Bitewe no guhindura imibare, imiyoboro yibikorwa ntibikiri "insinga nke zihuza mudasobwa." Hamwe no gukwirakwiza ibikoresho bya IoT, kwimuka kwa serivisi ku gicu, no kwiyongera kwakazi ka kure, urujya n'uruza rwaturikiye, nkumuhanda uri munzira nyabagendwa. Nyamara, uku kwiyongera kwimodoka nako kwerekana imbogamizi: ibikoresho byumutekano ntibishobora gufata amakuru akomeye, sisitemu yo kugenzura irengerwa namakuru arenze urugero, kandi iterabwoba ryihishe mumihanda ihishe ntirimenyekana. Aha niho "butler itagaragara" yitwa Network Packet Broker (NPB) ije ikenewe. Ikora nkikiraro cyubwenge hagati yumuhanda nu bikoresho byo kugenzura, gikemura urujya n'uruza rw’imodoka ku muyoboro wose mu gihe rugaburira neza ibikoresho byo gukurikirana amakuru bakeneye, bifasha ibigo gukemura ibibazo by’urusobe "bitagaragara, bitagerwaho". Uyu munsi, tuzatanga ibisobanuro byuzuye byuruhare rwibanze mubikorwa byurusobe no kubungabunga.
1. Kuki ibigo bishakisha NPB ubu? - "Ibigaragara bikenewe" by'urusobe rugoye
Suzuma ibi bikurikira: Mugihe umuyoboro wawe urimo gukoresha amajana ya IoT ibikoresho, amajana ya seriveri yibicu, hamwe nabakozi babigeraho kure kuva ahantu hose, nigute ushobora kwemeza ko ntamodoka mbi yinjira? Nigute ushobora kumenya amahuriro yuzuye kandi adindiza ibikorwa byubucuruzi?
Uburyo bwa gakondo bwo gukurikirana bwakomeje kuba budahagije: ibikoresho byo kugenzura birashobora kwibanda gusa kubice byihariye byumuhanda, kubura urufunguzo; cyangwa banyuza traffic yose kubikoresho icyarimwe, bigatuma idashobora gusya amakuru no gutinda gusesengura neza. Byongeye kandi, hamwe na 70% yimodoka ubu ibitswe, ibikoresho gakondo ntibishobora rwose kubona binyuze mubirimo.
Kugaragara kwa NPBs bikemura ikibazo cyububabare bwo "kubura imiyoboro igaragara." Bicara hagati yumuhanda winjira nibikoresho byo kugenzura, gukusanya ibinyabiziga bitatanye, gushungura amakuru yumurengera, hanyuma bagabura ibinyabiziga nyabyo kuri IDS (Intrusion Detection Systems), SIEMs (Platforms yumutekano wamakuru), ibikoresho byo gusesengura imikorere, nibindi byinshi. Ibi byemeza ko ibikoresho byo gukurikirana bidafite inzara cyangwa ngo byuzuye. NPBs irashobora kandi gushishoza no gushishoza traffic, kurinda amakuru yoroheje no guha ibigo ishusho rusange yimiterere yabyo.
Birashobora kuvugwa ko ubu mugihe cyose uruganda rufite umutekano wurusobe, gukora neza cyangwa gukenera kubahiriza, NPB yabaye ikintu cyibanze kidashobora kwirindwa.
NPB ni iki? - Isesengura ryoroshye kuva mubwubatsi kugeza kubushobozi bwibanze
Abantu benshi batekereza ko ijambo "broket broker" ritwara inzitizi ya tekinike yo kwinjira. Ariko, ikigereranyo cyoroshye cyane ni ugukoresha "uburyo bwo gutondekanya ibintu byihuta": urujya n'uruza ni "parcelle Express," NPB ni "ikigo cyo gutondeka," kandi igikoresho cyo kugenzura ni "aho bakirira." Akazi ka NPB nuguteranya uduce twatatanye (guteranya), kuvanaho parike zitemewe (kuyungurura), no kuzitondekanya ukoresheje aderesi (kugabura). Irashobora kandi gupakurura no kugenzura parcelle idasanzwe (decryption) no gukuraho amakuru yihariye (massage) - inzira yose irakora neza kandi neza.
