1- Iyini i-Define Heartbeat Packet?
Amaphakethe okushaya kwenhliziyo e-Mylinking™ Network Tap Bypass Switch azenzakalelayo kumafreyimu e-Ethernet Layer 2. Uma kusetshenziswa imodi yokubopha i-Layer 2 esobala (njenge-IPS / FW), amafreyimu e-Layer 2 Ethernet avame ukudluliselwa, ukuvinjelwa noma ukulahlwa. Ngesikhathi esifanayo, i-Mylinking™ Network Tap Bypass Switch isekela ifomethi yomlayezo wokushaya kwenhliziyo ngokwezifiso ukuze ihlangabezane nesimo sokuthi amanye amadivayisi okuphepha akhethekile awakwazi ukudlulisela amafreyimu avamile e-Layer 2 Ethernet.
Futhi i-Mylinking™ Network Tap Bypass Switch iphinde isekele ukutholwa kwephakethi yokushaya kwenhliziyo ngokusekelwe kuthegi ye-VLAN, izinhlobo zemiyalezo eyenziwe ngokwezifiso ze-Layer 3 kanye ne-Layer 4. Ngokusekelwe kule ndlela, umsebenzisi angafaka umsebenzi wokuhlola ukuphepha kwesevisi yedivayisi yokuphepha kokuxhumeka ukuze akwenze kube ngcono ukuqinisekisa ukuthi izinsizakalo zokuphepha ezihambisanayo zisebenza kahle.
I-Mylinking™ Network Tap Bypass Switch ingasekela i-monitor ukuthumela amaphakethe okushaya kwenhliziyo ahlukene kuzo zombili izinhlangothi. Isibonelo, amaphakethe okushaya kwenhliziyo ohlobo lwe-TCP kanye nohlobo lwe-UDP enziwe ngokwezifiso ku-“Strategy Traffic Traffic Protector”, ngokuya ngobunjalo bedivayisi ye-serial. Ungalungiselela ukuthunyelwa kwamaphakethe okushaya kwenhliziyo e-TCP ku-uplink monitor A port kanye nokuthunyelwa kwamaphakethe okushaya kwenhliziyo e-UDP ku-downlink monitor B port ukuze kuhambisane nendlela yokudlulisa imiyalezo yedivayisi yokuphepha ye-serial. Lo msebenzi ungaqinisekisa kangcono intambo. Xhuma imishini yokuphepha ekusebenzeni okuvamile.
I-Mylinking™ Network Inline Bypass Switch iyacwaningwa futhi yathuthukiswa ukuze isetshenziswe ekusetshenzisweni okuguquguqukayo kwezinhlobo ezahlukene zemishini yokuphepha elandelanayo ngenkathi inikeza ukuthembeka okuphezulu kwenethiwekhi.
Izici Ezithuthukisiwe Nobuchwepheshe Be-Inline Bypass Switch Yenethiwekhi Emibili
Imodi Yokuvikela ye-Mylinking™ “SpecFlow” kanye nobuchwepheshe bemodi yokuvikela ye-“FullLink”
Ubuchwepheshe Bokuvikela Ukushintsha Okusheshayo Kwe-Mylinking™
Ubuchwepheshe be-Mylinking™ “LinkSafeSwitch”
Ubuchwepheshe Bokudlulisa/Ukukhipha Izinkinga Zesu Le-Mylinking™ “I-WebService”
Ubuchwepheshe Bokuthola Umlayezo Wokushaya Kwenhliziyo Ohlakaniphile be-Mylinking™
Ubuchwepheshe Bemiyalezo Yokushaya Kwenhliziyo Ecacile ye-Mylinking™
Ubuchwepheshe Bokulinganisela Umthwalo Wezixhumanisi Eziningi be-Mylinking™
Ubuchwepheshe Bokusabalalisa Ithrafikhi Ehlakaniphile ye-Mylinking™
Ubuchwepheshe Bokulinganisela Umthwalo Oguquguqukayo be-Mylinking™
Ubuchwepheshe Bokuphathwa Kwekude kwe-Mylinking™ (HTTP/WEB, TELNET/SSH, “EasyConfig/AdvanceConfig” Isici)
Isicelo Sokushintsha I-Inline Bypass Esine-Network Ezintathu (njengoba kulandelayo)
3.1 Ingozi Yemishini Yokuphepha Esemgqeni (IPS / FW)
Okulandelayo i-IPS ejwayelekile (Intrusion Prevention System), imodi yokuthunyelwa kwe-FW (Firewall), i-IPS / FW ifakwa ngokulandelana emishinini yenethiwekhi (ama-router, amaswishi, njll.) phakathi kwethrafikhi ngokusebenzisa ukuhlolwa kokuphepha, ngokusho kwenqubomgomo yokuphepha ehambisanayo yokunquma ukukhululwa noma ukuvimba ithrafikhi ehambisanayo, ukuze kufezwe umphumela wokuzivikela kokuphepha.
