Chishandiso chinowanzo shandiswa pakuongorora nekugadzirisa matambudziko enetwork nhasi iSwitch Port Analyzer (SPAN), inozivikanwawo sePort mirroring. Chinotibvumira kutarisa traffic yenetwork tisingapindire muband mode pasina kukanganisa masevhisi ari panetwork, uye chinotumira kopi yetraffic inotariswa kumidziyo yemuno kana iri kure, kusanganisira Sniffer, IDS, kana mamwe marudzi ezvishandiso zvekuongorora network.
Mamwe mashandisirwo akajairika ndeaya:
• Kugadzirisa matambudziko enetwork nekutevera ma frames ekudzora/data;
• Ongorora kunonoka uye kushamisika nekutarisa mapaketi eVoIP;
• Ongorora nguva yekunonoka nekutarisa kudyidzana kwenetwork;
• Kuona zvinhu zvisina kunaka nekutarisa traffic ye network.
Kufamba kweSPAN kunogona kuenzaniswa nemamwe maports ari pamudziyo mumwe chete, kana kuenzaniswa nemamwe ma network devices ari pedyo neLayer 2 yemudziyo wekutanga (RSPAN).
Nhasi tichataura nezve tekinoroji yekutarisa traffic yeInternet iri kure inonzi ERSPAN (Encapsulated Remote Switch Port Analyzer) iyo inogona kutumirwa kuburikidza nezvikamu zvitatu zveIP. Uku kuwedzera kweSPAN kuenda kuEncapsulated Remote.
Nheyo dzekutanga dzekushanda kweERSPAN
Kutanga, ngatitarisei maficha eERSPAN:
• Kopi yepaketi kubva pachiteshi chekutsvaga inotumirwa kuseva yekuenda kuti iongorore kuburikidza neGeneric Routing Encapsulation (GRE). Nzvimbo chaiyo yeseva haina kuganhurirwa.
• Nerubatsiro rweMushandisi Anotsanangurwa Munda (UDF) wechip, chero kubviswa kwe1 kusvika ku126 bytes kunoitwa zvichibva paBase domain kuburikidza neruzivo rwakatambanudzwa rwenyanzvi, uye mazwi echikamu anofananidzwa kuti aonekwe session, akadai seTCP three-way handshake uye RDMA session;
• Rutsigiro rwekuronga sampuli;
• Inotsigira kureba kwekubatwa kwepaketi (Packet Slicing), ichideredza kumanikidzwa kweserver yaunoda.
Nezvinhu izvi, unogona kuona kuti nei ERSPAN iri chishandiso chakakosha chekutarisa network dziri mukati menzvimbo dzedata nhasi.
Mabasa makuru eERSPAN anogona kupfupikiswa muzvikamu zviviri:
• Kuonekwa kweSession: Shandisa ERSPAN kuunganidza zvese zvakagadzirwa zveTCP neRemote Direct Memory Access (RDMA) sessions kune sevha yekumashure kuti ionekwe;
• Kugadzirisa matambudziko enetwork: Inotora traffic yenetwork kuti iongororwe kana paine dambudziko renetwork.
Kuti izvi zviitike, mudziyo we network unobva pa source unofanira kubvisa traffic inodiwa nemushandisi kubva mu data hombe, wogadzira kopi, uye woisa furemu yega yega yekukopa mu "superframe container" yakakosha ine ruzivo rwakakwana kuitira kuti ikwanise kuendeswa kumudziyo unogamuchira. Uyezve, ita kuti mudziyo unogamuchira ukwanise kubvisa uye kudzoreredza traffic yekutanga yaitarisirwa.
Mudziyo unogamuchira unogona kuva imwe sevha inotsigira mapaketi eERSPAN anobviswa muzvikamu.
Kuongororwa kweRudzi rweERSPAN uye Mafomati ePakeji
Mapaketi eERSPAN anovharwa achishandisa GRE uye anotumirwa kune chero nzvimbo inogoneka kushandisa IP kuburikidza neEthernet. ERSPAN parizvino inonyanya kushandiswa paIPv4 networks, uye rutsigiro rweIPv6 ruchave rwunodiwa mune ramangwana.
