NetFlow uye IPFix idzo dzese tekinoroji inoshandiswa kune network kuyerera kwekutarisa uye kuongororwa. Ivo vanopa ruzivo rwekuita metroc traffic patterns, kubatsira mukuita kwehurongwa, kugadzirisa dambudziko, uye nekuchengetedzeka.
NetFlow:
Chii chinonzi netflow?
NetFlowndiyo yekutanga kuyerera kuongorora mhinduro, yakatanga kugadzirwa neCisco mukupera kwa1990. Shanduro dzinoverengeka dzakasiyana dziripo, asi kutumirwa kwakawanda kwakavakirwa pane chero netflow v5 kana netflow v9. Nepo vhezheni imwe neimwe ine mikovers dzakasiyana, basa rekutanga rinoramba rakafanana:
Kutanga, router, switch, firewall, kana imwe mhando yechikumbiro ichabata ruzivo "inoyerera mapoinzi" - inoyerera " Mushure mekuyerera kwaenda kuchidambuka kana nguva yakatarwa yapfuura, chishandiso chinoburitsa chinongedzo chechikepe chinozivikanwa se "muunganidzi anoyerera".
Pakupedzisira, "anoongorora anoongorora" ane musoro wezvinyorwa izvo, achipa ruzivo rwezvekufunga, huwandu, uye zvakadzama nhoroondo uye chaicho nguva yekubvuma. Mukudzidzira, vateresi uye kuongorora kazhinji kazhinji chikamu chimwe, kazhinji chakabatanidzwa mune yakakura network yekuita yekuita yekugadzirisa.
Netflow inoshanda pane mamiriro ezvinhu. Kana muchina wevatengi wasvika kune server, netflow ichatanga kutora uye inosangana metadata kubva kuyerera. Mushure mekunge chikamu chichigumiswa, netflow inotumira zvakare kurekodha chizere kusvika kumuunganidzi.
Kunyangwe ichiri kushandiswa kazhinji, netflow v5 ine huwandu hwezvisingakwanisi. Minda inotumirwa yakatsakatiswa, yekutarisa inotsigirwa muIngrd kutungamira, uye zvemazuva ano matekinoroji seIPv6, MPLs, uye vxlan haina kutsigirwa. NetFlow v9, zvakare yakanyorwa seanoshandura netflow (FNF), inotaura nezvevamwe pane izvi zvevengo
Vatengesi vazhinji zvakare vane yavo yekupupurira kushandisa kweNetFlow Kunyangwe iyo gadziriro inogona kusiyana neimwe nzira, izvi zvishandiso zvinowanzoburitsa kuyerera zvinyorwa zvinoenderana neNetFlow Verengi uye kuongorora.
ZVINOKOSHA ZVEKUSHAYA:
~ Kuyerera data.
~ Traffic trafficing.
~Anomaly Kuwanikwa.
~ Kuongororwa Kuongorora.
NetFlow Shanduro: NetFlow yakauya nekufamba kwenguva, uye shanduro dzakasiyana dzakasunungurwa. Dzimwe shanduro dzinozivikanwa dzinosanganisira netflow v5, netflow v9, uye inoshanduka-shanduka netflow. Shanduro imwe neimwe inounza kusimudzira uye mamwe ekugona.
Ipfix:
Chii chinonzi ipfix?
Chiyero cheIETF chakabuda muAiet stanal Muchokwadi, netflow v9 yakashanda sehwaro hweIPfix. Musiyano wekutanga pakati pezviviri ndewe ipfix iPlix chiyero chakavhurika, uye chinotsigirwa nevatengesi vazhinji veWakawanda veSittors kunze kubva kuCisco. Kunze kwekusarudzika kweshoma minda yakawedzerwa muIPFix, mafomu ayo akada kufanana. Muchokwadi, ipfix dzimwe nguva inombotaurwa nezve "netflow v10".
Nekuda kwekufanana neyenzvimbo yayo kuenda kuNetFlow, ipfix inofarira kutsigirwa kwakawanda pakati petivhi yekutarisa mhinduro pamwe nemidziyo yetiweki.
IPFix (Internet Protocol inoyerera ruzivo rwekunze) chikamu chakavhurika chakagadzirwa neInternet Injiniya Basa Rekushandisa (IETF). Iyo yakavakirwa paNetFlow Version 9 Spection uye inopa chimiro chakagadziriswa chekuburitsa kuyerera marekodhi kubva kune network midziyo.
IPFix inovaka pane pfungwa dzeNetFlow uye inokudza kuti vape zvakanyanya kutendeseka uye kuunganidzwa kwevatengesi vakasiyana uye midziyo. Inosvitsa pfungwa yematemplate, kubvumira tsanangudzo yeDynamic yekuyerera rekodhi uye zvemukati. Izvi zvinoita kuti kusanganisa kwenzvimbo dzetsika, rutsigiro rwetsva protocol, uye kuwedzera.
ZVINOKOSHA ZVINOKOSHA zveIPFix:
~ Template-yakavakirwa nzira.
~ Kuunganidza: Ipfix chikamu chakavhurika, chichiita chisingaperi kuyerera kwekutarisa kwekutarisa kune vakasiyana network vetisters uye zvishandiso.
~ IPv6 Tsigiro: Ipfix natively inotsigira IPv6, ichiita kuti ive yakakodzera kutarisa uye kuongorora traffic muIPV6 Networks.
~Yakawedzerwa Chengetedzo.
IPFix inotsigirwa zvakanyanya nevatengesi vakasiyana-siyana vekwaniri, vachiita mutengesi-asina kwaakarerekera uye akasarudzika sarudzo yekuyerera network yekufambisa network.
