Ithuluzi elivame kakhulu lokuqapha nokuxazulula izinkinga zenethiwekhi namuhla yi-Switch Port Analyzer (SPAN), eyaziwa nangokuthi i-Port mirroring. Lisivumela ukuthi siqaphe ithrafikhi yenethiwekhi ngaphandle kwemodi yebhendi ngaphandle kokuphazamisa izinsizakalo kunethiwekhi ebukhoma, futhi lithumela ikhophi yethrafikhi eqashwe kumadivayisi endawo noma akude, kufaka phakathi i-Sniffer, i-IDS, noma ezinye izinhlobo zamathuluzi okuhlaziya inethiwekhi.
Ezinye izindlela ezivamile zokusebenzisa yilezi:
• Xazulula izinkinga zenethiwekhi ngokulandelela ozimele bokulawula/bedatha;
• Hlaziya ukubambezeleka kanye nokujida ngokuqapha amaphakethe e-VoIP;
• Hlaziya ukubambezeleka ngokuqapha ukusebenzisana kwenethiwekhi;
• Thola okungavamile ngokuqapha ithrafikhi yenethiwekhi.
Ithrafikhi ye-SPAN ingalinganiswa endaweni yakini kwamanye amachweba kudivayisi efanayo yomthombo, noma ilinganiswe kude kwamanye amadivayisi enethiwekhi eduze kweLayer 2 yedivayisi yomthombo (RSPAN).
Namuhla sizokhuluma ngobuchwepheshe bokuqapha ithrafikhi ye-inthanethi ekude obubizwa nge-ERSPAN (Encapsulated Remote Switch Port Analyzer) obungadluliselwa ezingqimbeni ezintathu ze-IP. Lokhu kuyisandiso se-SPAN ku-Encapsulated Remote.
Izimiso eziyisisekelo zokusebenza kwe-ERSPAN
Okokuqala, ake sibheke izici ze-ERSPAN:
• Ikhophi yephakethe elivela echwebeni lomthombo ithunyelwa kuseva yendawo ukuze ihlolwe nge-Generic Routing Encapsulation (GRE). Indawo yangempela yeseva ayikhawulelwe.
• Ngosizo lwesici se-User Defined Field (UDF) se-chip, noma yikuphi ukususwa kwama-byte angu-1 kuya kwangu-126 kwenziwa ngokusekelwe kusizinda se-Base ngokusebenzisa uhlu olunwetshiwe lwezinga lochwepheshe, futhi amagama angukhiye eseshini ayafaniswa ukuze kubonakale ukubonakala kweseshini, njenge-TCP three-way handshake kanye neseshini ye-RDMA;
• Izinga lokusekela lokusetha amasampula;
• Isekela ubude bokubanjwa kwephakethe (Ukusikwa Kwephakethe), kunciphisa ingcindezi kuseva eqondiwe.
Ngalezi zici, ungabona ukuthi kungani i-ERSPAN iyithuluzi elibalulekile lokuqapha amanethiwekhi ngaphakathi kwezikhungo zedatha namuhla.
Imisebenzi eyinhloko ye-ERSPAN ingafingqwa ngezici ezimbili:
• Ukubonakala Kweseshini: Sebenzisa i-ERSPAN ukuqoqa zonke izikhathi ezintsha ze-TCP kanye ne-Remote Direct Memory Access (RDMA) ezidalwe kuseva yangemuva ukuze ziboniswe;
• Ukuxazulula izinkinga zenethiwekhi: Ibamba ithrafikhi yenethiwekhi ukuze kuhlaziywe amaphutha lapho kuvela inkinga yenethiwekhi.
Ukuze wenze lokhu, idivayisi yenethiwekhi yomthombo idinga ukuhlunga ithrafikhi ethakaselwa ngumsebenzisi kusukela ekusakazweni kwedatha okukhulu, yenze ikhophi, bese ihlanganisa uhlaka ngalunye lokukopisha lube "yisitsha se-superframe" esikhethekile esiphethe ulwazi olwengeziwe ukuze lukwazi ukuhanjiswa ngendlela efanele kudivayisi eyamukelayo. Ngaphezu kwalokho, vumela idivayisi eyamukelayo ukuthi ikhiphe futhi ibuyisele ngokugcwele ithrafikhi yokuqala eqashwe yiyo.
