I-Network Packet Broker (NPB) sisixhobo senethiwekhi esifana neswitshi esinobukhulu obuhlukeneyo ukusuka kwizixhobo eziphathwayo ukuya kwii-unit cases ze-1U kunye ne-2U ukuya kwii-cases ezinkulu kunye neenkqubo zebhodi. Ngokungafaniyo neswitshi, i-NPB ayitshintshi i-traffic ehamba ngayo nangayiphi na indlela ngaphandle kokuba iyalelwe ngokucacileyo. I-NPB ingafumana i-traffic kwi-interface enye okanye ezingaphezulu, yenze imisebenzi ethile echazwe kwangaphambili kuloo traffic, ize emva koko iyikhuphe kwi-interface enye okanye ezingaphezulu.
Ezi zihlala zibizwa ngokuba ziimephu zezibuko eziya kuyo nayiphi na, ezininzi ukuya kuyo nayiphi na, kunye nazo zonke ezinye. Imisebenzi enokwenziwa isusela kwizinto ezilula, ezifana nokudlulisa okanye ukulahla ithrafikhi, ukuya kwizinto ezinzima, ezifana nokucoca ulwazi olungaphezulu komaleko wesi-5 ukuze kuchongwe iseshoni ethile. Ii-interfaces kwi-NPB zinokuba ziintambo zobhedu, kodwa zihlala ziyi-SFP/SFP + kunye neefreyimu ze-QSFP, ezivumela abasebenzisi ukuba basebenzise isantya semidiya kunye ne-bandwidth. Iseti yeempawu ze-NPB yakhelwe kumgaqo wokwandisa ukusebenza kakuhle kwezixhobo zenethiwekhi, ngakumbi ukubeka esweni, uhlalutyo, kunye nezixhobo zokhuseleko.
Zeziphi imisebenzi ezinikezelwa yiNetwork Packet Broker?
Amandla e-NPB maninzi kwaye anokwahluka ngokuxhomekeke kuhlobo kunye nomzekelo wesixhobo, nangona nayiphi na iarhente yephakheji efanelekileyo iya kufuna ukuba neseti yezakhono eziphambili. Uninzi lwe-NPB (eyona NPB ixhaphakileyo) lusebenza kwi-OSI layers 2 ukuya kwi-4.
Ngokubanzi, ungafumana ezi mpawu zilandelayo kwi-NPB ye-L2-4: ukuqondisa kwakhona ithrafikhi (okanye iindawo ezithile zayo), ukucoca ithrafikhi, ukuphindaphindwa kwethrafikhi, ukuhluba iprotocol, ukunqunyulwa kwepakethi (ukunqunyulwa), ukuqala okanye ukuphelisa iiprotokholi ezahlukeneyo zenethiwekhi, kunye nokulinganisela umthwalo wethrafikhi. Njengoko kulindelekile, i-NPB ye-L2-4 inokucoca iilebhile ze-VLAN, ze-MPLS, iidilesi ze-MAC (umthombo kunye nethagethi), iidilesi ze-IP (umthombo kunye nethagethi), iiports ze-TCP kunye ne-UDP (umthombo kunye nethagethi), kwaneeflegi ze-TCP, kunye nethrafikhi ye-ICMP, i-SCTP, kunye ne-ARP. Oku akuyonto ifanelekileyo ukusetyenziswa, kodwa kunoko kunika umbono wendlela i-NPB esebenza ngayo kumaleko esi-2 ukuya kwelesi-4 enokwahlulahlula kwaye ichonge ii-subset zethrafikhi. Imfuneko ephambili ekufuneka abathengi bayijonge kwi-NPB yi-backplane engavimbiyo.
I-Network packet Broker kufuneka ikwazi ukuhlangabezana ne-traffic throughput epheleleyo ye-port nganye kwisixhobo. Kwinkqubo ye-chassis, uqhagamshelo ne-backplane kufuneka lukwazi ukuhlangabezana ne-traffic load epheleleyo yeemodyuli eziqhagamshelweyo. Ukuba i-NPB iyayilahla ipakethi, ezi zixhobo aziyi kuba nokuqonda okupheleleyo nge-network.
