Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ kanye ne-Inline Bypass Switch ML-BYPASS-M2000
Imodyuli ye-Bypass: 8*10G SFP+ kanye ne-4*100GE, Imodyuli ye-Monitor: 16*10GE SFP+ kanye ne-4*100GE, Ubuningi be-2.4Tbps
1-Ukubuka konke
Ngokuthuthuka okusheshayo kwe-inthanethi, usongo lokuphepha kolwazi lwenethiwekhi luya ngokuya luba lubi kakhulu, ngakho-ke izinhlelo zokusebenza ezahlukahlukene zokuvikela ukuphepha kolwazi ziyasetshenziswa kabanzi. Kungakhathaliseki ukuthi kuyimishini yokulawula ukufinyelela yendabuko (i-firewall) noma uhlobo olusha lwezindlela zokuvikela ezithuthukisiwe ezifana nohlelo lokuvimbela ukungena (i-IPS), ipulatifomu yokuphatha usongo oluhlangene (i-UTM), uhlelo lokuhlasela lwensizakalo yokulwa nokuphika (i-Anti-DDoS), i-Anti-spam Gateway, i-Unified DPI Traffic Identification and Control System, kanye namadivayisi amaningi okuphepha afakwa ngokulandelana kuma-key node enethiwekhi, ukusetshenziswa kwenqubomgomo yokuphepha kwedatha ehambisanayo ukuhlonza nokubhekana nethrafikhi esemthethweni / engekho emthethweni. Kodwa-ke, ngesikhathi esifanayo, inethiwekhi yekhompyutha izodala ukubambezeleka okukhulu kwenethiwekhi noma ngisho nokuphazamiseka kwenethiwekhi uma kwenzeka ukwehluleka, ukulungiswa, ukuthuthukiswa, ukushintshwa kwemishini nokunye endaweni yokukhiqiza yenethiwekhi ethembeke kakhulu, abasebenzisi abakwazi ukukubekezelela.
I-ML-BYPASS-M2000 Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch kucwaningwe futhi kwathuthukiswa ukuze kusetshenziswe ekusetshenzisweni okuguquguqukayo kwezinhlobo ezahlukene zemishini yokuphepha elandelanayo ngenkathi kunikezwa ukuthembeka okuphezulu kwenethiwekhi.
Ngokusebenzisa i-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch:
●Abasebenzisi bangafaka/bakhiphe amadivayisi okuvikela ukuphepha ngendlela eguquguqukayo ngaphandle kokuphazamisa noma ukuphazamisa inethiwekhi ekhona;
● Inomsebenzi wokuthola impilo ohlakaniphile wokuqapha isimo esijwayelekile sokusebenza kwamadivayisi okuphepha axhunyiwe ngesikhathi sangempela. Uma idivayisi yokuphepha exhunyiwe ingasebenzi kahle, isivikelo sizodlula ngokuzenzakalelayo ukuze silondoloze ukuxhumana kwenethiwekhi okuvamile.
●Ubuchwepheshe bokuvikela ithrafikhi obukhethiwe bungasetshenziswa ukufaka imishini ethile yokuphepha yokuhlanza ithrafikhi, imishini yokuhlola esekwe ekubetheleni, njll. Busebenzisa ngempumelelo ukuvikelwa kokufinyelela okuqondile kwezinhlobo ezithile zethrafikhi, bukhipha umthwalo wokucubungula ithrafikhi wamadivayisi angaphakathi.
● Ubuchwepheshe bokuvikela ithrafikhi yokulinganisela umthwalo bungasetshenziswa ukufaka amadivayisi aphephile asemgqeni ngamaqoqo ukuze kuhlangatshezwane nezidingo zokuvikelwa kokuphepha okusemgqeni ngaphansi kwezimo zokucindezela okuphezulu kwe-bandwidth.
●Inamandla ommeleli we-SSL, ihlangabezana nezidingo zokuqapha nokuhlaziya zamadivayisi okuvikela ukuphepha kokuqukethwe kwedatha ecacile.
● Inamandla okucubungula ithrafikhi ayisisekelo njengokuphindaphinda ithrafikhi, ukuhlanganisa, ukuhlunga, kanye nokulebula, kanye namakhono okucubungula ithrafikhi athuthukile njengokunciphisa, ukufihla, ukuhlonza iphrothokholi yezendlalelo zesicelo, kanye nokwakheka kwethrafikhi.
2-I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch Advanced Izici kanye nobuchwepheshe
Imodi Yokuvikela ye-Mylinking™ “SpecFlow” kanye nobuchwepheshe bemodi yokuvikela ye-“FullLink”
Ubuchwepheshe Bokuvikela Ukushintsha Okusheshayo Kwe-Mylinking™
Ubuchwepheshe be-Mylinking™ “LinkSafeSwitch”
Ubuchwepheshe Bokudlulisa/Ukukhipha Inqubomgomo Eguquguqukayo ye-Mylinking™ “WebService”
Ubuchwepheshe Bokuthola Iphakethe Lenhliziyo Elihlakaniphile le-Mylinking™
Ukuxhumanisa kwami™ Ubuchwepheshe be-Definible Heartbeat Packets
Ukuxhumanisa kwami™ Ubuchwepheshe Bokulinganisela Umthwalo Oxhumaniswe Nezixhumi Eziningi
Ukuxhumanisa kwami™ Ubuchwepheshe Bokusabalalisa Ithrafikhi Ehlakaniphile
Ukuxhumanisa kwami™ Ubuchwepheshe Bokulinganisela Umthwalo Oguquguqukayo
Ukuxhumanisa kwami™ Ubuchwepheshe Bokuphathwa Kwerimothi (HTTP/WEB, TELNET/SSH, “EasyConfig/AdvanceConfig” Isici)
3-Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ kanye Nomhlahlandlela Wokucushwa Kokushintsha Kwe-Inline Bypass
Njengoba kuboniswe kumdwebo ongenhla, yonke iyunithi inezikhala ezine ze-modular:
Izikhala zemojula ye-SLOT1, SLOT2, SLOT3, kanye ne-SLOT4 zonke zingamukela amamojula echweba lokuvikela le-BYPASS noma amamojula echweba le-MONITOR anamanani ahlukene nezinombolo zechweba. Ngokushintsha amamodeli ahlukene amamojula, kungenzeka ukusekela ukuvikelwa kwe-BYPASS kwezixhumanisi eziningi ze-10G/40G/100G, kanye nokufakwa kwemishini yokuqapha ye-Inline Bypass yezixhumanisi eziningi ze-10G/40G/100G.
Qaphela: Kokubili imodyuli ye-BYPASS kanye nemodyuli ye-MONITOR zisekela ukushintshana okushisa.
3.1-Uhlu Lwezincazelo Zemojuli
| Imodeli Yomkhiqizo | OkusebenzayoPama-aramu |
| Ci-hassis | |
| I-ML-BYPASS-M2000-CHS/AC | I-rackmount ejwayelekile engu-2U engu-19-intshi; ukusetshenziswa kwamandla okuphezulu okungu-300W; iyunithi eyinhloko yokuvikela ye-modular BYPASS; izikhala zemojula ezi-4; i-interface ye-1*RS232 Console, i-interface ye-1*10/100/1000M RJ45 enokuphathwa kwenethiwekhi yangaphandle; i-AC-220V yokunikezwa kwamandla okubili; |
| I-NT-BYPASS-M2000-CHS/DC | I-rackmount ejwayelekile engu-2U engu-19-intshi; ukusetshenziswa kwamandla okuphezulu okungu-300W; iyunithi eyinhloko yokuvikela ye-modular BYPASS; izikhala zemojula ezi-4; isixhumi esibonakalayo se-1*RS232 Console, isixhumi esibonakalayo se-1*10/100/1000M RJ45 esinokuphathwa kwenethiwekhi yangaphandle; ukunikezwa kwamandla okubili kwe-DC-48V; |
| DLULAMi-odule | |
| INL-I8XM8X(LM/SM) | Isekela ukuvikelwa kokuxhumeka kwe-serial kwe-10GE (okuhambisana ne-1G) ngezindlela ezine, kanye ne-interfaces engu-8*10GE iyonke; isekela ama-port okuqapha angu-8*10G SFP+ (ngaphandle kwamamojula okukhanya). |
| INL-I4HM2H (LM/SM) | Isekela ukuvikelwa kwezixhumanisi ze-serial ze-100GE (ezihambisana ne-40GE) ezinezindlela ezimbili, kanye ne-interfaces ye-4*100GE iyonke; isekela ama-port okuqapha e-2*100GE QSFP28 (ngaphandle kwamamojula okukhanya). |
| Imojuli Yokuqapha | |
| UMsombuluko-UM16X | Amachweba okuqapha angu-16*10GE SFP+ (ngaphandle kwamamojula okukhanya); |
| UMON-M16X-CN98 | Amachweba okuqapha angu-16*10GE SFP+ (imojula ye-optical ayifakiwe); ifakwe injini yokusebenza ethuthukisiwe, esekela imisebenzi yokucubungula ithrafikhi ethuthukisiwe njengokuqedwa kwe-pass SSL, i-SSL proxy, kanye nokususwa kwethrafikhi; |
| UMsombuluko-UMsombuluko-4H | Amachweba okuqapha angu-4*100GE QSFP28 (amamojula okukhanya awafakiwe); |
| UMsombuluko-M4H-CN98 | Amachweba okuqapha angu-4*100GE QSFP28 (amamojula okukhanya awafakiwe); afakwe injini yokusebenza ethuthukisiwe, esekela imisebenzi yokucubungula ithrafikhi ethuthukisiwe njengokuqedwa kwe-pass SSL, i-SSL proxy, kanye nokususwa kwethrafikhi; |
3.2-Imithetho Yokukhetha Amamojula
Ngokusekelwe ezinhlotsheni ezahlukene ezivikelwe kanye nezidingo zokuqapha ukuthunyelwa kwemishini, ungakhetha ngokuguquguquka ukucushwa kwamamojula ahlukene ukuze uhlangabezane nezidingo zakho zangempela zemvelo; sicela ulandele le mithetho uma ukhetha:
1) Ukuhlanganiswa kwe-chassis kuyisici esiyimpoqo futhi kumele kukhethwe ngaphambi kokukhetha noma yimaphi amanye amamojula. Sicela ukhethe nendlela efanele yokunikezwa kwamandla (i-AC/DC) ngokwezidingo zakho.
