SPAN, RSPAN, kunye ne-ERSPANzizindlela ezisetyenziswa kuthungelwano ukubamba nokubeka iliso kwitrafikhi ukuze kuhlalutywe. Nalu ushwankathelo lwento nganye:
I-SPAN (Isihlalutyi seZibu esiTshintshiweyo)
Injongo: Isetyenziselwa ukubonisa i-traffic evela kumazibuko athile okanye ii-VLAN ekutshintsheni kwelinye izibuko ukuze kubekwe iliso.
Imeko yokusetyenziswa: Ilungele uhlalutyo lwetrafikhi yendawo kwiswitshi enye. I-traffic ibonakaliswe kwizibuko elikhethiweyo apho umhlalutyi wothungelwano unokulibamba khona.
I-RSPAN (I-SPAN ekude)
Injongo: Yandisa izakhono ze-SPAN kwiiswitshi ezininzi kwinethiwekhi.
Imeko yosetyenziso: Ivumela ujongo lwetrafikhi ukusuka kwesinye iswitshi ukuya kwenye ngaphezulu kwekhonkco lomthi. Iluncedo kwiimeko apho isixhobo sokubeka iliso sibekwe kwisitshixo esahlukileyo.
I-ERSPAN (I-SPAN eFakelweyo eKude)
Injongo: Idibanisa i-RSPAN kunye ne-GRE (i-Generic Routing Encapsulation) ukuze ifake i-traffic ebonisiweyo.
Imeko yokusetyenziswa: Ivumela ukubekwa esweni kwetrafikhi kuthungelwano oluhamba ngeendlela. Oku kuluncedo kwizakhiwo zothungelwano oluntsonkothileyo apho i-traffic kufuneka ifakwe phezu kwamacandelo ahlukeneyo.
Tshintsha isiHlalutyi sesibuko (SPAN)yinkqubo esebenzayo, ephezulu yokuhlola izithuthi. Ilawula okanye ibonise itrafikhi ukusuka kwizibuko lomthombo okanye iVLAN ukuya kwindawo ekuyiwa kuyo. Oku ngamanye amaxesha kubhekiselwa kuko njengokubeka iliso kwiseshoni. I-SPAN isetyenziselwa ukulungisa iingxaki zoqhagamshelwano kunye nokubala ukusetyenziswa kwenethiwekhi nokusebenza, phakathi kwezinye ezininzi. Kukho iintlobo ezintathu zee-SPAN ezixhaswayo kwiimveliso zeCisco…
a. SPAN okanye i-SPAN yendawo.
b. I-SPAN ekude (RSPAN).
c. Kufakwe i-SPAN ekude (ERSPAN).
Ukwazi: "I-Mylinking™ Network Packet Broker ene-SPAN, RSPAN kunye ne-ERSPAN Features"
I-SPAN / i-traffic mirroring / i-port mirroring isetyenziselwa iinjongo ezininzi, ngezantsi ibandakanya ezinye.
- Ukusebenzisa i-IDS/IPS kwimowudi yamanyala.
- VOIP call ukurekhoda izisombululo.
- Izizathu zokuthotyelwa kokhuseleko ukubeka iliso kunye nokuhlalutya i-traffic.
- Ukulungisa iingxaki zoqhagamshelwano, ukubeka iliso kwitrafikhi.
Nokuba udidi lwe SPAN luqhuba, umthombo we-SPAN unokuba naluphi na uhlobo lwezibuko, oko kukuthi, izibuko elihambayo, izibuko lokutshintsha okubonakalayo, izibuko lofikelelo, isiqu, iVLAN (onke amazibuko asebenzayo abekwe iliso lokutshintsha), i-EtherChannel (nokuba lizibuko okanye lilonke izibuko. -ujongano lwetshaneli) njl. Qaphela ukuba izibuko elibulelwe indawo ye-SPAN AYIKWAZI ukuba yinxalenye yomthombo we-SPAN VLAN.
