Eqhutshwa uguquko lwedijithali, amanethiwekhi ezinkampani awaselona nje "izintambo ezimbalwa ezixhuma amakhompyutha." Ngokwanda kwamadivayisi e-IoT, ukuthuthela kwezinsizakalo emafini, nokwamukelwa okwandayo komsebenzi oqhelile, ithrafikhi yenethiwekhi iqhume, njengethrafikhi emgwaqweni onguthelawayeka. Nokho, lokhu kunyuka kwethrafikhi nakho kuletha izinselele: amathuluzi okuvikela awakwazi ukuthatha idatha ebalulekile, amasistimu okuqapha akhungethwe ulwazi olunganele, nezinsongo ezifihlwe kuthrafikhi ebethelwe azibonakali. Kulapho "ibhula elingabonakali" elibizwa ngokuthi i-Network Packet Broker (NPB) lisiza khona. Isebenza njengebhuloho elihlakaniphile phakathi kwethrafikhi yenethiwekhi namathuluzi okuqapha, iphatha ukugeleza kwesiphithiphithi kuyo yonke inethiwekhi kuyilapho isondla ngokunembile amathuluzi okuqapha idatha abayidingayo, isiza amabhizinisi ukuxazulula izinselele zenethiwekhi "ezingabonakali, ezingafinyeleleki". Namuhla, sizohlinzeka ngokuqonda okuphelele kwale ndima ewumongo ekusebenzeni nasekulungiseni inethiwekhi.
1. Kungani izinkampani zifuna ama-NPB manje? - "Isidingo Sokubonakala" samanethiwekhi ayinkimbinkimbi
Cabanga ngalokhu: Uma inethiwekhi yakho isebenzisa amakhulukhulu emishini ye-IoT, amakhulukhulu amaseva amafu, kanye nabasebenzi abafinyelela kuyo bekude ukusuka kuyo yonke indawo, ungaqinisekisa kanjani ukuthi akukho thrafikhi enonya engena ngokunyenya? Unganquma kanjani ukuthi yiziphi izixhumanisi eziminyene futhi zehlisa ukusebenza kwebhizinisi?
Izindlela zokuqapha zendabuko bezilokhu zinganele: noma amathuluzi okuqapha angagxila kuphela ezingxenyeni ezithile zethrafikhi, izindawo ezibalulekile ezingekho; noma badlulisela yonke ithrafikhi ethuluzini ngesikhathi esisodwa, okubangela ukuthi lingakwazi ukugaya ulwazi kanye nokunciphisa ukusebenza kahle kokuhlaziya. Ngaphezu kwalokho, njengoba kungaphezu kuka-70% ithrafikhi manje ebethelwe, amathuluzi endabuko awakwazi nhlobo ukubona okuqukethwe kwawo.
Ukuvela kwe-NPBs kubhekisela endaweni yobuhlungu "yokuntuleka kokubonakala kwenethiwekhi." Bahlala phakathi kwezindawo zokungena kwethrafikhi namathuluzi okuqapha, ukuhlanganisa ithrafikhi ehlakazekile, ukuhlunga idatha engasanele, futhi ekugcineni basabalalisa ithrafikhi enembayo kuma-IDS (I-Intrusion Detection Systems), ama-SIEM (Izinkundla Zokuphathwa Kolwazi Lokuphepha), amathuluzi okuhlaziya ukusebenza, nokunye. Lokhu kuqinisekisa ukuthi amathuluzi okuqapha awabulawa yindlala noma agcwele ngokweqile. Ama-NPB angakwazi futhi ukususa ukubhala nokubethela ithrafikhi, avikele idatha ebucayi futhi anikeze amabhizinisi umbono ocacile wesimo senethiwekhi yawo.
Kungashiwo ukuthi manje inqobo nje uma ibhizinisi linokuphepha kwenethiwekhi, ukwenziwa ngcono kokusebenza noma izidingo zokuhambisana, i-NPB isibe ingxenye ewumgogodla engagwemeki.
