NetFlow neIPFIX matekinoroji ese anoshandiswa pakuongorora nekuongorora kufamba kwenetwork. Anopa ruzivo rwemaitiro ekufambisa network, zvichibatsira mukugadzirisa mashandiro, kugadzirisa matambudziko, uye kuongorora kuchengetedzeka.
NetFlow:
Chii chinonzi NetFlow?
NetFlowndiyo mhinduro yekutanga yekutarisa kuyerera kwemafambiro emhepo, yakatanga kugadzirwa neCisco kuma1990 ekupedzisira. Kune shanduro dzakasiyana-siyana, asi mashandisirwo mazhinji akavakirwa paNetFlow v5 kana NetFlow v9. Kunyange zvazvo shanduro yega yega iine kugona kwakasiyana, mashandiro ekutanga anoramba akafanana:
Kutanga, router, switch, firewall, kana imwe mhando yemudziyo inotora ruzivo pamusoro pe "mafambiro" enetwork - kazhinji seti yemapaketi ane seti yakafanana yehunhu senge kero yekwakabva nekero yekwakabva, tsime, uye chiteshi chekwakabva, uye mhando yeprotocol. Mushure mekunge mafambiro amira kana nguva yakatarwa yapera, mudziyo unotumira zvinyorwa zvemafambiro kune chimwe chinhu chinozivikanwa se "muunganidzi wemafambiro".
Chekupedzisira, "flow analyzer" inonzwisisika pane zvinyorwa izvozvo, ichipa ruzivo rwakadzama muchimiro chekuona, nhamba, uye nhoroondo yakadzama uye chaiyo. Mukuita, vaunganidzi nevaongorori vanowanzova chinhu chimwe chete, vanowanzobatanidzwa kuita mhinduro yakakura yekutarisa mashandiro enetwork.
NetFlow inoshanda zvine hungwaru. Kana muchina wevatengi ukasvika kune sevha, NetFlow inotanga kubata nekuunganidza metadata kubva mukuyerera. Mushure mekunge chikamu chapera, NetFlow ichatumira rekodhi imwe chete yakazara kumuunganidzi.
Kunyangwe ichiri kushandiswa zvakanyanya, NetFlow v5 ine zvipingamupinyi zvakawanda. Nzvimbo dzinotumirwa kunze kwenyika dzakagadziriswa, kutarisa kunotsigirwa chete munzira yekupinda, uye matekinoroji emazuva ano akadai seIPv6, MPLS, uye VXLAN haatsigirwi. NetFlow v9, inozivikanwawo seFlexible NetFlow (FNF), inotarisa zvimwe zvezvipingamupinyi izvi, ichibvumira vashandisi kuvaka matemplate akagadzirwa uye kuwedzera rutsigiro rwematekinoroji matsva.
Vatengesi vazhinji vanewo mashandisirwo avo eNetFlow, akadai sejFlow kubva kuJuniper neNetStream kubva kuHuawei. Kunyangwe magadzirirwo acho angasiyana zvishoma, mashandisirwo aya anowanzo gadzira zvinyorwa zvekufamba zvinoenderana neNetFlow collectors neanalyzers.
Zvinhu Zvikuru zveNetFlow:
~ Ruzivo rweKuyerera: NetFlow inogadzira zvinyorwa zvekuyerera zvinosanganisira ruzivo rwakadai sema IP address ekunobva uye ekuenda, ma ports, timestamps, ma packet uye byte counts, uye protocol types.
~ Kutarisa Migwagwa: NetFlow inoita kuti vanhu vaone kuti network traffic patterns yakaita sei, zvichibvumira vatariri kuona mapurogiramu epamusoro, ma endpoints, uye ma traffic sources.
~Kuonekwa kweAnomaly: Nekuongorora data rekuyerera, NetFlow inogona kuona zvinhu zvisina kujairika zvakaita sekushandiswa zvakanyanya kwebandwidth, kuzara kwenetwork, kana maitiro asina kujairika etraffic.
~ Kuongorora KuchengetedzekaNetFlow inogona kushandiswa kuona nekuferefeta zviitiko zvekuchengetedza, zvakaita sekurwiswa kweDDoS kana kuedza kupinda zvisina mvumo.
Shanduro dzeNetFlow: NetFlow yakashanduka nekufamba kwenguva, uye shanduro dzakasiyana dzakaburitswa. Dzimwe shanduro dzinozivikanwa dzinosanganisira NetFlow v5, NetFlow v9, uye Flexible NetFlow. Shanduro yega yega inoisa zvigadziriso nezvimwe zvinhu.
IPFIX:
Chii chinonzi IPFIX?
