I-NetFlow kanye ne-IPFIX zombili ubuchwepheshe obusetshenziselwa ukuqapha nokuhlaziya ukugeleza kwenethiwekhi. Zinikeza ukuqonda ngamaphethini ethrafikhi yenethiwekhi, zisiza ekwenzeni ngcono ukusebenza, ukuxazulula izinkinga, kanye nokuhlaziya ukuphepha.
I-NetFlow:
Kuyini i-NetFlow?
I-NetFlowyisisombululo sokuqala sokuqapha ukugeleza, esasungulwa yiCisco ngasekupheleni kweminyaka yama-1990. Kunezinhlobo eziningana ezahlukene, kodwa ukusetshenziswa okuningi kusekelwe ku-NetFlow v5 noma ku-NetFlow v9. Nakuba inguqulo ngayinye inamakhono ahlukile, ukusebenza okuyisisekelo kuhlala kufana:
Okokuqala, i-router, iswishi, i-firewall, noma olunye uhlobo lwedivayisi luzothwebula ulwazi "ekugelezeni" kwenethiwekhi - ngokuyisisekelo isethi yamaphakethe abelana ngesethi efanayo yezici ezifana nekheli lomthombo nelendawo oya kuyo, umthombo, kanye ne-port yendawo oya kuyo, kanye nohlobo lwephrothokholi. Ngemva kokuthi ukugeleza sekuphelile noma isikhathi esichazwe kusengaphambili sesidlulile, idivayisi izothumela amarekhodi okugeleza enhlanganweni eyaziwa ngokuthi "umqoqi wokugeleza".
Okokugcina, "umhlaziyi wokugeleza" unengqondo ngalawo marekhodi, enikeza ukuqonda ngesimo sokubona, izibalo, kanye nokubika okuningiliziwe komlando nesikhathi sangempela. Empeleni, abaqoqi nabahlaziyi bavame ukuba yinto eyodwa, evame ukuhlanganiswa ibe yisisombululo esikhulu sokuqapha ukusebenza kwenethiwekhi.
I-NetFlow isebenza ngendlela ehlelekile. Uma umshini weklayenti ufinyelela kuseva, i-NetFlow izoqala ukuthwebula nokuhlanganisa i-metadata kusukela ekugelezeni. Ngemva kokuba iseshini isiqediwe, i-NetFlow izothumela irekhodi elilodwa eliphelele kumqoqi.
Nakuba isasetshenziswa kakhulu, i-NetFlow v5 inemikhawulo eminingana. Amasimu athunyelwa kwamanye amazwe alungisiwe, ukuqapha kusekelwa kuphela ohlangothini lokungena, futhi ubuchwepheshe besimanje obufana ne-IPv6, i-MPLS, ne-VXLAN abusekelwa. I-NetFlow v9, ebizwa nangokuthi i-Flexible NetFlow (FNF), ibhekana neminye yale mikhawulo, ivumela abasebenzisi ukwakha amathempulethi ngokwezifiso futhi yengeze ukwesekwa kobuchwepheshe obusha.
Abathengisi abaningi banezinhlelo zabo zokusebenza ze-NetFlow, njenge-jFlow evela kuJuniper kanye ne-NetStream evela kuHuawei. Nakuba ukucushwa kungahluka kancane, lezi zinhlelo zokusebenza zivame ukukhiqiza amarekhodi okugeleza ahambisana nabaqoqi kanye nabahlaziyi be-NetFlow.
Izici Eziyinhloko ze-NetFlow:
~ Idatha Yokugeleza: I-NetFlow ikhiqiza amarekhodi okugeleza afaka imininingwane efana namakheli e-IP omthombo nendawo oya kuyo, amachweba, izitembu zesikhathi, ukubalwa kwamaphakethe nama-byte, kanye nezinhlobo zephrothokholi.
