I-Bypass TAP (ebizwa nangokuthi i-bypass switch) inikeza ama-port okufinyelela aphephile kumadivayisi okuphepha asebenzayo afakiwe njenge-IPS kanye nama-firewall esizukulwane esilandelayo (NGFWS). I-bypass switch ifakwa phakathi kwamadivayisi enethiwekhi naphambi kwamathuluzi okuphepha enethiwekhi ukuze inikeze indawo ethembekile yokuhlukaniswa phakathi kwenethiwekhi kanye nesendlalelo sokuphepha. Ziletha ukwesekwa okugcwele kumanethiwekhi namathuluzi okuphepha ukuze kugwenywe ingozi yokuphazamiseka kwenethiwekhi.
Isixazululo 1 1 Isixhumanisi Sokudlula Inethiwekhi Yokuthepha (Ukushintsha Kokudlula) - Okuzimele
Isicelo:
I-Bypass Network Tap (Bypass Switch) ixhuma kumadivayisi amabili enethiwekhi ngama-Link ports futhi ixhuma kuseva yangaphandle ngama-Device ports.
I-trigger ye-Bypass Network Tap(Bypass Switch) isethwe ku-Ping, ethumela izicelo ze-Ping ezilandelanayo kuseva. Uma iseva iyeka ukuphendula kuma-ping, i-Bypass Network Tap(Bypass Switch) ingena kwimodi ye-bypass.
Uma iseva iqala ukuphendula futhi, i-Bypass Network Tap (Bypass Switch) ishintshela emuva kumodi yokuphuma.
Lolu hlelo lokusebenza lungasebenza kuphela nge-ICMP(Ping). Awekho amaphakethe okushaya kwenhliziyo asetshenziswa ukuqapha ukuxhumana phakathi kweseva kanye ne-Bypass Network Tap(Bypass Switch).
Isixazululo 2 Iphakethe Lenethiwekhi Umthengisi + I-Bypass Network Tap (I-Bypass Switch)
Umthengisi Wephakethe Lenethiwekhi (NPB) + I-Bypass Network Tap (I-Bypass Switch) -- Isimo Esijwayelekile
Isicelo:
I-Bypass Network Tap (Bypass Switch) ixhuma kumadivayisi amabili enethiwekhi ngama-Link port kanye ne-Network Packet Broker (NPB) ngama-Device port. Iseva yomuntu wesithathu ixhuma ku-Network Packet Broker (NPB) isebenzisa izintambo zethusi ezingu-2 x 1G. I-Network Packet Broker (NPB) ithumela amaphakethe okushaya kwenhliziyo kuseva nge-port #1 futhi ifuna ukuwathola futhi ku-port #2.
Isiqalisi se-Bypass Network Tap(Bypass Switch) sisethwe ku-REST, kanti i-Network Packet Broker(NPB) isebenzisa uhlelo lokusebenza lwe-bypass.
Ithrafikhi kumodi yokudlula:
Idivayisi 1 ↔ Ukushintsha/Ukuthepha Ngokudlula ↔ I-NPB ↔ Iseva ↔ I-NPB ↔ Ukushintsha/Ukuthepha Ngokudlula ↔ Idivayisi 2
Umthengisi Wephakethe Lenethiwekhi (NPB) + I-Bypass Network Tap (I-Bypass Switch) -- I-Software Bypass
Incazelo ye-Software Bypass:
Uma i-Network Packet Broker (NPB) ingaboni amaphakethe okushaya kwenhliziyo, izovumela i-software bypass.
Ukucushwa kwe-Network Packet Broker (NPB) kuguqulwa ngokuzenzakalelayo ukuze kuthunyelwe ithrafikhi engenayo emuva ku-Bypass Network Tap (Bypass Switch), ngaleyo ndlela kufakwe kabusha ithrafikhi kusixhumanisi esibukhoma ngokulahlekelwa okuncane kwephakethe.
I-Bypass Network Tap (Bypass Switch) ayidingi ukuphendula nhlobo ngoba konke ukunqamula kwenziwa yi-Network Packet Broker (NPB).
