I-NetFlow kunye ne-IPFIX zombini ziiteknoloji ezisetyenziselwa ukujonga nokuhamba kwenethiwekhi kunye nohlalutyo. Zibonelela ngengqiqo kwiipateni zethrafikhi yenethiwekhi, zinceda ekwenzeni ngcono ukusebenza, ukusombulula iingxaki, kunye nohlalutyo lokhuseleko.
I-NetFlow:
Yintoni iNetFlow?
I-NetFlowsisisombululo sokuqala sokujonga ukuhamba kombane, esaphuhliswa yiCisco ngasekupheleni kweminyaka yoo-1990. Kukho iinguqulelo ezahlukeneyo, kodwa uninzi lwezinto ezisetyenziswayo zisekelwe kwiNetFlow v5 okanye kwiNetFlow v9. Nangona inguqulelo nganye inezakhono ezahlukeneyo, indlela yokusebenza esisiseko ihlala ifana:
Okokuqala, i-router, iswitshi, i-firewall, okanye olunye uhlobo lwesixhobo luya kuthatha ulwazi "kwiindlela ezihamba ngayo" zenethiwekhi - ngokusisiseko iseti yeepakethi ezabelana ngeseti efanayo yeempawu ezifana nedilesi yomthombo kunye nendawo oya kuyo, umthombo, kunye nezibuko lendawo oya kuyo, kunye nohlobo lweprotocol. Emva kokuba ukuhamba kuphelile okanye ixesha elimiselweyo lidlulile, isixhobo siya kuthumela iirekhodi zokuhamba kwindawo eyaziwa ngokuba yi "flow collector".
Okokugqibela, "umhlalutyi wokuhamba kwemisebenzi" uyayiqonda loo mibhalo, enika ulwazi ngendlela yokubona izinto, izibalo, kunye nengxelo eneenkcukacha zembali kunye nexesha langempela. Ngokwenyani, abaqokeleli kunye nabahlalutyi badla ngokuba yinto enye, badla ngokudityaniswa babe sisisombululo esikhulu sokujonga ukusebenza kwenethiwekhi.
I-NetFlow isebenza ngendlela eqhelekileyo. Xa umatshini womthengi ufikelela kwiseva, i-NetFlow iya kuqala ukubamba nokuhlanganisa i-metadata ukusuka kwindlela eqhutywa ngayo. Emva kokuba iseshoni iphelile, i-NetFlow iya kuthumela irekhodi enye epheleleyo kumqokeleli.
Nangona isasetyenziswa rhoqo, iNetFlow v5 inemida emininzi. Iintsimi ezithunyelwa ngaphandle azinakuguqulwa, ukujongwa kuxhaswa kuphela kwicala lokungena, kwaye ubuchwepheshe banamhlanje obufana ne-IPv6, i-MPLS, kunye ne-VXLAN abuxhaswa. I-NetFlow v9, ekwabizwa ngokuba yi-Flexible NetFlow (FNF), ijongana neminye yale mida, ivumela abasebenzisi ukuba bakhe iitemplate ezenziwe ngokwezifiso kwaye yongeze inkxaso kwiiteknoloji ezintsha.
Abathengisi abaninzi baneendlela zabo zokusebenzisa iNetFlow, ezifana ne-jFlow evela kwiJuniper kunye neNetStream evela kwiHuawei. Nangona uqwalaselo lunokwahluka kancinci, ezi ndlela zokusebenzisa zihlala zivelisa iirekhodi zokuhamba ezihambelana nabaqokeleli kunye nabahlalutyi beNetFlow.
Iimpawu eziphambili zeNetFlow:
~ Idatha yokuhamba: I-NetFlow ivelisa iirekhodi zokuhamba eziquka iinkcukacha ezifana needilesi ze-IP zomthombo kunye nendawo ekuyiwa kuyo, iiports, iitimestamps, iipakethi kunye neebhayithi, kunye neentlobo zeprotocol.