Nangona uninzi lwe-NPB lusekelwe kwi-ASIC okanye kwi-FPGA, ngenxa yokuqiniseka kokusebenza kwepakethi, uya kufumana ukuhlanganiswa okuninzi okanye ii-CPU ezamkelekileyo (ngeemodyuli). I-Mylinking™ Network Packet Brokers (NPB) isekelwe kwisisombululo se-ASIC. Olu luhlala luphawu olubonelela ngokulungiswa okuguquguqukayo kwaye ke ngoko alunakwenziwa kuphela kwi-hardware. Oku kubandakanya ukunikezelwa kwepakethi, ii-timestamps, ukususwa kwe-SSL/TLS, ukukhangela amagama angundoqo, kunye nokukhangela rhoqo kwe-expression. Kubalulekile ukuqaphela ukuba ukusebenza kwayo kuxhomekeke ekusebenzeni kwe-CPU. (Umzekelo, ukukhangela rhoqo kwe-expression yepateni efanayo kunokuvelisa iziphumo zokusebenza ezahlukeneyo kakhulu ngokuxhomekeke kuhlobo lwetrafikhi, izinga lokufanisa, kunye ne-bandwidth), ngoko ke akulula ukumisela ngaphambi kokuphunyezwa kwangempela.
Ukuba iimpawu ezixhomekeke kwi-CPU ziyasebenza, ziba yinto ethintelayo ekusebenzeni kwe-NPB iyonke. Ukufika kwe-cpus kunye neetships zokutshintsha ezicwangcisiweyo, ezifana neCavium Xpliant, iBarefoot Tofino kunye ne-Innovium Teralynx, nazo zakha isiseko seseti eyandisiweyo yezakhono zeearhente zepakethi zenethiwekhi yesizukulwana esilandelayo, Ezi yunithi zisebenzayo zinokuphatha ithrafikhi engaphezulu kwe-L4 (edla ngokubizwa ngokuba ziiarhente zepakethi ze-L7). Phakathi kweempawu eziphambili ezikhankanyiweyo apha ngasentla, amagama angundoqo kunye nokukhangela rhoqo kwentetho yimizekelo emihle yezakhono zesizukulwana esilandelayo. Ukukwazi ukukhangela imithwalo yepakethi kunika amathuba okucoca ithrafikhi kwiseshoni kunye namanqanaba esicelo, kwaye kubonelela ngolawulo olucokisekileyo kwinethiwekhi eguqukayo kune-L2-4.
I-Network Packet Broker ingena njani kwiziseko zophuhliso?
I-NPB ingafakwa kwisiseko senethiwekhi ngeendlela ezimbini ezahlukeneyo:
1- I-Inline
2- Ngaphandle kwebhendi.
Indlela nganye ineengenelo kunye neengxaki kwaye ivumela ukulawulwa kwetrafikhi ngeendlela ezingenakukwazi ezinye iindlela. I-inline network packet broker ine-real-time network traffic edlula kwisixhobo xa isiya kwindawo eya kuyo. Oku kunika ithuba lokulawula itrafikhi ngexesha langempela. Umzekelo, xa wongeza, uguqula, okanye ucima iithegi ze-VLAN okanye utshintsha iidilesi ze-IP zendawo, i-trafikhi ikopishwa kwikhonkco lesibini. Njengendlela ye-inline, i-NPB inokubonelela ngokungafuneki kwezinye izixhobo ze-inline, ezifana ne-IDS, i-IPS, okanye ii-firewalls. I-NPB inokujonga imeko yezo zixhobo kwaye ibuyisele itrafikhi kwindawo eshushu xa kukho ukusilela.
Ibonelela ngokuguquguquka okukhulu kwindlela ithrafikhi ecutshungulwa ngayo kwaye iphindaphindwa ngayo kwizixhobo ezininzi zokubeka esweni kunye nokhuseleko ngaphandle kokuchaphazela inethiwekhi yexesha langempela. Ikwabonelela ngokubonakala kwenethiwekhi okungazange kwenzeke ngaphambili kwaye iqinisekisa ukuba zonke izixhobo zifumana ikopi yethrafikhi efunekayo ukuze ziphathe ngokufanelekileyo uxanduva lwazo. Ayiqinisekisi nje kuphela ukuba izixhobo zakho zokubeka esweni, ukhuseleko, kunye nohlalutyo zifumana ithrafikhi eziyidingayo, kodwa ikwaqinisekisa nokuba inethiwekhi yakho ikhuselekile. Ikwaqinisekisa ukuba isixhobo asisebenzisi izixhobo kwithrafikhi engafunekiyo. Mhlawumbi i-network analyzer yakho ayidingi ukurekhoda ithrafikhi yogcino kuba ithatha indawo exabisekileyo yediski ngexesha le-backup. Ezi zinto zihluzwa ngokulula kwi-analyzer ngelixa zigcina zonke ezinye ithrafikhi zesixhobo. Mhlawumbi une-subnet yonke ofuna ukuyigcina ifihliwe kwenye inkqubo; kwakhona, oku kususwa lula kwi-output port ekhethiweyo. Enyanisweni, i-NPB enye inokucubungula ezinye iikhonkco zethrafikhi ngaphakathi ngelixa icubungula ezinye ithrafikhi ezingaphandle kwebhendi.
Ixesha lokuthumela: Matshi-09-2022