Idivayisi eyamukelayo ingaba enye iseva esekela amaphakethe e-ERSPAN okususa ama-capsule.
Ukuhlaziywa kwefomethi yohlobo lwe-ERSPAN kanye nephakheji
Amaphakethe e-ERSPAN ahlanganiswa kusetshenziswa i-GRE futhi athunyelwa kunoma iyiphi indawo ekheli le-IP nge-Ethernet. I-ERSPAN okwamanje isetshenziswa kakhulu kumanethiwekhi e-IPv4, futhi ukwesekwa kwe-IPv6 kuzoba yimfuneko esikhathini esizayo.
Ngokwesakhiwo esijwayelekile se-ERSAPN, okulandelayo ukuthwebula iphakethe lesibuko lamaphakethe e-ICMP:
Iphrothokholi ye-ERSPAN ithuthuke isikhathi eside, futhi ngokuthuthukiswa kwamakhono ayo, kuye kwakhiwa izinguqulo eziningana, ezibizwa ngokuthi "Izinhlobo ze-ERSPAN". Izinhlobo ezahlukene zinefomethi yezihloko zefreyimu ezahlukene.
Kuchazwa ensimini yokuqala ye-Version yesihloko se-ERSPAN:
Ngaphezu kwalokho, insimu yoHlobo lweProtocol kusihloko se-GRE iphinde ikhombise uhlobo lwangaphakathi lwe-ERSPAN. Insimu yoHlobo lweProtocol engu-0x88BE ikhombisa uhlobo lwe-ERSPAN II, kanti u-0x22EB ubonisa uhlobo lwe-ERSPAN III.
1. Uhlobo I
Uhlaka lwe-ERSPAN lohlobo I luhlanganisa i-IP ne-GRE ngqo phezu kwekhanda lohlaka lwesibuko sokuqala. Lokhu kuhlanganisa kunezela amabhayithi angu-38 phezu kohlaka lokuqala: 14(MAC) + 20 (IP) + 4(GRE). Inzuzo yalolu hlobo ukuthi lunosayizi wekhanda ohlangene futhi lunciphisa izindleko zokudlulisa. Kodwa-ke, ngoba lubeka amasimu e-GRE Flag kanye ne-Version ku-0, aluthwali noma yiziphi izinkambu ezinwetshiwe futhi uhlobo I alusetshenziswa kabanzi, ngakho-ke asikho isidingo sokwandisa okwengeziwe.
Ifomethi ye-GRE header yohlobo I imi kanje:
2. Uhlobo II
Kuhlobo II, amasimu e-C, R, K, S, S, Recur, Flags, kanye ne-Version ku-GRE header wonke angu-0 ngaphandle kwensimu ye-S. Ngakho-ke, insimu ye-Sequence Number iboniswa ku-GRE header yohlobo II. Okusho ukuthi, Uhlobo II lungaqinisekisa ukuhleleka kokuthola amaphakethe e-GRE, ukuze inani elikhulu lamaphakethe e-GRE angaphandle kwe-oda angahlelwa ngenxa yephutha lenethiwekhi.
Ifomethi ye-GRE header yohlobo lwesibili imi kanje:
Ngaphezu kwalokho, ifomethi yohlaka lwe-ERSPAN Type II ingeza i-header ye-ERSPAN engama-byte angu-8 phakathi kwe-header ye-GRE kanye nohlaka olubukisiwe lokuqala.
Ifomethi yesihloko se-ERSPAN yohlobo lwesibili imi kanje:
Okokugcina, ngokushesha ngemva kohlaka lwesithombe sokuqala, ikhodi ejwayelekile ye-4-byte Ethernet cyclic redundancy check (CRC).
