I-Network Packet Broker (NPB) yinto yokutshintsha njengesixhobo sothungelwano esihamba ngobukhulu ukusuka kwizixhobo eziphathekayo ukuya kwi-1U kunye ne-2U yeeyunithi zeeyunithi kwiimeko ezinkulu kunye neenkqubo zebhodi. Ngokungafaniyo nokutshintsha, i-NPB ayitshintshi i-traffic ehamba ngayo nayiphi na indlela ngaphandle kokuba iyalelwe ngokucacileyo. I-NPB inokufumana i-traffic kwi-interface enye okanye ngaphezulu, yenza imisebenzi echazwe kwangaphambili kwi-traffic, kwaye emva koko ikhuphe ujongano olunye okanye ngaphezulu.
Ezi zisoloko zibhekiselwa kuzo njengayo nayiphi na-kuyo nayiphi na, ezininzi-ukuya-naziphi na, kwaye naziphi na-ukuya-ezininzi iimaphu zezibuko. Imisebenzi enokuthi yenziwe isusela kwizinto ezilula, ezifana nokudlulisa okanye ukulahla i-traffic, ukuya kwi-complex, njengokucoca ulwazi olungentla kwe-5 ukuchonga iseshoni ethile. I-Interfaces kwi-NPB ingaba yi-copper cable connections, kodwa ngokuqhelekileyo i-SFP / SFP + kunye neefreyimu ze-QSFP, ezivumela abasebenzisi ukuba basebenzise iindidi zeendaba kunye nezantya ze-bandwidth. Iseti yefitsha yeNPB yakhelwe kumgaqo wokwandisa ukusebenza kakuhle kwesixhobo sothungelwano, ngakumbi ukubeka iliso, uhlalutyo, kunye nezixhobo zokhuseleko.
Yeyiphi imisebenzi ebonelelwa yiNethiwekhi yePakethe yeBroker?
Izakhono ze-NPB zininzi kwaye zinokwahluka ngokuxhomekeke kwibrendi kunye nemodeli yesixhobo, nangona nayiphi na i-arhente yephakheji enexabiso letyuwa iya kufuna ukuba neseti engundoqo yesakhono. Uninzi lwe-NPB (eyona ixhaphakileyo i-NPB) isebenza kwi-OSI umaleko wesi-2 ukuya kwisi-4.
Ngokubanzi, unokufumana ezi mpawu zilandelayo kwi-NPB ye-L2-4: i-traffic (okanye iindawo ezithile zayo) ukuqondisa kwakhona, ukuhluzwa kwetrafikhi, ukuphindaphinda kwetrafikhi, ukuhluthwa kweprotocol, ukunqunyulwa kwepakethi (ukunciphisa), ukuqala okanye ukuphelisa iiprothokholi zetonela ezahlukeneyo, kunye nokulinganisa umthwalo wendlela. Njengoko kulindelekile, i-NPB ye-L2-4 inokucoca i-VLAN, iilebula ze-MPLS, iidilesi ze-MAC (umthombo kunye nethagethi), iidilesi ze-IP (umthombo kunye nethagethi), i-TCP kunye ne-UDP port (umthombo kunye nethagethi), kunye neeflegi ze-TCP, kunye ne-ICMP, I-SCTP, kunye ne-ARP traffic. Oku ayisiyonto yokusetyenziswa, kodwa kunoko ibonelela ngombono wendlela i-NPB esebenza ngayo kumaleko 2 ukuya ku-4 inokohlula kwaye ichonge iiseti zendlela. Imfuno ephambili ekufuneka abathengi bayijonge kwi-NPB yinqwelomoya engathinteliyo.
Ipakethe yenethiwekhi I-Broker kufuneka ikwazi ukuhlangabezana ne-thrafikhi epheleleyo ye-port nganye kwisixhobo. Kwinkqubo ye-chassis, i-interconnection kunye ne-backplane kufuneka ikwazi ukuhlangabezana nomthwalo opheleleyo we-traffic yeemodyuli ezixhunyiwe. Ukuba i-NPB yehla ipakethi, ezi zixhobo aziyi kuba nokuqonda okupheleleyo kwenethiwekhi.
Nangona uninzi lwe-NPB lusekwe kwi-ASIC okanye kwi-FPGA, ngenxa yokuqiniseka kokusetyenzwa kwepakethe, uya kufumana udibaniso oluninzi okanye ii-CPU ezamkelekileyo (ngeemodyuli). IMylinking™ Network Packet Brokers(NPB) isekelwe kwisisombululo se-ASIC. Oku kudla ngokuba luphawu olubonelela ngokuqhubekekayo oluguquguqukayo kwaye ke ngoko alunakwenziwa ngokusulungekileyo kwihardware. Ezi ziquka ukutsalwa kwepakethi, izitampu zexesha, ukuguqulelwa kwe-SSL/TLS, ukukhangela amagama angundoqo, kunye nokukhangela okubonakalayo okuqhelekileyo. Kubalulekile ukuba uqaphele ukuba ukusebenza kwayo kuxhomekeke ekusebenzeni kwe-CPU. (Umzekelo, uphendlo oluqhelekileyo lwembonakalo yomfuziselo ofanayo lunokuvelisa iziphumo zokusebenza ezahlukileyo kakhulu ngokuxhomekeke kuhlobo lwetrafikhi, umyinge wokuthelekiseka, kunye ne-bandwidth), ngoko akukho lula ukumisela phambi kokuphunyezwa kokwenyani.