Yini i-NPB? - Ukuhlaziywa Okulula kusuka ku-Architecture kuya kumakhono abalulekile
Abantu abaningi bacabanga ukuthi igama elithi "iphakethe broker" liphethe umgoqo wobuchwepheshe ophezulu ekungeneni. Nokho, isifaniso esifinyeleleka kakhudlwana siwukusebenzisa "isikhungo sokuhlunga ukulethwa kwezwi": ithrafikhi yenethiwekhi "ingamaphasela okuveza," i-NPB "isikhungo sokuhlunga," futhi ithuluzi lokuqapha "indawo yokwamukela." Umsebenzi we-NPB uwukuhlanganisa amaphasela ahlakazekile (ukuhlanganiswa), ukususa amaphasela angavumelekile (ukuhlunga), bese uwahlela ngekheli (ukusabalalisa). Ingakwazi futhi ukupakisha futhi ihlole amaphasela akhethekile (ukukhishwa kwemfihlo) futhi isuse imininingwane eyimfihlo (ukubhucunga)—yonke inqubo iyasebenza futhi inembile.
1. Okokuqala, ake sibheke “uhlaka lwamathambo” lwe-NPB: amamojula amathathu ayisisekelo ezakhiwo
Ukuhamba komsebenzi kwe-NPB kuncike ngokuphelele ekusebenzisaneni kwalawa mamojula amathathu; akukho neyodwa kuzo engashoda:
○Imojuli yokufinyelela kuthrafikhi: Ilingana ne-"express delivery port" futhi isetshenziswa ngokukhethekile ukwamukela ithrafikhi yenethiwekhi ukusuka ku-switch mirror port (SPAN) noma i-splitter (TAP). Ngaphandle kokuthi ithrafikhi evela kusixhumanisi esibonakalayo noma inethiwekhi ebonakalayo, ingaqoqwa ngendlela ebumbene.
○Icubungula Injini:Lobu "ubuchopho obuyinhloko besikhungo sokuhlunga" futhi sinesibopho "sokucubungula" okubaluleke kakhulu - okufana nokuhlanganisa ithrafikhi yezixhumanisi eziningi (ukuhlanganiswa), ukuhlunga ithrafikhi ohlotsheni oluthile lwe-IP (ukuhlunga), ukukopisha ithrafikhi efanayo nokuyithumela kumathuluzi ahlukene (ukukopisha), ukususa ukubethela kwethrafikhi ebethelwe ye-SSL/TLS (ukukhishwa kwekhodi), njll. Konke "kuqediwe lapha.
○Imojula Yokusabalalisa: Kufana "nezithunywa" esabalalisa ngokunembile ithrafikhi ecutshunguliwe kumathuluzi okuqapha ahambisanayo futhi engakwazi nokwenza ukulinganisa komthwalo - isibonelo, uma ithuluzi lokuhlaziya ukusebenza limatasa kakhulu, ingxenye yethrafikhi izosatshalaliswa ethuluzini lokusekelayo ukuze kugwenywe ukulayisha ngokweqile ithuluzi elilodwa.
2. "I-Hard Core Capabilities" ye-NPB: Imisebenzi eyi-12 ewumongo ixazulula u-90% wezinkinga zenethiwekhi
I-NPB inemisebenzi eminingi, kodwa ake sigxile kulena esetshenziswa kakhulu amabhizinisi. Ngayinye ihambisana nephuzu lobuhlungu elisebenzayo:
○Ukuphindaphinda Kwethrafikhi / Ukuhlanganisa + UkuhlungaIsibonelo, uma ibhizinisi linezixhumanisi zenethiwekhi ezingu-10, i-NPB iqala ngokuhlanganisa ithrafikhi yezixhumanisi ezingu-10, bese ihlunga "amaphakethe edatha ayimpinda" kanye "nethrafikhi engabalulekile" (njengethrafikhi evela kubasebenzi ababuka amavidiyo), futhi ithumela kuphela ithrafikhi ehlobene nebhizinisi ethuluzini lokuqapha - ithuthukisa ngokuqondile ukusebenza kahle ngo-300%.