Kuyafaneleka ukuqaphela ukuthi ekusetshenzisweni, uhlaka lwesibuko aluqukethe insimu ye-FCS yohlaka lokuqala, kunalokho inani elisha le-CRC liyabalwa kabusha ngokusekelwe kuyo yonke i-ERSPAN. Lokhu kusho ukuthi idivayisi eyamukelayo ayikwazi ukuqinisekisa ukunemba kwe-CRC kohlaka lokuqala, futhi singacabanga kuphela ukuthi ohlaka olungakalungi kuphela oluboniswayo.
3. Uhlobo Lwesithathu
Uhlobo lwesithathu luveza isihloko esikhulu nesiguquguqukayo esihlanganisiwe ukuze sibhekane nezimo zokuqapha inethiwekhi eziyinkimbinkimbi nezihlukahlukene, okuhlanganisa kodwa kungagcini ngokuphathwa kwenethiwekhi, ukutholwa kokungena, ukusebenza kanye nokuhlaziywa kokubambezeleka, nokuningi. Lezi zigcawu zidinga ukwazi wonke amapharamitha okuqala ohlaka lwesibuko futhi zifake lawo angekho ohlakeni lokuqala ngokwalo.
Isihloko esihlanganisiwe se-ERSPAN Type III sihlanganisa isihloko esiyimpoqo sama-byte angu-12 kanye nesihloko esincane esikhethekile sama-byte angu-8 esikhethekile.
Ifomethi yesihloko se-ERSPAN yohlobo lwesithathu imi kanje:
Futhi, ngemva kohlaka lwesibuko sokuqala kuba yi-CRC engamabhayithi angu-4.
Njengoba kungabonakala kufomethi yekhanda yohlobo lwesithathu, ngaphezu kokugcina izinkambu ze-Ver, VLAN, COS, T kanye ne-Session ID ngokusekelwe kuhlobo lwesibili, kunezinkambu eziningi ezikhethekile, njenge:
• I-BSO: isetshenziselwa ukukhombisa ubuqotho bomthwalo wamafreyimu edatha athwalwa nge-ERSPAN. I-00 ifreyimu enhle, i-11 ifreyimu embi, i-01 ifreyimu emfushane, i-11 ifreyimu enkulu;
• Isitembu sesikhathi: sithunyelwe kusuka ewashini lehadiwe elivumelaniswe nesikhathi sesistimu. Le nsimu yama-32-bit isekela okungenani ama-microsecond ayi-100 e-Timestamp granularity;
• Uhlobo Lohlaka (P) kanye Nohlobo Lohlaka (FT): lokuqala lisetshenziselwa ukucacisa ukuthi i-ERSPAN ithwala ozimele bephrothokholi ye-Ethernet (ozimele be-PDU), kanti elesibili lisetshenziselwa ukucacisa ukuthi i-ERSPAN ithwala ozimele be-Ethernet noma amaphakethe e-IP.
• I-HW ID: isihlonzi esiyingqayizivele senjini ye-ERSPAN ngaphakathi kwesistimu;
• I-Gra (I-Timestamp Granularity): Icacisa i-Granularity ye-Timestamp. Isibonelo, i-00B imelela i-100 microsecond Granularity, i-01B 100 nanosecond Granularity, i-10B IEEE 1588 Granularity, kanti i-11B idinga izihloko ezincane eziqondene neplatifomu ukuze kufezwe i-Granularity ephezulu.
• I-Platf ID vs. Ulwazi Oluqondile Lweplatifomu: Izinkambu Zolwazi Oluqondile Lweplatifomu zinefomethi nokuqukethwe okuhlukile kuye ngenani le-Platf ID.
Kufanele kuqashelwe ukuthi izinkambu ezahlukene zekhanda ezisekelwayo ngenhla zingasetshenziswa kuzinhlelo zokusebenza ezijwayelekile ze-ERSPAN, ngisho nokufaka amafreyimu amaphutha esibuko noma ozimele be-BPDU, ngenkathi kugcinwa iphakheji yokuqala ye-Trunk kanye ne-VLAN ID. Ngaphezu kwalokho, ulwazi lwesitembu sesikhathi esiyisihluthulelo kanye nezinye izinkambu zolwazi zingangezwa kufreyimu ngayinye ye-ERSPAN ngesikhathi sokufaka isibuko.