~ Ukuqapha Ithrafikhi: I-NetFlow inikeza ukubonakala kwamaphethini ethrafikhi yenethiwekhi, okuvumela abaphathi ukuthi babone izinhlelo zokusebenza eziphezulu, ama-endpoints, kanye nemithombo yethrafikhi.
~Ukutholwa Kwe-Anomaly: Ngokuhlaziya idatha yokugeleza, i-NetFlow ingathola ukungalingani njengokusetshenziswa ngokweqile kwe-bandwidth, ukuminyana kwenethiwekhi, noma amaphethini ethrafikhi angajwayelekile.
~ Ukuhlaziywa Kokuphepha: I-NetFlow ingasetshenziswa ukuthola nokuphenya izehlakalo zokuphepha, njengokuhlaselwa kwe-distributed denial-of-service (DDoS) noma imizamo yokufinyelela okungagunyaziwe.
Izinguqulo ze-NetFlow: I-NetFlow ishintshe ngokuhamba kwesikhathi, futhi kuye kwakhishwa izinguqulo ezahlukene. Ezinye izinguqulo eziphawulekayo zifaka phakathi i-NetFlow v5, i-NetFlow v9, kanye ne-Flexible NetFlow. Inguqulo ngayinye yethula izithuthukisi kanye namakhono engeziwe.
I-IPFIX:
Kuyini i-IPFIX?
I-IETF standard eyavela ekuqaleni kwawo-2000, i-Internet Protocol Flow Information Export (IPFIX) ifana kakhulu ne-NetFlow. Eqinisweni, i-NetFlow v9 yasebenza njengesisekelo se-IPFIX. Umehluko omkhulu phakathi kwalokhu okubili ukuthi i-IPFIX iyindinganiso evulekile, futhi isekelwa abathengisi abaningi benethiwekhi ngaphandle kwe-Cisco. Ngaphandle kwezinkambu ezimbalwa ezengeziwe ezingezwe ku-IPFIX, amafomethi acishe afane. Eqinisweni, i-IPFIX ngezinye izikhathi ibizwa nangokuthi “i-NetFlow v10”.
Ngenxa yokufana kwayo ne-NetFlow, i-IPFIX ithola ukwesekwa okukhulu phakathi kwezixazululo zokuqapha inethiwekhi kanye nemishini yenethiwekhi.
I-IPFIX (Internet Protocol Flow Information Export) iyiphrothokholi ejwayelekile evulekile eyenziwe yi-Internet Engineering Task Force (IETF). Isekelwe kuncazelo ye-NetFlow Version 9 futhi inikeza ifomethi ejwayelekile yokuthumela amarekhodi okugeleza kusuka kumadivayisi enethiwekhi.
I-IPFIX yakhela phezu kwemibono ye-NetFlow futhi iyayandisa ukuze inikeze ukuguquguquka okwengeziwe kanye nokusebenzisana phakathi kwabathengisi namadivayisi ahlukene. Yethula umqondo wamathempulethi, okuvumela incazelo eguquguqukayo yesakhiwo serekhodi lokugeleza kanye nokuqukethwe. Lokhu kwenza ukufakwa kwezinkambu ezenziwe ngokwezifiso, ukusekelwa kwamaphrothokholi amasha, kanye nokwandiswa.
Izici Eziyinhloko ze-IPFIX:
~ Indlela Esekelwe Kuthempulethi: I-IPFIX isebenzisa amathempulethi ukuchaza isakhiwo kanye nokuqukethwe kwamarekhodi okugeleza, okunikeza ukuguquguquka ekusingatheni izinkambu ezahlukene zedatha kanye nolwazi oluqondene nephrothokholi.
~ Ukusebenzisana: I-IPFIX iyindinganiso evulekile, eqinisekisa amakhono okuqapha ukugeleza okuqhubekayo kubathengisi namadivayisi ahlukahlukene enethiwekhi.
