I-NetFlow kunye ne-IPFIX zombini iitekhnoloji ezisetyenziselwa ukujonga nokuhlalutya kwenethiwekhi. Banikezela ngemibono kwiipatheni zendlela yothungelwano, ukuncedisa ekusebenzeni kakuhle, ukulungisa iingxaki, kunye nohlalutyo lokhuseleko.
I-NetFlow:
Yintoni iNetFlow?
NetFlowsisisombululo sokuqala sokujonga ukuhamba, esaphuhliswa yiCisco ngasekupheleni kweminyaka yoo-1990. Iinguqulelo ezininzi ezahlukeneyo zikhona, kodwa uninzi lokuthunyelwa lusekwe nokuba yi-NetFlow v5 okanye i-NetFlow v9. Ngelixa inguqulelo nganye inezakhono ezahlukeneyo, umsebenzi osisiseko uhlala ufana:
Okokuqala, i-router, i-switch, i-firewall, okanye olunye uhlobo lwesixhobo luya kubamba ulwazi kwinethiwekhi "yokuhamba" - ngokusisiseko iseti yeepakethi ezabelana ngeseti eqhelekileyo yeempawu ezifana nomthombo kunye nedilesi yendawo, umthombo, kunye nendawo yokufikela, kunye neprotocol. uhlobo. Emva kokuba ukuhamba kuphelile okanye ixesha elichazwe kwangaphambili lidlulile, isixhobo siya kuthumela iirekhodi zokuqukuqela kwiziko elaziwa ngokuba “ngumqokeleli wokuqukuqela”.
Ekugqibeleni, "umhlalutyi wokuhamba" wenza ingqiqo kwezo rekhodi, ukubonelela ngengqiqo ngendlela yokubonwayo, izibalo, kunye nengxelo yembali kunye nexesha langempela. Ngokwesiqhelo, abaqokeleli kunye nabahlalutyi bahlala beyinto enye, bahlala bedityaniswa kwisisombululo esikhulu sokubekwa kweliso kwinethiwekhi.
I-NetFlow isebenza ngokusemthethweni. Xa umatshini womxhasi ufikelela kumncedisi, i-NetFlow iya kuqalisa ukubamba kunye nokudibanisa imetadata ukusuka ekuhambeni. Emva kokuba iseshoni iphelile, i-NetFlow iya kuthumela irekhodi enye epheleleyo kumqokeleli.
Nangona isasetyenziswa rhoqo, iNetFlow v5 inenani lemida. Imimandla ethunyelwe ngaphandle ilungisiwe, ukubeka esweni kuxhaswa kuphela kwicala lokungena, kwaye iiteknoloji zanamhlanje ezifana ne-IPv6, MPLS, kunye ne-VXLAN abuxhaswanga. I-NetFlow v9, ekwabizwa ngokuba yiFlexible NetFlow (FNF), ijongana neminye yale mida, ivumela abasebenzisi ukuba bakhe iitemplates zesiko kunye nokongeza inkxaso kubuchwepheshe obutsha.
Abathengisi abaninzi bakwanabo ukuphunyezwa kobunikazi beNetFlow, njengejFlow evela kwiJuniper kunye neNetStream evela eHuawei. Nangona ulungelelwaniso lunokwahluka ngandlel’ ithile, olu phunyezo luhlala luvelisa iirekhodi ezihambayo ezihambelana nabaqokeleli beNetFlow kunye nabahlalutyi.
Iimpawu eziphambili zeNetFlow:
~ Flow Data: I-NetFlow ivelisa iirekhodi ezihambayo ezibandakanya iinkcukacha ezifana nomthombo kunye needilesi ze-IP, izibuko, izitampu zexesha, ukubalwa kwepakethi kunye ne-byte, kunye neentlobo zeprotocol.
