Isingeniso
Ukuqoqwa Nokuhlaziywa Kwethrafikhi Yenethiwekhi kuyindlela ephumelela kakhulu yokuthola izinkomba zokuziphatha komsebenzisi wenethiwekhi kanye nemingcele. Ngokuthuthuka okuqhubekayo kokusebenza nokugcinwa kwesikhungo sedatha Q, ukuqoqwa nokuhlaziywa kwethrafikhi yenethiwekhi sekuyingxenye ebalulekile yengqalasizinda yesikhungo sedatha. Kusukela ekusetshenzisweni kwamanje embonini, ukuqoqwa kwethrafikhi yenethiwekhi kuqashelwa kakhulu yimishini yenethiwekhi esekela isibuko sethrafikhi esidlulayo. Ukuqoqwa kwethrafikhi kudinga ukusungula ukumbozwa okuphelele, inethiwekhi yokuqoqwa kwethrafikhi enengqondo nephumelelayo, ukuqoqwa kwethrafikhi okunjalo kungasiza ekwenzeni ngcono izinkomba zokusebenza kwenethiwekhi kanye nebhizinisi futhi kunciphise amathuba okwehluleka.
Inethiwekhi yokuqoqwa kwethrafikhi ingabhekwa njengenethiwekhi ezimele eyakhiwe ngamadivayisi okuqoqwa kwethrafikhi futhi isetshenziswe kanyekanye nenethiwekhi yokukhiqiza. Iqoqa ithrafikhi yesithombe sedivayisi ngayinye yenethiwekhi futhi ihlanganise ithrafikhi yesithombe ngokuya ngamazinga esifunda nawokwakha. Isebenzisa i-alamu yokushintshanisa ukuhlunga kwethrafikhi emishinini yokuthola ithrafikhi ukuze ibone isivinini esigcwele sedatha yezingqimba ezi-2-4 zokuhlunga okunemibandela, isuse amaphakethe aphindaphindiwe, inciphise amaphakethe kanye neminye imisebenzi ethuthukisiwe yokusebenza, bese ithumela idatha ohlelweni ngalunye lokuhlaziya ithrafikhi. Inethiwekhi yokuqoqwa kwethrafikhi ingathumela ngokunembile idatha ethile kudivayisi ngayinye ngokuya ngezidingo zedatha zesistimu ngayinye, futhi ixazulule inkinga yokuthi idatha yesibuko yendabuko ayikwazi ukuhlungwa nokuthunyelwa, okusebenzisa ukusebenza kokucubungula kokushintsha kwenethiwekhi. Ngesikhathi esifanayo, injini yokuhlunga ithrafikhi kanye nokushintshana kwenethiwekhi yokuqoqwa kwethrafikhi ibona ukuhlunga nokudlulisa idatha ngokubambezeleka okuphansi kanye nesivinini esikhulu, iqinisekisa ikhwalithi yedatha eqoqwe yinethiwekhi yokuqoqwa kwethrafikhi, futhi ihlinzeka ngesisekelo sedatha esihle semishini yokuhlaziya ithrafikhi elandelayo.
Ukuze kuncishiswe umthelela esixhumanisini sokuqala, ikhophi yethrafikhi yokuqala ivame ukutholakala ngokusebenzisa ukuhlukaniswa kwe-beam, i-SPAN noma i-TAP.
I-Passive Network Tap (i-Optical Splitter)
Indlela yokusebenzisa ukuhlukaniswa kokukhanya ukuthola ikhophi yethrafikhi idinga usizo lwedivayisi yokuhlukaniswa kokukhanya. I-splitter yokukhanya iyidivayisi engabonakali ebonakalayo engasabalalisa kabusha amandla esignali yokukhanya ngokuhambisana nesilinganiso esidingekayo. I-splitter ingahlukanisa ukukhanya kusuka ku-1 kuya ku-2,1 kuya ku-4 kanye no-1 kuya eziteshini eziningi. Ukuze kuncishiswe umthelela esixhumanisini sokuqala, isikhungo sedatha ngokuvamile samukela isilinganiso sokuhlukaniswa kokukhanya esingu-80:20, 70:30, lapho isilinganiso esingu-70,80 sesignali yokukhanya sithunyelwa emuva esixhumanisini sokuqala. Njengamanje, ama-splitter optical asetshenziswa kabanzi ekuhlaziyweni kokusebenza kwenethiwekhi (i-NPM/APM), uhlelo lokuhlola, ukuhlaziywa kokuziphatha komsebenzisi, ukutholwa kokungena kwenethiwekhi kanye nezinye izimo.
