English

Ndezvipi zvinhu zviri muNetwork Packet Broker(NPB) & Test Access Port (TAP)?

IyoMutengesi weNetwork Packet(NPB), iyo inosanganisira 1G NPB, 10G NPB, 25G NPB, 40G NPB, 100G NPB, 400G NPB, uyeNzvimbo yeKupinda Mukuedzwa kweNetwork (TAP), mudziyo wehardware unobatanidzirwa zvakananga mutambo yenetwork uye unotumira chikamu chekutaurirana kwenetwork kune zvimwe zvishandiso.

MaNetwork Packet Brokers anoshandiswa zvakanyanya mu network intrusion detection systems (IDS), network detectors, uye profilers. Port mirroring session. Mu shunting mode, monitoring UTP link (unmasked link) yakakamurwa kuita zvikamu zviviri ne TAP shunting device. Shunting data rakabatana ne collection interface kuti riunganidze data reInternet information security monitoring system.

ML-TAP-2810 Network Tap

Chii chinoitwa neNetwork Packet Broker (NPB) kwauri?

Zvinhu Zvikuru:

1. Kuzvimiririra

I hardware yakazvimiririra uye haikanganisi mutoro wezvishandiso zve network zviripo, izvo zvine mabhenefiti makuru pane ma port mirroring.

Ichi chishandiso chiri mu-line, zvinoreva kuti chinofanira kuiswa pa network. Zvisinei, izvi zvine dambudziko rekuti chinotadza kushanda, uye nekuti chiri online device, network iripo inofanira kukanganiswa panguva yekuiswa, zvichienderana nekuti yaiswa kupi.

2. Kujeka

Transparent zvinoreva chinongedzo kune network iripo. Mushure mekushandisa network shunt, haikanganisi zvishandiso zvese zviri mu network iripo, uye zvinoonekwa pachena kwavari. Ehe, izvi zvinosanganisirawo traffic inotumirwa ne network shunt kune monitoring device, iyo inoonekwawo pachena kune network.

Musimboti wekushanda:

Kutumirwa kwetraffic (kugoverwa) kwakavakirwa padata rekupinda, kudzokororwa, kuunganidza, kusefa, kushandurwa kwedata re10G POS kuburikidza nekushandurwa kweprotocol kuita makumi emegabytes LAN data, zvichienderana nealgorithm chaiyo yekuburitsa mutoro, kubuda panguva imwe chete kuve nechokwadi chekuti mapaketi ese echikamu chimwe chete, kana IP imwecheteyo inoburitsa mapaketi ese kubva kune imwechete user interface.

ML-TAP-2401B 混合采集-应用部署

Zvimiro Zvinoshanda:

1. Kushandurwa kweprotocol

MaInternet data communication interfaces anoshandiswa neISPs anosanganisira 40G POS, 10G POS/WAN/LAN, 2.5G POS, uye GE, nepo data receiving interfaces anoshandiswa neapps servers ari GE ne10GE LAN interfaces. Nokudaro, protocol conversion inowanzotaurwa paInternet communication interfaces inonyanya kureva kushandurwa pakati pe40G POS, 10G POS, uye 2.5G POS kuenda ku10GE LAN kana GE, uye bidirectional cotransfer pakati pe10GE WAN ne10GE LAN neGE.

2. Kuunganidzwa uye kugoverwa kwedata.

Mapurogiramu mazhinji ekuunganidza data anobvisa traffic yavanofarira uye anorasa traffic yavasina hanya nayo. Kufamba kwedata reIP address, protocol, uye port kunobviswa nekubatana kwefive-tuple (source IP address, destination IP address, source port, destination port, uye protocol). Kana zvabuda, kubuda kwesource imwe chete, nzvimbo imwe chete uye load balance zvinovimbiswa zvichienderana nehurongwa hweHASH.

3. Kusefa kodhi yechinhu

Pakuunganidza traffic yeP2P, sisitimu yekushandisa inogona kungotarisa pane mamwe traffic chaiwo, senge streaming media PPStream, BT, Thunderbolt, uye mazwi akajairika paHTTP akadai seGET nePOST, nezvimwewo. Nzira yekufananidza kodhi yechinhu inogona kushandiswa pakubvisa nekubatanidza. Diverter inotsigira fixed-position feature code filtering uye floating feature code filtering. Floating feature code i offset yakatarwa zvichibva pa fixed location feature code. Yakakodzera maapplication anotsanangura feature code kuti iseferwe, asi asingatsanangure nzvimbo chaiyo yefeature code.