Pakuumbwa kweERSAPN, zvinotevera ndizvo zvinoonekwa pagirazi remapaketi eICMP:
Nzira yeERSPAN yave ichigadzirwa kwenguva yakareba, uye nekuvandudzwa kwehunyanzvi hwayo, shanduro dzakasiyana dzakagadzirwa, dzinonzi "ERSPAN Types". Mhando dzakasiyana dzine mafomati akasiyana emusoro wemafuremu.
Zvinotsanangurwa mundima yekutanga yeVersion yemusoro weERSPAN:
Pamusoro pezvo, munda weProtocol Type uri muGRE header unoratidzawo rudzi rwemukati rweERSPAN. Munda weProtocol Type 0x88BE unoratidza ERSPAN Type II, uye 0x22EB unoratidza ERSPAN Type III.
1. Rudzi I
Furemu yeERSPAN yeType I inofukidza IP neGRE zvakananga pamusoro pemusoro wefuremu yegirazi rekutanga. Iyi encapsulation inowedzera mabyte makumi matatu nemasere pamusoro pefuremu yekutanga: 14(MAC) + 20 (IP) + 4(GRE). Chakanakira fomati iyi ndechekuti ine saizi yemusoro mudiki uye inoderedza mutengo wekutumira. Zvisinei, nekuti inoisa minda yeGRE Flag neVersion ku0, haina minda yakareba uye Type I haishandiswi zvakanyanya, saka hapana chikonzero chekuwedzera zvimwe.
Rudzi rwemusoro weGRE rweType I nderunotevera:
2. Rudzi rwechipiri
MuType II, minda yeC, R, K, S, S, Recur, Flags, uye Version iri muGRE header yese iri 0 kunze kweS field. Saka, Sequence Number field inoratidzwa muGRE header yeType II. Kureva kuti, Type II inogona kuve nechokwadi chekuti mapaketi eGRE anogamuchirwa, zvekuti huwandu hwakawanda hwemapaketi eGRE asina kurongeka haagone kurongwa nekuda kwedambudziko renetwork.
Rudzi rwemusoro weGRE rweType II nderwekuti:
Pamusoro pezvo, fomati yefuremu yeERSPAN Type II inowedzera musoro we8-byte ERSPAN pakati pemusoro weGRE nefuremu yepakutanga ine mirrored.
Fomati yemusoro weERSPAN yeType II ndeiyi inotevera:
Pakupedzisira, mushure memufananidzo wekutanga, pane kodhi ye4-byte Ethernet cyclic redundancy check (CRC) yakajairwa.
Zvakakosha kuziva kuti mukushandiswa, furemu regirazi harina munda weFCS wefuremu rekutanga, panzvimbo pezvo kukosha kweCRC itsva kunoverengerwazve zvichibva paERSPAN yese. Izvi zvinoreva kuti mudziyo unogamuchira haugone kusimbisa kururama kweCRC kwefuremu rekutanga, uye tinogona kungofungidzira kuti mafuremu asina kukanganiswa chete ndiwo anotaridzwa.
3. Rudzi rwechitatu
Rudzi rwechitatu rwunounza musoro mukuru uye unochinjika wecomposite kuti ugadzirise mamiriro ezvinhu akaomarara uye akasiyana-siyana ekutarisa network, kusanganisira asi kwete kungogumira pakutarisira network, kuona kupinda kwedata, kuongorora mashandiro uye kunonoka, nezvimwe. Maonero aya anofanira kuziva zvese zvepakutanga zvegirazi uye kusanganisira izvo zvisiri mufuremu yekutanga pachayo.
Musoro we ERSPAN Type III une musoro we 12-byte unosungirwa uye musoro we 8-byte une musoro we platform-specific unosarudzwa.
Fomati yemusoro weERSPAN yeType III ndeiyi inotevera:
Zvakare, mushure megirazi repakutanga pane CRC ye4-byte.