2) Iyunithi isekela izikhala zemojula ezifika kwezine; awukwazi ukukhetha amamojula amaningi kunenani lezikhala zokucushwa. Ngokusekelwe ekuhlanganisweni okuguquguqukayo kwamamodeli emojula ahlukene, iyunithi ingasekela ukuvikelwa kwe-serial kwezixhumanisi ezifika kweziyi-16 ze-10GE/GE noma izixhumanisi eziyi-8 ze-100GE/40GE.
4-Amakhono Okucubungula Ithrafikhi Ahlakaniphile
4.1-Ukufakwa Okusemgqeni
Ukuvikelwa Okuqondile Kwethrafikhi Eqondile
IyasekelaEmugqeni(uchungechunge)imodi yokuvikela yezinhlobo ezithile zethrafikhi kunoma iyiphiemugqeniisixhumanisi.Todlulisela ezinye izinhlobo zethrafikhi ezichazwe ngumsebenzisi ku-emugqeniisixhumanisi esiya ku-Emugqeni Sukuphephaidivayisiukuze kucutshungulwe, bese kuthi okunye okusele kudluliselwe ngqo ngaphandle kokugelezaEmugqeni Sukuphephaidivayisi. Ngesikhathi esifanayo,ityenza ukuqapha kwesikhathi sangempela ngesimo sokusebenza kwe-Emugqeni SukuphephaidivayisiLapho isimo sokucubungula ithrafikhi esingajwayelekile sitholakele,itizodlula ngokuzenzakalelayo endleleni yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwesevisi yenethiwekhi.
Ukuvikelwa Kwazo Zonke Ithrafikhi Esemgqeni
IyasekelaEmugqeni(uchungechunge)imodi yokuvikela yazo zonke izinhlobo zethrafikhi kunoma iyiphiemugqeniisixhumanisi.Tothumela yonke ithrafikhi ku-emugqeniisixhumanisi esiya ku-Emugqeni Sukuphephaidivayisiukucubungula, nokuqapha isimo sokusebenza kwe-Inline Securityidivayisingesikhathi sangempela. Lapho isimo sokucubungula ithrafikhi esingajwayelekile sitholakele,itizodlula ngokuzenzakalelayo endleleni yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwesevisi yenethiwekhi.
Ibhalansi Yomthwalo
Inekhono lokulinganisela umthwalo wethrafikhi elihlakaniphile. Lapho ukusebenza kokucubungula kwe-singleEmugqeni Sukuphephaidivayisiakwanele ukubhekana ne-emugqeniithrafikhi yokuxhumana kwesixhumanisi, ingabelaemugqenixhumanisa ithrafikhi ku-interface ye-N Monitor ngokuhlela iqembu lokulinganisela umthwalo. Ngokusho kwe-MAC, ulwazi lwe-IP, inombolo ye-port, iphrothokholi kanye nolunye ulwazi,ityenza okukhethwa kukho kokulinganisa umthwalo we-algorithm ye-Hash, ukuzeemugqeniithrafikhi yesixhumanisi isatshalaliswa ngokulinganayo kokuningiemugqeniukuphephaithuluzis yokucubungula amaqoqo, okuthuthukisa ngempumelelo ukusebenza kokucubungula okuphelele kweemugqeniukuphephaithuluzis. Ukuze kuvunyelwane nezidingo ze-bandwidth ephezulu kanye nezimo zohlelo lokusebenza lwethrafikhi enkulu.
Ukutholwa Kwephakethe Lokushaya Kwenhliziyo
IyasekelaTxfuthiRxamaphakethe okuthola ukushaya kwenhliziyo ngokusebenzisa i-uplink kanye ne-downlink yokuxhumeka okuxhunyiweemugqeniamadivayisi okuphepha, futhi itholaamathuluzi angaphakathiisimo sokusebenza nokuthi inqubo yokucubungula ithrafikhi ijwayelekile yini. Ukushaya kwenhliziyo okuqondene nezinhlangothi ezimbiliiphaketheindlela yokuthola ingabonisa ngokunembile isimo sokusebenza samanje se-emugqeniukuphephaidivayisi, futhi kuqinisekiswe ukusebenza okuvamile kwenethiwekhi ngempumelelo.
Ingenza ngezifiso amapharamitha okushaya kwenhliziyo kwanoma iyiphiemugqeniidivayisi yokuphepha, njengokushaya kwenhliziyoTxisikhathi sokuphumula, izikhathi zokushaya kwenhliziyo eziphezulu kakhulu zokuzama kabusha, ukushaya kwenhliziyoTxisiqondiso, njll. Ingabona futhi yahlulele isimo sephuthaemugqeniamadivayisi okuphepha ngesikhathi, futhi afinyelele ekushintsheni okusheshayo kwezixhumanisi zokuvikela.
Amaphakethe okuthola ukushaya kwenhliziyo angamafreyimu e-Ethernet azenzakalelayo e-layer 2. Uma imodi yebhuloho le-Layer 2 esobala (njenge-IPS/FW) isetshenziswa, amafreyimu e-Ethernet angqimba 2 azothunyelwa ngokujwayelekile ngaphandle kokuvimba noma ukuwa. Ngesikhathi esifanayo, ingaphinde isekele amaphakethe okuthola ukushaya kwenhliziyo e-Ethernet angokwezifiso 2, ungqimba 3 kanye nongqimba 4 ukuze ivumelane nezinye izici ezikhethekile.emugqeniAmadivayisi okuphepha awakwazi ukudlulisa ozimele abavamile be-Ethernet layer 2.
Ngokusekelwe endleleni engenhla, abasebenzisi bangabona umphumela wokuthola impilo ezingeni lesevisi yamadivayisi okuphepha axhunyiwe, ukuze kuqinisekiswe ukusebenza okuvamile kwezinsizakalo zokuphepha ngempumelelo enkulu.
Ukushintsha kwe-Bypass
Isekela ukudlula okuphansi kakhuluukushintshaukubambezeleka (<8ms), futhi abasebenzisi abakwazi ukuzwa umthelela kunethiwekhi lapho idivayisi idlulaukushintshaNgesikhathi esifanayo, ubuchwepheshe bokushintsha isixhumanisi sedivayisi ethile bungaqinisekisa ukuthi isimo sesixhumanisi sesixhumanisi esiyinhloko asithinteki ngesikhathi sokudlulaukushintshaLobu buchwepheshe buzoqinisekisa ukuthi i-bypassukushintshaiphephile kakhulu, futhi ngeke ibangele ukuthi iphrothokholi ye-topology yesendlalelo 2 / Sendlalelo 3 yezixhumanisi ezivikelwe iphinde ibale futhi ihlangane, ukuze kuncishiswe umthelela kunethiwekhi yomsebenzisi ngesikhathiukushintsha.