4. Kutarisira chikamu

Inoona traffic yechikamu uye inogadzirisa zviri nyore kukosha kweN yekutumirwa kwechikamu (N=1 kusvika 1024). Kureva kuti, mapaketi ekutanga eN echikamu chimwe nechimwe anotorwa uye anotumirwa ku back-end application analysis system, uye mapaketi anotevera N anoraswa, zvichichengetedza mari yekushandisa yepuratifomu yekuongorora application iri pasi. Kazhinji, kana uchishandisa IDS kutarisa zviitiko, haufanirwe kugadzirisa mapaketi ese echikamu chose; pachinzvimbo, unongoda kubvisa mapaketi ekutanga eN echikamu chimwe nechimwe kuti upedzise kuongorora nekutarisa chiitiko.

5. Kuenzanisa uye kukopa data

Chinopatsanura chinogona kuona kuenzanisa uye kudzokororwa kwedata riri painterface inobuda, izvo zvinoita kuti data riwanikwe nemasisitimu akawanda ekushandisa.

6. Kutora nekutumira data re3G network

Kuunganidzwa kwedata uye kugoverwa kwaro pa3G network kwakasiyana nenzira dzekare dzekuongorora network. Mapaketi pa3G network anotumirwa pamashure ekubatanidza kuburikidza nematanho akawanda e encapsulation. Kureba kwepaketi uye fomati ye encapsulation zvakasiyana neaya emapaketi pa common networks. Splitter inogona kuziva nekugadzira ma tunnel protocols chaiwo akadai seGTP neGRE packets, multilayer MPLS packets, uye VLAN packets. Inogona kuburitsa IUPS signaling packets, GTP signaling packets, uye Radius packets kune ma ports akasarudzwa zvichienderana nehunhu hwepaketi. Pamusoro pezvo, inogona kupatsanura mapaketi zvichienderana ne inner IP address. Kutsigira mapaketi makuru (MTU> 1522 Byte) processing, inogona kuita zvakakwana 3G network data collection uye shunt application.

Zvinodiwa paChinhu:

- Inotsigira kugoverwa kwetraffic kuburikidza neprotocol yeL2-L7 application.

- Inotsigira kusefa kwe5-tuple kuburikidza nekero chaiyo yeIP, kero yeIP yekuenda, chiteshi chekubva, chiteshi chekuenda, uye protocol uye nemasiki.

- Inotsigira kuyera mutoro wekubuda uye kuenzana kwemutero wekubuda uye kuenzana kwemutero.

- Inotsigira kusefa nekutumira nekushandisa tambo dzemavara.

- Inotsigira manejimendi yemusangano. Tumira mapaketi ekutanga eN emusangano wega wega. Kukosha kweN kunogona kutsanangurwa.

- Rutsigiro rwevashandisi vakawanda. Mapaketi edata anoenderana nemutemo mumwe chete anogona kupihwa kune wechitatu panguva imwe chete, kana kuti data riri painterface inobuda rinogona kuenzaniswa uye kudzokororwa, zvichiita kuti data riwanikwe nemasisitimu akawanda ekushandisa.

Mhinduro Yekubatsira Muindasitiri Yezvemari
Nekukura kuri kuita tekinoroji yeruzivo pasi rose nekukurumidza uye kuwedzera kweruzivo, kukura kwenetwork yemakambani kwakawedzera zvishoma nezvishoma, uye kuvimba kwemaindasitiri akasiyana-siyana pahurongwa hweruzivo kwawedzera kukwira. Panguva imwe chete, network yebhizinesi yekurwiswa kwemukati nekunze, kusarongeka, uye kutyisidzira kwekuchengetedzwa kwemashoko kuri kukurawo, nehuwandu hwakawanda hwekuchengetedzwa kwenetwork, sisitimu yekutarisa mabhizinesi ekushandisa yakaiswa mukushanda kwakatevedzana, mhando dzese dzekutarisa mabhizinesi, michina yekudzivirira kuchengetedzeka yakatumirwa munetwork yese, pachava nekurasikirwa kwezviwanikwa zveruzivo, kutarisa nzvimbo isina kujeka, kutarisa kakawanda, topology yenetwork uye dambudziko risina kurongeka senge kusakwanisa kuwana data rakananga zvinobudirira, zvichitungamira mukutarisa michina kushanda zvishoma, kudyara mari yakawanda, mari shoma, matambudziko ekugadzirisa nekudzora kunonoka, zviwanikwa zvedata zvakaoma kudzora.

Nharembozha

Nguva yekutumira: Gunyana-08-2022
Dzvanya enter kuti utsvage kana kuti ESC kuti uvhare