I-Netflow kunye ne-IPFIX zezobuchwephesha ezisetyenziselwa ukubekwa kweliso kumdlalo wenethiwekhi kunye nohlalutyo. Babonelela ngokuqonda kwincwadi yendlela yenethiwekhi, ukulungiselela ukusebenza kwintsebenzo, ukucocwa kwentsebenzo, kunye nohlalutyo lwezokhuseleko.
I-Netflow:
Yintoni i-netflow?
I-netflowsisisombululo sokuqala sokuhamba sokuhamba, senziwa nge-cisco ngasekupheleni kweminyaka yo-1990. Zininzi iinguqulelo ezahlukeneyo, kodwa uninzi lweenqanawa zisekwe kwi-Netfflow V5 okanye i-Netflow V9. Ngelixa inguqulelo nganye inezakhono ezahlukeneyo, ukusebenza okusisiseko kuhlala kunjalo:
Okokuqala, i-router, tshintsha, i-firewall, okanye olunye uhlobo lwesixhobo luya kufaka ulwazi malunga nenethiwekhi "ihamba"-ngokusisiseko i-Stocket efana nedilesi ye-pakethi kunye nedilesi yendawo, uhlobo lweprotocol. Emva kokuhamba kwenziwe idliwe okanye ixesha elichazwe kwangaphambili lidlulile, ifowuni iya kuthunyelwa ngaphandle iirekhodi zokuhamba ziye kwiqumrhu eliziwa ngokuba "ngumqokeleli oqukuqelayo".
Okokugqibela, "umhlana wehlalutyuli ohambahambayo" uyaziva ezo rekhodi, ebonelela ngokuqonda ngendlela yokuboniswa, izibalo, kunye nengxelo yexesha lokwenyani. Ukuziqhelanisa, abaqokeleli kunye nabahlalutyi behlala beliziko elinye, bahlala bedityaniswa kwisisombululo esikhulu sokubeka iliso kwinethiwekhi.
I-Netwflow isebenza ngokukhawuleza. Xa umatshini wabathengi efikelela kwiserver, i-Netflow iya kuqala ukufaka idatha kwaye ixhaswe i-metadatata ukusuka ekuhambeni. Emva kokuba iSeshini iphelisiwe, i-Netflow iya kuthumela irekhodi elipheleleyo kumqokeleli.
Nangona isasetyenziswa rhoqo, i-Netfflow V5 inenani leentsilelo. Amasimi athunyelwa ethunyelwa ethunyelwa, iliso iliso ixhaswa kuphela kwisikhokelo se-iPv6, i-MPLs, kunye neVXLAN ayixhaswa. I-Netflow v9, nayo iphawulwe njengeNewfflow Tyflow (FNF), idilesi yezi sithintelo, ivumela abasebenzisi ukuba bakhe iitemplate zesiko kunye nokongeza inkxaso kubuchwepheshe obutsha.
Abathengisi abaninzi bafumana iindlela zawo zeNetflow, ezifana neJFlow evela kwiJuniper kunye ne-netstream evela eHuawei. Nangona uqwalaselo lungahluka ngandlela ithile, ezi zimiliselo zihlala zivelisa iirekhodi zokuhamba ezihambelana nabaqokeleli beNetflom kunye nabahlalutyi.
Iimpawu eziphambili zeNetflow:
~ Idatha yokuhamba: I-Netflow ivelisa iirekhodi zokuhamba ezibandakanya iinkcukacha ezinje ngomthombo kunye needilesi ze-IP, amazibuko, i-Times, iPactes, iindidi ze-byte kunye neendidi zeProtte.
~ Ukuhlolwa kwetrafikhi: I-Netflow inikezela ukubonakala kwiipateni zendlela yenethiwekhi, ivumela abaphathi ukuba bachonge izicelo eziphezulu, iindawo zokugqibela, kunye nemithombo yezithuthi.
~I-Anomaly ifunyenwe: Ngokuhlalutya idatha, i-Netflow inokufumana i-Anomies efana nokusetyenziswa kwebhendi egqithisileyo, i-COLD yenethiwekhi, okanye iipateni zendlela ezingaqhelekanga.
~ Uhlalutyo loKhuseleko: I-Netfflow inokusetyenziselwa ukufumana nokuphanda izehlo zokhuseleko, njengokusasazwa kwenkonzo-yenkonzo
Iinguqulelo ze-Netflow: I-Netflow ivele ngokuhamba kwexesha, kwaye iinguqulelo ezahlukeneyo zikhululwe. Ezinye iinguqulelo ezibonakalayo zibandakanya i-Netflow V5, netflow V9, kunye neNetflow yeNetleclow. Inguqulelo nganye yazisa ngeziko kunye nezakhono ezongeziweyo.
Ipfix:
Yintoni ipfix?