Ukuvinjelwa Kwethrafikhi
Uma idivayisi yokuphepha ithola ukuxhumana kweseshini okungekho emthethweni noma okungajwayelekile kuthrafikhi futhi idinga ukuyivimba ngesikhathi, idivayisi ingavimba noma yimaphi amaphakethe acacisiwe kuthrafikhi ephezulu/ephansi yeemugqeniisixhumanisi esisekelwe ezimweni zesihlungi sokufanisa i-tuple ukuqinisekisa ukusebenza okuphephile kwezinsizakalo zenethiwekhi.
Isibuko Sethrafikhi
Ngaphezu kokuvikelwa kwethrafikhi yesixhumanisi esisemgqeni kanye nedivayisi ye-Inline Security (njenge-IPS, i-WAF), noma iyiphi ithrafikhi eboniswa yi-SPAN ingakhishwa ohlelweni lokuqapha ukuphepha kwe-SPAN (njenge-IDS, i-APT), ukuze kuhlangatshezwane nezidingo zokusetshenziswa kokuqapha idatha yethrafikhi ye-SPAN noma ukuhlolwa nokuqinisekiswa kwethrafikhi.
Ummeleli we-SSL
Ngomsebenzi we-proxy we-SSL, iphakethe lokuqala elibethelwe liyasuswa ekubhalweni kwekhodi bese lithunyelwa ohlelweni lokuvikela ukuphepha olusemgqeni, bese idatha esusiwe ekubhalweni kwekhodi ibuyiselwa emuva kusixhumanisi sokuqala, ukuze kuhlinzekwe idatha esusiwe ekubhalweni kwekhodi ohlelweni lokuvikela ukuphepha olusemgqeni ngaphandle kokuthinta ukudluliswa kwedatha efihliwe kusixhumanisi sokuqala somsebenzisi, futhi kuqashwe futhi kuhlaziywe idatha efihliwe uhlelo lokuhlaziya.
4.2-Ukuthunyelwa kwe-SPAN
Ukuphindaphindwa Kwethrafikhi Yenethiwekhi
IyasekelaEmugqeni(uchungechunge)imodi yokuvikela yezinhlobo ezithile zethrafikhi kunoma iyiphiemugqeniisixhumanisi.Todlulisela ezinye izinhlobo zethrafikhi ezichazwe ngumsebenzisi ku-emugqeniisixhumanisi esiya ku-Emugqeni Sukuphephaidivayisiukuze kucutshungulwe, bese kuthi okunye okusele kudluliselwe ngqo ngaphandle kokugelezaEmugqeni Sukuphephaidivayisi. Ngesikhathi esifanayo,ityenza ukuqapha kwesikhathi sangempela ngesimo sokusebenza kwe-Emugqeni SukuphephaidivayisiLapho isimo sokucubungula ithrafikhi esingajwayelekile sitholakele,itizodlula ngokuzenzakalelayo endleleni yokudlulisela ithrafikhi ukuqinisekisa ukuqhubeka kwesevisi yenethiwekhi.
Ukuhlanganiswa Kwethrafikhi Yenethiwekhi
Ithrafikhi yokufaka yokuqala kanye nethrafikhi ecutshungulwe kusengaphambili ingakopishwa kusignali yesiteshi se-N ngokuya ngesignali yesiteshi esingu-1 noma ikopishwe kusignali yesiteshi se-M ngemuva kokuhlanganiswa kwesignali yesiteshi se-N ku-GE, 10GE, 40G kanye ne-100G line speed forwarding, okuxazulula kahle izidingo zokufaka amadivayisi angaphezu kwamabili okulalela amachweba amaningi kunethiwekhi ngesikhathi esisodwa.
Ukusatshalaliswa/Ukudluliselwa Kwedatha
Kuhlukaniswe ngezigaba i-metdata engenayo ngokunembile futhi kwalahlwa noma kwathunyelwa izinsizakalo zedatha ezahlukene emiphumeleni eminingi yesikhombimsebenzisi ngokwemithetho echazwe ngaphambilini yomsebenzisi.
Ukuhlunga Idatha Yephakethe
Idatha yokufakaithrafikhiingahlukaniswa ngokunembile, futhi izinsizakalo ezahlukene zedatha zingaba imithetho yohlu olumhlophe noma yohlu olumnyama, futhi imiphumela eminingi yesikhombimsebenzisi ingalahlwa noma idluliselwe phambili. Isekela inhlanganisela eguquguqukayo ngokusekelwe kuhlobo lwe-Ethernet, ithegi ye-vlan, i-IP five-tuple,I-TCPisihlonzi, izici zephakethe kanye nezinye izakhi ukuze kuhlangatshezwane nezidingo zokuthunyelwa kwemishini ehlukahlukene yokuphepha kwenethiwekhi, ukuhlaziywa kwephrothokholi, ukuhlaziywa kwesignali, kanye nokunye ukuqapha ithrafikhi.
Ibhalansi Yomthwalo
Ukulinganiswa komthwalo we-algorithm ye-Hash yokuzikhethela kungenziwa ngokuya ngezici zesendlalelo sangaphakathi nesangaphandle se-L2-L4 ukuqinisekisa ubuqotho beseshini yokugeleza kwedatha okutholwe yi-I-SPANidivayisi yokuqapha. Uma isimo sesixhumanisi sishintsha, amalungu eqembu lechweba lokukhipha imithwalo angaphuma (xhumanisa i-DOWN) noma ajoyine (xhumanisa i-UP) ngokuguquguquka, futhi iqembu lokukhipha imithwalo lingasabalalisa kabusha ngokuzenzakalelayo ithrafikhi ukuqinisekisa ukulinganiswa komthwalo okuguquguqukayo kwethrafikhi yokukhipha yechweba.
I-VLAN Ithegiwe
I-VLAN Ayinawo Amathegi
I-VLAN Ithathelwe Indawo
Kusekelwe ukufana kwanoma iyiphi insimu yokhiye kuma-byte okuqala angu-128 ephakethe. Umsebenzisi angenza ngokwezifiso inani le-offset kanye nobude bensimu yokhiye kanye nokuqukethwe, futhi anqume inqubomgomo yokukhipha ithrafikhi ngokuya ngokucushwa komsebenzisi.
Ukunyathelisa Isikhathi
Kusekelwa ku- vumelanisa iseva ye-NTP ukuze ulungise isikhathi bese ubhala umlayezo ephaketheni ngesimo sethegi yesikhathi ehlobene nophawu lwesitembu sesikhathi ekugcineni kohlaka, ngokunemba kwamasekhondi amancane
Ukuhlubula i-Tunnel Encapsulation
Kusekelwe i-VxLAN, VLAN, GRE, GTP, MPLS, IPIP header ekhishwe kuphakethe ledatha lokuqala kanye nomphumela odluliselwe.
Ukusikwa Kwedatha/Iphakethe
Iyasekelaisiqeshana sephaketheukufaka idatha yokuqala ngokusekelwe ku-interface yokufaka ithrafikhi yezinga lenqubomgomo kanye ne-interface yokukhipha (ama-64, 96, 128, 160, 192, 224, 256, 288, 320, 384, 512, 640, 768, 896, 960 bytes angakhetha), futhi inqubomgomo yokukhipha ithrafikhi ingasetshenziswa ngokuya ngokucushwa komsebenzisi.
Ukuhlonza Iphrothokholi Yokuthungela
Isekelwa ikhomba ngokuzenzakalelayo izinqubo ezahlukahlukene zokuhambisa imihubhe njenge-GTP / GRE / VxLAN / PPTP / L2TP / PPPOE / IPIP. Ngokusho kokucushwa komsebenzisi, isu lokukhipha ithrafikhi lingasetshenziswa ngokuya ngengqimba yangaphakathi noma yangaphandle yomhubhe.
Okubalulekile Kokudlulisela Iphakethe
Isekela incazelo yokubaluleka kwamaphakethe edatha ngokuya ngokubaluleka kwesevisi echwebeni engenayo, futhi amaphakethe abaluleke kakhulu adluliselwa ngokukhethekile ekuphumeni. Ngemva kokuba amaphakethe abaluleke kakhulu esethunyelwe, amanye amaphakethe aphakathi nendawo naphansi ayathunyelwa. Gwema i-alamu yesistimu yokuhlaziya ebangelwa ukuntuleka kwamaphakethe edatha abalulekile.
