Intshayelelo
Ukuqokelelwa kunye noHlalutyo lweTrafikhi yeNethiwekhi yeyona ndlela isebenzayo yokufumana izikhombisi zokuziphatha komsebenzisi wenethiwekhi kunye neeparamitha. Ngokuphuculwa okuqhubekayo kokusebenza kunye nokugcinwa kweziko ledatha Q, ukuqokelelwa kunye nohlalutyo lwetrafikhi yenethiwekhi kube yinxalenye ebalulekileyo yesiseko sedatha. Ukususela ekusetyenzisweni kwangoku kushishino, ukuqokelelwa kwetrafikhi yenethiwekhi kwenziwa kakhulu zizixhobo zenethiwekhi ezixhasa isibuko setrafikhi esidlulayo. Ukuqokelelwa kwetrafikhi kufuneka kuseke ukugubungela okubanzi, inethiwekhi yokuqokelelwa kwetrafikhi efanelekileyo nesebenzayo, ukuqokelelwa kwetrafikhi okunjalo kunokunceda ukuphucula izalathisi zokusebenza kwenethiwekhi kunye neshishini kunye nokunciphisa amathuba okungaphumeleli.
Inethiwekhi yokuqokelelwa kwezithuthi ingathathwa njengenethiwekhi ezimeleyo eyenziwe zizixhobo zokuqokelelwa kwezithuthi kwaye isasazwe ngaxeshanye nenethiwekhi yemveliso. Iqokelela ithrafikhi yemifanekiso yesixhobo ngasinye senethiwekhi kwaye ihlanganise ithrafikhi yemifanekiso ngokweenqanaba zengingqi kunye nezakhiwo. Isebenzisa i-alamu yokutshintshiselana kwezithuthi kwizixhobo zokufumana ithrafikhi ukuze ifezekise isantya esipheleleyo sedatha kwiileya ezi-2-4 zokucoca okunemiqathango, isuse iipakethi eziphindwe kabini, inqumle iipakethi kunye neminye imisebenzi esebenzayo, ize ithumele idatha kwinkqubo nganye yohlalutyo lwezithuthi. Inethiwekhi yokuqokelelwa kwezithuthi ingathumela ngokuchanekileyo idatha ethile kwisixhobo ngasinye ngokweemfuno zedatha yenkqubo nganye, kwaye isombulule ingxaki yokuba idatha yesibuko yendabuko ayinakuhluzwa kwaye ithunyelwe, nto leyo edla ukusebenza kokucubungula iiswitshi zenethiwekhi. Kwangaxeshanye, injini yokuhluzwa kwezithuthi kunye notshintshiselwano lwenethiwekhi yokuqokelelwa kwezithuthi ifezekisa ukuhluzwa nokuthunyelwa kwedatha ngokulibaziseka okuphantsi kunye nesantya esiphezulu, iqinisekisa umgangatho wedatha eqokelelwe yinethiwekhi yokuqokelelwa kwezithuthi, kwaye ibonelela ngesiseko sedatha esihle kwizixhobo zohlalutyo lwezithuthi ezilandelayo.
Ukuze kuncitshiswe impembelelo kwikhonkco lokuqala, ikopi yethrafikhi yokuqala idla ngokufunyanwa ngokusebenzisa ukwahlulahlula imisebe, i-SPAN okanye i-TAP.
I-Passive Network Tap (i-Optical Splitter)
Indlela yokusebenzisa ukwahlulwahlulwa kokukhanya ukuze ufumane ikopi yethrafikhi ifuna uncedo lwesixhobo sokuhlulahlula ukukhanya. I-light splitter sisixhobo esibonakalayo esingasebenziyo esinokusasaza kwakhona amandla omqondiso we-optical ngokuhambelana nomlinganiselo ofunekayo. I-splitter inokwahlula ukukhanya ukusuka ku-1 ukuya ku-2,1 ukuya ku-4 kunye no-1 ukuya kwiitshaneli ezininzi. Ukuze kuncitshiswe impembelelo kwikhonkco lokuqala, iziko ledatha lidla ngokuthatha umlinganiselo wokuqhekeka kwe-optical we-80:20, 70:30, apho umlinganiselo we-70,80 wesignali ye-optical uthunyelwa kwikhonkco lokuqala. Okwangoku, ii-optical splitters zisetyenziswa kakhulu kuhlalutyo lokusebenza kwenethiwekhi (NPM/APM), inkqubo yophicotho-zincwadi, uhlalutyo lokuziphatha komsebenzisi, ukufunyanwa kokungena kwenethiwekhi kunye nezinye iimeko.