Umgangatho we-IIETF ovele ekuqaleni kuka-2000s, kwi-Intanethi yeProtocol yeProtocol yeProtokholi yeProtocol (IPfix) ifana kakhulu neNetflow. Ngapha koko, i-Netflow V9 yasebenza njengesiseko se-IPFIX. Umahluko ophambili phakathi kwezi zimbini kukuba i-IPFIX ngumgangatho ovulekileyo, kwaye ixhaswa ngabathengisi abaninzi bothungelwano ngaphandle kwe-cisco. Ngaphandle kwamacandelo ambalwa ambalwa ongezelelweyo kwi-IPFIX, iifomathi ziphantse zibethe. Ngapha koko, i-IPFIX ngamanye amaxesha idluliselwe kwi "Netfflow V10".
Ngenxa yenxalenye yokufana kwayo kwiNetflow, iPfix iyonwabela inkxaso ebanzi phakathi kwezisombululo zokuhlola inethiwekhi kunye nezixhobo zenethiwekhi.
I-IPfix (i-Intanethi yeProtocol Propoll Putoree) yi-protocol eqhelekileyo ephuhliswe ngumsebenzi wobunjineli bobunjineli kwi-Intanethi (i-IETF). Isekwe kwi-Netfflow Version 9 Ukucaciswa kwaye kubonelela ngefomathi emiselweyo yokuthumela ngaphandle iirekhodi ezihamba ngaphandle kwezixhobo zenethiwekhi.
I-IPFIX yakha phezu kweekhonsepthi zeNetflow kwaye ikhubekisa ukuba inikele bhetyebhetye ngakumbi kunye nokusebenzisana kuzo kuwo othengiswayo kunye nezixhobo. Yazisa ngengqondo yeetemplate, ukuvumela inkcazo eguqukayo yolwakhiwo lwerekhodi kunye nomxholo. Oku kwenza ukuba ukubandakanywa kwabantu, inkxaso yeeprothokholi ezintsha, kunye nokwandiswa.
Iimpawu eziphambili ze-IPFIX:
~ Indlela esekwe kwitemplate: IPfix isebenzisa iitemplate ukuchaza ubume kunye nomxholo weerekhodi ezihambayo, ekunikezeleni ukubaguqukela ekuhlaleni iindawo ezahlukeneyo zedatha kunye nolwazi oluthile lomgaqo.
~ Ukusebenzisana: IPfix ngumgangatho ovulekileyo, ukuqinisekisa ukuba amandla okujonga ukuhamba okuqhubekayo kubathengisi beenethiwekhi ezahlukeneyo kunye nezixhobo.
~ Inkxaso ye-IPV6I-IPFIX ye-IPVICT ixhasa i-IPV6, iyenza ilungele ukubeka iliso nokuhlalutya itrafikhi kwinethiwekhi ye-IPV6.
~Ukhuseleko oluphuculweyoI-IPFIX ibandakanya izinto zokhuseleko ezinje ngoKhuseleko lweeMveliso zoThutho (i-TLS) encryption kunye nokugcina uMyalezo Jonga ukukhusela ubumfihlo kunye nokunyaniseka kwedatha yokuhamba ngexesha lokuhambisa.
I-IPfix ixhaswa ngokubanzi ngabathengisi beenethiwekhi ezahlukeneyo, zenza ukuba kuthathwe ukuba ingabakhethi-cala kwaye ithathelwe ingqalelo ekuthandeni ukubekwa kweliso kwindlela yokuhamba kwenethiwekhi.
Ke, yintoni umahluko phakathi kwe-netflow kunye ne-ipfix?
Impendulo elula kukuba i-Netflow yiprotokholi yonyango ye-cisco ye-cisco inikezwe malunga no-1996 kunye ne-IPfix ngumzimba wayo ovunyiweyo.
Zombini iiprotocol zisebenza kwi njongo enye: Ukuvula iinjineli zenethiwekhi kunye nabalawuli ukuba baqokelele kwaye bahlalutye ngenqanaba lokuhamba kwendlela yokuhamba kwetrafikhi. I-CIsCO iphuhlise i-netflow ye-netlow ukuze i-switches yayo kunye nee-router zingayivelisa le ngcaciso ixabisekileyo. Ngenxa yokuba ulawulo lwe-cisco gear, i-netmy ngokukhawuleza yaba luphawu lwe-de-facto facto yohlalutyo lwezithuthi. Nangona kunjalo, abantu abakhuphisana nabakhuphiswano baqonda ukuba ukusebenzisa iprothokholi ye-propriet elawulwa yimbangi oyintloko yayingeyonto ilungileyo kwaye ngenxa yoko i-IIDF ikhokelele umzamo wokuhlengahlengisa iprotokholi evulekileyo, eyi-IPFIX.
I-IPfix isekwe kwi-Netfflow Version 9 kwaye ekuqaleni yayiziswa ngo-2005 kodwa yathatha inani leminyaka ukufumana ukwamkelwa kwimveliso. Okwangoku, ezi protocol ezimbini zifana ngokufanayo kwaye nangona igama le-Netffw liseziziphumo ezixhaphakileyo kakhulu (nangona zingezizo zonke) ezihambelana nomgangatho we-IPfix.
