1- Iyini i-Define Heartbeat Packet?
Amaphakethe okushaya kwenhliziyo e-Mylinking™ Network Tap Bypass Shintshela okuzenzakalelayo kumafreyimu e-Ethernet Layer 2. Lapho usebenzisa imodi yokubhula ye-Leyer 2 ebonisa ngale (njenge-IPS / FW), ozimele be-Layer 2 Ethernet ngokuvamile bayadluliselwa phambili, bavinjwe noma balahlwe. Ngesikhathi esifanayo, i-Mylinking™ Network Tap Bypass Switch isekela ifomethi yomlayezo wokushaya kwenhliziyo ngokwezifiso ukuze ihlangabezane nesimo sokuthi amanye amadivayisi akhethekile okuvikela angakwazi ukudlulisa ozimele abajwayelekile be-Layer 2 Ethernet.
Futhi i-Mylinking™ Network Tap Bypass Switch iphinde isekele ukutholwa kwephakethe lokushaya kwenhliziyo okusekelwe kumaka we-VLAN, Isendlalelo sesi-3 kanye nezinhlobo zemilayezo yangokwezifiso ye-Layer 4. Ngokusekelwe kulo mshini, umsebenzisi angasebenzisa umsebenzi wokuhlola ukuphepha kwesevisi wedivayisi yokuphepha kokuxhumana ukuze ayenze isebenze kangcono ukuze aqinisekise ukuthi izinsizakalo zokuphepha ezihambisanayo zisebenza kahle.
I-Mylinking™ Network Tap Bypass Switch ingasekela imonitha ukuthi ithumele amaphakethe okushaya kwenhliziyo ahlukene nhlangothi zombili. Isibonelo, amaphakethe e-TCP kanye nohlobo lwe-UDP okushaya kwenhliziyo enziwa ngendlela oyifisayo “Ku-Strategy Traffic Traction Protector”, ngokuya ngemininingwane yedivayisi ye-serial. Ungalungiselela ukuthunyelwa kwamaphakethe okushaya kwenhliziyo e-TCP kusiqapha se-uplink A port kanye nokuthunyelwa kwamaphakethe e-UDP okushaya kwenhliziyo kumbobo ye-downlink qapha imbobo engu-B ukuze kuhlangatshezwane nendlela yokudlulisela umlayezo wedivayisi ye-serial security. Lo msebenzi ungaqinisekisa ngempumelelo iyunithi yezinhlamvu. Xhuma okokusebenza kokuphepha ekusebenzeni okuvamile.
I-Mylinking™ Network Inline Bypass Switch iyacwaningwa futhi yathuthukiswa ukuze isetshenziselwe ukuthunyelwa okuvumelana nezimo kwezinhlobo ezihlukahlukene zemishini yokuvikela ewuchungechunge kuyilapho ihlinzeka ngokwethembeka okuphezulu kwenethiwekhi.
2-Network Inline Bypass Shintsha Izici Ezithuthukile Nobuchwepheshe
I-Mylinking™ “SpecFlow” Protection Mode kanye “FullLink” Protection Mode Technology
I-Mylinking™ Fast Bypass Switching Protection Technology
I-Mylinking™ “LinkSafeSwitch” Technology
I-Mylinking™ “WebService” I-Dynamic Strategy Forwarding/Issue Technology
I-Mylinking™ Intelligent Heartbeat Message Detection Technology
I-Mylinking™ Definable Heartbeat Messages Technology
I-Mylinking™ Multi-link Load Balancing Technology
I-Mylinking™ Intelligent Traffic Distribution Technology
I-Mylinking™ Dynamic Load Balancing Technology
I-Mylinking™ Remote Management Technology(HTTP/WEB, TELNET/SSH, “EasyConfig/AdvanceConfig” Isici)
I-3-Network Inline Bypass Switch Isicelo (njengokulandelayo)
3.1 Ingozi Yezisetshenziswa Zokuvikeleka Ezixhumene Nelayini (IPS/FW)
Okulandelayo i-IPS ejwayelekile (I-Intrusion Prevention System), imodi yokuthumela ye-FW (Firewall), i-IPS / FW isetshenziswa ngochungechunge kumishini yenethiwekhi (amarutha, amaswishi, njll.) phakathi kwethrafikhi ngokusebenzisa amasheke okuphepha, ngokusho inqubomgomo yokuphepha ehambisanayo yokunquma ukukhululwa noma ukuvimba ithrafikhi ehambisanayo, ukuze kuzuzwe umphumela wokuvikela ukuvikela.