Ngesikhathi esifanayo, singabona i-IPS / FW njengokuthunyelwa kwemishini ngokulandelana, ngokuvamile efakwa endaweni ebalulekile yenethiwekhi yebhizinisi ukuze kusetshenziswe ukuphepha kwe-serial, ukuthembeka kwamadivayisi ayo axhunyiwe kuthinta ngqo ukutholakala kwenethiwekhi yebhizinisi iyonke. Uma amadivayisi e-serial egcwala ngokweqile, ephahlazeka, izibuyekezo zesofthiwe, izibuyekezo zenqubomgomo, njll., ukutholakala kwenethiwekhi yebhizinisi lonke kuzothinteka kakhulu. Kuleli qophelo, singakwazi kuphela ngokusika inethiwekhi, i-jumper ye-bypass ebonakalayo ukwenza inethiwekhi ibuyiselwe, okuthinta kakhulu ukuthembeka kwenethiwekhi. I-IPS / FW namanye amadivayisi e-serial ngakolunye uhlangothi athuthukisa ukuthunyelwa kokuphepha kwenethiwekhi yebhizinisi, ngakolunye uhlangothi futhi kunciphisa ukuthembeka kwamanethiwekhi ebhizinisi, okwandisa ingozi yokuthi inethiwekhi ayitholakali.
3.2 Ukuvikelwa Kwemishini Yochungechunge Lwezixhumanisi Eziku-Inline
I-Mylinking™ "Network Inline Bypass" isetshenziswa ochungechungeni phakathi kwamadivayisi enethiwekhi (ama-router, amaswishi, njll.), futhi ukuhamba kwedatha phakathi kwamadivayisi enethiwekhi akusaholeli ngqo ku-IPS / FW, "Network Inline Bypass" kuya ku-IPS / FW, lapho i-IPS / FW ngenxa yokugcwala ngokweqile, ukuphahlazeka, izibuyekezo zesofthiwe, izibuyekezo zenqubomgomo kanye nezinye izimo zokwehluleka, "Network Inline Bypass" ngokusebenzisa ukutholwa komlayezo wokushaya kwenhliziyo okuhlakaniphile Umsebenzi wokutholwa kwesikhathi, futhi ngaleyo ndlela weqe idivayisi enephutha, ngaphandle kokuphazamisa isisekelo senethiwekhi, imishini yenethiwekhi esheshayo exhunywe ngqo ukuvikela inethiwekhi evamile yokuxhumana; lapho ukwehluleka kwe-IPS / FW kubuya, kodwa futhi ngamaphakethe okushaya kwenhliziyo ahlakaniphile Ukutholwa kokutholwa kwesikhathi somsebenzi, isixhumanisi sokuqala sokubuyisela ukuphepha kokuhlolwa kokuphepha kwenethiwekhi yebhizinisi.
I-Mylinking™ “Network Inline Bypass” inomsebenzi wokuthola imiyalezo yokushaya kwenhliziyo enamandla, umsebenzisi angenza ngokwezifiso isikhathi sokushaya kwenhliziyo kanye nenani eliphezulu lokuzama kabusha, ngomyalezo wokushaya kwenhliziyo owenziwe ngokwezifiso ku-IPS / FW wokuhlolwa kwezempilo, njengokuthumela umlayezo wokuhlola ukushaya kwenhliziyo echwebeni elingaphezulu / eliphansi le-IPS / FW, bese ethola echwebeni elingaphezulu / eliphansi le-IPS / FW, bese ehlulela ukuthi i-IPS / FW isebenza kahle yini ngokuthumela nokwamukela umlayezo wokushaya kwenhliziyo.
