I-Network Packet Broker (NPB) is switch efana nedivaysi yokuxhumana esukela ngosayizi kusuka kumadivayisi aphathekayo kuya kuma-1u kanye nama-2u unit amacala ezimweni ezinkulu nasezinhlelweni zamabhodi. Ngokungafani nokushintshwa, i-NPB ayishintshi ithrafikhi egeleza ngayo nganoma iyiphi indlela ngaphandle kokuthi ifundiswe ngokucacile. I-NPB ingathola ithrafikhi endaweni eyodwa noma ngaphezulu, yenza eminye imisebenzi echazwe ngaphambilini kulowo mgwaqo, bese uyikhipha endaweni eyodwa noma ngaphezulu.
Lokhu kuvame ukubizwa ngokuthi yimiphi-to-to-to-to-to-noma iyiphi emakethe yamachweba. Imisebenzi engenziwa ibanga kusuka kokulula, njengokudlulisa noma ukulahla ithrafikhi, kuya kokuhlunga, njengokuhlunga imininingwane engenhla kwesendlalelo 5 ukukhomba iseshini ethile. Ukuhlangana kwi-NPB kungaba ukuxhumana kwamakhebula, kepha imvamisa amafreyimu we-SFP / SFP + ne-QSFP, avumela abasebenzisi ukuthi basebenzise ijubane lemidiya ne-bandwidth. Isici sika-NPB esakhiwe ngomgomo wokukhulisa ukusebenza kahle kwemishini yenethiwekhi, ikakhulukazi ukuqapha, ukuhlaziya namathuluzi okuphepha.
Yimiphi imisebenzi i-Network Packet Broker enikezela ngayo?
Amakhono we-NPB amaningi futhi angahluka ngokuya ngomkhiqizo kanye nemodeli yedivayisi, yize noma yimuphi umenzeli wephakheji ofanele usawoti wakhe uzofuna ukuba seqoqo lamakhono. Iningi le-NPB (i-NPB) evamile kakhulu ye-NPB) e-Osi izingqimba 2 kuya ku-4.
Ngokuvamile, ungathola izici ezilandelayo kwi-NPB ye-L2-4: Ithrafikhi (noma izingxenye ezithile zeTraffic), Ukuhlunga kwethrafikhi, ukukhishwa kwethrafikhi), ukuqala noma ukunqamula noma ukukhawulela ukulinganisa kwethrafikhi. Njengoba bekulindelekile, i-L2-4's NPB ingahlunga i-VLAN, ama-MPLS labels, amakheli e-MAC (umthombo kanye nelitshe), amakheli we-IP (umthombo kanye nelitshe), namafulegi we-TCP kanye nelitshe, kanye ne-ICMP, i-ARP- I-ARP. Lokhu akusona isici esizosetshenziswa, kepha kunikeza umbono wokuthi i-NPB isebenza kanjani ezingxenyeni 2 kuya ku-4 ingahlukanisa nokukhomba ama-subsets emigwaqo. Isidingo esibalulekile amakhasimende okufanele afune ku-NPB yi-backplane engavimbi.
I-Network Packet Broker idinga ukwazi ukubhekana nokugcwala okugcwele kwethrafikhi echwebeni ngakunye kudivayisi. Ohlelweni lwe-chassis, ukuxhumeka nge-backplane kumele futhi ukwazi ukufeza umthwalo ogcwele wethrafikhi yamamojula axhunyiwe. Uma i-NPB yehlisa iphakethe, la mathuluzi ngeke abe nokuqonda okuphelele kwenethiwekhi.
Yize iningi le-NPB lisuselwa ku-ASIC noma i-FPGA, ngenxa yokuqiniseka kokusebenza kwephakethe lepakethi, uzothola ukuhlanganiswa okuningi noma i-CPUS okwamukelekayo (ngamamojula). Abathengisi be-MyLink ™ Iphakethe lenethiwekhi (NPB) lisuselwa kusisombululo se-Asic. Lokhu kuvame ukuba yisici esinikeza ukucubungula okuguqukayo ngakho-ke ngeke kwenziwe kuphela ku-Hardware. Lokhu kufaka phakathi ukuhlanganisa iphakethe, ama-timestamp, SSL / TLS Decryption, ukusesha igama elingukhiye, kanye nokusesha okujwayelekile kwenkulumo. Kubalulekile ukuqaphela ukuthi ukusebenza kwayo kuncike ekusebenzeni kwe-CPU. (Isibonelo, ukuseshwa okujwayelekile kwendlela yendlela efanayo kungathela imiphumela ehlukene yokusebenza ngokuya ngohlobo lwethrafikhi, isilinganiso esifanayo, ngakho-ke akulula ukunquma ngaphambi kokuqalisa kwangempela.