Iingenelo:
1. Isixhobo esithembekileyo nesingenamsebenzi;
2. Ayihlali kwi-switch port, izixhobo ezizimeleyo, emva koko ulwandiso oluhle lunokubakho;
3. Akukho mfuneko yokutshintsha uqwalaselo lweswitshi, akukho mpembelelo kwezinye izixhobo;
4. Ukuqokelelwa kwetrafikhi epheleleyo, akukho kuhluzwa kwepakethi yokutshintsha, kuquka neepakethi zeempazamo, njl.
Iingxaki:
1. Imfuneko yokusika inethiwekhi ngokulula, iplagi yefayibha yekhonkco lomqolo kunye ne-dial kwi-optical splitter, iya kunciphisa amandla okukhanya kwezinye ii-backbone links.
I-SPAN (Isibuko sePort)
I-SPAN luphawu oluza neswitshi ngokwayo, ngoko ke kufuneka icwangciswe kwiswitshi. Nangona kunjalo, lo msebenzi uya kuchaphazela ukusebenza kweswitshi kwaye ubangele ukulahleka kwepakethi xa idatha igcwele kakhulu.
Iingenelo:
1. Akunyanzelekanga ukongeza izixhobo ezongezelelweyo, lungiselela iswitshi ukuze kwandiswe izibuko elihambelanayo lokukhupha umfanekiso
Iingxaki:
1. Sebenzisa i-switch port
2. Kufuneka kulungiswe iiswitshi, nto leyo ebandakanya ukusebenzisana ngokudibeneyo nabavelisi beqela lesithathu, nto leyo eyonyusa umngcipheko wokuba inethiwekhi ingaphumeleli.
3. Ukuphindaphinda kwetrafikhi yesipili kunempembelelo ekusebenzeni kwezibuko kunye neswitshi.
I-TAP yeNethiwekhi esebenzayo (i-TAP Aggregator)
I-Network TAP sisixhobo senethiwekhi sangaphandle esivumela izibuko ukuba zibuke kwaye zenze ikopi yethrafikhi yokusetyenziswa zizixhobo ezahlukeneyo zokubeka esweni. Ezi zixhobo ziziswa kwindawo ethile kwindlela yenethiwekhi ekufuneka ijongwe, kwaye ikopisha iipakethi ze-IP zedatha kwaye izithumele kwisixhobo sokubeka esweni inethiwekhi. Ukukhethwa kwendawo yokufikelela kwisixhobo se-Network TAP kuxhomekeke ekugxilwe kuyo yithrafikhi yenethiwekhi - izizathu zokuqokelelwa kwedatha, ukujonga rhoqo uhlalutyo kunye nokulibaziseka, ukubhaqwa kokungena, njl. Izixhobo ze-Network TAP zinokuqokelela kwaye zibonise imijelo yedatha ngesantya se-1G ukuya kuthi ga kwi-100G.
Ezi zixhobo zifikelela kwitrafikhi ngaphandle kokuba isixhobo se-TAP senethiwekhi sitshintshe ukuhamba kwepakethi nangayiphi na indlela, nokuba isantya setrafikhi yedatha sinjani na. Oku kuthetha ukuba itrafikhi yenethiwekhi ayilawulwa kwaye ayijongwa njengezibuko, nto leyo ebalulekileyo ekugcineni ukuthembeka kwedatha xa ithunyelwa kwizixhobo zokhuseleko nohlalutyo.
