INetflow ne-IPFix bobabili ubuchwepheshe obusetshenziselwa ukuqapha ukugeleza kwenethiwekhi kanye nokuhlaziywa. Bahlinzeka ngokuqonda kumaphethini wethrafikhi yenethiwekhi, kusiza ekusebenzeni kahle kokusebenza, ukuxazulula inkinga kanye nokuhlaziywa kwezokuphepha.
I-NetFlow:
Yini i-netflow?
UkuflowIngabe ikhambi lokuqala lokuqapha ukugeleza, ekuqaleni lakhiwa yiCisco ngasekupheleni kweminyaka yama-1990s. Izinguqulo eziningana ezahlukene zikhona, kepha izinguqulo eziningi zisuselwa ku-netflow v5 noma i-netflow v9. Ngenkathi inguqulo ngayinye inamakhono ahlukile, umsebenzi oyisisekelo uhlala ufana:
Okokuqala, i-router, switch, firewall, noma olunye uhlobo lwedivayisi luzothwebula imininingwane kwinethiwekhi "ukugeleza" - isethi yamaphakeji abelana ngesethi evamile ye-Sourcicistics efana ne-Sourcicistics efana nekheli, umthombo, kanye nePort Thway, nohlobo lwe-Protocol. Ngemuva kokuthi ukugeleza sekudlulile noma kudlule isikhathi esichazwe ngaphambilini, idivaysi izothumela amarekhodi okugeleza ebhizinisini eyaziwa ngokuthi "umqoqi we-flow".
Ekugcineni, "Ukuhlaziya okugelezayo" kunengqondo lawo marekhodi, ukuhlinzeka ngokuqonda ngendlela yokubona, izibalo, nokubikwa okuningiliziwe ngomlando nokubikwa kwangempela. Empeleni, abaqoqi kanye nabahlaziyi bavame ukuba yinhlangano eyodwa, evame ukuhlanganiswa ibe yisixazululo esikhudlwana sokuhlola ukusebenza kwenethiwekhi.
INetflow isebenza ngesisekelo esiqinile. Lapho umshini wamakhasimende ufinyelela kwiseva, i-netflow izoqala ukuthwebula futhi ihlanganise i-metadata ekuhambeni. Ngemuva kokuthi iseshini inqanyuliwe, i-netflow izothumela irekhodi elilodwa eliphelele kumqokeleli.
Noma kusasetshenziswa kakhulu, iNetflow V5 inezinkomba eziningi. Amasimu athunyelwe athunyelwe, ukuqapha kusekelwa kuphela ekuqondisweni kwe-Ingress, kanye nobuchwepheshe banamuhla njenge-IPv6, ama-MPL, ne-Vxlan akusekelwa. INetflow V9, nayo efakwe uphawu njengeFlexifble NetFlow (FNF), ibheka okunye kwalokhu kulinganiselwa, okuvumela abasebenzisi ukuthi bakha izifanekiso zangokwezifiso kanye nokwengeza ukwesekwa kobuchwepheshe obusha.
Abathengisi abaningi baphinde babe nokuqaliswa kwabo kokuphathelene kweNetflow, njenge-JFlow kusuka kuJuniper naseNetstream kusuka kuHuawei. Yize ukumiswa kungahluka ngandlela thile, lokhu kusebenza kuvame ukukhiqiza amarekhodi okugeleza ahambelana nabaqoqi be-netflow kanye nabahlaziyi.
Izici ezibalulekile zeNetflow:
~ Idatha yokugeleza: I-NetFlow yakha amarekhodi okugeleza afaka imininingwane efana nemithombo kanye namakheli we-IP wokuya lapho uya khona, amachweba, ama-timestamp, amaphakethe kanye nama-byte ukubalwa, nezinhlobo ze-protte.
~ Ukuqapha KwethrafikhiI-NetFlow ihlinzeka ngokubonakala kumaphethini wethrafikhi yenethiwekhi, okuvumela abaphathi ukukhomba izinhlelo zokusebenza eziphezulu, izindawo zokugcina, kanye nemithombo yethrafikhi.
~Ukutholwa kwe-anomaly: Ngokuhlaziya idatha yokugeleza, i-netflow ingabona ama-anomalies anjengokwakhiwa kwe-bandwidth ngokweqile, ukugcwala kwenethiwekhi, noma amaphethini wethrafikhi angajwayelekile.
~ Ukuhlaziywa Kwezokuphepha: I-Netflow ingasetshenziselwa ukuthola nokuphenya izehlakalo zokuphepha, njengokuhlaselwa okusatshalaliswa kwensiza (DDOS) noma imizamo engagunyaziwe yokufinyelela.
Izinguqulo zeNetFlow: I-NetFlow ivele ngokuhamba kwesikhathi, futhi izinguqulo ezahlukahlukene zikhishwe. Ezinye izinhlobo eziphawuleka zifaka i-netflow v5, netflow v9, ne-netflow eguquguqukayo. Uhlobo ngalunye lwethula izithuthukisi kanye namakhono angeziwe.