Ngasikhathi sinye, singakwazi ukubona i-IPS / FW njengokuthunyelwa kwe-serial kwemishini, evame ukuthunyelwa endaweni ebalulekile yenethiwekhi yebhizinisi ukuze kusetshenziswe ukuphepha kwe-serial, ukwethembeka kwamadivayisi ayo axhunyiwe kuthinta ngqo ukutholakala kwenethiwekhi yebhizinisi jikelele. Uma amadivayisi e-serial alayisha ngokweqile, ukuphahlazeka, izibuyekezo zesofthiwe, izibuyekezo zenqubomgomo, njll., konke ukutholakala kwenethiwekhi yebhizinisi kuzothinteka kakhulu. Kuleli qophelo, thina kuphela ngokusikwa kwenethiwekhi, i-jumper ye-bypass ebonakalayo ingenza inethiwekhi ibuyiselwe, okuthinta kakhulu ukuthembeka kwenethiwekhi. I-IPS / FW namanye amadivaysi e-serial ngakolunye uhlangothi athuthukisa ukuthunyelwa kokuphepha kwenethiwekhi yebhizinisi, ngakolunye uhlangothi futhi kunciphisa ukuthembeka kwamanethiwekhi ebhizinisi, okwandisa ingozi yenethiwekhi ayitholakali.
3.2 I-Inline Link Series Ukuvikelwa Kwezisetshenziswa
I-Mylinking™ ” Network Inline Bypass ” isetshenziswa ngochungechunge phakathi kwamadivayisi enethiwekhi (amarutha, amaswishi, njll.), futhi ukugeleza kwedatha phakathi kwamadivayisi enethiwekhi akusaholeli ngokuqondile ku-IPS / FW, ” I-Network Inline Bypass ” kuye ku-IPS / FW, lapho i-IPS/FW ngenxa yokugcwala, ukuphahlazeka, ukubuyekezwa kwesofthiwe, ukubuyekezwa kwenqubomgomo nezinye izimo zokwehluleka, “I-Network Inline Bypass” ngokutholwa komlayezo wokushaya kwenhliziyo ohlakaniphile Umsebenzi wokutholwa ngesikhathi, futhi ngaleyo ndlela weqe idivayisi enephutha, ngaphandle kokuphazamisa isisekelo inethiwekhi, imishini yenethiwekhi esheshayo exhunywe ngokuqondile ukuvikela inethiwekhi evamile yokuxhumana; lapho i-IPS / FW alulame ukwehluleka, kodwa futhi ngokusebenzisa ohlakaniphile ukushaya kwenhliziyo amaphakethe Ukuthola ukutholwa ngesikhathi umsebenzi, isixhumanisi sokuqala ukubuyisela ukuphepha amasheke ezokuphepha kwenethiwekhi yebhizinisi.
I-Mylinking™ “Network Inline Bypass ” inomsebenzi wokuthola umlayezo wokushaya kwenhliziyo onamandla ohlakaniphile, umsebenzisi angakwazi ukwenza ngokwezifiso isikhawu sokushaya kwenhliziyo kanye nenani eliphezulu lokuzama futhi, ngomlayezo wokushaya kwenhliziyo wangokwezifiso ku-IPS/FW wokuhlolwa kwezempilo, njengokuthumela isheke lokushaya kwenhliziyo. umlayezo oya ethekwini elikhuphuka nomfula / elizansi nomfula le-IPS / FW, bese uthola ovela ethekwini elikhuphuka nomfula / elezansi nomfula le-IPS / FW, bese wahlulela ukuthi i-IPS / FW isebenza ngokujwayelekile yini ngokuthumela nokwamukela umlayezo wokushaya kwenhliziyo.