~ Ukujongwa kweTrafikhi: I-NetFlow ibonelela ngokubonakala kwiipatheni zetrafikhi yenethiwekhi, ivumela abalawuli ukuba bachonge izicelo eziphezulu, iindawo zokuphela, kunye nemithombo yendlela.
~Ukufunyaniswa okungaqhelekanga: Ngokuhlalutya idatha yokuhamba, i-NetFlow inokubona izinto ezingaqhelekanga ezifana nokusetyenziswa ngokugqithisileyo kwe-bandwidth, ukuxinana kwenethiwekhi, okanye iipatheni zetrafikhi ezingaqhelekanga.
~ Uhlalutyo loKhuseleko: I-NetFlow ingasetyenziselwa ukufumanisa kunye nokuphanda iziganeko zokhuseleko, ezifana nokuhlaselwa kwe-dinal-of-service (DDoS) okanye iinzame zokungena ezingagunyaziswanga.
Iinguqulelo zeNetFlow: I-NetFlow iye yavela ngokuhamba kwexesha, kwaye iinguqulelo ezahlukeneyo zikhutshiwe. Ezinye iinguqulelo eziphawulekayo ziquka i-NetFlow v5, i-NetFlow v9, kunye ne-Flexible NetFlow. Inguqulelo nganye yazisa izixhasi kunye nezakhono ezongezelelweyo.
IPFIX:
Yintoni IPFIX?
Umgangatho we-IETF ovele kwiminyaka yokuqala ye-2000, i-Intanethi yeProtocol Flow Information Export (IPFIX) ifana kakhulu ne-NetFlow. Ngapha koko, iNetFlow v9 yasebenza njengesiseko se-IPFIX. Umahluko ophambili phakathi kwezi zimbini kukuba i-IPFIX ngumgangatho ovulekileyo, kwaye ixhaswa ngabathengisi abaninzi bonxibelelwano ngaphandle kweCisco. Ngaphandle kwemimandla embalwa eyongezelelweyo eyongeziweyo kwi-IPFIX, iifomati ziphantse zifane. Ngapha koko, i-IPFIX ngamanye amaxesha ibizwa ngokuba yi "NetFlow v10".
Ngenxa yokufana kwayo ne-NetFlow, i-IPFIX yonwabela inkxaso ebanzi phakathi kwezisombululo zokubeka iliso kuthungelwano kunye nezixhobo zenethiwekhi.
IPFIX (i-Intanethi yeProtocol Flow Information Export) yiprotocol evulelekileyo ephuhliswe yi-Internet Engineering Task Force (IETF). Isekelwe kwi-NetFlow Version 9 inkcazo kwaye ibonelela ngefomathi esemgangathweni yokuthumela ngaphandle kweerekhodi zokuhamba ukusuka kwizixhobo zenethiwekhi.
I-IPFIX yakhela phezu kweengqikelelo zeNetFlow kwaye iyandise ukuba ibonelele ngokuguquguquka ngakumbi kunye nokusebenzisana kubathengisi abahlukeneyo kunye nezixhobo. Yazisa ingcamango yeetemplates, ivumela inkcazo eguquguqukayo yesakhiwo serekhodi yokuhamba kunye nomxholo. Oku kuvumela ukubandakanywa kwemimandla yesiko, inkxaso yemigaqo emitsha, kunye nokwandiswa.
Iimpawu eziphambili ze-IPFIX:
~ Indlela eSekwe kwiSakhelo: I-IPFIX isebenzisa iitemplates ukuchaza isakhiwo kunye nomxholo weerekhodi zokuhamba, ukunika ukuguquguquka ekufakeni imimandla eyahlukeneyo yedatha kunye nolwazi oluthile lweprotocol.
~ Ukusebenzisana: IPFIX ngumgangatho ovulekileyo, oqinisekisa amandla okubeka iliso okuhamba ngokuqhubekayo kubathengisi abahlukeneyo bothungelwano kunye nezixhobo.