Isexwayiso Esingavamile
Isekela i-alamu yokuqapha yesikhathi sangempela kanye namarekhodi e-alamu omlando wezitayela zethrafikhi yesixhumi esibonakalayo ngokusekelwe ekusethweni komkhawulo. Isekela ama-alamu okuqapha yesikhathi sangempela kanye namarekhodi e-alamu omlando ngokusekelwe esimweni sempilo sehadiwe yedivayisi (i-CPU, inkumbulo, izinga lokushisa, ifeni, ukunikezwa kwamandla, njll.).
Isipele Esishisayo Se-Interface
Isekela ukucushwa kwesikhombikubona sokufaka esingu-1+1 esiyinhloko/esilindile, ukucushwa kwesikhombikubona sokukhipha esingu-1+1 esiyinhloko/esilindile, kanye nokucushwa kweqembu le-N+1 eliyinhloko/esilindile ukuze kufezwe ukuthembeka okuphezulu enqubweni yethrafikhi kusukela kokufaka kuya kokukhiphayo.
Ukulinganiswa Kokuqhuma Okuncane Kwethrafikhi
Ingakwazi ukubona isikhathi, ubude kanye nesilinganiso sokuqhuma kwethrafikhi ngesikhathi sangempela, futhi inikeze ukugcinwa kwerekhodi lokulinganisa umlando, okunikeza izindlela ezilinganiswayo nezibonakalayo kanye nesisekelo sokuxazulula izinkinga zokusebenza nokulungisa kanye nokutholwa kokulahleka kwephakethe.
Ukuvikelwa Kokujikisa Kwesixhumi Esibonakalayo
Isekela ukutholwa nokuvikelwa kwemicimbi yokuguquguquka kwezixhumanisi phezulu/phansi kwanoma yisiphi isikhombimsebenzisi, ukuze kugwenywe ukulahlekelwa yithrafikhi yokufaka neyokukhipha ebangelwa ukuxhumeka okuvamile phezulu/phansi kwezikhombimsebenzisi, futhi kuthuthukiswe ukuzinza kokuqoqwa nokudluliselwa kwethrafikhi.
Umphumela Wokumbozwa Komhubhe
Isekela ukufakwa komhubhe wohlobo lwe-ERSPAN2, GRE, VXLAN, NVGRE kwanoma iyiphi ithrafikhi eqoqwe kanye nomphumela ukuze kuhlangatshezwane nezidingo zohlelo lokusebenza lokudluliselwa kwethrafikhi eqoqwe ohlelweni lokuhlaziya olukude.
Ukuqedwa Kwephakethe Lomhubhe
Isekela umsebenzi wokuqeda umlayezo womhubhe. Lo msebenzi uvumela ukumisa amakheli e-IP/imaski kanye namakheli e-MAC echwebeni lokufaka ithrafikhi. Ivumela ukudluliswa okuqondile kwethrafikhi okudingeka iqoqwe kunethiwekhi yomsebenzisi ngezindlela zokufaka ithrafikhi njenge-GRE, GTP, kanye ne-VXLAN echwebeni lokuqoqa ledivayisi.
Ukususwa kokubethela kwe-SPAN SSL
Kusekelwa ukulayisha ukubethela kwesitifiketi se-SSL esihambisanayo. Ngemva kokubethela kwedatha ebethelwe ye-HTTPS yethrafikhi ecacisiwe, izothunyelwa ezinhlelweni zokuqapha nokuhlaziya ezingemuva njengoba kudingeka. Kusekelwa i-TLS1.0, i-TLS1.2 kanye ne-SSL3.0
Ukususwa Kokukopisha Idatha/Iphakethe
Ukusekelwa kwe-granularity yezibalo esekelwe ku-port noma ezingeni lenqubomgomo ukuqhathanisa idatha yomthombo wokuqoqwa okuningi kanye nokuphindaphinda kwephakethe ledatha elifanayo ngesikhathi esithile. Abasebenzisi bangakhetha izihlonzi zephakethe ezahlukene (dst.ip, src.port, dst.port, tcp.seq, tcp.ack, dst.mac, src.mac, vlan.id)
Ukumboza Usuku Okuhleliwe
Kusekelwe ubumbumbulu obusekelwe kunqubomgomo ukuze kuthathelwe indawo noma iyiphi insimu ebalulekile kudatha eluhlaza ukuze kufezwe injongo yokuvikela ulwazi olubucayi. Ngokusho kokucushwa komsebenzisi, inqubomgomo yokukhipha ithrafikhi ingasetshenziswa.
Ukuhlonza Iphrothokholi Yesendlalelo se-APP
Isekela ukuhlonza, ukukhipha kanye nokulahla amaProtocol e-Application Layer ngokusekelwe kumodi yokufanisa i-DNS/URL. Umtapo wolwazi wesici se-DPI ungahlanganiswa ukuze kubonwe, kukhishwe futhi kulahle okungenani izinhlobo ezingu-1800 zezici zephrothokholi yohlelo lokusebenza (njengomsindo nevidiyo, umdlalo, imiyalezo esheshayo, isizindalwazi, i-imeyili, i-P2P, njll.), kanti umtapo wolwazi wesici se-DPI ungathuthukiswa futhi ubuyekezwe. Uma kunezidingo ezikhethekile, ukuthuthukiswa kwesibili nakho kungenziwa.
Iphakethe Ukususwa Kwezingxenyana Okuchazwe Ngumsebenzisi
Isekela umsebenzi wokuzichaza ngokwakho iphakethe, okungasusa amasimu okufakwa kwe-encapsulation kanye nokuqukethwe kunoma iyiphi indawo yama-byte okuqala angu-128 ephakethe bese kulikhipha.
Ukwakheka Kwethrafikhi
Ngesikhathi esifanayo, ubuchwepheshe bokubumba ithrafikhi busetshenziswa esibonakalayo sokukhipha ukuze kukhishwe ukugeleza kwedatha kahle kuthuluzi lokuhlaziya, elixazulula ngokuyisisekelo inkinga yokulahleka kwephakethe okubangelwa ukuqhuma okuncane futhi ligweme i-alamu engavamile ebangelwa ukulahleka kwethrafikhi ohlelweni lokuhlaziya.
Ukufaniswa Kwamagama Asemqoka Ephaketheni
Ngemva kokuthi noma yikuphi okuqukethwe kwensimu engxenyeni yomthwalo wephakethe kufaniswe futhi kushaywe, iphakethe noma ukugeleza kweseshini okuhlobene kuyathunyelwa futhi kukhishwe noma kulahlwe ukuze kuhlangatshezwane nezidingo zokucubungula idatha ethile yethrafikhi.
Ukuhlubula i-Tunnel Encapsulation
Isekela ukukhishwa kwe-VXLAN, MPLS, GRE, SRV6, FABRICPATCH, GENEVE kanye nezinye izihloko zephakethe kuphakethe ledatha lokuqala ngemva kokulikhipha.
Ukulayisha Ukuxhumeka Okuhlala Isikhathi Eside
Ngokwezidingo zomsebenzisi, noma yikuphi ukugeleza kweseshini kungadluliselwa futhi kukhishwe ngokwenani lama-byte adluliselwe kanye nenani lamaphakethe adluliselwe, futhi ukugeleza kweseshini okulandelayo kungalahlwa, ukuze kuhlangatshezwane nezidingo zesistimu yokuhlaziya yangemuva kwezinye izimo ezithile, okudinga kuphela ukuthola ingxenye yethrafikhi yokugeleza kweseshini, ukunciphisa ingcindezi yokuhlaziywa kwethrafikhi nokuthuthukisa ukusebenza kahle kwesistimu yokuhlaziya.
Ukuhlaziywa Kwezibalo Zethrafikhi
Isekela izibalo zezingxenye zanoma iyiphi ithrafikhi yesikhombimsebenzisi sokufaka, futhi ingabonisa usayizi wayo wethrafikhi, usayizi wethrafikhi/isilinganiso sekheli le-IP, usayizi wethrafikhi/isilinganiso sesigaba sephrothokholi yesicelo, usayizi wethrafikhi/isilinganiso segama lephrothokholi yesicelo kanye nolwazi lweseshini yethrafikhi ngendlela yamashadi ngesikhathi sangempela, futhi ihlinzeka ngokuthunyelwa kwemiphumela yezibalo kumafayela endawo. Ngakho-ke, abasebenzisi bangaqonda ngokucacile isakhiwo sokwakheka kwanoma iyiphi ithrafikhi eqoqwe, futhi banikeze isisekelo sokusekelwa kwedatha esiqondile kakhulu sokwenza amasu ethrafikhi ngokwezifiso kanye nezidingo zebhizinisi ezishintshayo.