Iiseshoni ze-SPAN zixhasa ukubekwa esweni kwe-traffic yokungena (i-SPAN yokungena), i-traffic egress (i-SPAN ephumayo), okanye i-traffic eya kumacala omabini.
-I-Ingress SPAN (RX) ikopi yetrafikhi efunyenwe ngamazibuko omthombo kunye neeVLAN ukuya kwizibuko lendawo. I-SPAN ikhuphela i-traffic phambi kwalo naluphi na ulungiso (umzekelo phambi kwayo nayiphi na i-VACL okanye i-ACL filtering, QoS okanye i-ingress okanye i-egress yamapolisa).
- I-Egress SPAN (TX) iikopi zetrafikhi ezithunyelwa ukusuka kumazibuko omthombo kunye nee-VLAN ukuya kwindawo ekuyiwa kuyo. Konke ukuhluzwa okufanelekileyo okanye ukuguqulwa kwe-VACL okanye i-ACL yokucoca, i-QoS okanye i-ingress okanye i-egress yamapolisa amanyathelo athathwe ngaphambi kokuba utshintshe ukuqhubela phambili i-traffic kwi-port yendawo ye-SPAN.
- Xa zombini igama elingundoqo lisetyenzisiwe, i-SPAN ikopisha i-traffic yenethiwekhi efunyenweyo kwaye ihanjiswe ngamazibuko omthombo kunye ne-VLAN kwi-port ekufikeni.
- I-SPAN/RSPAN idla ngokuyihoya i-CDP, i-STP BPDU, i-VTP, i-DTP kunye ne-PAgP izakhelo. Nangona kunjalo ezi ntlobo zetrafikhi zinokugqithiswa ukuba umyalelo we-encapsulation replicate uqwalaselwe.
SPAN okanye i-SPAN yasekuhlaleni
I-SPAN izipili ze-traffic ukusuka kwi-interface enye okanye ngaphezulu kwi-switch kwi-interface enye okanye ngaphezulu kwi-switch efanayo; kungoko i-SPAN ibizwa ngokuba yi-LOCAL SPAN.
Izikhokelo okanye izithintelo kwi-SPAN yendawo:
- Zombini izibuko zeLayer 2 ezitshintshiweyo kunye noMaleko wesi-3 amazibuko angaqwalaselwa njengomthombo okanye amazibuko ekuyiwa kuwo.
- Umthombo unokuba lizibuko elinye okanye ngaphezulu okanye iVLAN, kodwa hayi ukuxubana kwezi.
- Izibuko ze-trunk ziyimithombo esebenzayo yamazibuko axutywe kunye namazibuko angenayo i-trunk source.
- Ukuya kuthi ga kwi-64 izibuko ze-SPAN zokusingwa zingaqwalaselwa kwiswitshi.
- Xa siqwalasela izibuko lendawo, uqwalaselo lwayo loqobo luyabhalwa ngaphezulu. Ukuba ubumbeko lwe-SPAN lususiwe, ubumbeko lwentsusa kwelo zibuko lubuyiselwe.
- Xa uqwalasela i-port yendawo, i-port iyasuswa kuyo nayiphi na i-EtherChannel bundle ukuba yayiyinxalenye enye. Ukuba ibiyizibuko elihamba ngendlela, uqwalaselo lwendawo ye SPAN lugqithisa uqwalaselo lwezibuko oluqhutywayo.
-Izibuko zokufikela azixhasi ukhuseleko lwezibuko, uqinisekiso lwe802.1x, okanye iiVLAN zabucala.
- Izibuko linokusebenza njengendawo yokufikela kwiseshoni enye ye-SPAN kuphela.
- Izibuko alinakumiselwa njengezibuko lendawo ukuba liyimvelaphi yeseshoni yesithuba okanye inxalenye yomthombo weVLAN.
-Ujongano lwesitishi sezibuko (i-EtherChannel) inokumiselwa njengemithombo yamazibuko kodwa hayi indawo ekuyiwa kuyo ye-SPAN.
- Umkhombandlela wendlela "zombini" ngokungagqibekanga kwimithombo ye-SPAN.