○Ukukhishwa Kwemfihlo kwe-SSL/TLS: Namuhla, ukuhlasela okuningi okunonya kufihlwe kuthrafikhi ebethelwe ye-HTTPS. I-NPB ingakwazi ukususa ukubhala ngokuphepha le thrafikhi, ivumele amathuluzi afana ne-IDS ne-IPS ukuthi "ibone" okuqukethwe okubethelwe futhi ithwebule izinsongo ezifihliwe njengezixhumanisi zobugebengu bokweba imininingwane ebucayi kanye nekhodi enonya.
○I-Data Masking / Desensitization: Uma ithrafikhi iqukethe ulwazi olubucayi olufana nezinombolo zekhadi lesikweletu nezinombolo zokuphepha komphakathi, i-NPB "izosula" ngokuzenzakalelayo lolu lwazi ngaphambi kokuluthumela ethuluzini lokuqapha. Lokhu ngeke kuthinte ukuhlaziya kwethuluzi, kodwa kuzophinde kuthobele izimfuneko ze-PCI-DSS (ukuthobela inkokhelo) kanye ne-HIPAA (ukuhambisana nokunakekelwa kwezempilo) ukuze kuvinjelwe ukuvuza kwedatha.
○Layisha Ukulinganisa + UkuhlulekaUma ibhizinisi linamathuluzi amathathu e-SIEM, i-NPB izosabalalisa ngokulinganayo ithrafikhi phakathi kwayo ukuze ivimbele noma yiliphi ithuluzi elilodwa ukuthi lingagajwa. Uma ithuluzi elilodwa lehluleka, i-NPB izoshintsha ngokushesha ithrafikhi iye ethuluzini lokulondoloza ukuze kuqinisekiswe ukuqapha okungaphazamiseki. Lokhu kubaluleke kakhulu ezimbonini ezifana nezezimali nokunakekelwa kwezempilo lapho isikhathi sokuphumula singamukelekile.
○Ukunqanyulwa komhubhe: I-VXLAN, GRE kanye namanye "Amaphrothokholi eTunnel" manje asetshenziswa kakhulu kumanethiwekhi wamafu. Amathuluzi endabuko awakwazi ukuqonda lezi zimiso. I-NPB "ingahlakaza" la mahubhe futhi ikhiphe ithrafikhi yangempela ngaphakathi, ivumele amathuluzi amadala ukuthi acubungule ithrafikhi ezindaweni zamafu.
Inhlanganisela yalezi zici inika amandla i-NPB ukuthi ingagcini nje "ngokubona" ithrafikhi ebethelwe, kodwa futhi "ivikele" idatha ebucayi futhi "ijwayelane" nezimo ezihlukahlukene zenethiwekhi eziyinkimbinkimbi - yingakho ingaba ingxenye eyinhloko.
III. Isetshenziswa kuphi i-NPB? - Izimo ezinhlanu ezibalulekile ezibhekana nezidingo zangempela zebhizinisi
I-NPB ayilona ithuluzi elilingana nosayizi owodwa; esikhundleni salokho, ivumelana nezimo ezimweni ezahlukene. Noma ngabe isikhungo sedatha, inethiwekhi ye-5G, noma indawo yamafu, ithola izinhlelo zokusebenza ezinembile. Ake sibheke izimo ezimbalwa ezijwayelekile ukukhombisa leli phuzu:
1. Isikhungo Sedatha: Ukhiye Wokuqapha Ithrafikhi Yasempumalanga-Ntshonalanga
Izikhungo zedatha evamile zigxile kuphela kuthrafikhi esenyakatho naseningizimu (ithrafikhi esuka kumaseva ukuya emhlabeni wangaphandle). Kodwa-ke, ezikhungweni zedatha ezenziwe ngokoqobo, u-80% wethrafikhi usempumalanga-ntshonalanga (ithrafikhi phakathi kwemishini ebonakalayo), amathuluzi endabuko angeke akwazi ukuyithwebula. Lapha kulapho ama-NPB esiza khona:
Isibonelo, inkampani enkulu ye-inthanethi isebenzisa i-VMware ukwakha isikhungo sedatha esibonakalayo. I-NPB ihlanganiswe ngokuqondile ne-vSphere (inkundla yokuphatha ye-VMware) ukuze ithwebule ngokunembile ithrafikhi yasempumalanga-ntshonalanga phakathi kwemishini ebonakalayo futhi isabalalise ku-IDS namathuluzi okusebenza. Lokhu akugcini nje ngokuqeda "ukuqapha izindawo eziyizimpumputhe," kodwa futhi kwandisa ukusebenza kahle kwamathuluzi ngo-40% ngokuhlunga kwethrafikhi, kusike ngokuqondile isilinganiso sesikhathi sokulungisa sesikhungo sedatha (MTTR) phakathi.