Ithrafikhi ekudluleni kwesofthiwe:
Idivayisi 1 ↔ Ukushintsha/Ukuthepha Ngokudlula ↔ I-NPB ↔ Ukushintsha/Ukuthepha Ngokudlula ↔ Idivayisi 2
Umthengisi Wephakethe Lenethiwekhi (NPB) + I-Bypass Network Tap (I-Bypass Switch) -- I-Hardware bypass
Incazelo ye-Hardware Bypass:
Uma kwenzeka ukuthi i-Network Packet Broker (NPB) yehluleka noma uxhumano phakathi kwe-Network Packet Broker (NPB) kanye ne-Bypass Network Tap (Bypass Switch) lunqanyuliwe, i-Bypass Network Tap (Bypass Switch) ishintshela kumodi ye-bypass ukuze igcine isixhumanisi sesikhathi sangempela sisebenza.
Uma i-Bypass Network Tap(Bypass Switch) ingena kwimodi ye-bypass, i-Network Packet Broker(NPB) kanye neseva yangaphandle bayadlula futhi abatholi noma iyiphi ithrafikhi kuze kube yilapho i-Bypass Network Tap(Bypass Switch) ishintshela kwimodi ye-throughput.
Imodi ye-bypass ivuselelwa uma i-Bypass Network Tap (Bypass Switch) ingasaxhunywanga kugesi.
Ithrafikhi yehadiwe engaxhunyiwe ku-inthanethi:
Idivayisi 1 ↔ Ukushintsha/Ukuthepha Ngokudlula ↔ Idivayisi 2
Isixazululo 3 Amathephu Enethiwekhi Amabili Okudlula (Amaswishi Okudlula) esixhumanisi ngasinye
Imiyalelo yokucushwa:
Kulokhu kusethwa, isixhumanisi sethusi esisodwa samadivayisi amabili axhunywe kuseva eyaziwayo sidlula ama-Bypass Network Taps amabili (ama-Bypass Switches). Inzuzo yalokhu ngaphezu kwesisombululo se-bypass esisodwa ukuthi lapho uxhumano lwe-network packet broker (NPB) luphazamiseka, iseva iseyingxenye yesixhumanisi esibukhoma.
Ama-2 * Ama-Bypass Network Taps (Ama-Bypass Switches) ngesixhumanisi ngasinye - I-Software Bypass
Incazelo ye-Software Bypass:
Uma i-Network Packet Broker (NPB) ingaboni amaphakethe okushaya kwenhliziyo, izovumela i-software bypass. I-Bypass Network Tap (Bypass Switch) ayidingi ukusabela nhlobo ngoba konke ukudlula kwenziwa yi-Network Packet Broker (NPB).
Ukudlula kwethrafikhi kusofthiwe:
Idivayisi 1 ↔ I-Bypass Switch/Thepha 1 ↔ I-Network Packet Broker (NPB) ↔ I-Bypass Switch/Thepha 2 ↔ Idivayisi 2
Ama-2 * Ama-Bypass Network Taps (Ama-Bypass Switches) ngesixhumanisi ngasinye - I-Hardware Bypass
Incazelo ye-Hardware Bypass:
Uma kwenzeka ukuthi i-Network Packet Broker (NPB) yehluleka noma uxhumano phakathi kwe-Bypass Network Tap (Bypass Switch) kanye ne-Network Packet Broker (NPB) lunqanyuliwe, womabili ama-Bypass Network Taps (Bypass Switches) ashintshelwa kwimodi ye-bypass ukuze kugcinwe isixhumanisi esisebenzayo.
Ngokungafani nesethingi ethi "1 Bypass per link", iseva isafakiwe kusixhumanisi esibukhoma.
Ithrafikhi yehadiwe engaxhunyiwe ku-inthanethi:
Idivayisi 1 ↔ Iswishi Yokudlula/Thepha 1 ↔Iseva ↔ Iswishi Yokudlula/Thepha 2 ↔ Idivayisi 2
Isixazululo 4 Ama-Two Bypass Network Taps (Bypass Switches) alungiselelwe isixhumanisi ngasinye kumasayithi amabili
Imiyalelo yokusetha:
Ongakukhetha: Ama-Network Packet Broker amabili (ama-NPB) angasetshenziswa ukuxhuma amasayithi amabili ahlukene phezu komhubhe we-GRE esikhundleni se-Network Packet Broker eyodwa (i-NPB). Uma kwenzeka iseva exhuma amasayithi amabili yehluleka, izodlula iseva kanye nethrafikhi engasatshalaliswa ngomhubhe we-GRE we-Network Packet Broker (i-NPB) (njengoba kuboniswe kuZithombe ezingezansi).
Isikhathi sokuthunyelwe: Mashi-06-2023
