Iyini i-Network Packet Broker kanye Nemisebenzi Kungqalasizinda ye-IT?

I-Network Packet Broker (NPB) iwushintsho olufana nedivayisi yenethiwekhi enobubanzi ngosayizi ukusuka kumadivayisi aphathekayo kuye kumakesi amayunithi angu-1U no-2U kuya kumakesi amakhulu namasistimu ebhodi.Ngokungafani neswishi, i-NPB ayishintshi ithrafikhi egeleza kuyo nganoma iyiphi indlela ngaphandle uma iqondiswa ngokucacile.I-NPB ingathola ithrafikhi endaweni eyodwa noma ngaphezulu, yenze imisebenzi echazwe ngaphambilini kuleyo thrafikhi, bese iyikhiphela endaweni eyodwa noma ngaphezulu.

Lokhu kuvame ukubizwa ngokuthi noma yikuphi-kuya-noma yikuphi, okuningi-kuya-noma yikuphi, kanye nanoma yikuphi-kuya-kuningi kwamamephu.Imisebenzi engenziwa isuka kokulula, njengokudlulisa noma ukulahla ithrafikhi, iye kokuyinkimbinkimbi, njengokuhlunga ulwazi ngenhla kwesendlalelo sesi-5 ukuze kukhonjwe isikhathi esithile.Izixhumi ezibonakalayo ku-NPB zingaxhunywa ikhebula lethusi, kodwa ngokuvamile amafreyimu e-SFP/SFP + kanye ne-QSFP, avumela abasebenzisi ukuthi basebenzise isivinini semidiya ehlukahlukene kanye nesivinini somkhawulokudonsa.Isethi yesici se-NPB yakhelwe kumgomo wokukhulisa ukusebenza kahle kwezisetshenziswa zenethiwekhi, ikakhulukazi ukuqapha, ukuhlaziya, namathuluzi okuvikela.

2019050603525011

Imiphi imisebenzi ehlinzekwa yi-Network Packet Broker?

Amakhono e-NPB maningi futhi angahluka kuye ngohlobo nemodeli yedivayisi, nakuba noma yimuphi umenzeli wephakheji obiza usawoti wakhe uzofuna ukuba nesethi yamakhono abalulekile.Iningi le-NPB (i-NPB evame kakhulu) lisebenza ku-OSI izendlalelo 2 ukuya ku-4.

Ngokuvamile, ungathola izici ezilandelayo ku-NPB ye-L2-4: ithrafikhi (noma izingxenye ezithile zayo) ukuqondisa kabusha, ukuhlunga kwethrafikhi, ukuphindaphinda kwethrafikhi, ukukhumula iphrothokholi, ukusika iphakethe (ukunqunywa), ukuqala noma ukunqamula izivumelwano zomhubhe wenethiwekhi ezahlukahlukene, kanye nokulinganisa komthwalo wethrafikhi.Njengoba kulindelekile, i-NPB ye-L2-4 ingahlunga i-VLAN, amalebula e-MPLS, amakheli e-MAC (umthombo nethagethi), amakheli e-IP (umthombo nethagethi), amachweba we-TCP kanye ne-UDP (umthombo nethagethi), ngisho namafulegi e-TCP, kanye ne-ICMP, I-SCTP, kanye nethrafikhi ye-ARP.Lesi akusona neze isici okufanele sisetshenziswe, kodwa kunikeza umbono wokuthi i-NPB esebenza kuzendlalelo 2 kuya ku-4 ingahlukanisa kanjani futhi ihlonze amasethi amancane wethrafikhi.Imfuneko ebalulekile okufanele amakhasimende ayibheke ku-NPB iyindiza engemuva engavimbeli.

I-Broker yephakethe lenethiwekhi idinga ukuthi ikwazi ukuhlangabezana nomthamo ogcwele wethrafikhi wembobo ngayinye kudivayisi.Kusistimu ye-chassis, ukuxhumana nendiza yangemuva kufanele futhi kukwazi ukuhlangabezana nomthwalo ogcwele wethrafikhi wamamojula axhunyiwe.Uma i-NPB iwisa iphakethe, lawa mathuluzi ngeke abe nokuqonda okuphelele kwenethiwekhi.