Ngaphezu kwalokho, i-NPB ingaqapha ukulayishwa kweseva futhi iqinisekise ukuthi idatha yokukhokha ihambisana ne-PCI-DSS, ibe "imfuneko yokusebenza ebalulekile nokunakekelwa" kwezikhungo zedatha.
2. Imvelo ye-SDN/NFV: Izindima Eziguquguqukayo Zijwayelana Nenethiwekhi Echazwe Ngesofthiwe
Izinkampani eziningi manje zisebenzisa i-SDN (Software Defined Networking) noma i-NFV (Network Function Virtualization). Amanethiwekhi awasezona izingxenyekazi zekhompuyutha ezingaguquki, kodwa kunalokho izinsiza zesofthiwe eziguquguqukayo. Lokhu kudinga ama-NPB ukuthi avumelane nezimo:
Isibonelo, inyuvesi isebenzisa i-SDN ukuze isebenzise okuthi "Bring Your Own Device (BYOD)" ukuze abafundi nothisha bakwazi ukuxhuma kunethiwekhi yesikhungo besebenzisa amafoni namakhompyutha abo. I-NPB ihlanganiswe nesilawuli se-SDN (njenge-OpenDaylight) ukuze kuqinisekiswe ukuhlukaniswa kwethrafikhi phakathi kwezindawo zokufundisa nezamahhovisi kuyilapho kusatshalaliswa ngokunembile ithrafikhi kusuka endaweni ngayinye kuya kumathuluzi okuqapha. Le ndlela ayithinti ukusetshenziswa kwabafundi nothisha, futhi ivumela ukutholwa ngesikhathi kokuxhumana okungavamile, njengokufinyelela kumakheli e-IP angaphandle kwesikhungo sesikhungo.
Kungokufanayo nasezindaweni ze-NFV. I-NPB ingaqapha ithrafikhi yama-firewall (vFWs) kanye nezilinganisi zomthwalo we-virtual (vLBs) ukuze kuqinisekiswe ukusebenza okuzinzile kwalawa "madivayisi esofthiwe", avumelana nezimo kakhulu kunokuqapha kwezingxenyekazi zekhompyutha.
3. Amanethiwekhi e-5G: Ukuphatha I-Traffic Eyisikiwe kanye nama-Edge Node
Izici eziyinhloko ze-5G "ijubane eliphezulu, ukubambezeleka okuphansi, nokuxhumana okukhulu", kodwa lokhu kuphinde kulethe izinselelo ezintsha ekuqaphelweni: isibonelo, ubuchwepheshe be-5G "bokusika inethiwekhi" bungahlukanisa inethiwekhi efanayo ebonakalayo ibe amanethiwekhi amaningi anengqondo (isibonelo, ucezu oluncane lokubambezeleka lokushayela okuzimele kanye nocezu olukhulu lokuxhuma lwe-IoT), futhi ithrafikhi kufanele iqashwe ngokuzimela ngakunye.
Omunye u-opharetha wasebenzisa i-NPB ukuze axazulule le nkinga: ikhiphe ukuqapha kwe-NPB okuzimele kocezu ngalunye lwe-5G, engakwazi ukubuka kuphela ukubambezeleka nokuphuma kocezu ngalunye ngesikhathi sangempela, kodwa futhi ibambe ithrafikhi engavamile (njengokufinyelela okungagunyaziwe phakathi kwezingcezu) ngesikhathi esifanele, ukuqinisekisa ukuthi izidingo ze-latency eziphansi zamabhizinisi abalulekile njengokushayela ngokuzenzakalelayo.