Muyero weIETF wakabuda mukutanga kwema2000, Internet Protocol Flow Information Export (IPFIX) wakafanana zvikuru neNetFlow. Kutaura zvazviri, NetFlow v9 yakashanda sehwaro hweIPFIX. Musiyano mukuru pakati pezviviri izvi ndewekuti IPFIX imhando yakavhurika, uye inotsigirwa nevatengesi vakawanda ve networking kunze kweCisco. Kunze kwemamwe ma fields mashoma akawedzerwa muIPFIX, mafomati acho akafanana. Kutaura zvazviri, IPFIX dzimwe nguva inonzi "NetFlow v10".
Nekuda kwekufanana kwayo neNetFlow, IPFIX inotsigirwa zvakanyanya pakati pemhinduro dzekutarisa network pamwe nemidziyo yenetwork.
IPFIX (Internet Protocol Flow Information Export) ipurogiramu yakavhurika yakagadzirwa neInternet Engineering Task Force (IETF). Yakavakirwa paNetFlow Version 9 specification uye inopa fomati yakajairika yekutumira zvinyorwa zvekuyerera kubva kumidziyo yenetwork.
IPFIX inovaka pamusoro pepfungwa dzeNetFlow uye inodziwedzera kuti dzipe kuchinjika uye kushanda pamwe chete pakati pevatengesi nemidziyo yakasiyana. Inopa pfungwa yematemplate, zvichibvumira tsananguro inoshanduka yechimiro cherekodhi yekufambisa uye zviri mukati. Izvi zvinogonesa kuiswa kweminda yakagadzirwa, rutsigiro rwemaprotocol matsva, uye kuwedzera.
Zvinhu Zvikuru zveIPFIX:
~ Maitiro Akavakirwa paTemplate: IPFIX inoshandisa matemplate kutsanangura chimiro uye zviri mukati mezvinyorwa zvekuyerera, zvichipa rusununguko mukugamuchira minda yakasiyana yedata neruzivo rwakanangana neprotocol.
~ Kushanda pamwe chete: IPFIX imhando yakavhurika, inoita kuti pave nekugona kwekutarisa kuyerera kwemafambiro emagetsi mumakambani akasiyana-siyana enetworking nemidziyo.
~ Rutsigiro rweIPv6: IPFIX inotsigira IPv6, zvichiita kuti ive yakakodzera kutarisa nekuongorora traffic muma network eIPv6.
~Kuchengetedzwa Kwakawedzerwa: IPFIX inosanganisira zvinhu zvekuchengetedza zvakaita seTransport Layer Security (TLS) encryption uye kutarisa kuvimbika kwemashoko kuchengetedza kuvanzika uye kuvimbika kwedata rekuyerera panguva yekutumira.
IPFIX inotsigirwa zvakanyanya nevatengesi vezvishandiso zvakasiyana-siyana zve networking, zvichiita kuti ive sarudzo isinganyanyi kukanganiswa nevatengesi uye inoshandiswa zvakanyanya yekutarisa kufamba kwe network.
Saka, musiyano uripi pakati peNetFlow neIPFIX?
Mhinduro iri nyore ndeyekuti NetFlow iprotocol yeCisco yakatangwa muna 1996 uye IPFIX ndiyo hama yayo inotenderwa nesangano.
Maprotocol ese ari maviri ane chinangwa chimwe chete: kugonesa mainjiniya enetwork nevatungamiriri kuunganidza nekuongorora mafambiro eIP network level. Cisco yakagadzira NetFlow kuitira kuti maswitch ayo nemarouters agone kuburitsa ruzivo urwu rwakakosha. Zvichitevera kutonga kweCisco gear, NetFlow yakakurumidza kuva chiyero chekuongorora traffic yenetwork. Zvisinei, makwikwi eindasitiri akaona kuti kushandisa protocol yeproprietary inodzorwa nemuvengi wayo mukuru kwaisava zano rakanaka saka IETF yakatungamira kuedza kugadzirisa protocol yakavhurika yekuongorora traffic, iyo inonzi IPFIX.
IPFIX yakavakirwa paNetFlow version 9 uye yakatanga kushandiswa muna 2005 asi yakatora makore akati wandei kuti ishandiswe muindasitiri. Panguva ino, maprotocol maviri aya akafanana uye kunyangwe izwi rekuti NetFlow richiri kushandiswa zvakanyanya, mashandisirwo mazhinji (kunyangwe asiri ese) anoenderana neIPFIX standard.