~ Usekelo lwe-IPv6: I-IPFIX isekela i-IPv6 ngokwendabuko, okwenza ifaneleke ukuqapha nokuhlaziya ithrafikhi kumanethiwekhi e-IPv6.
~Ukuphepha Okuthuthukisiwe: I-IPFIX ifaka phakathi izici zokuphepha ezifana nokubethela kwe-Transport Layer Security (TLS) kanye nokuhlolwa kobuqotho bemiyalezo ukuvikela ubumfihlo kanye nobuqotho bedatha yokugeleza ngesikhathi sokudlulisa.
I-IPFIX isekelwa kabanzi ngabathengisi bemishini yokuxhumana abahlukahlukene, okwenza kube ukukhetha okungenamdayisi futhi okwamukelwa kabanzi kokuqapha ukugeleza kwenethiwekhi.
Ngakho-ke, umehluko phakathi kwe-NetFlow ne-IPFIX uyini?
Impendulo elula ukuthi i-NetFlow iyiphrothokholi eyimfihlo ye-Cisco eyasungulwa cishe ngo-1996 kanti i-IPFIX ingumfowabo ovunyelwe yi-body standards.
Zombili lezi zinqubo zifeza injongo efanayo: ukuvumela onjiniyela benethiwekhi nabaphathi ukuthi baqoqe futhi bahlaziye ukuhamba kwethrafikhi ye-IP yezinga lenethiwekhi. I-Cisco yathuthukisa i-NetFlow ukuze amaswishi ayo nama-router akwazi ukukhipha lolu lwazi olubalulekile. Njengoba kunikezwe amandla egiya le-Cisco, i-NetFlow ngokushesha yaba indinganiso engeyona yeqiniso yokuhlaziywa kwethrafikhi yenethiwekhi. Kodwa-ke, abancintisana embonini baqaphela ukuthi ukusebenzisa inqubo eyimfihlo elawulwa yimbangi yayo eyinhloko kwakungewona umqondo omuhle ngakho-ke i-IETF yahola umzamo wokwenza inqubo evulekile yokuhlaziywa kwethrafikhi ibe yi-standard, okuyi-IPFIX.
I-IPFIX isekelwe ku-NetFlow version 9 futhi yethulwa ekuqaleni cishe ngo-2005 kodwa kwathatha iminyaka ethile ukuthola ukwamukelwa embonini. Kuleli qophelo, lezi zinqubo ezimbili ziyafana futhi yize igama elithi NetFlow lisasetshenziswa kakhulu, ukusetshenziswa okuningi (nakuba kungezona zonke) kuyahambisana nendinganiso ye-IPFIX.
Nasi ithebula elifingqa umehluko phakathi kwe-NetFlow ne-IPFIX:
| Isici | I-NetFlow | I-IPFIX |
|---|---|---|
| Umsuka | Ubuchwepheshe bobunikazi obuthuthukiswe yiCisco | Iphrothokholi ejwayelekile yemboni esekelwe ku-NetFlow Version 9 |
| Ukumiswa kwesimo | Ubuchwepheshe obuqondene ne-Cisco | I-Open standard echazwe yi-IETF ku-RFC 7011 |
| Ukuzivumelanisa nezimo | Izinguqulo eziguquliwe ezinezici ezithile | Ukuguquguquka okukhulu kanye nokusebenzisana phakathi kwabathengisi |
| Ifomethi Yedatha | Amaphakethe osayizi ozinzile | Indlela esekelwe kuthempulethi yamafomethi okugeleza angenziwa ngezifiso |
| Usekelo Lwethempulethi | Akusekelwe | Amathempulethi aguquguqukayo okufakwa kwensimu eguquguqukayo |
| Ukusekelwa Kwabathengisi | Ngokuyinhloko amadivayisi e-Cisco | Ukusekelwa okubanzi kubathengisi benethiwekhi |
| Ukwandiswa | Ukwenza ngokwezifiso okulinganiselwe | Ukufakwa kwezinkambu ezenziwe ngokwezifiso kanye nedatha ethile yohlelo lokusebenza |
| Umehluko Wephrothokholi | Izinguquko ezithile ze-Cisco | Usekelo lwe-IPv6 lwendabuko, izinketho ezithuthukisiwe zerekhodi lokugeleza |
| Izici Zokuphepha | Izici zokuphepha ezilinganiselwe | Ukubethela kwe-Transport Layer Security (TLS), ubuqotho bomlayezo |
Ukuqapha Ukugeleza Kwenethiwekhiukuqoqwa, ukuhlaziywa, kanye nokuqapha ithrafikhi edlula kunethiwekhi ethile noma ingxenye yenethiwekhi. Izinhloso zingahluka kusukela ekuxazululeni izinkinga zokuxhumeka kuya ekuhleleni ukwabiwa kwe-bandwidth yesikhathi esizayo. Ukuqapha ukugeleza kanye nokusampula amaphakethe kungaba usizo ngisho nasekutholeni nasekulungiseni izinkinga zokuphepha.