Ngaphezu kwalokho, ama-node e-computing onqenqemeni lwe-5G ahlakazekile ezweni lonke, futhi i-NPB inganikeza "inguqulo engasindi" esetshenziswa emaphethelweni ukuze iqaphe ithrafikhi esabalalisiwe futhi igweme ukubambezeleka okubangelwa ukudluliswa kwedatha emuva naphambili.
4. I-Cloud Environment/I-Hybrid IT: Ukudiliza Izithiyo Zokugadwa Komphakathi Nokuyimfihlo
Amabhizinisi amaningi manje asebenzisa i-hybrid cloud architecture—eminye imisebenzi ihlala ku-Alibaba Cloud noma i-Tencent Cloud (amafu omphakathi), eminye emafini awo ayimfihlo, kanti eminye kumaseva endawo. Kulesi simo, ithrafikhi ihlakazeka ezindaweni eziningi, okwenza ukuqapha kuphazamiseke kalula.
I-China Minsheng Bank isebenzisa i-NPB ukuxazulula leli phuzu lobuhlungu: ibhizinisi layo lisebenzisa i-Kubernetes ukuthunyelwa okufakwe emabhokisini. I-NPB ingathwebula ngokuqondile ithrafikhi phakathi kweziqukathi (ama-Pods) futhi ihlobanise ithrafikhi phakathi kwamaseva wamafu namafu ayimfihlo ukuze enze "ukuqapha ukuphela kuya ekupheleni" - kungakhathaliseki ukuthi ibhizinisi lisefu lomphakathi noma ifu eliyimfihlo, inqobo nje uma kunenkinga yokusebenza, ithimba elisebenzayo nelokulungisa lingasebenzisa idatha yethrafikhi ye-NPB ukuthola ngokushesha ukuthi kuyinkinga yini nge-inter-container yokuqapha nge-inter-container ye-inter-container nge-inter-container ye-inter-container nge-inter-container ye-inter-container nge-inter-container izingcingo noma ukuthuthukisa i-inter-container izingcingo noma ukuthuthukisa i-diagnostic ye-6%.
Kumafu omphakathi abaqashile abaningi, i-NPB ingaphinda iqinisekise ukuhlukaniswa kwethrafikhi phakathi kwamabhizinisi ahlukene, ivimbele ukuvuza kwedatha, futhi ihlangabezane nezimfuneko zokuthobelana zomkhakha wezezimali.
Sengiphetha: I-NPB akuyona “inketho” kodwa “kufanele”
Ngemuva kokubuyekeza lezi zimo, uzothola ukuthi i-NPB ayiselona ubuchwepheshe be-niche kodwa iyithuluzi elijwayelekile lezinkampani ukubhekana namanethiwekhi ayinkimbinkimbi. Kusukela ezikhungweni zedatha kuya ku-5G, kusukela kumafu angasese kuya ku-IT eyingxube, i-NPB ingadlala indima nomaphi lapho kunesidingo sokubonakala kwenethiwekhi.
Ngokuvama okwandayo kwe-AI kanye ne-edge computing, ithrafikhi yenethiwekhi izoba yinkimbinkimbi nakakhulu, futhi amakhono e-NPB azothuthukiswa nakakhulu (isibonelo, ukusebenzisa i-AI ukuhlonza ngokuzenzakalelayo ithrafikhi engavamile kanye nokunika amandla ukujwayela okungasindi okwengeziwe kuma-odge node). Emabhizinisini, ukuqonda nokusebenzisa ama-NPB kusenesikhathi kuzobasiza ukuthi babambe umkhankaso wenethiwekhi futhi bagweme ukuchezuka ekuguquleni kwabo kwedijithali.
Uke wahlangabezana nezinselelo zokuqapha inethiwekhi embonini yakho? Isibonelo, awukwazi ukubona ithrafikhi ebethelwe, noma ukuqapha kwamafu okuxubile kuphazamisekile? Zizwe ukhululekile ukwabelana ngemicabango yakho esigabeni sokuphawula futhi masihlole izixazululo ndawonye.
Isikhathi sokuthumela: Sep-23-2025
