Kana mudziyo weIntrusion Detection System (IDS) waiswa, girazi rekuona paswitch iri pakati peruzivo rwevezera rako harikwani (semuenzaniso, girazi rimwe chete rinobvumirwa, uye girazi rekuona rinenge rakagara mune zvimwe zvishandiso).
Panguva ino, kana tisingawedzere magirazi akawanda, tinogona kushandisa mudziyo wekubatanidza, kukopa, uye kutumira data rekushandisa network kuti tigovere huwandu hwakaenzana hwemagirazi kumudziyo wedu.
Chii chinonzi Network TAP?
Pamwe wakatanga kunzwa zita rekuti TAP switch. TAP (Terminal Access Point), inozivikanwawo seNPB (Network Packet Broker), kana kuti Tap Aggregator?
Basa guru reTAP nderekuisa pakati pechiteshi chegirazi pane network yekugadzira neboka remidziyo yekuongorora. TAP inounganidza traffic yakatariswa kana yakaparadzaniswa kubva kune imwe kana kupfuura michina yekugadzira network uye inogovera traffic kune imwe kana kupfuura michina yekuongorora data.
Mamiriro ekushandiswa kwenetwork yeTAP yeNetwork Common Network
Network Tap ine mazita akajeka, akadai se:
Zvishandiso Zvakazvimirira
TAP ihardware yakasiyana isingakanganisi mutoro pamidziyo yenetwork iripo, inova imwe yezvakanakira kupfuura magirazi epaport.
Chinja?
Kubata Network?
Kuonesa Netiweki
Kana TAP yabatanidzwa kune network, mimwe midziyo yese iri pa network haikanganisike. Kwavari, TAP inojeka semhepo, uye midziyo yekutarisa yakabatana ne TAP inojeka kune network yese.
TAP yakafanana nePort Mirroring pa switch. Saka sei kuisa TAP yakasiyana? Ngatitarisei mimwe misiyano iri pakati peNetwork TAP neNetwork Port Mirroring.
Musiyano 1: Network TAP iri nyore kugadzirisa pane mirroring yeport
Kutarisa magirazi echiteshi kunofanirwa kugadziriswa pa switch. Kana monitoring ichida kugadziriswa, switch yacho inofanira kugadziriswazve ALL. Zvisinei, TAP inongoda kugadziriswa chete payakakumbira, izvo zvisina zvazvinokanganisa pamidziyo yenetwork iripo.
Musiyano 2: Network TAP haikanganisi mashandiro enetwork kana tichienzanisa ne port mirroring
Kuisa magirazi epachiteshi paswitch kunokanganisa mashandiro eswitch uye kunokanganisa kugona kweswitch. Kunyanya, kana switch yakabatana nenetwork yakatevedzana se inline, kugona kwekufambisa kwenetwork yese kunokanganiswa zvakanyanya. TAP ihardware yakazvimiririra uye haikanganisi mashandiro emudziyo nekuda kwekutarisa traffic. Saka, haina kukanganisa mutoro wemidziyo yenetwork iripo, iyo ine mabhenefiti makuru pane kuiongorora pachiteshi.
Musiyano 3: Network TAP inopa maitiro akakwana ekufambisa traffic kupfuura kudzokororwa kweport mirroring
Kutarisa magirazi echiteshi hakugone kuve nechokwadi chekuti traffic yese inogona kuwanikwa nekuti switch port pachayo inosefa mamwe mapaketi ezvikanganiso kana mapaketi madiki kwazvo. Zvisinei, TAP inovimbisa kusimba kwedata nekuti i "replication" yakazara pachikamu chemuviri.
Musiyano 4: Kunonoka kwekutumira kweTAP kudiki pane kwePort Mirroring
Pane mamwe maswichi ane magumo akaderera, kuiisa pamichina yekutarisa mahwindo kunogona kuunza latency pakukopa traffic kumagirazi, pamwe nekukopa mahwindo e10/100m kumaGiga Ethernet ports.
Kunyangwe izvi zvakanyorwa zvakanyanya, tinotenda kuti ongororo mbiri dzekupedzisira hadzina rutsigiro rwakasimba rwehunyanzvi.
Saka, mumamiriro api ezvinhu akajairika, tinofanira kushandisa TAP pakugovera traffic yenetiweki? Zviri nyore, kana uine zvinodiwa zvinotevera, saka Network TAP ndiyo sarudzo yako yakanakisisa.
Tekinoroji yeNetwork TAP
Teerera zviri pamusoro apa, inzwa kuti TAP network shunt chishandiso chemashiripiti, iyo TAP shunt yakajairika pamusika parizvino inoshandisa dhizaini yepasi pezvikamu zvitatu:
FPGA
- Kushanda kwepamusoro
- Zvakaoma kukura
- Mutengo wakakwira
MIPS
- Inochinjika uye iri nyore kushandisa
- Dambudziko rekukura riri pakati nepakati
- Vatengesi vakuru RMI neCavium vakamisa kugadzirwa kwekambani iyi ndokuzokundikana gare gare.
ASIC
- Kushanda kwepamusoro
- Kuvandudza mashandiro ekuwedzera kwakaoma, kunyanya nekuda kwekuganhurirwa kwechip pachayo
- Chip pachayo ine ma interfaces ayo uye ma specifications ayo anogumira pakuita kwekuwedzera kusina kunaka.
Saka, Network TAP ine huwandu hwakawanda uye inomhanya zvakanyanya inowanikwa pamusika ine mukana wakakura wekuvandudza kushanduka-shanduka mukushandiswa kwayo. TAP network shunters dzinoshandiswa pakushandura protocol, kuunganidza data, shunting data, mirroring data, uye traffic filtering. Mhando huru dzeports dzinosanganisira 100G, 40G, 10G, 2.5G POS, GE, nezvimwewo. Nekuda kwekubviswa zvishoma nezvishoma kwezvigadzirwa zveSDH, Network TAP shunters dziripo dzinonyanya kushandiswa mu network yeEthernet.
Nguva yekutumira: Chivabvu-25-2022