Nakuba iningi le-NPB lisekelwe ku-ASIC noma ku-FPGA, ngenxa yesiqiniseko sokusebenza kwephakethe lokucubungula, uzothola ukuhlanganiswa okuningi noma ama-CPU amukelekayo (ngamamojula).I-Mylinking™ Network Packet Brokers(NPB) isekelwe kusixazululo se-ASIC.Lesi ngokuvamile isici esihlinzeka ngokucubungula okuguquguqukayo ngakho-ke asikwazi ukwenziwa ngehadiwe kuphela.Lokhu kufaka phakathi ukuphindaphinda kwephakethe, izitembu zesikhathi, ukukhishwa kwemfihlo kwe-SSL/TLS, ukusesha kwamagama angukhiye, nokusesha kwenkulumo evamile.Kubalulekile ukuqaphela ukuthi ukusebenza kwayo kuncike ekusebenzeni kwe-CPU.(Isibonelo, usesho oluvamile lwesisho lwephethini efanayo lungaveza imiphumela yokusebenza ehluke kakhulu kuye ngohlobo lwethrafikhi, izinga lokufanisa, nomkhawulokudonsa), ngakho akulula ukunquma ngaphambi kokusetshenziswa kwangempela.

i-shutterstock_

Uma izici ezincike ku-CPU zinikwe amandla, ziba isici esikhawulelayo ekusebenzeni kukonke kwe-NPB.Ukufika kwama-cpus nama-switching chips ahlelekayo, afana ne-Cavium Xpliant, i-Barefoot Tofino kanye ne-Innovium Teralynx, futhi kwakha isisekelo sesethi enwetshiwe yamakhono ama-ejenti wephakethe wenethiwekhi yesizukulwane esilandelayo, Lawa mayunithi asebenzayo angakwazi ukuphatha ithrafikhi engaphezu kwe-L4 (evame ukubizwa ngayo. njengama-ejenti wephakethe we-L7).Phakathi kwezici ezithuthukisiwe ezishiwo ngenhla, igama elingukhiye kanye nokusesha kwenkulumo evamile kuyizibonelo ezinhle zamakhono esizukulwane esilandelayo.Amandla okusesha amaphakethe okulayishwayo ahlinzeka ngamathuba okuhlunga ithrafikhi kuseshini namazinga ohlelo lokusebenza, futhi inikeza ukulawula okungcono kunethiwekhi eguqukayo kune-L2-4.

Ngabe i-Network Packet Broker ingena kanjani kungqalasizinda?

I-NPB ingafakwa kwingqalasizinda yenethiwekhi ngezindlela ezimbili ezihlukene:

1- Emgqeni

2- Ngaphandle kwebhendi.

Indlela ngayinye inezinzuzo kanye nokubi futhi ivumela ukukhohliswa kwethrafikhi ngezindlela ezinye izindlela ezingenakho.Umthengisi wephakethe lenethiwekhi ye-inthanethi unethrafikhi yenethiwekhi yesikhathi sangempela enqamula idivayisi lapho isendleleni eya lapho iya khona.Lokhu kunikeza ithuba lokukhohlisa ithrafikhi ngesikhathi sangempela.Isibonelo, lapho ungeza, ulungisa, noma ususa omaka be-VLAN noma ushintsha amakheli e-IP okuyiwa kuwo, ithrafikhi ikopishelwa kusixhumanisi sesibili.Njengendlela esemgqeni, i-NPB ingaphinda inikeze ukuphinda kusebenze kwamanye amathuluzi asemgqeni, njenge-IDS, i-IPS, noma izindonga zomlilo.I-NPB ingaqapha isimo samadivayisi anjalo futhi ishintshe ngokushintshashintshayo ithrafikhi iye kokubekwe eceleni okushisayo uma kwenzeka yehluleka.

I-Mylinking Inline Security NPB Bypass

Inikeza ukuguquguquka okukhulu kokuthi ithrafikhi icutshungulwa futhi iphindaphindwe kumadivayisi amaningi okuqapha nokuphepha ngaphandle kokuthikameze inethiwekhi yesikhathi sangempela.Iphinde inikeze ukubonakala kwenethiwekhi okungakaze kubonwe futhi iqinisekisa ukuthi wonke amadivayisi athola ikhophi yethrafikhi edingekayo ukuze aphathe kahle izibopho zawo.Akuqinisekisi kuphela ukuthi amathuluzi akho okuqapha, ukuphepha, nokuhlaziya athola ithrafikhi ayidingayo, kodwa futhi nokuthi inethiwekhi yakho ivikelekile.Iphinde iqinisekise ukuthi idivayisi ayidli izinsiza kuthrafikhi engadingeki.Mhlawumbe umhlaziyi wenethiwekhi yakho akadingi ukurekhoda ithrafikhi eyisipele ngoba kuthatha isikhala sediski esibalulekile ngesikhathi sokulondoloza.Lezi zinto zihlungwa kalula ku-analyzer ngenkathi kugcinwa yonke enye ithrafikhi yethuluzi.Mhlawumbe unayo yonke i-subnet ofuna ukuyifihla kolunye uhlelo;futhi, lokhu kususwa kalula embobeni yokukhipha ekhethiwe.Eqinisweni, i-NPB eyodwa ingacubungula ezinye izixhumanisi zethrafikhi emgqeni ngenkathi icubungula enye ithrafikhi engaphandle kwebhendi.


Isikhathi sokuthumela: Mar-09-2022