Ukubonakala Kwethrafikhi - Ukuhlaziywa Kwedatha Eyisisekelo
Imojuli yokuhlaziya eyisisekelo yomsebenzi wokuthola ukubona ithrafikhi ingabonisa ulwazi oluyisisekelo lwedatha yethrafikhi ethagethiwe, njengokubalwa kwamaphakethe, ukusatshalaliswa kwamaphakethe e-unicast/multicast/broadcast, inombolo yokuxhumeka kweseshini, ukusatshalaliswa kwephrothokholi yamaphakethe, kanye nosayizi wethrafikhi ethagethiwe.
Ukubonakala Kwethrafikhi - Ukuhlaziywa Okujulile kwe-DPI
Imojuli yokuhlaziya okujulile ye-DPI yomsebenzi wokuthola ukubonakala kwethrafikhi ingenza ukuhlaziywa okujulile kwedatha yethrafikhi ethagethiwe evela emibonweni eminingi, futhi iveze izibalo ezinemininingwane ngesimo samagrafu namathebula.
Ukubonakala Kwethrafikhi - Ukuhlaziywa Kwesilinganiso Sethrafikhi
● Ukuhlaziywa kwesilinganiso sephrothokholi yesendlalelo sezokuthutha: njenge-TCP, i-UDP, i-ICMP, i-IGMP, i-ARP kanye nezinye izibalo zesilinganiso sephakethe kanye nethrafikhi kanye nokuboniswa kweshadi lephayi
● Ukuhlaziywa kwesilinganiso sethrafikhi ye-IP: njengezibalo zethrafikhi ezikhiqizwe amakheli e-IP ahlukene, izinga lethrafikhi elisekelwe ku-IP i-TOP N kanye nokuboniswa kweshadi lebha
● Ukuhlaziywa kwesilinganiso sesicelo se-DPI: njenge-HTTP, QQ, FTP kanye nezinye izinqubo zesicelo, inani lama-byte, ukusatshalaliswa kwezibalo zethrafikhi yokuxhumana kanye nokuboniswa kweshadi lephayi
Ukubonakala Kwethrafikhi - Ukuhlaziywa Kwesikhathi Sethrafikhi
Ngokwezimo ezahlukene zokuhlunga, njenge-IP, i-port, i-transport layer protocol, i-application layer protocol kanye nokunye okuqukethwe okucacisiwe, idatha yamanje yethrafikhi yokubamba okuqondiwe ingahlaziywa futhi yethulwe ngokusekelwe esikhathini sokusampula, futhi usayizi wethrafikhi kanye nomkhuba kungabuzwa ngokuhambisa isilayida sesikhathi kanye nokukala kwezibalo ze-granularity, futhi ukunemba kungafinyelela ku-millisecond eyi-1.
Ukubonakala Kwethrafikhi - Ukuhlaziywa Kwethebula Lokugeleza
Ngokwezimo ezahlukene zokuhlunga, njenge-flow ID, i-IP, i-port, i-transport layer protocol, i-application layer protocol kanye nokunye okuqukethwe okucacisiwe, idatha yethrafikhi ethathwe yithagethi yamanje ingahlaziywa futhi ibalwe ngokusekelwe kumodi ye-session flow, okungukuthi, isethulo esiningiliziwe solwazi lwe-session flow, kufaka phakathi ulwazi lwe-five-tuple lokugeleza ngakunye, uhlobo lohlelo lokusebenza lokuthwala, inombolo nama-byte okudluliselwa kwephakethe, kanye nokugeleza kwedatha okuhlobene. Futhi inesibonisi sezinga ngokusekelwe kulwazi olungenhla. Ngokusekelwe kulolu lwazi, abasebenzisi bangathatha kalula izinhlobo zethrafikhi abazikhathalelayo, okunikeza isisekelo esiqondile kakhulu kubasebenzisi sokwakha izinqubomgomo zokudlulisela ithrafikhi.
Ukubonakala Kwethrafikhi - Ukuhlaziywa Kwephakethe
Ngokusekelwe ezimisweni zokuhlunga ezahlukene, njenge-packet ID, i-IP, i-port, i-transport layer protocol, i-application layer protocol kanye nokunye okuqukethwe okucacisiwe, idatha yethrafikhi eqondiwe ebanjiwe inganikezwa ngesethulo sokuhlaziya izinga lephakethi ngalinye, okuhlanganisa:
● Ukuhlaziywa kwesitembu sesikhathi sokuqoqwa kwamaphakethe
● Ukuhlaziywa kolwazi lwephakethe lokhiye, njengokuphuza, ukucwilisa, i-smac, i-dmac, iphrothokholi, ifulegi, i-TTL, ubude bomlayezo, imicimbi ebalulekile
● Ukuhlaziywa kwendlela yokudlulisa iphakethe kanye nokuboniswa kwezithombe ezinyakazayo, njengokuthi: izikhathi zokudlulisela phambili, ukubambezeleka kokudlulisela phambili, uhlobo lokudlulisela phambili (umzila, ukushintsha, i-firewall, ukulinganisa umthwalo, i-NAT)
● Isifinyezo solwazi lwephakethe kanye nokuboniswa kwesakhiwo okuningiliziwe
● Ukuhlaziywa kwenani lamaqoqo ephakethe aphindaphindwayo
Ukubonakala Kwethrafikhi – Ukuhlaziywa Kwephutha Okunembile
Imojuli yokuhlaziya amaphutha yomsebenzi wokuthola ukubonakala kwethrafikhi inganikeza indawo ehlukile yokuhlaziya amaphutha okubonakalayo kwedatha yethrafikhi ethagethiwe, okuhlanganisa:
● Ukubuka konke okungajwayelekile, njengokuthi: imiphumela yokuhlaziywa kwesevisi yenethiwekhi, imiphumela yokuhlaziywa kwemicimbi engajwayelekile, inqubo yenethiwekhi esekelwe ekuhlaziyweni kokuziphatha (njengenani lamadivayisi okuhambisa, amadivayisi e-NAT, amadivayisi okuvikela umlilo, amadivayisi okulinganisa umthwalo adluliswe yi-transmission yephakethe)
● Ukuhlaziywa kokwehluleka ezingeni lethebula lokugeleza, njengezinhlobo zemicimbi engavamile (ukuxhumeka kwenqatshiwe/ukuxhumeka akuphenduli/ukuxhumeka akukho ukudluliswa kwedatha/ukuxhumana okuvulekile kancane/umzila weseshini ongafinyeleleki, njll.), ● Ukuhlaziywa kokwehluleka kwezinga lephakethi, njengokuthi: uhlobo lwesenzakalo esingavamile (iphutha le-packet checksum /TTL 0/ iphutha elingafinyeleleki /iphutha le-FCS checksum, njll.), incazelo eningiliziwe yolwazi olungavamile, kanye nemininingwane yokugeleza kwedatha okuhlobene.