1. Ubwa mbere, reka turebe "skeleton" ya NPB: ibyingenzi bitatu byububiko
Ibikorwa bya NPB bishingiye rwose kubufatanye bwiyi modul eshatu; nta n'umwe muri bo ushobora kubura:
○Inzira yo Kugera Kumodoka: Iringana na "Express delivery port" kandi ikoreshwa muburyo bwo kwakira urujya n'uruza ruva ku cyambu cya indorerwamo (SPAN) cyangwa gutandukanya (TAP). Utitaye ku kuba ari traffic iva kumurongo ufatika cyangwa umuyoboro usanzwe, irashobora gukusanywa muburyo bumwe.
○Moteri yo gutunganya: Ubu ni "ubwonko bwibanze bwikigo gitondekanya" kandi bushinzwe "gutunganya" cyane - nko guhuza ibinyabiziga byinshi (guhuriza hamwe), gushungura ibinyabiziga biva mubwoko runaka bwa IP (kuyungurura), gukoporora umuhanda umwe no kohereza mubikoresho bitandukanye (gukoporora), gushishoza SSL / TLS ibanga ryibanga (decryption), nibindi byose "ibikorwa byiza" birarangiye. "
○Ikwirakwizwa ryamasomo: Ninkaho "umutware" ukwirakwiza neza traffic yatunganijwe kubikoresho bikurikirana kandi birashobora no kuringaniza imizigo - kurugero, niba igikoresho cyo gusesengura imikorere gihuze cyane, igice cyumuhanda kizagabanywa kubikoresho byabigenewe kugirango wirinde kurenza igikoresho kimwe.
2. NPB "Ubushobozi Bukuru": Imikorere 12 yibanze ikemura 90% yibibazo byurusobe
NPB ifite imirimo myinshi, ariko reka twibande kubikorwa bikoreshwa cyane ninganda. Buri kimwe gihuye nububabare bufatika:
○Kugarura ibinyabiziga / Gukusanya + GushunguraKurugero, niba uruganda rufite imiyoboro 10 ihuza, NPB ibanza guhuza traffic yimiyoboro 10, hanyuma ikayungurura "duplicate data packets" na "traffic traffic" (nkumuhanda uva kubakozi bareba videwo), kandi ikohereza gusa traffic ijyanye nubucuruzi kubikoresho byo kugenzura - kuzamura imikorere neza kuri 300%.
○SSL / TLS Ibanga: Muri iki gihe, ibitero byinshi bibi byihishe muri traffic ibanga ya HTTPS. NPB irashobora gutobora neza urujya n'uruza, kwemerera ibikoresho nka IDS na IPS "kureba binyuze" mu ibanga kandi bigafata iterabwoba ryihishe nko guhuza amafi na kode mbi.
○Guhisha amakuru / Kwemeza: Niba traffic irimo amakuru yoroheje nka nimero yikarita yinguzanyo na nimero yubwiteganyirize, NPB izahita "isiba" aya makuru mbere yo kohereza mubikoresho byo gukurikirana. Ibi ntabwo bizahindura isesengura ryigikoresho, ariko kandi bizubahiriza PCI-DSS (kubahiriza ubwishyu) hamwe na HIPAA (kubahiriza ubuzima) ibisabwa kugirango hirindwe amakuru.
○Kuringaniza Umutwaro + KunanirwaNiba uruganda rufite ibikoresho bitatu bya SIEM, NPB izagabana ibinyabiziga hagati yabyo kugirango birinde igikoresho icyo aricyo cyose. Niba igikoresho kimwe cyananiranye, NPB izahita ihindura traffic kubikoresho byabigenewe kugirango ikurikirane idahagarara. Ibi ni ingenzi cyane cyane mu nganda nk'imari n'ubuvuzi aho igihe cyo gutaha kitemewe.
○Guhagarika umuyoboro: VXLAN, GRE nizindi "Tunnel Protocole" ubu zikoreshwa cyane murusobe rwibicu. Ibikoresho gakondo ntibishobora kumva protocole. NPB irashobora "gusenya" iyi tunel no gukuramo traffic nyayo imbere, yemerera ibikoresho bishaje gutunganya traffic mubidukikije.