- Amazibuko okusingwa akaze athathe inxaxheba kumzekelo womthi ojikelezayo. Ayinakuxhasa i-DTP, i-CDP njl.njl. I-SPAN yendawo ibandakanya ii-BPDUs kwitrafikhi ebekwe esweni, ngoko ke naziphi na ii-BPDU ezibonwa kwizibuko lendawo zikhutshelwa kwizibuko lomthombo. Yiyo loo nto ungaze uqhagamshele iswitshi kolu hlobo lwe-SPAN njengoko inokubangela uthungelwano lwelophu.
- Xa i-VLAN iqwalaselwe njengomthombo we-SPAN (ubukhulu becala ubizwa ngokuba yi-VSPAN) ngazo zombini iinketho zokungena kunye ne-egress ziqwalaselwe, phambili iipakethi eziphindwe kabini ukusuka kwizibuko lemvelaphi kuphela ukuba iipakethi zitshintshelwa kwiVLAN enye. Enye ikopi yepakethi ivela kwi-traffic ingress kwi-port yokungena, kwaye enye ikopi yepakethi ivela kwi-traffic egress kwi-port egress.
- I-VSPAN ibeka iliso kwi-traffic kuphela eshiya okanye engena kwizibuko ze-Layer 2 kwi-VLAN.
I-SPAN, i-RSPAN, kunye ne-ERSPAN bubuchule obusetyenziswa kuthungelwano ukuthabatha nokubeka esweni itrafikhi ukuze kuhlalutywe. Nalu ushwankathelo lwento nganye:
I-SPAN (Isihlalutyi seZibu esiTshintshiweyo)
- Injongo: Isetyenziselwa ukwenza isipili setrafikhi ukusuka kumazibuko athile okanye iiVLAN kwiswitshi ukuya kwelinye izibuko ukuze kubekwe iliso.
- Sebenzisa Ityala: Ilungele uhlalutyo lwetrafikhi yendawo kwiswitshi enye. I-traffic ibonakaliswe kwizibuko elikhethiweyo apho umhlalutyi wothungelwano unokulibamba khona.
I-RSPAN (I-SPAN ekude)
- Injongo: Yandisa izakhono ze-SPAN kwiiswitshi ezininzi kuthungelwano.
- Sebenzisa Ityala: Ivumela ujongo lwetrafikhi ukusuka kwenye iswitshi ukuya kwenye ngaphezulu kwekhonkco lomthi. Iluncedo kwiimeko apho isixhobo sokubeka iliso sibekwe kwisitshixo esahlukileyo.
I-ERSPAN (I-SPAN eFakelweyo eKude)
- Injongo: Idibanisa i-RSPAN kunye ne-GRE (i-Generic Routing Encapsulation) ukuze ifake i-traffic ye-mirrored.
- Sebenzisa Ityala: Ivumela ukubekwa esweni kwetrafikhi kuzo zonke iinethiwekhi ezihanjiswayo. Oku kuluncedo kwizakhiwo zothungelwano oluntsonkothileyo apho i-traffic kufuneka ifakwe phezu kwamacandelo ahlukeneyo.
I-SPAN ekude (RSPAN)
I-SPAN ekude (i-RSPAN) iyafana ne-SPAN, kodwa ixhasa izibuko zomthombo, ii-VLAN zomthombo, kunye neendawo zokusingwa kwiiswitshi ezahlukeneyo, ezibonelela ngetrafikhi yokubeka iliso ekude ukusuka kumazibuko omthombo asasazwe ngaphezulu kokutshintsha okuninzi kwaye ivumela indawo ekuyiwa kuyo ukuba ibeke phakathi izixhobo zokubamba inethiwekhi. Iseshoni ye-RSPAN nganye ithwala itrafikhi ye-SPAN ngaphezulu kwe-VLAN ye-RSPAN echazwe ngumsebenzisi kubo bonke abatshintshayo abathatha inxaxheba. Le VLAN ke ibotshelelwe kwezinye iiswitshi, ivumela itrafikhi yeseshoni ye-RSPAN ukuba ithuthwe ngokunqamleza utshintshiselwano oluninzi kwaye isiwe kwindawo yokubanjwa kwesikhululo. I-RSPAN ibandakanya iseshoni yomthombo we-RSPAN, i-VLAN ye-RSPAN, kunye neseshoni yokufikela ye-RSPAN.