Sezvinogona kuonekwa kubva muchimiro chemusoro weType III, pamusoro pekuchengetedza minda yeVer, VLAN, COS, T uye Session ID zvichibva paType II, minda yakawanda yakakosha inowedzerwa, yakaita se:
• BSO: inoshandiswa kuratidza kusimba kwemutoro wemafuremu edata anotakurwa kuburikidza neERSPAN. 00 ifuremu yakanaka, 11 ifuremu yakaipa, 01 ifuremu pfupi, 11 ifuremu hombe;
• Nguva: inotumirwa kubva pawachi yehardware yakabatana nenguva yesystem. Iyi nzvimbo ye32-bit inotsigira kanenge 100 microseconds yeTimestamp granularity;
• Rudzi rweFuremu (P) neRudzi rweFuremu (FT): rwekutanga runoshandiswa kutsanangura kana ERSPAN iine maframe eEthernet protocol (PDU frames), uye rwekupedzisira runoshandiswa kutsanangura kana ERSPAN iine maframe eEthernet kana mapaketi eIP.
• HW ID: chiratidzo chakasiyana cheinjini yeERSPAN iri mukati mesystem;
• Gra (Timestamp Granularity): Inotsanangura Granularity yeTimestamp. Semuenzaniso, 00B inomiririra 100 microsecond Granularity, 01B 100 nanosecond Granularity, 10B IEEE 1588 Granularity, uye 11B inoda sub-headers dzakanangana nepuratifomu kuti iwane Granularity yakakwira.
• Platf ID vs. Platform Specific Info: Nzvimbo dzePlatf Specific Info dzine mafomati akasiyana uye zviri mukati zvichienderana nePlatf ID value.
Zvinofanira kucherechedzwa kuti minda yakasiyana-siyana yemusoro inotsigirwa pamusoro apa inogona kushandiswa mumapurogiramu enguva dzose eERSPAN, kunyangwe ma mirroring error frames kana ma BDDU frames, ukuwo ichichengetedza Trunk package yekutanga neVLAN ID. Pamusoro pezvo, key timestamp information nedzimwe minda yeruzivo zvinogona kuwedzerwa kune yega yega ERSPAN frame panguva yemirroring.
Nekushandisa misoro yemabasa eERSPAN, tinogona kuwana ongororo yakanatswa yetraffic yenetwork, tobva taisa ACL inoenderana nayo mu ERSPAN process kuti ienderane netraffic yenetwork yatinofarira.
ERSPAN Inoshandisa Kuonekwa Kwechikamu cheRDMA
Ngatitorei muenzaniso wekushandisa tekinoroji yeERSPAN kuti tiwane RDMA session visualization mune RDMA scenario:
RDMA: Remote Direct Memory Access inogonesa network adapter yeserver A kuverenga nekunyora Memory yeserver B nekushandisa network interface makadhi (inics) uye switch, zvichiita kuti pave nebandwidth yakakwira, latency yakaderera, uye kushandiswa kwakaderera kwezviwanikwa. Inoshandiswa zvakanyanya mu big data uye high-performance distributed storage scenarios.
RoCEv2: RDMA pamusoro peConverged Ethernet Version 2. Data reRDMA rakavharirwa muUDP Header. Nhamba yechiteshi chekuenda i4791.
Kushanda nekuchengetedza RDMA zuva nezuva kunoda kuunganidza data rakawanda, iro rinoshandiswa kuunganidza mitsara yekutarisa huwandu hwemvura yezuva nezuva uye maalarm asina kujairika, pamwe nehwaro hwekuwana matambudziko asina kujairika. Pamwe chete neERSPAN, data guru rinogona kutorwa nekukurumidza kuti riwane data remhando ye microsecond forwarding uye protocol interaction status ye switching chip. Kuburikidza nedata statistics uye analysis, RDMA end-to-end forwarding quality assessment uye farming quality inogona kuwanikwa.
Kuti tikwanise kuona RDAM session visualization, tinoda kuti ERSPAN ienderane nemashoko akakosha eRDMA interaction sessions patinenge tichienzanisa traffic, uye tinofanira kushandisa hunyanzvi hwakareba.