3.3 Ukuvikelwa Kochungechunge Lokudonsa Okuqondile Kwenqubomgomo Ye-“SpecFlow”
Uma idivayisi yenethiwekhi yokuphepha idinga kuphela ukubhekana nokuvikelwa kokuphepha kwethrafikhi ethile ochungechungeni, ngokusebenzisa umsebenzi we-Mylinking™ "Network Inline Bypass" traffic ngokucubungula ngakunye, ngokusebenzisa isu lokuhlola ithrafikhi lokuxhuma idivayisi yokuphepha ""Ithrafikhi ekhathazekile"" ithunyelwa ngqo kusixhumanisi senethiwekhi, futhi" isigaba sethrafikhi esithintekayo""siwukudonsa kudivayisi yokuphepha ekulayini ukuze kwenziwe ukuhlolwa kokuphepha. Lokhu ngeke kugcine nje kuphela ukusetshenziswa okuvamile komsebenzi wokuthola ukuphepha wedivayisi yokuphepha, kodwa futhi kuzonciphisa ukuhamba okungasebenzi kahle kwemishini yokuphepha ukubhekana nokucindezela; ngesikhathi esifanayo, ""Network Inline Bypass" ingathola isimo sokusebenza sedivayisi yokuphepha ngesikhathi sangempela. Idivayisi yokuphepha isebenza ngendlela engavamile idlula ithrafikhi yedatha ngqo ukuze igweme ukuphazamiseka kwesevisi yenethiwekhi.
3.4 Ukuvikelwa Kochungechunge Olulinganiselwe Lomthwalo
I-Mylinking™ “Network Inline Bypass” isetshenziswa ochungechungeni phakathi kwamadivayisi enethiwekhi (ama-router, amaswishi, njll.). Uma ukusebenza okukodwa kokucubungula kwe-IPS / FW kunganele ukubhekana nethrafikhi ephezulu yesixhumanisi senethiwekhi, umsebenzi wokulinganisela umthwalo wethrafikhi womvikeli, “ukuhlanganisa” kwethrafikhi yesixhumanisi senethiwekhi yokucubungula amaqoqo amaningi e-IPS / FW, kunganciphisa ngempumelelo ingcindezi yokucubungula ye-IPS / FW eyodwa, kuthuthukise ukusebenza kokucubungula okuphelele ukuze kuhlangatshezwane ne-bandwidth ephezulu yendawo yokuthunyelwa.
I-Mylinking™ “Network Inline Bypass” inomsebenzi onamandla wokulinganisela umthwalo, ngokusho kwethegi ye-VLAN yohlaka, ulwazi lwe-MAC, ulwazi lwe-IP, inombolo yephothi, iphrothokholi kanye nolunye ulwazi mayelana nokusatshalaliswa kokulinganisela umthwalo we-Hash kwethrafikhi ukuqinisekisa ukuthi i-IPS / FW ngayinye ithola ubuqotho beSeshini yokugeleza kwedatha.
3.5 Ukuvikelwa Kokudonsa Kokugeleza Kwemishini Eminingi Ehambisana Nomugqa (Shintsha Ukuxhumeka Okusheshayo Kube Ukuxhumeka Okuhambisanayo)
Kwezinye izixhumanisi ezibalulekile (njengezindawo zokuxhumanisa ze-inthanethi, isixhumanisi sokushintshana kwendawo yeseva) indawo ivame ukubangelwa yizidingo zezici zokuphepha kanye nokufakwa kwemishini eminingi yokuhlola ukuphepha emugqeni (njenge-firewall, imishini yokuhlasela ye-anti-DDOS, i-firewall yesicelo se-WEB, imishini yokuvimbela ukungena, njll.), imishini eminingi yokuthola ukuphepha ngesikhathi esisodwa ochungechungeni kusixhumanisi ukwandisa isixhumanisi sephuzu elilodwa lokwehluleka, kunciphisa ukuthembeka okuphelele kwenethiwekhi. Futhi ekufakweni kwemishini yokuphepha ekwi-inthanethi okukhulunywe ngenhla, ukuthuthukiswa kwemishini, ukushintshwa kwemishini kanye neminye imisebenzi, kuzobangela ukuphazamiseka kwenethiwekhi isikhathi eside kanye nesenzo esikhulu sokunqamula iphrojekthi ukuze kuqedwe ukuqaliswa ngempumelelo kwamaphrojekthi anjalo.