Izikhokelo okanye izithintelo kwi-RSPAN:
- I-VLAN ethile kufuneka imiselwe indawo ye-SPAN eya kuthi inqumle phakathi kokutshintsha okuphakathi ngekhonkco le-trunk ukuya kwizibuko ekuyiwa kulo.
-Unokwenza uhlobo olufanayo lomthombo-ubuncinci izibuko elinye okanye iVLAN enye kodwa ayinakuba ngumxube.
- Indawo ekuyiwa kuyo iseshoni yi-RSPAN VLAN kune-port enye ekutshintsheni, ngoko ke onke amazibuko kwi-RSPAN VLAN aya kufumana i-traffic ye-mirrored.
Qwalasela nayiphi na i-VLAN njenge-VLAN ye-RSPAN ukuba nje zonke izixhobo zenethiwekhi ezithatha inxaxheba zixhasa uqwalaselo lwe-RSPAN VLAN, kwaye usebenzise i-RSPAN VLAN efanayo kwiseshoni nganye ye-RSPAN
- I-VTP inokusasaza ukucwangciswa kwee-VLAN ezinenombolo ye-1 nge-1024 njenge-RSPAN VLANs, kufuneka iqwalasele ngesandla ii-VLAN ezinenombolo ephezulu kune-1024 njenge-RSPAN VLAN kuwo wonke umthombo, ophakathi, kunye neendawo zokusingwa izixhobo zenethiwekhi.
- Ukufunda ngedilesi ye-MAC kuvaliwe kwi-RSPAN VLAN.
Kufakwe i-SPAN ekude (ERSPAN)
I-Ecapsulated remote SPAN (ERSPAN) izisa i-generic routing encapsulation (GRE) yayo yonke itrafikhi efakiweyo kwaye ivumela ukuba yandiswe kwi-Layer 3 domains.
I-ERSPAN yiCisco proprietaryisici kwaye ifumaneka kuphela kwi-Catalyst 6500, 7600, Nexus, kunye ne-ASR 1000 yamaqonga ukuza kuthi ga ngoku. I-ASR 1000 isekela umthombo we-ERSPAN (ukubeka iliso) kuphela kwi-Fast Ethernet, i-Gigabit Ethernet, kunye ne-port-channel interfaces.
Izikhokelo okanye izithintelo kwi-ERSPAN:
-Iiseshini zemithombo ye-ERSPAN ayikhupheli i-ERSPAN GRE-encapsulated traffic esuka kumazibuko omthombo. Iseshini nganye yomthombo we-ERSPAN ingaba namazibuko okanye iiVLAN njengemithombo, kodwa hayi zombini.
Nokuba yeyiphi na isayizi ye-MTU eqwalaselweyo, i-ERSPAN yenza iipakethi zeLayer 3 ezinobude be-9,202 bytes. Itrafikhi ye-ERSPAN isenokulahlwa nalo naluphi na ujongano kumsebenzi wothungelwano olunyanzelisa ubukhulu be-MTU obungaphantsi kwe-9,202 bytes.
- I-ERSPAN ayikuxhasi ukwahlulwa kwepakethi. I-"don fragment" bit imiselwe kwiheader ye-IP yeepakethi ze-ERSPAN. Iiseshini yendawo yokufikela ye-ERSPAN ayinakuphinda idibanise iipakethi ezahluliwe ze-ERSPAN.
- I-ID ye-ERSPAN yahlula i-traffic ye-ERSPAN efika kwidilesi ye-IP enye ukusuka kwiiseshoni zomthombo ezahlukeneyo ze-ERSPAN; i-ID ye-ERSPAN eqwalaselweyo kufuneka ihambelane nomthombo kunye nezixhobo ekuyiwa kuzo.