Ngezihloko zezici ze-ERSPAN, singafinyelela ukuhlaziywa okucwengekile kwethrafikhi yenethiwekhi, bese simane sifake i-ACL ehambisanayo enqubweni ye-ERSPAN ukuze ifane nethrafikhi yenethiwekhi esiyithandayo.
I-ERSPAN Isebenzisa Ukubonakala Kweseshini Ye-RDMA
Ake sithathe isibonelo sokusebenzisa ubuchwepheshe be-ERSPAN ukufeza ukubonakala kweseshini ye-RDMA esimweni se-RDMA:
I-RDMA: I-Remote Direct Memory Access ivumela i-adaptha yenethiwekhi yeseva A ukuthi ifunde futhi ibhale i-Memory yeseva B ngokusebenzisa amakhadi esixhumi esibonakalayo senethiwekhi ahlakaniphile (ama-inics) nama-switch, okufeza i-bandwidth ephezulu, ukubambezeleka okuphansi, kanye nokusetshenziswa okuphansi kwezinsizakusebenza. Isetshenziswa kabanzi ezimweni zokugcina ezisabalalisiwe zedatha enkulu kanye nokusebenza okuphezulu.
I-RoCEv2: I-RDMA phezu kwe-Converged Ethernet Version 2. Idatha ye-RDMA ihlanganiswe ku-UDP Header. Inombolo yephothi yendawo okuyiwa kuyo ingu-4791.
Ukusebenza nokugcinwa kwe-RDMA nsuku zonke kudinga ukuqoqa idatha eningi, esetshenziselwa ukuqoqa imigqa yokubhekisela yezinga lamanzi nsuku zonke kanye nama-alamu angajwayelekile, kanye nesisekelo sokuthola izinkinga ezingajwayelekile. Kuhlanganiswe ne-ERSPAN, idatha enkulu ingabanjwa ngokushesha ukuthola idatha yekhwalithi yokudlulisela i-microsecond kanye nesimo sokusebenzisana kwephrothokholi ye-chip yokushintsha. Ngezibalo zedatha kanye nokuhlaziywa, ukuhlolwa kwekhwalithi yokudlulisela i-RDMA kusukela ekuqaleni kuya ekugcineni kungatholakala.
Ukuze sifinyelele ukubonakala kweseshini ye-RDAM, sidinga i-ERSPAN ukuthi ifane namagama angukhiye ezikhathini zokuxhumana ze-RDMA lapho silinganisa ithrafikhi, futhi sidinga ukusebenzisa uhlu olunwetshiwe lochwepheshe.
Incazelo yensimu yokufanisa uhlu olunwetshiwe lwezinga lochwepheshe:
I-UDF inezinkambu ezinhlanu: igama elingukhiye le-UDF, insimu yesisekelo, insimu ye-offset, insimu yenani, kanye nensimu yemaski. Inqunyelwe amandla okufakwa kwehadiwe, isamba sama-UDF ayisishiyagalombili singasetshenziswa. I-UDF eyodwa ingafanisa ubuningi bama-byte amabili.
• Igama elingukhiye le-UDF: UDF1... I-UDF8 Iqukethe amagama angukhiye ayisishiyagalombili esizinda sokufanisa se-UDF
• Insimu eyisisekelo: ikhomba indawo yokuqala yensimu yokufanisa ye-UDF. Okulandelayo
Isihloko_se-L4 (sisebenza ku-RG-S6520-64CQ)
Isihloko_se-L5 (se-RG-S6510-48VS8Cq)
• I-Offset: ikhombisa i-offset ngokusekelwe enkambini yesisekelo. Inani lisukela ku-0 kuya ku-126
• Inkambu yenani: inani elihambisanayo. Ingasetshenziswa kanye nenkambu yemaski ukumisa inani elithile elihambisanayo. I-bit evumelekile ngamabhayithi amabili
• Inkambu yemaski: imaski, ibhithi elivumelekile lingama-byte amabili
(Engeza: Uma kusetshenziswa okufakiwe okuningi ensimini efanayo yokufanisa ye-UDF, izinkambu zesisekelo kanye ne-offset kumele zifane.)