Ukuqapha ukugeleza kunikeza amaqembu enethiwekhi umbono omuhle wokuthi inethiwekhi isebenza kanjani, okunikeza ukuqonda ngokusetshenziswa okuphelele, ukusetshenziswa kohlelo lokusebenza, izithiyo ezingaba khona, ama-anomalies angabonisa izinsongo zokuphepha, nokuningi. Kunezindinganiso eziningana ezahlukene namafomethi asetshenziswa ekuqapheni ukugeleza kwenethiwekhi, kufaka phakathi i-NetFlow, i-sFlow, kanye ne-Internet Protocol Flow Information Export (IPFIX). Ngayinye isebenza ngendlela ehlukile kancane, kodwa zonke zihlukile ekubukeni kwezibuko kanye nokuhlolwa kwephakethe okujulile ngoba azibambi okuqukethwe yiphakethe ngalinye elidlula phezu kwechweba noma ngeswishi. Kodwa-ke, ukuqapha ukugeleza kunikeza ulwazi oluningi kune-SNMP, ngokuvamile olukhawulelwe kwizibalo ezibanzi njengokusetshenziswa kwephakethe kanye ne-bandwidth iyonke.
Amathuluzi Okugeleza Kwenethiwekhi Aqhathaniswa
| Isici | I-NetFlow v5 | I-NetFlow v9 | i-sFlow | I-IPFIX |
| Kuvuliwe noma Kuyimpahla | Ubunikazi | Ubunikazi | Vula | Vula |
| Kusekelwe kusampula noma ekugelezeni | Ngokuyinhloko Kusekelwe Ekugelezeni; Imodi Esampuliwe iyatholakala | Ngokuyinhloko Kusekelwe Ekugelezeni; Imodi Esampuliwe iyatholakala | Kuthathwe isampula | Ngokuyinhloko Kusekelwe Ekugelezeni; Imodi Esampuliwe iyatholakala |
| Ulwazi Oluthathwe | Ulwazi lwe-metadata kanye nezibalo, kufaka phakathi ama-byte adluliselwe, izibali zesikhombimsebenzisi nokunye | Ulwazi lwe-metadata kanye nezibalo, kufaka phakathi ama-byte adluliselwe, izibali zesikhombimsebenzisi nokunye | Ama-Header Ephakethe Aphelele, Imithwalo Yephakethe Engaphelele | Ulwazi lwe-metadata kanye nezibalo, kufaka phakathi ama-byte adluliselwe, izibali zesikhombimsebenzisi nokunye |
| Ukuqapha Ukungena/Ukuphuma | Ukungena Kuphela | Ukungena Nokuphuma | Ukungena Nokuphuma | Ukungena Nokuphuma |
| Usekelo lwe-IPv6/VLAN/MPLS | No | Yebo | Yebo | Yebo |
Isikhathi sokuthunyelwe: Mashi-18-2024