● Ukuhlaziywa kwamaphutha okuphepha, njengokuthi: uhlobo lomcimbi ongavamile (ukuhlasela kwe-DDOS/ukuvimba komlilo/ukuhlasela kwe-ARP/isikhukhula se-UDP/isikhukhula se-SYN, njll.), incazelo eningiliziwe yolwazi olungavamile, kanye nemininingwane yokugeleza kwedatha okuhlobene
● Ukuhlaziywa kwephutha lenethiwekhi, njengokuthi: uhlobo lomcimbi ongavamile (iluphu yokushintsha/iluphu yomzila/indlela engafinyeleleki/ukuphazamiseka kwesixhumanisi, njll.), incazelo eningiliziwe yolwazi olungavamile, kanye nemininingwane yokugeleza kwedatha okuhlobene
5-I-Mylinking™ Network Packet Broker kanye Nemininingwane Yeswishi Ye-Inline Bypass
| ML-DLULA-M2000 Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ kanye ne-Inline Bypass Switch Imininingwane Yokusebenza | ||||
| Isixhumi esibonakalayo senethiwekhi | Isikhala semojuli | Izikhala zemojula ezi-4 ze-BYPASS noma ze-MONITOR | ||
| Inani lezixhumanisi eziku-inthanethi | Isekela ukuvikelwa kwezixhumanisi ze-optical ezifika ku-16 ze-1G/10G noma izixhumanisi ze-optical eziyi-8 ze-40G/100G. | |||
| Isixhumi sokuqapha se-Monitor | Isekela ubuningi bezindawo zokuqapha ezingama-64*1G/10GE noma izindawo zokuqapha ezingama-16*40G/100G. | |||
| Isixhumi esibonakalayo sokuphatha esingaphandle kwebhendi | Imbobo ye-Ethernet engu-1*10/100/1000M; | |||
| Imodi yokusetshenziswa | Ukufakwa okusemgqeni | Usekelo | ||
| Ukufakwa kwe-SPAN | Usekelo | |||
| Imisebenzi Yesistimu | Imodi yokufakwa emgqeni | Ukuvikelwa kokuhlangana kokugeleza okuthile | Usekelo | |
| Ukuvikelwa kochungechunge lokugeleza konke | Usekelo | |||
| Ukulinganisa umthwalo | Usekelo | |||
| Ukutholwa kokushaya kwenhliziyo | Usekelo | |||
| Ukushintsha kwe-BYPASS | Usekelo | |||
| Ukuvinjelwa kwethrafikhi | Usekelo | |||
| Ukulingisa ithrafikhi | Usekelo | |||
| Ummeleli we-SSL | Usekelo | |||
| Imodi yokusetshenziswa kwe-SPAN | Ukucubungula okuyisisekelo kwethrafikhi | Ukuphindaphindwa/ukuhlanganiswa/ukusatshalaliswa kwethrafikhi | Usekelo | |
| Ukulinganisa umthwalo | Usekelo | |||
| Ukuhlunga ithrafikhi ngokusekelwe kusihlonzi se-IP/protocol/port 5-tuple | Usekelo | |||
| Ukumaka/ukuguqulwa/ukususwa kwe-VLAN | Usekelo | |||
| Ukufaka isitembu sesikhathi | Usekelo | |||
| Ukususwa kwe-tunnel encapsulation | Usekelo | |||
| Ukusikwa Kwedatha | Usekelo | |||
| Ukuhlonza Iphrothokholi Yokuthungela Umhubhe | Usekelo | |||
| Okubalulekile ekudlulisweni kwephakethe | Usekelo | |||
| Isexwayiso esingavamile | Usekelo | |||
| I-interface eshisayo yokulinda | Usekelo | |||
| Ukulinganisa ukuqhuma okuncane | Usekelo | |||
| Ukuvikelwa kokujikisa kwesixhumi | Usekelo | |||
| Umphumela Wokumbozwa Komhubhe | Usekelo | |||
| Ukuphela kwephakethe lomhubhe | Usekelo | |||
| Ukucubungula ithrafikhi okuthuthukisiwe | Ukususa Ukubethela Kwe-SSL Nge-Bypass | Usekelo | ||
| Ukukhishwa kwedatha | Usekelo | |||
| Ukufihla idatha | Usekelo | |||
| Ukuhlonza iphrothokholi yesendlalelo sohlelo lokusebenza | Usekelo | |||
| Ukususa i-capsule ngokwezifiso | Usekelo | |||
| Ukubumbana kokugeleza | Usekelo | |||
| Ukufanisa amagama angukhiye | Usekelo | |||
| Ukususwa kwe-tunnel encapsulation | Usekelo | |||
| Ukulayisha uxhumano oluhlala isikhathi eside | Usekelo | |||
| Ukuqashelwa kwengxenye yokugeleza | Usekelo | |||
| Ukuxilongwa nokuqapha | Ukuqapha kwesikhathi sangempela | Usekelo | ||
| Umbuzo wethrafikhi yomlando | Usekelo | |||
| Ukuthwebula ithrafikhi | Usekelo | |||
| Ukutholwa kokubukwa kwethrafikhi | Ukuhlaziywa Okuyisisekelo | Isekela isifinyezo sezibalo esisekelwe kulwazi oluyisisekelo njengokubalwa kwamaphakethe, ukusatshalaliswa kohlobo lwamaphakethe, ukubalwa kokuxhumeka kweseshini, kanye nokusatshalaliswa kwephrothokholi yamaphakethe. | ||
| Ukuhlaziywa Okujulile kwe-DPI | Isekela ukuhlaziywa kwesilinganiso sezinqubo zezendlalelo zokuthutha, isilinganiso se-unicast, ukusakazwa kanye ne-multicast, isilinganiso sethrafikhi ye-IP, kanye nesilinganiso sezinhlelo zokusebenza ze-DPI. Isekela ukuhlaziywa kanye nokwethulwa kokuqukethwe kwedatha ngokusekelwe esikhathini sokusampula kanye nomthamo wedatha. Isekela ukuhlaziywa kwedatha kanye nezibalo ngokusekelwe emifudlaneni yeseshini. | |||
| Ukuhlaziywa Kwephutha Okunembile | Isekela ukuhlaziywa kwamaphutha kanye nokwasendaweni kusetshenziswa idatha yethrafikhi evela emibonweni eyahlukene, okuhlanganisa: ukuhlaziywa kokuziphatha kokudluliselwa kwephakethe, ukuhlaziywa kwamaphutha ezingeni lokusakaza kwedatha, ukuhlaziywa kwamaphutha ezingeni lephakethe ledatha, ukuhlaziywa kwamaphutha okuhlobene nokuphepha, kanye nokuhlaziywa kwamaphutha okuhlobene nenethiwekhi. | |||
| Umthamo wokucubungula | 2.4Tbps | |||
| Phatha | Ukuphathwa Kwenethiwekhi Ye-CONSOLE | Usekelo | ||
| Ukuphathwa Kwenethiwekhi ye-IP/WEB | Usekelo | |||
| Ukuphathwa kwenethiwekhi ye-SNMP | Usekelo | |||
| Ukuphathwa kwenethiwekhi ye-TELNET/SSH | Usekelo | |||
| Iphrothokholi ye-SYSLOG | Usekelo | |||
| Ukuqinisekiswa kokugunyazwa okuhlanganisiwe kwe-RADIUS noma i-TADACS+ | Usekelo | |||
| Umsebenzi wokuqinisekisa umsebenzisi | Ukuqinisekiswa kwegama lomsebenzisi nephasiwedi | |||
| Ugesi | I-voltage yokunikezwa kwamandla elinganisiwe | I-AC-220V/DC-48V [Ongakukhetha] | ||
| Imvamisa yamandla ekalwe | I-AC-50HZ | |||
| Kulinganiswe okwamanje kokufaka | I-AC-3A / DC-10A | |||
| Amandla okusebenza alinganisiwe | Ubuningi obungu-300W | |||
| Indawo ezungezile | Izinga lokushisa lokusebenza | 0-50℃ | ||
| Izinga lokushisa lesitoreji | -20-70℃ | |||
| Umswakama osebenzayo | 10% -95%, akunciphisi | |||
| Ukucushwa Komsebenzisi | Ukucushwa kwekhonsoli | Isixhumi esibonakalayo se-RS232, 115200, 8, N, 1 | ||
| Ukuqinisekiswa kwephasiwedi | Sukwesekwa | |||
| Usayizi Werekhi | Indawo yerekhi (U) | 2U 444mm*88mm*670mm | ||
6-Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ kanye ne-Inline Bypass Switch Application
6.1IRisk ofI-Inline SukuphephaEimishini (IPS / FW)
Okulandelayo i-IPS ejwayelekile (Intrusion Prevention System), imodi yokuthunyelwa kwe-FW (Firewall), i-IPS / FW ifakwa ngokulandelana emishinini yenethiwekhi (ama-router, amaswishi, njll.) phakathi kwethrafikhi ngokusebenzisa ukuhlolwa kokuphepha, ngokusho kwenqubomgomo yokuphepha ehambisanayo yokunquma ukukhululwa noma ukuvimba ithrafikhi ehambisanayo, ukuze kufezwe umphumela wokuzivikela kokuphepha.
Okulandelayo i-IPS ejwayelekile (Intrusion Prevention System), imodi yokuthunyelwa kwe-FW (Firewall), i-IPS / FW ifakwa ngokulandelana emishinini yenethiwekhi (ama-router, amaswishi, njll.) phakathi kwethrafikhi ngokusebenzisa ukuhlolwa kokuphepha, ngokusho kwenqubomgomo yokuphepha ehambisanayo yokunquma ukukhululwa noma ukuvimba ithrafikhi ehambisanayo, ukuze kufezwe umphumela wokuzivikela kokuphepha.