Izinzuzo:
1. Ukuthembeka okuphezulu, idivayisi yokukhanya engasebenzi;
2. Ayithathi i-switch port, imishini ezimele, okulandelayo kungaba ukunwetshwa okuhle;
3. Akunasidingo sokushintsha ukucushwa kweswishi, akukho mthelela kweminye imishini;
4. Ukuqoqwa kwethrafikhi ephelele, akukho ukuhlunga kwephakethe lokushintsha, kufaka phakathi amaphakethe amaphutha, njll.
Okubi:
1. Isidingo sokusika inethiwekhi okulula, ipulaki ye-backbone link fiber kanye ne-dial ku-optical splitter, kuzonciphisa amandla okukhanya kwezinye izixhumanisi ze-backbone.
I-SPAN (Isibuko Sembobo)
I-SPAN iyisici esiza neswishi uqobo, ngakho-ke idinga ukucushwa kuswishi. Kodwa-ke, lo msebenzi uzothinta ukusebenza kweswishi futhi ubangele ukulahleka kwephakethe uma idatha igcwele ngokweqile.
Izinzuzo:
1. Akudingeki ukwengeza imishini eyengeziwe, lungiselela iswishi ukuze ukhulise imbobo yokukhipha ukuphindaphinda kwesithombe ehambisanayo
Okubi:
1. Sebenzisa i-switch port
2. Amaswishi kudingeka alungiselelwe, okuhlanganisa ukusebenzisana ngokubambisana nabakhiqizi bezinkampani zangaphandle, okwandisa ingozi engaba khona yokwehluleka kwenethiwekhi.
3. Ukuphindaphindwa kwethrafikhi yesibuko kunomthelela ekusebenzeni kwe-port kanye ne-switch.
I-TAP Yenethiwekhi Esebenzayo (I-TAP Aggregator)
I-Network TAP iyidivayisi yenethiwekhi yangaphandle evumela ukuboniswa kwezibuko futhi idale ikhophi yethrafikhi ukuze isetshenziswe amadivayisi ahlukahlukene okuqapha. Lawa madivayisi afakwa endaweni ethile endleleni yenethiwekhi okudingeka ibhekwe, futhi ikopisha amaphakethe edatha ye-IP bese iwathumela kuthuluzi lokuqapha inethiwekhi. Ukukhetha indawo yokufinyelela yedivayisi ye-Network TAP kuncike ekugxilweni kwethrafikhi yenethiwekhi - izizathu zokuqoqwa kwedatha, ukuqapha njalo ukuhlaziywa kanye nokubambezeleka, ukutholwa kokungena, njll. Amadivayisi e-Network TAP angaqoqa futhi abuke ukusakazwa kwedatha ngesilinganiso se-1G esifinyelela ku-100G.
Lawa madivayisi afinyelela ithrafikhi ngaphandle kokuthi idivayisi ye-TAP yenethiwekhi iguqule ukugeleza kwephakethe nganoma iyiphi indlela, kungakhathaliseki ukuthi izinga lethrafikhi yedatha lingakanani. Lokhu kusho ukuthi ithrafikhi yenethiwekhi ayilawulwa futhi ayibukelwanga ngezibuko, okubalulekile ekugcineni ubuqotho bedatha lapho uyithumela kumathuluzi okuphepha nawokuhlaziya.
Iqinisekisa ukuthi amadivayisi angaphandle kwenethiwekhi aqapha amakhophi ethrafikhi ukuze amadivayisi e-TAP yenethiwekhi asebenze njengabaqaphi. Ngokunikeza ikhophi yedatha yakho kunoma yimaphi/wonke amadivayisi axhunyiwe, uthola ukubonakala okugcwele endaweni yenethiwekhi. Uma kwenzeka ukuthi idivayisi ye-TAP yenethiwekhi noma idivayisi yokuqapha yehluleka, uyazi ukuthi ithrafikhi ngeke ithinteke, okuqinisekisa ukuthi uhlelo lokusebenza luhlala luphephile futhi lutholakala.