~ Ukubeka iliso kwiindlela: I-NetFlow ibonelela ngokubonakala kwiipateni zethrafikhi yenethiwekhi, ivumela abalawuli ukuba bachonge usetyenziso oluphambili, iindawo zokugqibela, kunye nemithombo yethrafikhi.
~Ukufunyanwa kwe-AnomalyNgokuhlalutya idatha yokuhamba, iNetFlow inokubhaqa izinto ezingaqhelekanga ezifana nokusetyenziswa kakhulu kwe-bandwidth, ukuxinana kwenethiwekhi, okanye iipatheni zethrafikhi ezingaqhelekanga.
~ Uhlalutyo loKhuseleko: I-NetFlow ingasetyenziselwa ukubona nokuphanda iziganeko zokhuseleko, ezifana nokuhlaselwa kwe-distributed denial-of-service (DDoS) okanye imizamo yokufikelela ngokungagunyaziswanga.
Iinguqulelo zeNetFlow: I-NetFlow iguquke ngokuhamba kwexesha, kwaye kuye kwakhutshwa iinguqulelo ezahlukeneyo. Ezinye iinguqulelo eziphawulekayo ziquka i-NetFlow v5, i-NetFlow v9, kunye ne-Flexible NetFlow. Inguqulelo nganye yazisa uphuculo kunye nezakhono ezongezelelweyo.
I-IPFIX:
Yintoni i-IPFIX?
Umgangatho we-IETF owavela kwiminyaka yoo-2000, i-Internet Protocol Flow Information Export (IPFIX) ifana kakhulu ne-NetFlow. Enyanisweni, i-NetFlow v9 yasebenza njengesiseko se-IPFIX. Umahluko ophambili phakathi kwezi zimbini kukuba i-IPFIX ngumgangatho ovulekileyo, kwaye ixhaswa ngabathengisi abaninzi benethiwekhi ngaphandle kweCisco. Ngaphandle kwamasimi ambalwa ongezelelweyo ongezelelweyo kwi-IPFIX, iifomathi ziphantse zifane. Enyanisweni, i-IPFIX ngamanye amaxesha ibizwa ngokuba yi-"NetFlow v10".
Ngenxa yokufana kwayo neNetFlow, i-IPFIX ixhaswa kakhulu zizisombululo zokubeka esweni inethiwekhi kunye nezixhobo zenethiwekhi.
I-IPFIX (Internet Protocol Flow Information Export) yiprotokholi evulekileyo esemgangathweni eyenziwe yi-Internet Engineering Task Force (IETF). Isekelwe kwinkcazo yeNetFlow Version 9 kwaye ibonelela ngefomathi esemgangathweni yokuthumela iirekhodi zokuhamba ezivela kwizixhobo zenethiwekhi.
I-IPFIX yakhela phezu kweengcamango zeNetFlow kwaye iyazandisa ukuze inike ukuguquguquka okungakumbi kunye nokusebenzisana phakathi kwabathengisi kunye nezixhobo ezahlukeneyo. Ingenisa ingcamango yeetemplate, ivumela inkcazo eguquguqukayo yesakhiwo serekhodi yokuhamba kunye nomxholo. Oku kwenza ukuba kufakwe amasimi enziwe ngokwezifiso, inkxaso yeenkqubo ezintsha, kunye nokwandiswa.
Iimpawu eziphambili ze-IPFIX:
~ Indlela Esekelwe Kwitemplate: I-IPFIX isebenzisa iitemplate ukuchaza ulwakhiwo kunye nomxholo weerekhodi zokuhamba, inika ukuguquguquka ekuqwalaseleni amasimi edatha ahlukeneyo kunye nolwazi oluthile lweprotocol.
~ UkusebenzisanaI-IPFIX ngumgangatho ovulekileyo, oqinisekisa ukuba izakhono zokujonga ukuhamba kolwazi zihlala zisebenza kubathengisi kunye nezixhobo ezahlukeneyo zenethiwekhi.