3.3 “SpecFlow” Policy Flow Inline Traction Series Protection
Uma idivayisi yenethiwekhi yezokuvikela idinga kuphela ukubhekana nethrafikhi ethile ekuvikelweni kochungechunge, ngokusebenzisa i-Mylinking™ ” Network Inline Bypass ” umsebenzi wokucubungula ithrafikhi ngakunye, ngesu lokuhlola ithrafikhi ukuze kuxhunywe idivayisi yezokuphepha ” Okukhathazekayo “ithrafikhi ibuyiselwa emuva. ngqo kusixhumanisi senethiwekhi, futhi” isigaba sethrafikhi esithintekayo “sidonsela kudivayisi yokuphepha ekulayini ukuze wenze ukuhlola kokuphepha. Lokhu ngeke nje kugcine ukusetshenziswa okuvamile komsebenzi wokuthola ukuphepha kwedivayisi yokuphepha, kodwa futhi kunciphise ukugeleza okungasebenzi kahle kwemishini yokuphepha ukubhekana nokucindezela; ngesikhathi esifanayo, ” I-Network Inline Bypass ” ingathola isimo sokusebenza sedivayisi yokuphepha ngesikhathi sangempela. Idivayisi yokuphepha isebenza ngendlela engavamile idlula ithrafikhi yedatha ngokuqondile ukuze igweme ukuphazamiseka kwesevisi yenethiwekhi.
3.4 Layisha i-Balanced Series Protection
I-Mylinking™ “Network Inline Bypass ” isetshenziswa ngochungechunge phakathi kwamadivaysi enethiwekhi (amarutha, amaswishi, njll.). Lapho ukusebenza kokucubungula okukodwa kwe-IPS/FW kunganele ukubhekana nenani eliphakeme lethrafikhi yesixhumanisi, Umsebenzi wokulinganisa umthamo wethrafikhi womvikeli, "ukuhlanganisa" kwe-IPS / FW cluster processing network link traffic, kunganciphisa ngempumelelo i-IPS eyodwa / Ingcindezi yokucubungula ye-FW, thuthukisa ukusebenza okuphelele kokusebenza ukuze kuhlangatshezwane nomkhawulokudonsa ophezulu wesimangalo sendawo yokuphakela.
I-Mylinking™ “Network Inline Bypass ” inomsebenzi onamandla wokulinganisa umthwalo, ngokuya ngethegi ye-VLAN yohlaka, imininingwane ye-MAC, imininingwane ye-IP, inombolo yembobo, iphrothokholi kanye nolunye ulwazi lokusatshalaliswa kokulinganisa komthwalo we-Hash ukuze kuqinisekiswe ukuthi i-IPS/FW ngayinye itholiwe. ukugeleza kwedatha Ubuqotho beseshini.
3.5 I-Multi-series Inline Equipment Flow Traction Protection (Shintsha Uxhumano Lwe-Serial lube Uxhumo Olufanayo)
Kwezinye izixhumanisi eziyinhloko (ezifana nezitolo ze-inthanethi, isixhumanisi sokushintshana kwendawo yeseva) indawo ngokuvamile iba ngenxa yezidingo zezici zokuphepha kanye nokusetshenziswa kwemishini eminingi yokuhlola ukuphepha okusemgqeni (njenge-firewall, okokusebenza kokuhlasela kwe-DDOS, i-firewall yohlelo lokusebenza lwe-WEB , Izinsiza zokuvimbela ukungena, njll.), imishini yokuthola ukuphepha okuningi ngesikhathi esisodwa ochungechungeni kusixhumanisi sokwandisa isixhumanisi sephuzu elilodwa lokuhluleka, ukunciphisa ukuthembeka okuphelele kwenethiwekhi. Futhi kulokhu okushiwo ngenhla kwemishini yokuvikela ukuthunyelwa ku-inthanethi, ukuthuthukiswa kwemishini, ukushintshwa kwemishini nokunye ukusebenza, kuzobangela inethiwekhi ukuphazamiseka kwesevisi isikhathi eside kanye nesenzo esikhulu sokusika iphrojekthi ukuze kuqedelwe ukuqaliswa ngempumelelo kwamaphrojekthi anjalo.
