Ukusebenzisa i-gRPC njengeprotokholi esisiseko yokuthumela ithrafikhi yesibuko kwakhona kuneenzuzo ezininzi. Umzekelo, ngokusekelwe kwiprotokholi ye-HTTP/2, inokuxhasa indlela yokutyhala yokusasaza phantsi koqhagamshelo olufanayo. Nge-ProtoBuf encoding, ubungakanani bolwazi buncitshiswa ngesiqingatha xa kuthelekiswa nefomathi ye-JSON, okwenza ukuhanjiswa kwedatha kube ngokukhawuleza nangokusebenzayo. Khawucinge nje, ukuba usebenzisa i-ERSPAN ukubonisa imijelo enomdla uze uyithumele kwiseva yohlalutyo kwi-gRPC, ngaba kuya kuyiphucula kakhulu amandla kunye nokusebenza kakuhle kokusebenza kunye nokugcinwa kwenethiwekhi ngokuzenzekelayo?
Ixesha lokuthumela: Meyi-10-2022