~ Inkxaso ye-IPv6: I-IPFIX ngokwendalo ixhasa i-IPv6, nto leyo eyenza ifaneleke ukujonga nokuhlalutya ithrafikhi kwiinethiwekhi ze-IPv6.
~Ukhuseleko oluphuculweyo: I-IPFIX ibandakanya iimpawu zokhuseleko ezifana nokubethela i-Transport Layer Security (TLS) kunye nokuhlolwa kokuthembeka kwemiyalezo ukukhusela ubumfihlo kunye nokuthembeka kwedatha yokuhamba ngexesha lokudluliselwa.
I-IPFIX ixhaswa kakhulu ngabathengisi bezixhobo ezahlukeneyo zothungelwano, nto leyo eyenza ukuba ibe lukhetho olungathathi cala kubathengisi kwaye olwamkelwe ngokubanzi lokujonga ukuhamba kwenethiwekhi.
Ngoko ke, yintoni umahluko phakathi kweNetFlow kunye ne-IPFIX?
Impendulo elula kukuba iNetFlow yiprotokholi eyimfihlo yeCisco eyaqaliswa malunga no-1996 kwaye i-IPFIX ngumzalwana wayo ovunyiweyo yimigangatho.
Zombini iiprotokholi zisebenza injongo enye: ukuvumela iinjineli zenethiwekhi kunye nabalawuli ukuba baqokelele kwaye bahlalutye ukuhamba kwetrafikhi ye-IP kwinqanaba lenethiwekhi. I-Cisco yaphuhlisa i-NetFlow ukuze iiswitshi zayo kunye nee-routers zikwazi ukuvelisa olu lwazi luxabisekileyo. Ngenxa yokuba izixhobo zeCisco zazilawula, i-NetFlow yaba ngumgangatho oqhelekileyo wohlalutyo lwetrafikhi yenethiwekhi. Nangona kunjalo, abakhuphisana nabo kushishino baqonda ukuba ukusebenzisa iprotokholi ezimeleyo elawulwa yimbangi yayo eyintloko yayingengombono ulungileyo kwaye yiyo loo nto i-IETF yakhokela umzamo wokumisela iprotokholi evulekileyo yohlalutyo lwetrafikhi, eyi-IPFIX.
I-IPFIX isekelwe kwi-NetFlow version 9 kwaye yaqaliswa ekuqaleni malunga nowama-2005 kodwa kwathatha iminyaka emininzi ukuze yamkelwe kushishino. Okwangoku, ezi protocol zimbini ziyafana kwaye nangona igama elithi NetFlow lisasetyenziswa kakhulu, uninzi lweenkqubo (nangona zingezizo zonke) ziyahambelana nomgangatho we-IPFIX.
Nantsi itheyibhile eshwankathela umahluko phakathi kweNetFlow kunye ne-IPFIX:
| Umbono | I-NetFlow | I-IPFIX |
|---|---|---|
| Imvelaphi | Itekhnoloji yobunini eyenziwe yiCisco | Iprotokholi esemgangathweni yoshishino esekwe kwiNetFlow Version 9 |
| Ukubekwa emgangathweni | Itekhnoloji ethile yeCisco | Umgangatho ovulekileyo ochazwe yi-IETF kwi-RFC 7011 |
| Ukuguquguquka | Iinguqulelo eziphuhlisiweyo ezineempawu ezithile | Ukuguquguquka okukhulu kunye nokusebenzisana phakathi kwabathengisi |
| Ifomathi yeDatha | Iipakethi ezinobukhulu obuzinzileyo | Indlela esekwe kwitemplate yeefomathi zerekhodi yokuhamba ngendlela enokwenziwa ngokwezifiso |
| Inkxaso yeTemplate | Ayixhaswanga | Iitemplate eziguquguqukayo zokufakwa kwentsimi eguquguqukayo |
| Inkxaso yabathengisi | Ngokuyintloko zizixhobo zeCisco | Inkxaso ebanzi kubathengisi benethiwekhi |
| Ukwandiswa | Ukwenziwa ngokwezifiso okulinganiselweyo | Ukubandakanywa kwamasimi enziwe ngokwezifiso kunye nedatha ethile yesicelo |
| Umahluko kwiProtocol | Iinguqu ezithile zeCisco | Inkxaso ye-IPv6 yendalo, ukhetho oluphuculweyo lwerekhodi yokuhamba |
| Iimpawu zoKhuseleko | Iimpawu zokhuseleko ezilinganiselweyo | Ukubethela kwe-Transport Layer Security (TLS), ukuthembeka kwemiyalezo |
Ukujongwa kokuhamba kwenethiwekhikukuqokelelwa, uhlalutyo, kunye nokubekwa esweni kwetrafikhi edlula kwinethiwekhi okanye kwicandelo elithile lenethiwekhi. Iinjongo zinokwahluka ukusuka ekusombululeni iingxaki zonxibelelwano ukuya ekucwangciseni ukwabiwa kwe-bandwidth kwixesha elizayo. Ukubeka esweni ukuhamba kombane kunye nokuthathwa kwesampulu yeepakethi kunokuba luncedo ekuchongeni nasekulungiseni imiba yokhuseleko.