Nantsi itafile eshwankathela umahluko phakathi kwe-netflow kunye ne-IPFIX:
| Inkalo | I-netflow | Ipfix |
|---|---|---|
| Imvelaphi | Itekhnoloji ye-proprierietriction iphuhliswe yiCisco | Iprotocol yeShishini leShishini esekwe kwiNetflow Version 9 |
| Ukubekwa emgangathweni | Itekhnoloji ethile yeCisco | Umgangatho ovulekileyo ochazwe yi-IETF kwi-RFC 7011 |
| Bhetyebhetye | Iinguqulelo ezivusiweyo ezineempawu ezithile | Ukuguquguquka okukhulu kunye nokusebenzisana kubathengisi |
| Ifomati yedatha | Iipakethi zobukhulu | Indlela esekwe kwi-template yeefomathi ezihamba phambili |
| Inkxaso yeTemplate | Ayixhaswanga | Iitemplates eziguqukayo kwicandelo eliguqulweyo |
| Inkxaso yomthengisi | Ikakhulu izixhobo zeCisco | Inkxaso ebanzi kubo bonke abathengisi beenethiwekhi |
| Ukwanda kwandise | UKUSETYENZISWA KOMSEBENZI | Ukubandakanywa kwezimimandla zesiko kunye nedatha ethile |
| Umahluko weProtocol | Umahluko ocacileyo weCisco | Inkxaso ye-IPv6 yeNkundla ye-IPv6, iinketho ezirekhodiweyo zokuhamba |
| Iimpawu zokhuseleko | Iimpawu zokhuseleko ezilinganiselweyo | UKHUSELEKO LOKHUSELEKO LWEZOTHUMI (TSS) encryption, ingqibelelo yomyalezo |
Ukujongwa kokuhamba kwenethiwekhiNgaba ingqokelela, uhlalutyo, kunye nokubeka iliso kwitrafikhi ephuma kwinethiwekhi okanye inethiwekhi yenethiwekhi. Iinjongo zinokwahluka kwinkcitho yoNxibelelwano kwingxaki yokucwangcisa ulwabiwo lwe-bandwid yexesha elizayo. Ukubetshiswa kweliso kunye nesampulu yepakethi kunokuba luncedo ekuchongeni imicimbi yokhuseleko.
Ukubek'esweni ukuhamba kokuhamba kunika amaqela eenethiwekhi imbono elungileyo yendlela inethiwekhi isebenza ngayo, ukubonelela nge-ntetho, ukusetyenziswa kwesicelo, ukusetyenziswa kwesicelo, ukusetyenziswa kwesicelo, iibhotile ezinokubakho, i-anomalies ezinokuthi zisayine izoyikiso zokhuseleko, kwaye ngaphezulu. Kukho imigangatho eyahlukeneyo kunye neefomathi ezisetyenziselwa ukubeka iliso kwindlela yokuhamba kwenethiwekhi, kubandakanya ne-netflow, i-sflow, kunye ne-Intanethi yeProtocol yoLwazi lokuthumela ngaphandle (iPfix). Intsebenziswano nganye ngendlela eyahlukileyo, kodwa zonke zahlukile kwiPort Shelring kunye nokuhlolwa kwepakethi enzulu kubangazi ukubamba iziqulatho zepakethi nganye edlula ngaphezulu kwe-port okanye iswitshi. Nangona kunjalo, ukubek'esweni ukuhamba kokuhamba kubonelela ngolwazi oluthe kratya kune-snump, enqumlayo ngokubanzi kwiinkcukacha-manani ezibanzi njengepakethi ye-bandwidy.
Izixhobo zokungena zenethiwekhi zithelekiswa
| Inqaku | I-Netflow V5 | I-Netflow v9 | i-sflow | Ipfix |
| Vula okanye i-proprietary | I-proprietary | I-proprietary | Vula | Vula |
| Isampulu okanye ukuhamba ngokusekwe | Ngokuyintloko ukuhamba; Imowudi yemodeli iyafumaneka | Ngokuyintloko ukuhamba; Imowudi yemodeli iyafumaneka | Isampulu | Ngokuyintloko ukuhamba; Imowudi yemodeli iyafumaneka |
| Ulwazi olubanjiweyo | I-Metadata kunye nolwazi lweenkcukacha-manani, kubandakanya nee-Byte eziTshintshelweyo, ukuHanjiswa kweAppricary njalo njalo | I-Metadata kunye nolwazi lweenkcukacha-manani, kubandakanya nee-Byte eziTshintshelweyo, ukuHanjiswa kweAppricary njalo njalo | Gqibezela iintloko zepakethi, iPakethi yePakethi yePakethi | I-Metadata kunye nolwazi lweenkcukacha-manani, kubandakanya nee-Byte eziTshintshelweyo, ukuHanjiswa kweAppricary njalo njalo |
| I-Ingress / i-Ergress EyokuBekwa | I-Ingress kuphela | I-Ingress kunye ne-egress | I-Ingress kunye ne-egress | I-Ingress kunye ne-egress |
| IPV6 / VLAN / Inkxaso ye-MPLS | No | Ewe | Ewe | Ewe |
Ixesha lasemva kwexesha: Mar-18 ukuya kwi-2024