6.2 Ukuvikelwa Kwemishini Yochungechunge Lwezixhumanisi Eziku-Inline
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch isetshenziswa ochungechungeni phakathi kwamadivayisi enethiwekhi (ama-router, amaswishi, njll.), futhi ukuhamba kwedatha phakathi kwamadivayisi enethiwekhi akusaholeli ngqo ku-IPS / FW, "Smart Inline Bypass Switch" kuya ku-IPS / FW, lapho i-IPS / FW ngenxa yokugcwala ngokweqile, ukuphahlazeka, izibuyekezo zesofthiwe, izibuyekezo zenqubomgomo kanye nezinye izimo zokwehluleka, "i-Smart Inline Bypass Switch" ngokusebenzisa ukutholwa komlayezo wokushaya kwenhliziyo okuhlakaniphile Umsebenzi wokutholwa kwesikhathi, futhi ngaleyo ndlela yeqa idivayisi enephutha, ngaphandle kokuphazamisa isisekelo senethiwekhi, imishini yenethiwekhi esheshayo exhunywe ngqo ukuvikela inethiwekhi evamile yokuxhumana; lapho ukwehluleka kwe-IPS / FW kubuya, kodwa futhi ngamaphakethe okushaya kwenhliziyo ahlakaniphile Ukutholwa kokutholwa kwesikhathi somsebenzi, isixhumanisi sokuqala sokubuyisela ukuphepha kokuhlolwa kokuphepha kwenethiwekhi yebhizinisi.
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch inomsebenzi onamandla wokuthola imiyalezo yokushaya kwenhliziyo ehlakaniphile, umsebenzisi angenza ngokwezifiso isikhathi sokushaya kwenhliziyo kanye nenani eliphezulu lokuzama kabusha, ngomlayezo wokushaya kwenhliziyo owenziwe ngokwezifiso ku-IPS / FW wokuhlolwa kwezempilo, njengokuthumela umlayezo wokuhlola ukushaya kwenhliziyo echwebeni elingaphezulu / eliphansi le-IPS / FW, bese uthola kusuka echwebeni elingaphezulu / eliphansi le-IPS / FW, bese wahlulela ukuthi i-IPS / FW isebenza kahle yini ngokuthumela nokwamukela umlayezo wokushaya kwenhliziyo.
6.3 Ukugeleza Kwenqubomgomo “Ye-SpecFlow” OkusemgqeniUkuphephaUkuvikelwa Kochungechunge
Uma idivayisi yenethiwekhi yokuphepha idinga kuphela ukubhekana nokuvikelwa kokuphepha kwethrafikhi ethile ochungechungeni, ngokusebenzisa i-Mylinking™ Network Packet Broker kanye nomsebenzi wokucubungula ithrafikhi ye-Inline Bypass Switch, ngenqubomgomo yokuhlola ithrafikhi yokuxhuma idivayisi yokuphepha emugqeni "Ithrafikhi ekhathazekile" ithunyelwa ngqo kusixhumanisi senethiwekhi, futhi "isigaba sethrafikhi esithintekayo" sithinta idivayisi yokuphepha emugqeni ukuze kwenziwe ukuhlolwa kokuphepha. Lokhu ngeke kugcine nje kuphela ukusetshenziswa okuvamile komsebenzi wokuthola ukuphepha wedivayisi yokuphepha, kodwa futhi kuzonciphisa ukuhamba okungasebenzi kahle kwemishini yokuphepha ukubhekana nokucindezela; ngesikhathi esifanayo, i-"Smart Inline Bypass Switch" ingathola isimo sokusebenza sedivayisi yokuphepha ngesikhathi sangempela. Idivayisi yokuphepha isebenza ngendlela engavamile idlula ithrafikhi yedatha ngqo ukuze igweme ukuphazamiseka kwesevisi yenethiwekhi.
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch ingakhomba ithrafikhi ngokusekelwe kusihlonzi sekhanda lesendlalelo se-L2-L4, njengethegi ye-VLAN, ikheli le-MAC lomthombo/indawo, ikheli le-IP lomthombo, uhlobo lwephakethe le-IP, i-port layer protocol port, ithegi ye-protocol header key, njalo njalo. Izimo ezahlukahlukene zokufanisa inhlanganisela eguquguqukayo ingachazwa ngendlela eguquguqukayo ukuze kuchazwe izinhlobo ezithile zethrafikhi ezithakazelisa idivayisi ethile yokuphepha futhi zingasetshenziswa kabanzi ekusetshenzisweni kwamadivayisi okuhlola okuphepha akhethekile (i-RDP, i-SSH, ukuhlolwa kwedathabheyisi, njll.).
6.4Load balancedUkuphepha OkusemgqeniUkuvikelwa Kochungechunge
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch ifakwa ochungechungeni phakathi kwamadivayisi enethiwekhi (ama-router, amaswishi, njll.). Uma ukusebenza okukodwa kokucubungula kwe-IPS / FW kunganele ukubhekana nethrafikhi ephezulu yesixhumanisi senethiwekhi, umsebenzi wokulinganisela umthwalo wethrafikhi womvikeli, "ukuhlanganisa" kwethrafikhi yesixhumanisi senethiwekhi yokucubungula amaqoqo amaningi e-IPS / FW, kunganciphisa ngempumelelo ingcindezi yokucubungula ye-IPS / FW eyodwa, kuthuthukise ukusebenza kokucubungula okuphelele ukuze kuhlangatshezwane ne-bandwidth ephezulu yendawo yokuthunyelwa.
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch inomsebenzi onamandla wokulinganisela umthwalo, ngokusho kwethegi ye-VLAN yohlaka, ulwazi lwe-MAC, ulwazi lwe-IP, inombolo yephothi, iphrothokholi kanye nolunye ulwazi mayelana nokusatshalaliswa kokulinganisela umthwalo we-Hash kwethrafikhi ukuqinisekisa ukuthi i-IPS / FW ngayinye ithola ubuqotho beSeshini yokugeleza kwedatha.
6.5Uchungechunge oluningiImishini Ephakathi FphansiTukuhlanganyelaPukuvikela(UshintshoOkwemveloUkuxhumeka Okusheshayo ku-OkunengqondoUxhumano Oluhambisanayo)
Kwezinye izixhumanisi ezibalulekile (njengezindawo zokuxhumanisa ze-inthanethi, isixhumanisi sokushintshana kwendawo yeseva) indawo ivame ukubangelwa yizidingo zezici zokuphepha kanye nokufakwa kwemishini eminingi yokuhlola ukuphepha emugqeni (njenge-firewall, imishini yokuhlasela ye-anti-DDOS, i-firewall yesicelo se-WEB, imishini yokuvimbela ukungena, njll.), imishini eminingi yokuthola ukuphepha ngesikhathi esisodwa ochungechungeni kusixhumanisi ukwandisa isixhumanisi sephuzu elilodwa lokwehluleka, kunciphisa ukuthembeka okuphelele kwenethiwekhi. Futhi ekufakweni kwemishini yokuphepha ekwi-inthanethi okukhulunywe ngenhla, ukuthuthukiswa kwemishini, ukushintshwa kwemishini kanye neminye imisebenzi, kuzobangela ukuphazamiseka kwenethiwekhi isikhathi eside kanye nesenzo esikhulu sokunqamula iphrojekthi ukuze kuqedwe ukuqaliswa ngempumelelo kwamaphrojekthi anjalo.
Ngokusebenzisa i-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch ngendlela ehlanganisiwe, imodi yokusetshenziswa kwamadivayisi amaningi okuphepha axhunywe ochungechungeni kusixhumanisi esifanayo ingashintshwa kusuka ku-"Physical Serial Connection Mode" iye ku-"Physical Parallel Connection but Logical Serial Connection Mode". Lokhu kunciphisa ngempumelelo imithombo yokuhluleka kwephuzu elilodwa kusixhumanisi se-serial futhi kuthuthukisa ukuthembeka kwesixhumanisi. Ngesikhathi esifanayo, i-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch ingaqondisa ithrafikhi yesixhumanisi uma kudingeka, ifinyelele umphumela ofanayo wokucubungula ukuphepha kwethrafikhi njengemodi yokuxhumeka kwe-serial yokuqala.