Tsanangudzo yemunda wekufananidza runyorwa rwakawedzerwa nenyanzvi:
UDF ine minda mishanu: keyword yeUDF, base field, offset field, value field, uye mask field. Zvichingogumira pakukwanisa kwehardware entries, maUDF masere anogona kushandiswa. UDF imwe chete inogona kuenzana nemabyte maviri.
• Izwi guru reUDF: UDF1... UDF8 Ine mazwi masere akakosha eUDF matching domain
• Nzvimbo yepakutanga: inoratidza nzvimbo yekutanga yenzvimbo yekufananidza yeUDF. Inotevera
L4_header (inoshanda paRG-S6520-64CQ)
L5_header (yeRG-S6510-48VS8Cq)
• Offset: inoratidza offset zvichibva pa base field. Kukosha kwayo kunobva pa 0 kusvika pa 126
• Munda wekukosha: kukosha kwekufananidza. Unogona kushandiswa pamwe chete nemunda wemasiki kugadzirisa kukosha kwacho kunoenderana. Chikamu chakakodzera imabhaiti maviri
• Munda weMask: mask, bit inoshanda i two bytes
(Wedzera: Kana manyorerwo akawanda akashandiswa mundima imwe chete yeUDF, minda yebase neye offset inofanira kunge yakafanana.)
Mapaketi maviri akakosha ane chekuita neRDMA session status ndiwo Congestion Notification Packet (CNP) uye Negative Acknowledgment (NAK):
Yekutanga inogadzirwa neRDMA receiver mushure mekugamuchira meseji yeECN inotumirwa neswitch (kana eout Buffer yasvika pamuganho), iyo ine ruzivo nezve flow kana QP zvichikonzera kuzara. Yekupedzisira inoshandiswa kuratidza kuti RDMA transmission ine meseji yekurasikirwa nepacket.
Ngationei kuti tingaenzanisa sei meseji idzi mbiri tichishandisa runyorwa rwakakura rwenyanzvi:
runyorwa rwekuwana ruzivo rwenyanzvi rwakawedzerwa rdma
bvumidza udp chero chero chero eq 4791udf 1 l4_header 8 0x8100 0xFF00(Kufananidza RG-S6520-64CQ)
bvumidza udp chero chero chero eq 4791udf 1 l5_header 0 0x8100 0xFF00(Kufananidza RG-S6510-48VS8CQ)
runyorwa rwekuwana ruzivo rwenyanzvi rwakawedzerwa rdma
bvumidza udp chero chero chero eq 4791udf 1 l4_header 8 0x1100 0xFF00 udf 2 l4_header 20 0x6000 0xFF00(Kufananidza RG-S6520-64CQ)
bvumidza udp chero chero chero eq 4791udf 1 l5_header 0 0x1100 0xFF00 udf 2 l5_header 12 0x6000 0xFF00(Kufananidza RG-S6510-48VS8CQ)
Danho rekupedzisira, unogona kuona RDMA session nekuisa runyorwa rwenyanzvi mu ERSPAN process yakakodzera.
Nyora mukupedzisira
ERSPAN chimwe chezvishandiso zvakakosha mu network dze data center dziri kukura nhasi, traffic ye network iri kuramba ichioma, uye zvinodiwa zve network zvine hungwaru.
Nekuwedzera kuri kuita O&M automation, matekinoroji akadai seNetconf, RESTconf, uye gRPC anozivikanwa pakati pevadzidzi veO&M mu network automatic O&M. Kushandisa gRPC senzira yekutanga yekutumira traffic yegirazi zvakare kune zvakanakira zvakawanda. Semuenzaniso, zvichibva paHTTP/2 protocol, inogona kutsigira streaming push mechanism pasi pekubatana kumwe chete. NeProtoBuf encoding, saizi yeruzivo inoderedzwa nehafu kana ichienzaniswa neJSON format, zvichiita kuti kutumira data kukurumidze uye kuve nekushanda. Ingofungidzira, kana ukashandisa ERSPAN kuratidza ma streams anofarira wozoatumira ku analysis server pa gRPC, zvichavandudza zvikuru kugona uye kushanda kwe network otomatiki uye kugadzirisa?
Nguva yekutumira: Chivabvu-10-2022