Iqinisekisa ukuba izixhobo zenethiwekhi ezikwicala lonxibelelwano zijonga iikopi zethrafikhi ukuze izixhobo zenethiwekhi ze-TAP zisebenze njengabajongi. Ngokunika ikopi yedatha yakho kuzo naziphi na/zonke izixhobo ezixhunyiweyo, ufumana ukubonakala okupheleleyo kwindawo yenethiwekhi. Kwimeko apho isixhobo senethiwekhi ye-TAP okanye isixhobo sokujonga singaphumeleli, uyazi ukuba ithrafikhi ayizukuchaphazeleka, iqinisekisa ukuba inkqubo yokusebenza ihlala ikhuselekile kwaye ifumaneka.
Kwangaxeshanye, iba yeyona nto iphambili kwiidivayisi ze-TAP zenethiwekhi. Ukufikelela kwiipakethi kunokubonelelwa rhoqo ngaphandle kokuphazamisa ithrafikhi kwinethiwekhi, kwaye ezi zisombululo zokubonakala zinokujongana namatyala aphambili. Iimfuno zokubeka esweni izixhobo eziqala kwisizukulwana esilandelayo se-firewalls ukuya kukhuseleko lokuvuza kwedatha, ukujonga ukusebenza kwesicelo, i-SIEM, i-digital forensics, i-IPS, i-IDS kunye nokunye, kunyanzela izixhobo ze-TAP zenethiwekhi ukuba ziguquke.
Ukongeza ekunikezeni ikopi epheleleyo yetrafikhi kunye nokugcina ukufumaneka kwayo, izixhobo zeTAP zinokubonelela ngezi zinto zilandelayo.
1. Iipakethi zokucoca ukuze kuphuculwe ukusebenza kokubeka iliso kwinethiwekhi
Ukuba nje isixhobo seNetwork TAP sinokwenza ikopi ye-100% yepakethi ngaxa lithile akuthethi ukuba zonke izixhobo zokubeka esweni nezokhuseleko kufuneka zibone yonke into. Ukusasaza ithrafikhi kuzo zonke izixhobo zokubeka esweni nezokhuseleko ngexesha langempela kuya kubangela ukuba kusetyenziswe kakhulu, nto leyo eyonakalisa ukusebenza kwezixhobo kunye nenethiwekhi kwinkqubo.
Ukubeka isixhobo se-Network TAP esifanelekileyo kunokunceda ukucoca iipakethi xa zithunyelwa kwisixhobo sokubeka iliso, ukusasaza idatha echanekileyo kwisixhobo esifanelekileyo. Imizekelo yezixhobo ezinjalo ibandakanya iinkqubo zokufumanisa ukungena (i-IDS), uThintelo lokulahleka kwedatha (i-DLP), ulwazi lokhuseleko kunye nolawulo lweziganeko (i-SIEM), uhlalutyo lwe-forensic, kunye nezinye ezininzi.
2. Iikhonkco eziDibeneyo zoNxibelelwano oluSebenzayo
Njengoko iimfuno zokubeka iliso kwiNethiwekhi kunye noKhuseleko zisanda, iinjineli zenethiwekhi kufuneka zifumane iindlela zokusebenzisa uhlahlo-lwabiwo mali lwe-IT olukhoyo ukuze zifezekise imisebenzi emininzi. Kodwa ngaxa lithile, awunakukwazi ukuqhubeka ukongeza izixhobo ezintsha kwi-stack kwaye wongeze ubunzima benethiwekhi yakho. Kubalulekile ukusebenzisa kakhulu izixhobo zokubeka iliso kunye nokhuseleko.
Izixhobo ze-Network TAP zinokunceda ngokudibanisa i-network traffic ezininzi, eziya empuma neziya entshona, ukuhambisa iipakethi kwizixhobo eziqhagamshelweyo ngezibuko elinye. Ukusebenzisa izixhobo zokubona ngale ndlela kuya kunciphisa inani lezixhobo zokubeka esweni ezifunekayo. Njengoko i-East-West data traffic iqhubeka ikhula kumaziko edatha naphakathi kwamaziko edatha, imfuneko yezixhobo ze-network TAP ibalulekile ukugcina ukubonakala kwazo zonke iindlela zokuhamba kwedatha kwiimitha ezininzi.
Inqaku elinxulumene nalo elinokuba nomdla kuwe, nceda undwendwele apha:Ungayibamba njani iTrafikhi yeNethiwekhi? I-Network Tap vs i-Port Mirror
Ixesha leposi: Oktobha-24-2024
