Netflowdow iyo Ipfix labada tikniyoolajiyada loo isticmaalo kormeerka qulqulka shabakadda iyo falanqaynta. Waxay ku siinayaan garasho qaababka taraafikada shabakadaha, iyagoo ka caawiya kobcinta waxqabadka, cilladaha dhibaatada, iyo falanqaynta amniga.
Netflowdow:
Waa maxay shabaqa?
Shabaqwaa xalka korjoogteynta qulqulka asalka ah, asal ahaan ay soo saartay CISCO dabayaaqadii 1990-yadii. Dhowr nooc oo kala duwan ayaa jira, laakiin inta badan dadka wax u qaba waxay ku saleysan yihiin labada netflflow v5 ama shabakadda v9. In kasta oo nooc kastaa uu leeyahay awoodo kaladuwan, hawlgalka aasaasiga ahi waa isku mid:
Marka hore, router, beddel, dab-damis, ama nooc kale oo qalab ah ayaa ku qabanaya macluumaad ku saabsan shabakadda "- asal ahaan xirmooyin la wadaago astaamo sida cinwaanka isha iyo cinwaanka halka loo socdo, iyo nooca borotokoolka. Kadib qulqulka ayaa aad u dhacay ama waqti go'an oo waqti cayiman ayaa maray, aaladda ayaa dhoofisa diiwaangelinta qulqulka si loo yaqaan "qulqulka qulqulka".
Ugu dambeyntiina, "falanqeeye qulqulka" ayaa macno u leh diiwaannadaas, oo bixiya aragtiyo ku saabsan qaab muuqaal ah, tirakoobyo, iyo warbixinno faahfaahsan iyo waqti-buuxa oo taariikhi ah. Ficil ahaan, ururo aruuriyayaasha iyo falanqaynta badanaa waa hal hay'ad, oo badanaa lagu daro xalka kormeerka waxqabadka shabakadda ee shabakadda.
Netflowdow wuxuu u shaqeeyaa si deg deg ah. Marka mashiinka macmiilku u gaaro server-ka, Netflowdow wuxuu bilaabi doonaa qabashada iyo isku darka Metadadata qulqulka. Kalfadhiga ka dib waa la joojiyaa, Netflowdow wuxuu dhoofinayaa hal rikoor oo dhameystiran aruuriyaha.
In kasta oo weli si caadi ah loo isticmaalo, NetFlow V5 waxay leedahay tiro xad dhaaf ah. Beeraha la dhoofiyo waa la hagaajiyaa, la socodka ayaa lagu taageerayaa oo keliya jihada internetka, iyo tikniyoolajiyadda casriga ah sida IPV6, Mpls, iyo VXLAN lama taageerin. Netflowdow V9, oo sidoo kale lagu calaamadeeyay inay yihiin dabacsan (FNF), waxay ka hadlayaan qaar ka mid ah xadeynooyinkaas, u oggolaanaya dadka isticmaala inay dhisaan shaashad dhaqameed iyo ku darista taageerada teknolojiyadda cusub.
Iibiyeyaal badan ayaa sidoo kale leh fursad ay iska hirgaliyaan shirkada Netflowlow, sida Jflow laga soo bilaabo Junsure iyo Netstream oo ka soo jeeda Huawei. "
Tilmaamaha ugu muhiimsan ee shabaqa
~ Xog qulqulka: NetFlow generates flow records that include details such as source and destination IP addresses, ports, timestamps, packet and byte counts, and protocol types.
~ Korjoogteynta taraafikada: NetFlow provides visibility into network traffic patterns, allowing administrators to identify top applications, endpoints, and traffic sources.
~Ascol Daon-da: By analyzing flow data, NetFlow can detect anomalies such as excessive bandwidth utilization, network congestion, or unusual traffic patterns.
~ Falanqaynta Amniga: NetFlow can be used to detect and investigate security incidents, such as distributed denial-of-service (DDoS) attacks or unauthorized access attempts.
Noocyada Netflowlow: NetFlow ayaa ka soo baxday waqti ka dib, iyo noocyo kala duwan ayaa la sii daayay. Qaybaha aan la xusin waxaa ka mid ah Netfllow V5, Netflowdow V9, iyo shabag dabacsan. Nooc kastaa wuxuu soo bandhigayaa sii-haynta iyo awoodaha dheeriga ah.
Ipfix:
Waa maxay ipfix?
Heerka IETF ee soo ifbaxay horaantii 2000-meeyadii, dhoofinta macluumaadka qulqulka internetka (Ipfix) waxay aad ugu egtahay shabaqa. Xaqiiqdii, NetFlow V9 ayaa loo adeegsaday aasaaska Ipfix. Farqiga ugu saleysan ee u dhexeeya labada waa in Ipfix ay tahay heer furan, waxaana taageera tiro badan oo iibiyayaal badan oo kaqaybgalka Cisco. Marka laga reebo dhowr meelood oo dheeri ah oo lagu daray ipfix, qaababku waa isku mid. Xaqiiqdii, ipfix waxaa mararka qaarkood xitaa loo gudbiyaa "netfflow v10".