Amaphakethe amabili ayisihluthulelo ahlobene nesimo seseshini ye-RDMA yi-Congestion Notification Packet (CNP) kanye ne-Negative Acknowledgment (NAK):
Eyokuqala ikhiqizwa yisamukeli se-RDMA ngemuva kokuthola umlayezo we-ECN othunyelwe yiswishi (lapho i-eout Buffer ifika emkhawulweni), equkethe ulwazi mayelana nokugeleza noma i-QP ebangela ukuminyana. Eyokugcina isetshenziselwa ukukhombisa ukuthi ukudluliswa kwe-RDMA kunomyalezo wokuphendula wokulahlekelwa yiphakethe.
Ake sibheke ukuthi singazifanisa kanjani lezi miyalezo ezimbili sisebenzisa uhlu olunwetshiwe lwezinga lochwepheshe:
uhlu lokufinyelela lochwepheshe olunwetshiwe lwe-rdma
vumela i-udp noma iyiphi i-eq 4791i-udf 1 l4_header 8 0x8100 0xFF00(Kuhambisana ne-RG-S6520-64CQ)
vumela i-udp noma iyiphi i-eq 4791i-udf 1 l5_header 0 0x8100 0xFF00(Kuhambisana ne-RG-S6510-48VS8CQ)
uhlu lokufinyelela lochwepheshe olunwetshiwe lwe-rdma
vumela i-udp noma iyiphi i-eq 4791i-udf 1 l4_header 8 0x1100 0xFF00 udf 2 l4_header 20 0x6000 0xFF00(Kuhambisana ne-RG-S6520-64CQ)
vumela i-udp noma iyiphi i-eq 4791i-udf 1 l5_header 0 0x1100 0xFF00 udf 2 l5_header 12 0x6000 0xFF00(Kuhambisana ne-RG-S6510-48VS8CQ)
Njengesinyathelo sokugcina, ungabona ngeso lengqondo iseshini ye-RDMA ngokufaka uhlu lochwepheshe besandiso enkambisweni efanele ye-ERSPAN.
Bhala kokugcina
I-ERSPAN ingenye yamathuluzi abalulekile kumanethiwekhi esikhungo sedatha akhula kakhulu namuhla, ithrafikhi yenethiwekhi eyandayo, kanye nezidingo zokusebenza nokugcinwa kwenethiwekhi eziyinkimbinkimbi kakhulu.
Njengoba izinga lokwanda kokuzenzakalela kwe-O&M likhula, ubuchwepheshe obufana ne-Netconf, i-RESTconf, kanye ne-gRPC buthandwa kakhulu ngabafundi be-O&M ku-O&M yenethiwekhi ezenzakalelayo. Ukusebenzisa i-gRPC njengephrothokholi eyisisekelo yokuthumela emuva ithrafikhi yesibuko nakho kunezinzuzo eziningi. Isibonelo, ngokusekelwe kuphrothokholi ye-HTTP/2, ingasekela indlela yokusakaza ngaphansi koxhumano olufanayo. Ngokufaka ikhodi ye-ProtoBuf, usayizi wolwazi uncishiswa ngesigamu uma kuqhathaniswa nefomethi ye-JSON, okwenza ukudluliswa kwedatha kusheshe futhi kusebenze kahle. Cabanga nje, uma usebenzisa i-ERSPAN ukulingisa imifudlana enentshisekelo bese uyithumela kuseva yokuhlaziya ku-gRPC, ingabe kuzothuthukisa kakhulu ikhono kanye nokusebenza kahle kokusebenza kanye nokugcinwa kwenethiwekhi okuzenzakalelayo?
Isikhathi sokuthunyelwe: Meyi-10-2022