IPFIX:
Yini i-IPFIX?
Izinga le-Ietf eliqhamuke ekuqaleni kuka-2000s, imininingwane ye-Internet Protocol Flow Information (IPFIX) ifana kakhulu ne-netflow. Eqinisweni, iNetflow V9 yasebenza njengesisekelo se-IPFIX. Umehluko oyinhloko phakathi kwalokhu okubili ukuthi i-IPFix iyindinganiso evulekile, futhi isekelwa abathengisi abaningi benethiwekhi ngaphandle kweCisco. Ngaphandle kwezindawo ezimbalwa ezingeziwe ezingezwe ku-IPFIX, amafomethi acishe afane. Eqinisweni, i-IPFIX ngesinye isikhathi ibizwa ngokuthi "netflow v10".
Ngenxa yengxenye ekufana naseNetflow, i-IPFix ijabulela ukusekelwa okubanzi phakathi kwezixazululo zokuqapha inethiwekhi kanye nemishini yenethiwekhi.
I-IPFIX (I-Inthanethi Protocol Flow Information Export) iyiprotokoli ejwayelekile evulekile ethuthukiswe yi-Internet Engineering Task Force (IETF). Kususelwa ekucacisweni kweNetflow Version 9 futhi kuhlinzeka ngefomethi endisiwe yokuthumela amarekhodi okuphuma kwamadivayisi wenethiwekhi.
IPfix yakha phezu kwemiqondo ye-netflow futhi uyikhulisa ukuze inikeze ukuguquguquka okuthe xaxa nokusebenzisana kwabathengisi namadivayisi ahlukahlukene. Yethula umqondo wezifanekiso, okuvumela ukucaciswa okunamandla kwesakhiwo serekhodi lokugeleza nokuqukethwe. Lokhu kunika amandla ukufakwa kwamasimu wangokwezifiso, ukwesekwa kwezivumelwano ezintsha, kanye nokunakwa.
Izici ezibalulekile ze-IPFIX:
~ Indlela esekwe kwisifanekiso: I-IPFix isebenzisa izifanekiso ukuchaza ukwakheka nokuqukethwe kwamarekhodi okugeleza, okunikeza ukuguquguquka ekutholeni ukuguquguquka ekuhlaseleni amasimu edatha ahlukahlukene kanye nemininingwane ekhethekile yephrothokholi.
~ Ukuhlangana: I-IPFix iyindinganiso evulekile, eqinisekisa amakhono okuqapha ukugeleza okungaguquki kulowo abathengisi abahlukene namadivayisi.
~ I-IPv6 ukwesekwa: I-IPFix Yearly isekela i-IPv6, okwenza ilungele ukuqapha kanye nokuhlaziya ithrafikhi kumanethiwekhi we-IPv6.
~Ukuphepha okuthuthukile: I-IPFix ifaka izici zokuphepha ezifana nokuvikeleka kwesendlalelo sezokuphepha (i-TLS) ukubethela kanye nokuhlolwa kobuqotho bobuqotho ukuvikela ubumfihlo kanye nobuqotho bemininingwane yokugeleza ngesikhathi sokudluliselwa.
I-IPFix isekelwa kabanzi ngabathengisi bemishini yokuxhumana ehlukahlukene, okwenza kube yikhethelo elingathathi hlangothi futhi lamukelwe kabanzi ekuqaphekeni kwenethiwekhi.
Ngakho-ke, umehluko muni phakathi kweNetflow ne-IPFIX?
Impendulo elula ukuthi i-Netflow iyisivumelwano sokuphathelene neCisco esethulwe ngo-1996 ne-IPFIX izindinganiso zalo zomzimba ezivumayo.
Womabili amaphrothokholi asebenza ngenhloso efanayo: ukunika amandla onjiniyela benethiwekhi nabaphathi ukuqoqa nokuhlaziya ukugeleza kwenethiwekhi ye-IP. ICisco yathuthukisa i-netflow ukuze ukushintshwa kwayo nama-routers angakhipha lolu lwazi olubalulekile. Njengoba kunikezwe ubukhosi be-Cisco Gear, i-NetFlow ngokushesha yaba yi-De-Facto Standard yokuhlaziywa kwethrafikhi yenethiwekhi. Kodwa-ke, abaqhudelana nabo bezimboni babona ukuthi ukusebenzisa umthetho olawulwa ngokuphathelene nokulawulwa yimbewu yalo bekungewona umqondo omuhle ngakho-ke i-Ietf iholele umzamo wokuhlaziywa kwethrafikhi, okuyi-IPFIX.
I-IPFix isuselwe ku-netflow version 9 futhi ekuqaleni yasungulwa ngo-2005 kodwa yathatha iminyaka ethile yokuthola ukwamukelwa kwezimboni. Ngalesi sikhathi, amaphrothokholi amabili afanayo afanayo futhi yize igama elithi itflow lisasebenziseka kakhulu ukwenziwa okuningi (yize kungeyona yonke) ehambelana ne-IPFIX standard.