~ IPv6 Inkxaso: IPFIX ngokwemveli ixhasa i-IPv6, iyenza ilungele ukubeka iliso kunye nokuhlalutya itrafikhi kuthungelwano lwe-IPv6.
~Ukhuseleko olomeleziweyo: I-IPFIX ibandakanya iimpawu zokhuseleko ezifana ne-Transport Layer Security (TLS) kunye nokuhlolwa kwengqibelelo yomyalezo ukukhusela ubumfihlo kunye nokunyaniseka kwedatha yokuhamba ngexesha lokudluliselwa.
I-IPFIX ixhaswa ngokubanzi ngabathengisi bezixhobo zothungelwano ezahlukeneyo, beyenza ukuba ibe lukhetho olungakhethi cala nolwamkelwe ngokubanzi lokujongwa kokuhamba kwenethiwekhi.
Ke, yintoni umahluko phakathi kweNetFlow kunye ne-IPFIX?
Impendulo elula kukuba iNetFlow yiCisco proprietary protocol eyaziswa malunga no-1996 kwaye i-IPFIX yimigangatho yayo evunyiweyo ngumzalwana.
Zombini iiprothokholi zisebenza injongo enye: ukwenza iinjineli zenethiwekhi kunye nabalawuli ukuba baqokelele kwaye bahlalutye inqanaba lenethiwekhi yokuhamba kwetrafikhi ye-IP. I-Cisco iphuhlise i-NetFlow ukuze iiswitshi zayo kunye nee-routers zikwazi ukukhupha olu lwazi luxabisekileyo. Ngenxa yolawulo lwegiya yeCisco, iNetFlow yakhawuleza yaba ngumgangatho we-de-facto wohlalutyo lwetrafikhi yenethiwekhi. Nangona kunjalo, abakhuphisana kushishino baqonda ukuba ukusebenzisa iprothokholi yobunini elawulwa yimbangi yayo eyintloko yayingengombono ulungileyo kwaye kungoko i-IETF ikhokele iinzame zokulinganisa iprotocol evulekileyo yohlalutyo lwendlela, eyi-IPFIX.
IPFIX isekwe kuguqulelo lwe-NetFlow 9 kwaye yaziswa ekuqaleni malunga no-2005 kodwa yathatha inani leminyaka ukufumana ukwamkelwa kweshishini. Okwangoku, ezi nkqubo zimbini ziyafana kwaye nangona igama elithi NetFlow lisaxhaphake kakhulu uninzi lokuphunyezwa (nangona ingezizo zonke) ziyahambelana nomgangatho we-IPFIX.
Nantsi itheyibhile eshwankathela umahluko phakathi kweNetFlow kunye ne-IPFIX:
| Umba | NetFlow | IPFIX |
|---|---|---|
| Imvelaphi | Itekhnoloji yobunini ephuhliswe nguCisco | Iprothokholi yomgangatho weshishini esekwe kwi-NetFlow Version 9 |
| Ukubekwa emgangathweni | Itekhnoloji yeCisco-specific | Vula umgangatho ochazwe yi-IETF kwi-RFC 7011 |
| Ukuba bhetyebhetye | Iinguqulelo eziguquliweyo ezineempawu ezithile | Ukuguquguquka okukhulu kunye nokusebenzisana kubo bonke abathengisi |
| Ubume beDatha | Iipakethi ezinobungakanani obusisigxina | Indlela esekwe kwithempleyithi yeefomathi zerekhodi eziqukuqelayo ezinokwenziwa ngokwezifiso |
| Inkxaso yeTemplate | Ayixhaswa | Iitemplates eziguquguqukayo zokubandakanywa kwintsimi eguquguqukayo |
| Inkxaso yomthengisi | Ngokuyintloko izixhobo zeCisco | Inkxaso ebanzi kubo bonke abathengisi bothungelwano |
| Ukwandiswa | Uhlengahlengiso olulinganiselweyo | Ukubandakanywa kwemimandla yesiko kunye nesicelo-idatha ethile |
| Umahluko weProtocol | Iinguqu ezithile zeCisco | Inkxaso ye-IPv6 yoMthonyama, ukhetho oluphuculweyo lwerekhodi lokuqukuqela |
| Iimpawu zoKhuseleko | Iimpawu zokhuseleko ezilinganiselwe | Ukhuseleko loMaleko wezoThutho (TLS) uguqulelo oluntsonkothileyo, imfezeko yomyalezo |
UkuJonga ukuHamba kweNethiwekhiyingqokelela, uhlalutyo, kunye nokubeka iliso kwitrafikhi enqumla kuthungelwano olunikiweyo okanye icandelo lothungelwano. Iinjongo zinokwahluka ukusuka kwimiba yoqhagamshelo lokusombulula ingxaki ukuya kucwangciso lolwabiwo lomda wexesha elizayo. Ukujongwa okuqukuqelayo kunye neesampulu zepakethi kunokuba luncedo ekuchongeni nasekulungiseni imiba yokhuseleko.