Ngokusebenzisa i-“Network Inline Bypass” ngendlela ehlanganisiwe, imodi yokusetshenziswa kwamadivayisi amaningi okuphepha axhunywe ochungechungeni kusixhumanisi esifanayo ingashintshwa kusuka ku-“physical concatenation mode” iye ku-“physical concatenation mode, logical concatenation mode” Isixhumanisi esixhunyanisweni sephuzu elilodwa lokwehluleka ukuthuthukisa ukuthembeka kwesixhumanisi, kuyilapho i-“Network Inline Bypass” ekugelezeni kwesixhumanisi ekudonsweni kwesidingo, ukuze kufezwe ukugeleza okufanayo nemodi yokuqala yomphumela wokucubungula ophephile.
Amadivayisi okuphepha angaphezu kweyodwa ngesikhathi esisodwa kumdwebo wokusetshenziswa kochungechunge:
Umdwebo Wokusetshenziswa Kokushintsha Kokushintsha Kokudlula Kwenethiwekhi Okungaphakathi Komugqa:
3.6 Ngokusekelwe kuSu Elinamandla Lokuvikela Ukutholwa Kokuphepha Kokudonswa Kwethrafikhi
“I-Network Inline Bypass” Esinye isimo sesicelo esithuthukisiwe sisekelwe esu eliguquguqukayo lezinhlelo zokusebenza zokuvikela ukuphepha kokutholwa kwethrafikhi, ukusetshenziswa kwendlela njengoba kuboniswe ngezansi:
Thatha imishini yokuhlola ukuphepha ethi “Anti-DDoS attack protection and detection”, isibonelo, ngokusebenzisa ukuthunyelwa kwe-“Network Inline Bypass” bese kuba imishini yokuvikela i-anti-DDOS bese uxhumeka ku-“Network Inline Bypass”, ku-“Traction protector” evamile “esilinganisweni esiphelele sokudlulisa isivinini sethrafikhi ngesikhathi esifanayo isibuko sokugeleza esiphumayo “edivayisini yokuvikela i-anti-DDOS attack”, uma isitholwe yi-server IP (noma ingxenye yenethiwekhi ye-IP) ngemva kokuhlasela,” idivayisi yokuvikela i-anti-DDOS attack” izokhiqiza imithetho yokufanisa ithrafikhi eqondiwe bese iyithumela ku-“Network Inline Bypass” ngokusebenzisa isikhombimsebenzisi sokulethwa kwenqubomgomo enamandla. I-“Network Inline Bypass” ingabuyekeza “i-traffic traction dynamic” ngemuva kokuthola imithetho yenqubomgomo enamandla. I-Rule pool “futhi ngokushesha” umthetho ushaya i-attack server traffic “traction to the” anti-DDoS attack protection and detection “equipment for processing, ukuze isebenze ngemva kokugeleza kokuhlasela bese ifakwa kabusha kunethiwekhi.
Uhlelo lokusebenza olusekelwe ku-"Network Inline Bypass" kulula ukulusebenzisa kune-BGP route injection yendabuko noma olunye uhlelo lokudonsa ithrafikhi, futhi imvelo ayixhomekile kakhulu kunethiwekhi futhi ukuthembeka kuphakeme.
I-“Network Inline Bypass” inezici ezilandelayo zokusekela ukuvikelwa kokutholwa kokuphepha kwenqubomgomo enamandla:
1, "I-Network Inline Bypass" ukuhlinzeka ngaphandle kwemithetho ngokusekelwe ku-interface ye-WEBSERIVCE, ukuhlanganiswa okulula namadivayisi okuphepha avela eceleni.
2, "I-Network Inline Bypass" esekelwe ku-chip ye-ASIC emsulwa yehadiwe edlulisela amaphakethe esivinini sentambo angu-10Gbps ngaphandle kokuvimba ukudlulisela iswishi, kanye "nomtapo wolwazi wemithetho eguquguqukayo yokudonsa ithrafikhi" kungakhathalekile ukuthi inombolo ithini.
3, "I-Network Inline Bypass" umsebenzi wobungcweti owakhelwe ngaphakathi we-BYPASS, noma ngabe isivikelo ngokwaso sehluleka, singadlula nesixhumanisi sokuqala se-serial ngokushesha, asithinti isixhumanisi sokuqala sokuxhumana okuvamile.
Isikhathi sokuthunyelwe: Disemba 23-2021