Adiga oo qayb ka ah wax la mid ah waxyaabaha ay la mid tahay Netflowdow, Ipfix waxay ku raaxeysataa taageero ballaaran oo ka dhexeysa xalka kormeerka shabakadda iyo sidoo kale qalabka shabakadda.
IPFIX (Internet Protocol For Dhoofinta Macluumaadka Macluumaadka Nidaamka ah) waa borotokool heer sare ah oo heer sare ah oo ay soo saartay xoogga hawsha Injineerka (IETF). Waxay ku saleysan tahay nooca netffllow * qeexitaanka waxayna bixisaa qaab jaangooyooyin ah oo loogu talagalay dhoofinta diiwaannada qulqulka aaladda shabakadda.
Ipfix wuxuu ku dhisayaa fikradaha Netflowlow waxayna ku fidisaa inay bixiyaan degenaansho dheeraad ah iyo is dhexgalka dhammaan iibiyaasha iyo aaladaha kala duwan. Waxay soo bandhigaysaa fikradda shaxanka, taasoo u oggolaaneysa qeexitaan firfircoon oo qaab dhismeedka qorshaha iyo waxyaabaha ku jira. Tani waxay awood u siineysaa ku darista beeraha caadiga ah, taageerada borotokoolka cusub, iyo kordhinta.
Tilmaamaha ugu muhiimsan ee ipfix:
~ Qaab dhismeedka ku-saleysan: Ipfix waxay isticmaashaa tusaalayaal si loo qeexo qaab-dhismeedka iyo waxa ku jira diiwaannada qulqulka, iyadoo la soo bandhigayo dabacsanaan lagu habeeyo abaabulka macluumaadka kala duwan iyo macluumaad gaar ah.
~ Is dhexdeqan: IPFIX is an open standard, ensuring consistent flow monitoring capabilities across different networking vendors and devices.
~ Taageerada IPV6: Ipfix si gaar ah u taageera IPV6, taasoo ka dhigeysa in la kormeero oo la falanqeeyo taraafikada shabakadaha IPV6.
~Amniga amniga: Ipfix waxaa ka mid ah astaamaha amniga sida amniga lakabka lakabka (TLS) iyo farriinta daacadnimada daacadnimada si loo ilaaliyo sirta iyo daacadnimada xogta qulqulka inta lagu guda jiro gudbinta.
Ipfix waxaa si weyn u taageera Iftiinada Qalabka Iskuxirka ee kaladuwan, taasoo ka dhigeysa mid dhexdhexaad ah oo si weyn loo qaatay kormeerka qulqulka shabakadda.
Marka, waa maxay farqiga u dhexeeya netflowdow iyo ipfix?
Jawaabta fudud ayaa ah in shabaqa loo yaqaan 'net protocol protocol' oo la soo bandhigay qiyaastii 1996 iyo Ipfix waa hay'addeeda ay heleen walaalkiis.
Labada borotokool waxay u adeegaan isku ujeeddo: karti u yeelashada injineerada shabakadda iyo maamulayaasha inay aruuriyaan oo ay falanqeeyaan heerka shabakadda ee IP-ga. Cisco ayaa horumarsan Netfloww si ay u wareejiso iyo kuwa maraakiib-u-dhigida ah inay wax soo saarto macluumaadkan qiimaha badan. Marka la eego xukunka Cisco Gear, Netflowdow si dhakhso ah ayey u noqotay heerka de-sabab loogu talagalay falanqaynta taraafikada ee shabakadda. Si kastaba ha noqotee, tartamayaasha warshadaha ayaa gartay in adeegsiga borotokoolka hoggaamiye ee ay xafiiltamaan ma aysan ahayn fikrad wanaagsan oo ay hogaamiso dadaal si loo habeeyo sicirka si loo habeeyo falanqaynta furan ee falanqaynta taraafikada, oo ah ipfix.
Ipfix wuxuu ku saleysan yahay netffloww nooca 9 waxaana markii hore lagu soo bandhigay qiyaastii 2005 laakiin waxay qaadatay sanado badan oo lagu helo korsashada warshadaha. Halkaas, markan, labada borotokoolka ayaa muhiimad ahaan isku mid ah in kastoo ereyga Netflow uu weli ka badan yahay sida ugu dhaqsaha badan (in kastoo aan dhammaantood ahayn) inay la jaan qaadayaan heerka IPfix.