Ukujongwa okuhambayo kunika amaqela othungelwano umbono olungileyo wendlela uthungelwano olusebenza ngayo, ukubonelela ngolwazi malunga nokusetyenziswa ngokubanzi, ukusetyenziswa kwesicelo, imiqobo enokuthi ibekho, izinto ezingaqhelekanga ezinokubonisa izoyikiso zokhuseleko, kunye nokunye. Kukho imigangatho eyahlukeneyo kunye neefomathi ezisetyenziswayo ekujongweni kokuhamba komsebenzi womnatha, kuquka i-NetFlow, i-sFlow, kunye ne-Internet Protocol Flow Information Export (IPFIX). Nganye isebenza ngendlela eyahluke kancinane, kodwa zonke zahlukile kwisipili sezibuko kunye nokuhlolwa kwepakethi enzulu kuba azibambi imixholo yepakethi nganye edlula kwizibuko okanye ngokutshintsha. Nangona kunjalo, ukujonga ukuhamba kubonelela ngolwazi olungakumbi kune-SNMP, ehlala ilinganiselwe kwiinkcukacha-manani ezibanzi njengepakethi iyonke kunye nokusetyenziswa kwe-bandwidth.
Izixhobo zoThungelwano lokuHamba xa zithelekiswa
| Uphawu | I-NetFlow v5 | I-NetFlow v9 | sFlow | IPFIX |
| Vula okanye uBunini | Ubunikazi | Ubunikazi | Vula | Vula |
| Isampulu okanye iFlow Based | Ngokusisiseko Flow Ngokusekwe; Imowudi eyisampula iyafumaneka | Ngokusisiseko Flow Ngokusekwe; Imowudi eyisampula iyafumaneka | Isampuli | Ngokusisiseko Flow Ngokusekwe; Imowudi eyisampula iyafumaneka |
| Ulwazi luthathiwe | Imethadatha kunye nolwazi lwamanani, kubandakanywa iibhayithi ezidluliselweyo, izixhobo zokubala zojongano njalo njalo | Imethadatha kunye nolwazi lwamanani, kubandakanywa iibhayithi ezidluliselweyo, izixhobo zokubala zojongano njalo njalo | Gqibezela izihloko zePakethi, iiPakethi zePakethi eziHluliweyo | Imethadatha kunye nolwazi lwamanani, kubandakanywa iibhayithi ezidluliselweyo, izixhobo zokubala zojongano njalo njalo |
| I-Ingress / Egress Monitoring | Ingress Kuphela | I-Ingress kunye ne-Egress | I-Ingress kunye ne-Egress | I-Ingress kunye ne-Egress |
| IPv6/VLAN/MPLS Inkxaso | No | Ewe | Ewe | Ewe |
Ixesha lokuposa: Mar-18-2024