Nansi ithebula elifingqa umehluko phakathi kweNetflow ne-IPFIX:
| Isici | Ukuflow | IPHIX |
|---|---|---|
| Ukudabuka | Ubuchwepheshe bokuphathelene obuthuthukiswe yiCisco | Iphrothokholi Ejwayelekile Yezimboni esekelwe ku-NetFlow Version 9 |
| Ukwenza phakathi | Ubuchwepheshe obuthile beCisco | Vula okujwayelekile kuchazwa yi-Ietf ku-RFC 7011 |
| Ukuvumelana nezimo | Izinhlobo zavela ngezici ezithile | Ukuguquguquka okukhulu nokusebenzisana kubo bonke abathengisi |
| Ifomethi yedatha | Amaphakethe Osayizi Oguqukile | Indlela esekwe kwisifanekiso efomethi ye-Flow Flow Record |
| Ukuxhaswa Kwethempulethi | Ayisekelwa | Izibonisi ezinamandla zokufakwa kwensimu eguquguqukayo |
| Ukwesekwa komthengisi | Ngokuyinhloko amadivayisi we-cisco | Ukuxhaswa okubanzi kuwo wonke ama-The Networking Vendors |
| Ukunzwa | Ukwenza ngokwezifiso okulinganiselwe | Ukufakwa kwemikhakha yangokwezifiso nedatha eqondene nohlelo lokusebenza |
| Umehluko we-Protocol | Ukuhlukahluka okukhethekile kweCisco | Ukuxhaswa kweNative IPv6, Izinketho Zokucinga Okuhle Zithuthukisiwe |
| Izici Zokuphepha | Izici Zokuphepha Ezilinganiselwe | Ukubethela kwesendlalelo sezokuThutha (i-TLS) ukubethela, ubuqotho bomlayezo |
Ukuqapha Ukugeleza KwenethiwekhiIngabe iqoqo, ukuhlaziya, nokuqapha traffic kudlula inethiwekhi noma ingxenye yenethiwekhi. Izinhloso zingahlukahluka ekuxazululeni izindaba zokuxhumana zokuhlela ukuhlela ukwabiwa kwe-bandwidth yesikhathi esizayo. Ukuqapha ukugeleza kanye nepakethi yesampula yepakethe ingaba wusizo ngisho ekuboneni nasekuxazululeni izinkinga zokuphepha.
Ukuqapha ukugeleza kunika amaqembu okuxhumana nomqondo omuhle wokuthi inethiwekhi isebenza kanjani, ukuhlinzeka ngokusetshenziswa kokusetshenziswa okuphelele, ukusetshenziswa kohlelo lokusebenza, amabhodlela angahle akwazi ukukhombisa izinsongo zokuphepha, nokuningi. Kunamazinga namafomethi ahlukahlukene ahlukene asetshenziswa ekuqapheni kwe-Network Flow, kufaka phakathi i-Netflow, SPlow, kanye ne-Inthanethi Protocol Flow Information (IPFIX). Yilowo nalowo usebenza ngendlela ehlukile, kepha konke kuhlukile ekuhlolweni kwe-portrow izibuko nokuhlolwa okujulile kokuthi abakutholi okuqukethwe yilowo nalowo ngepakethe elidlula ethekwini noma nge-switch. Kodwa-ke, ukuqapha ukugeleza kunikeza imininingwane eminingi kune-SNMP, okuvame ukukhawulelwa kwizibalo ezibanzi njengephakethe eliphelele kanye nokusetshenziswa komkhawulokudonsa.
Amathuluzi okugeleza kwenethiwekhi aqhathaniswa
| Ubuso | INetflow V5 | Netflow v9 | ugogozi | IPHIX |
| Vula noma Ukuphathelene | Ophathelene nokuphathelene | Ophathelene nokuphathelene | Vula | Vula |
| I-sampled noma ukugeleza okusekelwe | Ngokuyinhloko ukugeleza okusekelwe; Imodi yeSampula iyatholakala | Ngokuyinhloko ukugeleza okusekelwe; Imodi yeSampula iyatholakala | -Mpumpula | Ngokuyinhloko ukugeleza okusekelwe; Imodi yeSampula iyatholakala |
| Imininingwane ethathwe | I-Metadata kanye nemininingwane yezibalo, kufaka phakathi ama-Byte adlulisiwe, izinto zokubala ezibonakalayo nokunye | I-Metadata kanye nemininingwane yezibalo, kufaka phakathi ama-Byte adlulisiwe, izinto zokubala ezibonakalayo nokunye | Qedela izihloko zephakethe, ama-packet packet | I-Metadata kanye nemininingwane yezibalo, kufaka phakathi ama-Byte adlulisiwe, izinto zokubala ezibonakalayo nokunye |
| I-Ingress / Egress Monitoring | Ingress kuphela | I-Ingress ne-egress | I-Ingress ne-egress | I-Ingress ne-egress |
| IPv6 / VLAN / MPLS ukwesekwa | No | Yebo | Yebo | Yebo |
Isikhathi Sokuthumela: Mar-18-2024