Halkan waxaa ah miis soo koobaya farqiga u dhexeeya NetFlow iyo Ipfix:
| Muuqaal | Shabaq | Ipfix |
|---|---|---|
| Asal | Teknolojiyada lahaanshaha ee ay soo saartay Cisco | Borotokoolka caadiga ah ee warshadaha ee ku saleysan netfflow * |
| Jaangooyada | Teknolojiyadda gaarka ah ee Cisco-gaar ah | Heerka furan ee lagu qeexay IETF ee RFC 7011 |
| Difaac | Noocyada la soo dhaafay oo leh astaamo gaar ah | Dabacsanaan weyn iyo is dhexgalka dhammaan iibiyaasha |
| Qaabka Xogta | Xirmooyinka xajmiga ah ee xajmiga ah | Qaab-dhismeedka ku-saleysan ee loo yaqaan 'Template' |
| Taageero Template | Lama taageerin | Shaashadaha firfircoon ee loogu talagalay ku darista garoonka dabacsan |
| Taageero iibiya | Ugu horreyn aaladaha Cisco | Taageero ballaaran oo ku saabsan iibiyaasha isku xidhka |
| Raad | Ujeeddada xadidan | Ku darista beeraha caadiga ah iyo xog u gaar ah |
| Kala duwanaanshaha borotokoolka | Kala duwanaanshaha gaarka ah ee Cisco-gaar ah | Taageerada asalka IPV6 ee hooyo, xulashooyinka diiwaangelinta qulqulka |
| Astaamaha amniga | Astaamaha amniga ee xaddidan | Xadgudubka Lakabka ee Lakabka (TLS) Encryption, Fariinta Fariinta |
Kormeerka qulqulka shabakaddaUrurinta, falanqaynta, iyo kormeerka taraafikada taraafikada waxay ku jirtaa shabakad la siiyay ama qeybta shabakadda. Ujeeddooyinka waxay ku kala duwanaan karaan dhibaatooyinka isku xirka si loo maareeyo qorshaynta qoondeynta Bandwadth mustaqbalka. Korjoogteynta socodka iyo baakaxa xirmada ayaa xitaa waxtar u yeelan kara ogaanshaha iyo dajinta arrimaha amniga.
Korjoogteynta socodka waxay siisaa kooxo xiriiriyeyaal ah fikrad fiican oo ah sida shabakaddu uga shaqeyso, iyadoo la siinayo aragtiyo is-qorid ah in la adeegsanayo isticmaalka guud ee isticmaalka, isticmaalka mustaqbalka, anomalies kuwa ka yaabi kara khataraha amniga, iyo inbadan. Waxaa jira dhowr heerar kala duwan oo loo isticmaalo kormeerka qulqulka shabakadda, oo ay ku jiraan Netflowdow, Sfflow, iyo dhoofinta macluumaadka qulqulka internetka (IPFIX). Mid kastaaba wuxuu ku shaqeeyaa qaab waxyar ka duwan, laakiin dhammaantood waa ka duwan yihiin muraayadda dekeda iyo baakadaha qoto dheer ee baakadaha ah ee ah inaysan qabsanin waxa ku jira baakad kasta oo ka gudbaya deked ama wareejin. Si kastaba ha noqotee, kormeer qulqulka ayaa bixiya macluumaad dheeri ah oo ka badan SNMP, oo guud ahaan ku xaddidan tirakoobka ballaaran sida guud ahaan baakada guud iyo isticmaalka bandwidth.
Qalabka qulqulka shabakadda marka la barbar dhigo
| Muujinta | Netfllow v5 | Netflow v9 | sflow | Ipfix |
| Fur ama lahaansho | Lahaansho | Lahaansho | Furid | Furid |
| Muunad ama qulqulka ku saleysan | Ugu horrayn qulqulka ku saleysan; Qaabka muunad qaadista ayaa la heli karaa | Ugu horrayn qulqulka ku saleysan; Qaabka muunad qaadista ayaa la heli karaa | Sampld | Ugu horrayn qulqulka ku saleysan; Qaabka muunad qaadista ayaa la heli karaa |
| Macluumaad la qabtay | Metadata iyo macluumaadka tirakoobka, oo ay ku jiraan balliyada la wareejiyay, tirinta isugeynta iyo wixii la mid ah | Metadata iyo macluumaadka tirakoobka, oo ay ku jiraan balliyada la wareejiyay, tirinta isugeynta iyo wixii la mid ah | Madaxa xirmooyinka xirmada oo dhameystiran, mushahar lacageed oo qayb ah | Metadata iyo macluumaadka tirakoobka, oo ay ku jiraan balliyada la wareejiyay, tirinta isugeynta iyo wixii la mid ah |
| Kordhinta Ingress / Egress | Farol ah kaliya | Faafin iyo egress | Faafin iyo egress | Faafin iyo egress |
| IPV6 / VLAN / MPLS Taageero | No | Haa | Haa | Haa |
Waqtiga Post: Mar-18-2024