Ihuriro ryibi bintu bituma NPB idashobora "kureba gusa" ibanga ryabitswe, ariko kandi "ikarinda" amakuru yoroheje kandi "ihuza" n’ibidukikije bitandukanye bigoye - niyo mpamvu ishobora guhinduka igice cyibanze.
III. NPB ikoreshwa he? - Ibintu bitanu byingenzi bikemura ibibazo nyabyo bikenewe
NPB ntabwo igikoresho kimwe-gifite-ibikoresho byose; Ahubwo, ihuza neza na sisitemu zitandukanye. Yaba data center, umuyoboro wa 5G, cyangwa ibidukikije byigicu, isanga porogaramu zuzuye. Reka turebe imanza nke zisanzwe zerekana iyi ngingo:
1. Data Centre: Urufunguzo rwo Gukurikirana Iburasirazuba-Iburengerazuba
Ibigo byamakuru gakondo byibanda gusa kumuhanda wamajyaruguru-yepfo (traffic kuva seriveri igana hanze yisi). Nyamara, mububiko bwamakuru bwibanze, 80% yimodoka ni iburasirazuba-uburengerazuba (traffic hagati yimashini ziboneka), ibikoresho gakondo ntibishobora gufata. Aha niho NPB ziza zikenewe:
Kurugero, isosiyete nini ya interineti ikoresha VMware mukubaka ikigo cyamakuru. NPB ihujwe na vSphere (urubuga rwo gucunga VMware) kugirango ifate neza urujya n'uruza rw'iburengerazuba hagati yimashini ziboneka no kuyikwirakwiza kuri IDS n'ibikoresho byo gukora. Ibi ntibikuraho gusa "gukurikirana ibibanza bihumye," ahubwo binongera imikorere yibikoresho 40% binyuze mu kuyungurura ibinyabiziga, bigabanya mu buryo butaziguye igihe cyo hagati cyo gusana (MTTR) mo kabiri.
Byongeye kandi, NPB irashobora gukurikirana imitwaro ya seriveri kandi ikemeza ko amakuru yishyuwe yubahiriza PCI-DSS, bigahinduka "ibikorwa byingenzi no kubitaho" kubigo byamakuru.
2. SDN / NFV Ibidukikije: Inshingano zoroshye Guhuza na software-isobanura imiyoboro
Ubu ibigo byinshi bikoresha SDN (Software Defined Networking) cyangwa NFV (Virtualisation Network Network). Imiyoboro ntabwo ikiri ibyuma bikosorwa, ahubwo ni serivisi za software zoroshye. Ibi bisaba NPBs guhinduka cyane:
Kurugero, kaminuza ikoresha SDN kugirango ishyire mubikorwa "Zana Igikoresho cyawe (BYOD)" kugirango abanyeshuri nabarimu bashobore guhuza umuyoboro wikigo ukoresheje terefone na mudasobwa. NPB ihujwe nu mugenzuzi wa SDN (nka OpenDaylight) kugirango hamenyekane ubwigunge bw’imodoka hagati y’imyigishirize n’ibiro mu gihe ikwirakwiza neza ibinyabiziga biva muri buri gace kubikoresho byo gukurikirana. Ubu buryo ntabwo bugira ingaruka ku mikoreshereze y’abanyeshuri n’abarimu, kandi butuma hamenyekana ku gihe ku buryo budasanzwe amasano adasanzwe, nko kugera kuri aderesi ya IP mbi.
Kimwe nukuri kubidukikije bya NFV. NPB irashobora gukurikirana urujya n'uruza rw'umuriro (vFWs) hamwe nuburinganire bwimikorere (vLBs) kugirango harebwe imikorere ihamye yibi "bikoresho bya software", byoroshye cyane kuruta kugenzura ibyuma gakondo.
3. Imiyoboro ya 5G: Gucunga ibinyabiziga bigabanijwe hamwe nu mpande zombi
Ibintu nyamukuru biranga 5G ni "umuvuduko mwinshi, umuvuduko muke, hamwe n’amasano manini", ariko ibi kandi bizana imbogamizi nshya mugukurikirana: kurugero, tekinoroji ya 5G ya "net slicing" irashobora kugabanya umuyoboro umwe wumubiri mubice byinshi byumvikana (urugero, igice gito cyihuta cyo gutwara ibinyabiziga byigenga hamwe nigice kinini gihuza IoT), kandi ibinyabiziga muri buri gice bigomba gukurikiranwa byigenga.