Ngesikhathi esifanayo, iba yinhloso iyonke yamadivayisi e-TAP enethiwekhi. Ukufinyelela kumaphakethe kunganikezwa njalo ngaphandle kokuphazamisa ithrafikhi kunethiwekhi, futhi lezi zixazululo zokubonakala zingabhekana namacala athuthukile kakhulu. Izidingo zokuqapha zamathuluzi kusukela kuma-firewall esizukulwane esilandelayo kuya ekuvikelweni kokuvuza kwedatha, ukuqapha ukusebenza kohlelo lokusebenza, i-SIEM, i-digital forensics, i-IPS, i-IDS nokuningi, kuphoqa amadivayisi e-TAP enethiwekhi ukuthi aguquke.
Ngaphezu kokunikeza ikhophi ephelele yethrafikhi nokugcina ukutholakala, amadivayisi e-TAP anganikeza okulandelayo.
1. Hlunga Amaphakethe Ukuze Uthuthukise Ukusebenza Kokuqapha Inethiwekhi
Ukuthi nje idivayisi ye-Network TAP ingadala ikhophi engu-100% yephakethe ngesikhathi esithile akusho ukuthi wonke amathuluzi okuqapha nokuphepha kudingeka abone konke. Ukusakaza ithrafikhi kuwo wonke amathuluzi okuqapha nokuphepha kwenethiwekhi ngesikhathi sangempela kuzoholela eku-odeni ngokweqile, ngaleyo ndlela kulimaze ukusebenza kwamathuluzi kanye nenethiwekhi enqubweni.
Ukubeka idivayisi efanele ye-Network TAP kungasiza ekuhlungeni amaphakethe lapho ethunyelwa ethuluzini lokuqapha, kusatshalaliswe idatha efanele ethuluzini elifanele. Izibonelo zamathuluzi anjalo zifaka phakathi izinhlelo zokuthola ukungena (i-IDS), ukuvimbela ukulahleka kwedatha (i-DLP), ulwazi lokuphepha kanye nokuphathwa kwemicimbi (i-SIEM), ukuhlaziywa kwe-forensic, nokunye okuningi.
2. Izixhumanisi Ezihlanganisiwe Zokuxhumana Okusebenzayo
Njengoba izidingo zokuqapha inethiwekhi kanye nokuphepha zanda, onjiniyela benethiwekhi kumele bathole izindlela zokusebenzisa isabelomali se-IT esikhona ukuze bafeze imisebenzi eminingi. Kodwa ngesinye isikhathi, awukwazi ukuqhubeka ungeza amadivayisi amasha esitokisini futhi wandise ubunzima benethiwekhi yakho. Kubalulekile ukusebenzisa kakhulu amathuluzi okuqapha kanye nokuphepha.
Amadivayisi e-Network TAP angasiza ngokuhlanganisa ithrafikhi yenethiwekhi eminingi, eya empumalanga neya entshonalanga, ukuze kuthunyelwe amaphakethe kumadivayisi axhunyiwe nge-port eyodwa. Ukusebenzisa amathuluzi okubona ngale ndlela kuzonciphisa inani lamathuluzi okuqapha adingekayo. Njengoba ithrafikhi yedatha yaseMpumalanga-Ntshonalanga iqhubeka nokukhula ezikhungweni zedatha naphakathi kwezikhungo zedatha, isidingo samadivayisi e-network TAP sibalulekile ukuze kulondolozwe ukubonakala kwazo zonke izigelekeqe ezilinganisweni kuwo wonke amanani amakhulu edatha.
Isihloko esihlobene nalesi singaba mnandi, sicela uvakashele lapha:Ungabamba Kanjani Ithrafikhi Yenethiwekhi? I-Network Tap vs I-Port Mirror
Isikhathi sokuthunyelwe: Okthoba-24-2024