Saka, chii musiyano uripo pakati petsqulo uye ipfix?
Mhinduro yakapusa ndeyekuti netflow ndeye cisco pritrietary protocol yakaunza nguva1996 uye ipfix ndeyekuti yayo yemudiwa akatenderwa.
Zvese zviri zviviri protocol zvinoshanda zvakafanana Cisco yakakudziridzwa netful kuti switch yayo uye majira anogona kuburitsa ruzivo rwakakosha urwu rwakakosha. Kupiwa masimba eCisco gear, netflow nekukurumidza yakava iyo-facto standard ye network traffic kuongorora. Nekudaro, maindasitiri akwikwikwidza anoonekwa kuti achishandisa protocol inodzorwa nemukaka wake waive asiri iwo eIET!
IPFix yakavakirwa paNetflow Version 9 uye yakatanga kuunzwa kutenderera 2005 asi yakatora akawanda emakore kuti uwane indasitiri yekutorwa. Panguva ino, maProtocol maviri akanyanya zvakafanana uye kunyange izwi rekuti netflow richiri kuwedzera zvakanyanya kushandisa (asi zvisiri izvo) zvinoenderana neIPFix Standard.
Heino tafura kupfupikisa mutsauko pakati peNetflow uye ipfix:
| Chimiro | NetFlow | Ipfix |
|---|---|---|
| Mabviro | Propertary tekinoroji yakagadzirwa neCisco | Indasitiri-yakajairwa protocol yakavakirwa paNetFlow Version 9 |
| Kumira | Cisco-chairo tekinoroji | Yakavhurika chiyero inotsanangurwa neIETF muRFC 7011 |
| Kuchinjika | Rakashandurwa shanduro nezvakananga maficha | Kuchinjika Kwakakura uye Kubatana Kwevatengesi veVatengesi |
| Chimiro che data | Yakagadziriswa-saizi mapaketi | Template-yakavakirwa nzira yeiyo inogadziriswa inoyerera rekodhi mafomu |
| Template tsigiro | Kwete kutsigirwa | Dynamic Matemplates yeChidimbu Yekuchinja Kwemadivi |
| Mutengesi anotsigira | Kunyanya cisco zvishandiso | Rubatsiro rwokumuvhunduka pamaswere ekutengesa |
| Kuwedzera | Yakatemerwa Kugadziriswa | Kubatanidzwa kweminda yetsika uye yekushandisa-yakatarwa data |
| Protocol kusiyana | Cisco-chaicho misiyano | Native IPv6 Tsigiro, Yakavandudzwa Flow Record Sarudzo |
| Zvichengetedzo Zvinyorwa | Yakatemerwa Kuchengetedza Zvinyorwa | Kutakura Layer Kuchengetedzeka (TLS) Encryption, meseji yekuvimbika |
Network inoyerera yekutarisaIko kuunganidza, kuongorora, uye kuongorora kwe traffic kuyambuka network yakapihwa kana network chikamu. Zvinangwa zvinogona kusiyana kubva mukutsikisa matambudziko ekubatanidza kunokanganisa matambudziko ekuronga ramangwana bandwidth kugoverwa. Kuyerera kwekutarisa uye mapaketi sampling kunogona kunyange kubatsira pakuzivisa uye kugadzirisa nyaya dzekuchengetedza.
Kuyerera kwekutarisa kunopa maneja ekutengesa pfungwa yakanaka yekuti network iri kushanda sei, kushandiswa kweshandisirwo, kushandiswa kweshoko, anomaliticks zvinogona kuratidza kutyisidzira, uye zvimwe. Pane zviyero zvakasiyana zvakasiyana uye mafomu anoshandiswa mune network kuyerera kwekutarisa, kusanganisira netflow, sFlow, uye Internet protocol inoyerera ruzivo rwekunze (IPFix). Imwe neimwe inoshanda nenzira dzakasiyana-siyana, asi zvese zvakasarudzika kubva kuPortunganidzwa uye nekukadzika packet kuongorora mune izvo hazvitore zvirimo zvepaketi pane chiteshi kana kuburikidza neswitch. Nekudaro, kuyerera kwekutarisa kunopa ruzivo rwakawanda kupfuura snmp, iyo inowanzove yakaganhurirwa kune yakafara nhamba seyakawandisa packet uye bandwidth kushandiswa.
Network inoyerera zvishandiso zvakafanana
| Chimiro | Netflow v5 | Netflow v9 | SFLOW | Ipfix |
| Vhura kana proprietary | Proprietary | Proprietary | Vhura | Vhura |
| Sampled kana kuyerera kwakavakirwa | Kunyanya kuyerera kwakavakirwa; Sampled mode iripo | Kunyanya kuyerera kwakavakirwa; Sampled mode iripo | Sampled | Kunyanya kuyerera kwakavakirwa; Sampled mode iripo |
| Ruzivo rwakabatwa | Metadata uye Statistical Ruzivo, kusanganisira mabhatani akatamisirwa, Interface Collers uye zvichingodaro | Metadata uye Statistical Ruzivo, kusanganisira mabhatani akatamisirwa, Interface Collers uye zvichingodaro | Zadza mapaketi ma packet, chidimbu packet inobhadhara | Metadata uye Statistical Ruzivo, kusanganisira mabhatani akatamisirwa, Interface Collers uye zvichingodaro |
| Ingress / eggress kutarisa | Ingress chete | Ingress uye egress | Ingress uye egress | Ingress uye egress |
| IPL6 / VLAN / MPLS Tsigiro | No | Ehe | Ehe | Ehe |
Kutumira Nguva: Mar-18-2024