Uma izici ezincike ku-CPU zinikwe amandla, ziba yinto ekhawula ekusebenzeni okuphelele kwe-NPB. Ukufika kwama-CPUS nama-Chips ashintshiwe ahlelekile, njenge-Cavium Xpliant, iTofino engenazinyawo ne-Innovalino temynx, futhi yakha isisekelo seqoqo elinwetshiwe lama-Agents alandelayo, la mayunithi okusebenza angaphatha ithrafikhi ngenhla kwe-L4 (evame ukubizwa ngokuthi yi-L7 Packet Agents). Phakathi kwezici ezithuthukile ezishiwo ngenhla, igama elingukhiye kanye nokusesha okujwayelekile kwezisho kuyizibonelo ezinhle zamakhono esizukulwane esilandelayo. Amandla wokusesha ama-Packet Payloads ahlinzeka ngamathuba okuhlunga traffic ngesikhathi seseshini kanye namazinga okusebenzisa, futhi anikeze ukulawula okuhle kwenethiwekhi evelayo kune-L2-4.
I-Network Packet Broker ingena kanjani kwingqalasizinda?
I-NPB ingafakwa kwingqalasizinda yenethiwekhi ngezindlela ezimbili ezihlukile:
1- inline
2- Ngaphandle-of-band.
Indlela ngayinye inezinzuzo nobubi futhi inika amandla ukukhohlisa kwezimoto ngezindlela ezinye izindlela ezingeke zikwazi. I-Inline Network Packet Broker inethrafikhi yenethiwekhi yesikhathi sangempela ethatha idivaysi isendleleni eya lapho iya khona. Lokhu kunikeza ithuba lokukhohlisa ithrafikhi ngesikhathi sangempela. Isibonelo, lapho ungeza, ukuguqula, noma ukususa amathegi e-VLAN noma ukuguqula amakheli we-IP wokuya lapho uya khona, ithrafikhi ikopishwa kwisixhumanisi sesibili. Njengendlela yokuhlanza, i-NPB nayo ingahlinzeka nge-redundancy kwamanye amathuluzi we-inline, njengama-ID, ama-IP, noma ama-firewall. I-NPB ingabheka isimo samadivayisi anjalo kanye ne-traffic kabusha evuselelayo yokuhamba ngezinyawo ku-hot standby emcimbini wokwehluleka.
Inikeza ukuguquguquka okukhulu ku-TRCCE kucutshungulwa ngayo futhi kuphinde kuphinde kuphinde kuphinde kuphinde kwaphendulwa amadivaysi okuqapha kanye nokuphepha ngaphandle kokuthinta inethiwekhi yesikhathi sangempela. Iphinde futhi ihlinzeke ukubonakala okubonakalayo okubekiwe futhi iqinisekise ukuthi wonke amadivaysi athola ikhophi lethrafikhi edingekayo ukuze aphathe kahle izibopho zawo. Akugcini ngokuqinisekisa ukuthi amathuluzi akho okuqapha, ukuphepha, kanye nokuhlaziya uthola ithrafikhi abayidingayo, kodwa nokuthi inethiwekhi yakho iphephile. Iphinde iqinisekise ukuthi idivaysi ayisebenzisi izinsiza ku-traffic engafuneki. Mhlawumbe umhlaziya wenethiwekhi yakho awudingi ukuqopha ithrafikhi yokusekelayo ngoba kuthatha isikhala esihle sediski ngesikhathi sesipele. Lezi zinto zihlungwa kalula e-analyzer ngenkathi zilonda wonke amanye amathrafikhi ngethuluzi. Mhlawumbe une-subnet ephelele ofuna ukuyigcina ifihliwe kolunye uhlelo; Futhi, lokhu kususwa kalula ethekwini elikhethiwe lokuphuma. Eqinisweni, i-NPB eyodwa ingacubungula ezinye izixhumanisi zethrafikhi ku-inline ngenkathi icubungula ezinye izimoto ezingaphandle kwe-band.
Isikhathi Sokuthumela: Mar-09-2022
