Kwimeko yedijithali yanamhlanje, apho ufikelelo lwe-intanethi lukho kuyo yonke indawo, kubalulekile ukuba nemilinganiselo yokhuseleko eyomeleleyo kwindawo yokukhusela abasebenzisi ekufikeleleni kwiiwebhusayithi ezinokuba nobungozi okanye ezingafanelekanga. Esinye isisombululo esisebenzayo kukuphunyezwa kwe-Network Packet Broker (NPB) ukubeka iliso nokulawula i-traffic network.
Masihambe kwimeko yokuqonda ukuba iNPB inokuxhaswa njani ngale njongo:
1- Umsebenzisi ufikelela kwiwebhusayithi: Umsebenzisi uzama ukufikelela kwiwebhusayithi kwisixhobo sakhe.
2- Iipakethi ezidlulayo ziphinda-phindwa ngePassive Tap: Njengoko isicelo somsebenzisi sihamba ngenethiwekhi, i-Passive Tap iphinda iipakethi, ivumela i-NPB ukuba ihlalutye i-traffic ngaphandle kokuphazamisa unxibelelwano lokuqala.
I-3- I-Network Packet Broker idlulisela le traffic elandelayo kwiSeva yePolisi:
- HTTP GET: I-NPB ichonga isicelo se-HTTP GET kwaye isigqithisele kwiSeva yePolisi ukuze ihlolwe ngakumbi.
- Umxhasi we-HTTPS TLS Molo: Ngetrafikhi ye-HTTPS, i-NPB ibamba ipakethi ye-TLS ye-Client Hello kwaye iyithumele kwiSeva yePolisi ukumisela indawo yewebhusayithi.
4- Iseva yePolisi ijonga ukuba ngaba iwebhusayithi ekufikelelwe kuyo ikuluhlu oluvaliweyo: ISeva yePolisi, exhotyiswe ngesiseko sedatha yeewebhusayithi ezinobungozi okanye ezingafunekiyo ezaziwayo, ijonga ukuba iwebhusayithi eceliweyo ikuluhlu olumnyama.
I-5- Ukuba iwebhusayithi ikuluhlu olumnyama, iSeva yePolisi ithumela i-TCP Reset packet:
- Kumsebenzisi: Umncedisi wePolisi uthumela ipakethi ye-TCP yokuSeta ngokutsha kunye ne-IP yomthombo wewebhusayithi kunye ne-IP yendawo yomsebenzisi, ngokufanelekileyo ukuphelisa uxhulumaniso lomsebenzisi kwiwebhusayithi efakwe kuluhlu olumnyama.
- Kwiwebhusayithi: Iseva yePolisi iphinda ithumele ipakethi ye-TCP yokuSeta kwakhona kunye ne-IP yomthombo womsebenzisi kunye ne-IP yendawo yewebhusayithi, ukunqumla uxhumano ukusuka kwelinye icala.
6- HTTP ukuqondisa kwakhona (ukuba itrafikhi yiHTTP): Ukuba isicelo somsebenzisi senziwe nge-HTTP, iSeva yePolisi iphinda ithumele i-HTTP ephinda iqondise kumsebenzisi, iphinde ibaqondise kwindawo ekhuselekileyo, enye iwebhusayithi.
Ngokuphumeza esi sisombululo usebenzisa i-Network Packet Broker kunye ne-Policy Server, imibutho inokubeka iliso ngokufanelekileyo kwaye ilawule ukufikelela komsebenzisi kwiiwebhusayithi ezifakwe kuluhlu olumnyama, ukukhusela inethiwekhi yabo kunye nabasebenzisi kwingozi enokwenzeka.
Umthengisi wePakethi yeNethiwekhi (NPB)izisa itrafikhi evela kwimithombo emininzi yokucoca okongeziweyo ukunceda ukulungelelanisa imithwalo yendlela, ukunqunyulwa kwetrafikhi, kunye nezakhono zokufihla. Ii-NPBs zilungelelanisa ukudityaniswa kwetrafikhi yenethiwekhi evela kwimithombo eyahlukeneyo, kubandakanywa iirotha, iiswitshi, kunye neendonga zomlilo. Le nkqubo yokudibanisa idala umjelo omnye, yenza lula uhlalutyo olulandelayo kunye nokubeka iliso kwimisebenzi yothungelwano. Ezi zixhobo ziqhubela phambili ukuququzelela ukucocwa kwetrafikhi yenethiwekhi ekujoliswe kuyo, ukuvumela imibutho ukuba igxininise kwiidatha ezifanelekileyo zombini uhlalutyo kunye neenjongo zokhuseleko.
Ukongeza kwizakhono zabo zokudibanisa kunye nokucoca, ii-NPB zibonisa ukuhanjiswa kwetrafikhi yenethiwekhi ekrelekrele kuzo zonke izixhobo zokubeka iliso kunye nokhuseleko. Oku kuqinisekisa ukuba isixhobo ngasinye sifumana idatha efunekayo ngaphandle kokuzalisa ngolwazi olungaphandle. Ukulungelelaniswa kwe-NPBs kwandisa ukuhamba kwe-traffic yenethiwekhi, ukulungelelaniswa nezakhono ezizodwa kunye nobuchule bezixhobo ezahlukeneyo zokubeka iliso kunye nokhuseleko. Olu lungelelwaniso lukhuthaza ukusetyenziswa ngokufanelekileyo kwezibonelelo kuwo wonke amaseko othungelwano.
Iinzuzo eziphambili ze-Network Packet Broker zale ndlela ziquka:
-Ukubonakala ngokuBanzi: Ikhono le-NPB lokuphindaphinda i-traffic yenethiwekhi ivumela ukujonga okupheleleyo kwayo yonke inxibelelwano, kuquka zombini i-HTTP kunye ne-HTTPS ye-traffic.
- Ulawulo lweGranular: Ikhono loMncedisi wePolisi ukugcina uluhlu olumnyama kunye nokuthatha izenzo ezijoliswe kuzo, ezifana nokuthumela iipakethi ze-TCP zokuSeta kwakhona kunye nokuhanjiswa kwe-HTTP, ibonelela ngolawulo lwegranular ukufikelela komsebenzisi kwiiwebhusayithi ezingathandekiyo.
-Scalability: Ukuphathwa ngokufanelekileyo kwe-NPB yetrafikhi yothungelwano iqinisekisa ukuba esi sisombululo sokhuseleko sinokulinganiswa ukuze sihlangabezane neemfuno ezikhulayo zabasebenzisi kunye nobunzima bothungelwano.
Ngokusebenzisa amandla e-Network Packet Broker kunye ne-Policy Server, imibutho inokuphucula ukhuseleko lwenethiwekhi kunye nokukhusela abasebenzisi babo kwiingozi ezinxulumene nokufikelela kwiiwebhusayithi ezimnyama.
Ixesha lokuposa: Jun-28-2024