Ukubeka iliso kwindlela esebenza ngayo inethiwekhi kunika amaqela onxibelelwano umbono olungileyo wendlela esebenza ngayo inethiwekhi, ukubonelela ngeenkcukacha malunga nokusetyenziswa kwayo yonke, ukusetyenziswa kwesicelo, iingxaki ezinokubakho, izinto ezingaqhelekanga ezinokubonisa izisongelo zokhuseleko, nokunye. Kukho imigangatho eyahlukeneyo kunye neefomathi ezisetyenziswa ekubekeni iliso kwindlela esebenza ngayo inethiwekhi, kubandakanya iNetFlow, i-sFlow, kunye ne-Internet Protocol Flow Information Export (IPFIX). Ngayinye isebenza ngendlela eyahlukileyo kancinci, kodwa zonke zahlukile kwizibuko kunye nokuhlolwa kwepakethi enzulu kuba azibambi umxholo wepakethi nganye edlula kwizibuko okanye ngeswitshi. Nangona kunjalo, ukubeka iliso kwindlela esebenza ngayo inika ulwazi olungaphezulu kune-SNMP, edla ngokukhawulelwa kwizibalo ezibanzi ezifana nokusetyenziswa kwepakethi iyonke kunye ne-bandwidth.
Izixhobo zokuhamba kwenethiwekhi zithelekiswa
| Uphawu | I-NetFlow v5 | I-NetFlow v9 | sFlow | I-IPFIX |
| Ivuliwe okanye yiProprietary | Ubunini | Ubunini | Ivuliwe | Ivuliwe |
| Isekelwe kwiSampuli okanye kwiFlow | Ngokuyintloko isekelwe kwi-Flow; Imo yeSampled iyafumaneka | Ngokuyintloko isekelwe kwi-Flow; Imo yeSampled iyafumaneka | Isampuliwe | Ngokuyintloko isekelwe kwi-Flow; Imo yeSampled iyafumaneka |
| Ulwazi oluThathiweyo | I-metadata kunye nolwazi lwezibalo, kuquka ii-byte ezidluliselweyo, ii-interface counters njalo njalo | I-metadata kunye nolwazi lwezibalo, kuquka ii-byte ezidluliselweyo, ii-interface counters njalo njalo | Iintloko zePakethi ezipheleleyo, iiPakethi eziPheleleyo zePakethi | I-metadata kunye nolwazi lwezibalo, kuquka ii-byte ezidluliselweyo, ii-interface counters njalo njalo |
| Ukubeka iliso ekungeneni/ekuphumeni | Ukungena Kuphela | Ukungena kunye nokuphuma | Ukungena kunye nokuphuma | Ukungena kunye nokuphuma |
| Inkxaso ye-IPv6/VLAN/MPLS | No | Ewe | Ewe | Ewe |
Ixesha leposi: Matshi-18-2024