Ukuba iimpawu ezixhomekeke kwi-CPU zenziwe zasebenza, ziba sisithintelo ekusebenzeni ngokubanzi kwe-NPB. Ukufika kwe-cpus kunye ne-programmable switching chips, ezifana ne-Cavium Xpliant, i-Barefoot Tofino kunye ne-Innovium Teralynx, nayo yenza isiseko seseti eyandisiweyo yezakhono kwisizukulwana esilandelayo see-agent zepakethi yenethiwekhi, Ezi yunithi zisebenzayo zinokusingatha i-traffic ngaphaya kwe-L4 (ehlala ibhekiswa kuyo. njengee-arhente zepakethe ze-L7). Phakathi kweempawu eziphambili ezikhankanywe ngasentla, igama elingundoqo kunye nokukhangela okubonakalayo okuqhelekileyo yimizekelo emihle yezakhono zesizukulwana esilandelayo. Ikhono lokukhangela iipakethi zokuhlawula iipakethi libonelela ngamathuba okucoca i-traffic kwiseshoni kunye namanqanaba esicelo, kwaye inikezela ngolawulo olungcono kwinethiwekhi eguqukayo kune-L2-4.
Ingena njani i-Network Packet Broker kwiziseko ezingundoqo?
I-NPB inokufakwa kwisiseko sothungelwano ngeendlela ezimbini ezahlukeneyo:
1- Emgceni
2- Ngaphandle kwebhendi.
Indlela nganye ineengenelo kunye nezingeloncedo kwaye yenza kube lula ukulawula izithuthi ngeendlela ezingenako ezinye iindlela. Umthengisi wepakethe yenethiwekhi ye-intanethi unetrafikhi yenethiwekhi yexesha langempela enqumla isixhobo kwindlela eya kwindawo yayo. Oku kunika ithuba lokukhohlisa itrafikhi ngexesha lokwenyani. Umzekelo, xa udibanisa, ulungisa, okanye ucima iithegi zeVLAN okanye utshintsha iidilesi ze-IP zendawo ekuyiwa kuyo, itrafikhi ikhutshelwa kwikhonkco lesibini. Njengendlela engaphakathi, i-NPB inokubonelela ngokuphinda-phinda kwezinye izixhobo ezingaphakathi, ezifana ne-IDS, i-IPS, okanye i-firewall. I-NPB inokubek' esweni ubume bezixhobo ezinjalo kwaye iphinde ilandele indlela yetrafikhi ukuya kwindawo yokulinda eshushu xa kukho ukusilela.
Inika ukuguquguquka okukhulu kwindlela i-traffic ecutshungulwa ngayo kwaye iphinda iphindwe kwiindlela ezininzi zokubeka iliso kunye nezixhobo zokhuseleko ngaphandle kokuchaphazela inethiwekhi yexesha lokwenyani. Ikwabonelela ngokubonakala kwenethiwekhi okungazange kubonwe ngaphambili kwaye iqinisekisa ukuba zonke izixhobo zifumana ikopi yetrafikhi efunekayo ukusingatha ngokufanelekileyo uxanduva lwazo. Ayiqinisekisi kuphela ukuba ukubeka iliso kwakho, ukhuseleko, kunye nezixhobo zokuhlalutya zifumana itrafikhi eziyifunayo, kodwa nokuba inethiwekhi yakho ikhuselekile. Ikwaqinisekisa ukuba isixhobo asityi izixhobo kwitrafikhi engafunwayo. Mhlawumbi umhlalutyi wakho womnatha akufuneki ukuba urekhode itrafikhi egciniweyo kuba ithatha indawo ebalulekileyo yedisk ngexesha logcino. Ezi zinto zihluzwa ngokulula kwi-analyzer ngelixa zigcina zonke ezinye iitrafikhi zesixhobo. Mhlawumbi unayo yonke subnet ofuna ukuyigcina efihliweyo kwenye inkqubo; kwakhona, oku kususwa ngokulula kwizibuko lemveliso ekhethiweyo. Ngapha koko, i-NPB enye inokuqhuba ezinye iikhonkco zetrafikhi kwi-line ngelixa kusetyenzwa enye i-traffic engaphandle kwebhendi.
Ixesha lokuposa: Mar-09-2022