Umukoresha umwe yakoresheje NPB kugirango akemure iki kibazo: yohereje igenzura rya NPB ryigenga kuri buri gice cya 5G, kidashobora gusa kureba ubukererwe no kwinjiza buri gice mu gihe nyacyo, ariko kandi kigahagarika urujya n'uruza rudasanzwe (nko kwinjira bitemewe hagati y’ibice) mu gihe gikwiye, rwemeza ko ubukererwe buke bw’ibikorwa by’ibanze nko gutwara ibinyabiziga byigenga.
Byongeye kandi, 5G edge computing computing ikwirakwizwa mu gihugu hose, kandi NPB irashobora kandi gutanga "verisiyo yoroheje" ikoreshwa kumurongo wo kugenzura urujya n'uruza no kwirinda gutinda guterwa no kohereza amakuru inyuma.
4. Ibidukikije Ibicu / Hybrid IT: Gucamo inzitizi zo kugenzura ibicu rusange na byigenga
Ibigo byinshi ubu bikoresha ibicu bivangavanze - ibikorwa bimwe biba kuri Alibaba Cloud cyangwa Tencent Cloud (ibicu rusange), bimwe kubicu byabo bwite, nibindi kuri seriveri yaho. Muri iki gihe, traffic ikwirakwizwa ahantu henshi, bigatuma igenzura rihagarara byoroshye.
Banki y'Ubushinwa Minsheng ikoresha NPB mu gukemura iki kibazo cy'ububabare: ubucuruzi bwayo bukoresha Kubernetes mu kohereza ibikoresho. NPB irashobora gufata mu buryo butaziguye urujya n'uruza hagati ya kontineri (Pods) kandi igahuza urujya n'uruza hagati ya seriveri n'ibicu byigenga kugira ngo ikore "igenzura rirangirira ku ndunduro" - utitaye ko ubucuruzi buri mu gicu rusange cyangwa igicu cyigenga, igihe cyose hari ikibazo cyimikorere, itsinda rishinzwe ibikorwa no kubungabunga rishobora gukoresha amakuru yumuhanda wa NPB kugirango bamenye vuba niba ari ikibazo kijyanye no guhamagara hagati ya kontineri cyangwa guhuza ibicu biturutse kuri 60%.
Kubicu rusange-bikodeshwa rusange, NPB irashobora kandi kwemeza ko umuhanda wigunga hagati yinganda zitandukanye, gukumira amakuru kumeneka, no kubahiriza ibisabwa ninganda zimari.
Mu gusoza: NPB ntabwo "ihitamo" ahubwo "igomba"
Nyuma yo gusuzuma ibi bintu, uzasanga NPB itakiri ikoranabuhanga ryiza ahubwo ni igikoresho gisanzwe cyibigo kugirango bihangane numuyoboro utoroshye. Kuva mubigo byamakuru kugeza kuri 5G, kuva mubicu byigenga kugeza IT ivanze, NPB irashobora kugira uruhare ahantu hose hakenewe imiyoboro igaragara.
Hamwe no kwiyongera kwa AI hamwe na computing computing, traffic traffic izarushaho kuba ingorabahizi, kandi ubushobozi bwa NPB buzarushaho kuzamurwa (urugero, gukoresha AI kugirango uhite umenya urujya n'uruza rudasanzwe kandi rushobore guhuza n'imihindagurikire yoroheje kuruhande). Ku mishinga, gusobanukirwa no gukoresha NPB hakiri kare bizabafasha gufata ingamba zurusobe no kwirinda kuzenguruka muguhindura imibare.
Wigeze uhura nibibazo byo gukurikirana imiyoboro munganda zawe? Kurugero, ntushobora kubona ibanga ryabitswe, cyangwa kugenzura ibicu bivangwa? Wumve neza gusangira ibitekerezo byawe mugice cyibitekerezo hanyuma reka dushakire hamwe ibisubizo.
Igihe cyo kohereza: Nzeri-23-2025