- Kwizibuko lomthombo okanye umthombo weVLAN, i-ERSPAN inokubeka iliso ekungeneni, ekuphumeni, okanye kokubini ukungena nokuphuma kwetrafikhi. Ngokungagqibekanga, i-ERSPAN ibeka iliso kuyo yonke i-traffic, kuquka i-multicast kunye ne-Bridge Protocol Data Unit (BPDU) isakhelo.
- Ujongano lwetonela oluxhaswa njengamazibuko omthombo weseshoni yomthombo we-ERSPAN yi-GRE, IPinIP, SVTI, IPv6, IPv6 phezu kwetonela ye-IP, i-Multipoint GRE (mGRE) kunye ne-Secure Virtual Tunnel Interfaces (SVTI).
Isihluzi seVLAN asisebenzi kwiseshoni yokubeka iliso ye-ERSPAN kujongano lweWAN.
- ERSPAN on Cisco ASR 1000 IiRouters Series ixhasa kuphela Layer 3 ujongano. Ujongano lwe-Ethernet aluxhaswanga kwi-ERSPAN xa luqwalaselwe njengoMaleko 2 wojongano.
- Xa iseshoni iqwalaselwe nge-ERSPAN yoqwalaselo CLI, i-ID yeseshoni kunye nohlobo lweseshoni ayinakuguqulwa. Ukuzitshintsha, kufuneka uqale usebenzise i nofomu yomyalelo woqwalaselo ukususa iseshoni kwaye emva koko uqwalasele iseshoni.
- Ukukhutshwa kwe-Cisco IOS XE 3.4S :- Ukubekwa esweni kweepakethi zetonela ezingakhuselekanga ze-IPsec zixhaswa kwi-IPv6 kunye ne-IPv6 phezu kwemidibaniso yetonela ye-IP kuphela kwiiseshoni zomthombo we-ERSPAN, hayi kwiiseshoni zokusingwa ze-ERSPAN.
- Cisco IOS XE Release 3.5S, inkxaso yongezwa kwezi ntlobo zilandelayo ze-WAN zojongano njengamazibuko omthombo weseshoni yomthombo: Uthotho (T1/E1, T3/E3, DS0) , Ipakethi phezu kweSONET (POS) (OC3, OC12) kunye ne-Multilink PPP (i-multilink, i-pos, kunye namagama angundoqo we-serial yongezwa kumyalelo we-source interface).
Ukusebenzisa i-ERSPAN njenge-SPAN yasekuhlaleni:
Ukusebenzisa i-ERSPAN ukujonga i-traffic nge-port enye okanye ngaphezulu okanye i-VLAN kwisixhobo esifanayo, kufuneka senze umthombo we-ERSPAN kunye neeseshoni ze-ERSPAN zendawo yokufikela kwisixhobo esifanayo, ukuhamba kwedatha kwenzeka ngaphakathi kwe-router, efana naleyo kwi-SPAN yendawo.
Ezi meko zilandelayo ziyasebenza ngelixa usebenzisa i-ERSPAN njenge-SPAN yendawo:
- Zombini iiseshini zine-ID ye-ERSPAN efanayo.
- Zombini iiseshini zinedilesi ye-IP efanayo. Le dilesi ye IP yi routers idilesi ye IP; oko kukuthi, idilesi ye IP okanye idilesi ye IP eqwalaselweyo nakweliphi na izibuko.
| (config)# monitor iseshoni 10 uhlobo ersspan-umthombo |
| (config-mon-ersspan-src)# ujongano lomthombo Gig0/0/0 |
| (config-mon-ersspan-src)# indawo yokufikela |
| (config-mon-ersspan-src-dst)# idilesi ye-ip 10.10.10.1 |
| (config-mon-ersspan-src-dst)# imvelaphi yedilesi ye-ip 10.10.10.1 |
| (config-mon-ersspan-src-dst)# ersspan-id 100 |
Ixesha lokuposa: Aug-28-2024