Ngokusebenzisa “I-Network Inline Bypass ” ngendlela ebumbene, imodi yokuphakelwa yamadivayisi amaningi okuvikela axhunywe ochungechungeni kusixhumanisi esifanayo ingashintshwa isuke kokuthi “imodi yokuhlanganisa ngokomzimba” iye “ekuhlanganiseni ngokomzimba, imodi yokuhlanganisa enengqondo” Isixhumanisi esikusixhumanisi. yephuzu elilodwa lokwehluleka ukuthuthukisa ukwethembeka kwesixhumanisi, kuyilapho “I-Network Inline Bypass ” ekugelezeni kwesixhumanisi ekudonseni kwesidingo, ukufeza ukugeleza okufanayo ngemodi yasekuqaleni yomphumela wokucubungula ophephile.
Idivayisi yokuvikela engaphezu kweyodwa ngesikhathi esisodwa kumdwebo wochungechunge wokusetshenziswa:
I-Network Inline Bypass Switch Deployment Diagram:
3.6 Ngokusekelwe Kusu Elinamandla Lokuvikelwa Kokuthola Ukuvikeleka Kokuhamba Kwethrafikhi
“I-Network Inline Bypass ” Esinye isimo esithuthukisiwe sohlelo lokusebenza sisekelwe isu eliguquguqukayo lezinhlelo zokusebenza zokuvikela ukutholwa kokuphepha kokudonsa kwethrafikhi, ukusetshenziswa kwendlela njengoba kuboniswe ngezansi:
Thatha “Anti-DDoS ukuvikela kanye nokutholwa” okokuvikela okokusebenza kokuhlola, ngokwesibonelo, ngokusebenzisa ekugcineni kwe-“Network Inline Bypass ” kanye nezinto zokuvikela ezimelene ne-DDOS bese uxhunywa ” I-Network Inline Bypass “, ku- okujwayelekile ” Isivikeli sokudonsa “inani eligcwele lokudlulisa isivinini sethrafikhi ngesikhathi esifanayo isibuko esigelezayo esiphuma kudivayisi yokuvikela ukuhlasela kwe-anti-DDOS “, uma sitholakele kuseva ye-IP (noma ingxenye yenethiwekhi ye-IP) ngemva kokuhlasela, ” Idivayisi yokuvikela ukuhlasela kwe-DDOS ” izokhiqiza imithetho eqondiwe yokufanisa ukugeleza kwethrafikhi futhi iyithumele kokuthi ” I-Network Inline Bypass ” ngohlelo olusebenzayo lokulethwa kwenqubomgomo. I-"Network Inline Bypass ” ingabuyekeza "i-traffic traction dynamic" ngemva kokuthola imithetho eguquguqukayo yenqubomgomo Iqoqo Lomthetho "futhi ngokushesha" umthetho ushaye ithrafikhi yeseva yokuhlasela "ukudonsela" ekuvikelweni kokuhlasela kwe-DDoS nokutholwa “kokusebenza ukuze kucutshungulwe, ukuze isebenze kahle ngemva kokugeleza kokuhlasela bese iphinda ijovwe kunethiwekhi.
Uhlelo lohlelo lokusebenza olusekelwe ” Ku-Network Inline Bypass ” kulula ukulusebenzisa kunomjovo womzila we-BGP ovamile noma esinye isikimu sokudonsa kwethrafikhi, futhi indawo ezungezile ayincikile kunethiwekhi futhi ukwethembeka kuphezulu.
I-“Network Inline Bypass ” inezici ezilandelayo zokusekela ukuvikelwa kokutholwa kokuphepha kwenqubomgomo enamandla:
1, ” I-Network Inline Bypass ” ukuze unikeze ngaphandle kwemithetho esekelwe kusixhumi esibonakalayo se-WEBSERIVCE, ukuhlanganiswa okulula namadivayisi okuphepha ezinkampani zangaphandle.
2, ” I-Network Inline Bypass ” esekelwe ku-hardware ehlanzekile ye-ASIC chip edlulisela phambili kumaphakethe esivinini sentambo engu-10Gbps ngaphandle kokuvimbela ukudluliselwa kweswishi, kanye “nomtapo wolwazi oshukumisayo wethrafikhi” kungakhathaliseki inombolo.
3, ” I-Network Inline Bypass ” umsebenzi owakhelwe ngaphakathi we-BYPASS wobungcweti, noma ngabe isivikeli ngokwaso singaphumeleli, singaphinda sidlule isixhumanisi sokuqala se-serial ngokushesha, asithinti isixhumanisi sokuqala sokuxhumana okuvamile.
Isikhathi sokuthumela: Dec-23-2021