Amadivayisi angaphezu kweyodwa e-Inline Security ngesikhathi esisodwa kumdwebo wokusetshenziswa kochungechunge:
Umthengisi Wephakethe Lenethiwekhi ye-Mylinking™ kanye nomdwebo Wokusetshenziswa Kwe-Inline Bypass Switch:
(Shintsha i-Pysical Serial Connection ibe yi-Logical Parallel Connection)
6.6Ngokusekelwe ku-DInqubomgomo ye-synamic yeTi-raffic InlineSukuphephaDukubophaPukuvikela
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch, esinye isimo sesicelo esithuthukisiwe sisekelwe kunqubomgomo enamandla yezinhlelo zokusebenza zokuvikela ukuphepha kokutholwa kwethrafikhi, ukuthunyelwa kwendlela njengoba kuboniswe ngezansi:
Thatha imishini yokuhlola ukuphepha ethi "Anti-DDoS attack protection and detection", isibonelo, ngokusebenzisa ukuthunyelwa kwe-"Smart Bypass Switch" bese kuba imishini yokuvikela i-anti-DDOS bese uxhumeka ku-"Smart Bypass Switch", ku-"Smart Bypass Switch" evamile uye enanini eliphelele lokudluliselwa kwesivinini sethrafikhi ngesikhathi esifanayo nokukhishwa kwesibuko sokugeleza kuya ku-"Anti-DDOS attack protection device", uma itholakale kwi-server IP (noma ingxenye yenethiwekhi ye-IP) ngemva kokuhlaselwa, "Anti-DDOS attack protection device" izokhiqiza imithetho yokufanisa ukugeleza kwethrafikhi okuqondiwe bese iyithumela ku-"Smart Bypass Switch" ngokusebenzisa isikhombimsebenzisi sokulethwa kwenqubomgomo enamandla. I-"Bypass Switch" ingabuyekeza "i-traffic traction dynamic" ngemuva kokuthola imithetho yenqubomgomo enamandla. I-Rule pool "futhi ngokushesha" umthetho ushaye i-attack server traffic "traction to the" anti-DDoS attack protection and detection equipment "yokucubungula, ukuze isebenze ngemva kokugeleza kokuhlaselwa bese ifakwa kabusha kunethiwekhi.
Uhlelo lokusebenza olusekelwe ku-"Smart Bypass Switch" kulula ukulusebenzisa kune-BGP route injection yendabuko noma olunye uhlelo lokudonsa ithrafikhi, futhi imvelo ayixhomekile kakhulu kunethiwekhi futhi ukuthembeka kuphakeme.
"I-Smart Bypass Switch" inezici ezilandelayo zokusekela ukuvikelwa kokutholwa kokuphepha kwenqubomgomo enamandla:
1. "I-Smart Bypass Switch" ukuhlinzeka ngaphandle kwemithetho ngokusekelwe ku-interface ye-WEBSERIVCE, ukuhlanganiswa okulula namadivayisi okuphepha avela eceleni.
2. "I-Smart Bypass Switch" esekelwe ku-chip ye-ASIC emsulwa yehadiwe edlulisela amaphakethe esivinini sentambo angu-100Gbps ngaphandle kokuvimba ukudlulisela iswishi, kanye "nomtapo wolwazi wemithetho eguquguqukayo yokudonsa ithrafikhi" kungakhathaliseki ukuthi inombolo ingakanani.
3. Umsebenzi wobuchwepheshe we-BYPASS owakhelwe ngaphakathi "i-Smart Bypass Switch", noma ngabe isivikelo ngokwaso sehluleka, singadlula nesixhumanisi sokuqala se-serial ngokushesha, asithinti isixhumanisi sokuqala sokuxhumana okuvamile.
6.7Ukubukisa Ithrafikhi Ephakathi KomugqaKokuphepha Okungaphandle Kwebhendi (Okusemgqeni + I-SPAN)
I-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch ngokuvamile isetshenziswa kunethiwekhi ye-IT yekhasimende noma kunethiwekhi yesikhulumi samafu ukuze inikeze ukuvikelwa okuku-inthanethi kwamadivayisi e-WAF/IPS kanye nesixhumanisi sokuqala. Abasebenzisi bangase babe nezidingo ezengeziwe zokuhlola, ukuqinisekisa, noma ukuthunyelwa kwamadivayisi okuqapha i-bypass, okudinga ukutholwa kwedatha yethrafikhi kulesi sixhumanisi.
Ngakho-ke, kusetshenziswa umsebenzi wokulinganisa ithrafikhi we-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch, ithrafikhi yesixhumanisi se-inline serial ingalinganiswa kusuka echwebeni lokuqapha, njengoba kuboniswe esithombeni esilandelayo:
Umdwebo ongezansi ubonisa isimo sesicelo esinwetshiwe sethrafikhi yesixhumanisi esisemgqeni kanye nethrafikhi yechweba elibukwayo. Lokhu kuvumela ukuvikelwa kwethrafikhi yesixhumanisi esisemgqeni ngaphandle kokuthintwa yithrafikhi yechweba elibukwayo. Uhlelo lokuhlaziya i-IDS lungathola ngesikhathi esisodwa ithrafikhi yesixhumanisi esisemgqeni kanye nethrafikhi yechweba elibukwayo ngesikhathi esifanayo. Indlela yokusabalalisa iboniswe kumdwebo ongezansi:
6.8Ukususwa Kokukopisha Idatha/IphaketheIsicelo
Njengoba kuboniswe esakhiweni sokufakwa kwesicelo ngenhla, ukuqinisekisa ubuqotho bokuqoqwa kwedatha yokuqala kuyo yonke isixhumanisi, amanye amaphakethe edatha afanayo angaqoqwa izikhathi eziningi ngaphakathi kwendlela eyodwa. Lokhu kuholela ekwandeni kwama-alamu amanga kanye nokudluliselwa kabusha ohlelweni lwe-backend, okwandisa ukusebenza okuphezulu kohlelo lokuhlaziya futhi kuthinte ukunemba nokusebenza kahle kokuhlaziya. Ngokusekelwe esixazululweni, okokuqala, amaphakethe edatha aphindaphindwayo adluliselwa kuma-node ahlukene okuthwebula. Iphakethe ledatha elilodwa kuphela elithunyelwa ohlelweni lokuhlaziya ukusebenza kwenethiwekhi ye-backend NPM kanye nohlelo lokuhlaziya ukusebenza kwesicelo se-APM, ngaleyo ndlela kulondolozwa ukusebenza kohlelo lokuhlaziya futhi kuthuthukiswe ukusebenza kahle nokunemba kokuhlaziya.
6.9Idatha/IphaketheI-VLAN TaggingIsicelo
Endaweni yenethiwekhi eboniswe kumdwebo ongenhla, ikhambi lisetshenziselwa ukumaka ilebula idatha eluhlaza evela kumadivayisi enethiwekhi ahlukene kanye nama-link node. Uma kwenzeka ithrafikhi engajwayelekile noma amaphakethe edatha kunethiwekhi, imishini yokuhlaziya i-backend ingathola ngokushesha nangokunembile umthombo wedatha engajwayelekile ngokulandelela emuva ngokusekelwe kumalebula edatha.
6.10 Ithrafikhi YenethiwekhiUhlelo OluhlangeneIsicelo
Endaweni yenethiwekhi eboniswe kumdwebo ongenhla, idatha eminingi yesixhumanisi somthombo we-10GE, 25GE, 40GE kanye ne-100GE ifakwa ngokuphelele ku-Mylinking™ Network Packet Broker kanye ne-Inline Bypass Switch kusetshenziswa i-optical splitting noma i-port mirror. Ngemuva kwalokho, ukuhlunga kanye nokuhlukaniswa kwethrafikhi kusetshenziselwa ukukhipha ithrafikhi yedatha yesevisi ehlukene kumadivayisi ahlukene okuqapha inethiwekhi yangaphandle kwebhendi kanye nohlelo lokuphepha. Lapho ukungalingani kwephakethe lenethiwekhi noma ukushintshashintsha kwethrafikhi okungavamile kudinga ukungenelela ngesandla, ukubanjwa kwephakethe ngesikhathi sangempela kanye nokuhlaziywa kwamaphakethe edatha okuqala kungenziwa ngokushesha ukusiza abasebenzisi ukuthi bahlaziye ngokushesha futhi bathole iphutha.
6.11InethiwekhiUkuhlaziywa Kokubonakala Kwedatha YethrafikhiIsicelo
Ingaveza noma iyiphi idatha etholakele futhi ethathwe ngendlela enezinhlangothi eziningi futhi enombono omningi ngokusebenzisa isikhombikubona esisebenziseka kalula sezithombe nombhalo, okuhlanganisa isakhiwo sokwakheka kwethrafikhi, ukusatshalaliswa kwephrothokholi yesicelo, ukusatshalaliswa kwethrafikhi kwawo wonke ama-node enethiwekhi, indlela yokudlulisa idatha, ukutholwa kwemicimbi engavamile, indawo eqondile yamaphutha e-element/link yenethiwekhi, isimo sokusebenzisana kwemiyalezo, ukuthambekela kokuthuthukiswa kwethrafikhi kanye nezinye izici zokuqapha nokuhlaziya, ukuze kusungulwe ipulatifomu ephelele, ebonakalayo nelawulekayo yokuqoqwa kwedatha kanye nokuphepha kwamanethiwekhi ebhizinisi.