Heino tafura inopfupikisa mutsauko uripo pakati peNetFlow neIPFIX:
| Chikamu | NetFlow | IPFIX |
|---|---|---|
| Kwakatangira | Tekinoroji yezvivakwa yakagadzirwa neCisco | Protocol yeindasitiri yakavakirwa paNetFlow Version 9 |
| Kugadzirisa | Tekinoroji yeCisco | Yakavhurika standard inotsanangurwa neIETF muRFC 7011 |
| Kuchinjika | Shanduro dzakashanduka dzine maficha chaiwo | Kuchinjika kukuru uye kushanda pamwe chete pakati pevatengesi |
| Rudzi rweData | Mapaketi ehukuru hwakagadzika | Maitiro akavakirwa patemplate emafomati emhando dzema flow record anogadziriswa |
| Rutsigiro rweTemplate | Hazvitsigirwi | Matemplate anochinja-chinja ekubatanidza munda unochinjika |
| Rutsigiro rweVatengesi | Zvikurukuru zvishandiso zveCisco | Rutsigiro rwakakura pakati pevatengesi ve networking |
| Kuwedzerwa | Kugadziriswa kwakaganhurirwa | Kubatanidzwa kweminda yakagadzirwa uye data rakanangana neapplication |
| Kusiyana kweProtocol | Misiyano yakasiyana-siyana yeCisco | Rutsigiro rwePv6 rwechivanhu, sarudzo dzakavandudzwa dzerekodhi yekuyerera |
| Zvinhu zvekuchengetedza | Zvimiro zvekuchengetedza zvishoma | Kuchengetedzeka kweTransport Layer Security (TLS) encryption, kuvimbika kwemashoko |
Kutarisa Kuyerera Kwenetiwekindiko kuunganidzwa, kuongororwa, uye kutariswa kwetraffic inopfuura nepanetiweki kana chikamu chenetwork. Zvinangwa zvinogona kusiyana kubva pakugadzirisa matambudziko ekubatana kusvika pakuronga kugoverwa kwebandwidth mune ramangwana. Kutarisa kuyerera kwedata uye kuunganidzwa kwepaketi kunogona kutobatsira mukuona nekugadzirisa matambudziko ekuchengetedza.
Kutarisa mashandiro ehurongwa hwemagetsi kunoita kuti ma network aonekwe zvakanaka kuti network iri kushanda sei, zvichipa ruzivo rwakakwana pamusoro pekushandiswa kwese kwese, mashandisirwo eapplication, zvipingamupinyi zvinogona kuitika, zvisingawanzoitika zvinogona kuratidza njodzi dzekuchengetedza, nezvimwewo. Kune mwero wakasiyana-siyana uye mafomati anoshandiswa mukutarisa mashandiro ehurongwa hwemagetsi, kusanganisira NetFlow, sFlow, uye Internet Protocol Flow Information Export (IPFIX). Imwe neimwe inoshanda nenzira yakasiyana zvishoma, asi dzese dzakasiyana ne port mirroring uye deep packet inspection nekuti hadzibate zviri mukati mepaketi yega yega inopfuura nepapoti kana kuburikidza ne switch. Zvisinei, kutarisa mashandiro ehurongwa hwemagetsi kunopa ruzivo rwakawanda kupfuura SNMP, iyo inowanzo ganhurira kune nhamba dzakakura senge kushandiswa kwepaketi nebandwidth.
Zvishandiso zveNetwork Flow Zvinoenzaniswa
| Chinhu | NetFlow v5 | NetFlow v9 | sFlow | IPFIX |
| Yakavhurika kana kuti Yakavanzika | Zvakavanzika | Zvakavanzika | Vhura | Vhura |
| Zvakatorwa Sample kana kuti Flow Based | Zvikurukuru Flow Based; Sampled Mode inowanikwa | Zvikurukuru Flow Based; Sampled Mode inowanikwa | Yakatorwa sampuro | Zvikurukuru Flow Based; Sampled Mode inowanikwa |
| Ruzivo Rwakatorwa | Metadata neruzivo rwezviverengero, kusanganisira mabyte akatamiswa, ma interface counter nezvimwewo | Metadata neruzivo rwezviverengero, kusanganisira mabyte akatamiswa, ma interface counter nezvimwewo | Misoro Yemapaketi Yakazara, Mitoro Yemapaketi Yakakwana | Metadata neruzivo rwezviverengero, kusanganisira mabyte akatamiswa, ma interface counter nezvimwewo |
| Kutarisa Kupinda/Kubuda | Kupinda Chete | Kupinda uye Kubuda | Kupinda uye Kubuda | Kupinda uye Kubuda |
| Rutsigiro rweIPv6/VLAN/MPLS | No | Ehe | Ehe | Ehe |
Nguva yekutumira: Kurume-18-2024
