Igikoresho gikunze gukoreshwa cyane mu kugenzura no gukemura ibibazo by’imiyoboro y’itumanaho muri iki gihe ni Switch Port Analyzer (SPAN), izwi kandi nka Port mirroring. Kidufasha kugenzura urujya n’uruza rw’itumanaho mu buryo bwo kunyura mu buryo bwa band tudabangamiye serivisi ziri kuri network, kandi cyohereza kopi y’urujya n’uruza rw’itumanaho rukurikiranwa ku bikoresho byo mu gace cyangwa kure, harimo Sniffer, IDS, cyangwa ubundi bwoko bw’ibikoresho byo gusesengura umurongo w’itumanaho.
Bimwe mu bikoreshwa bisanzwe ni ibi bikurikira:
• Gukemura ibibazo by'umuyoboro w'itumanaho hakoreshejwe uburyo bwo kugenzura/gukurikirana amakuru;
• Gusesengura igihe cyo gutinda no gutitira hakoreshejwe uburyo bwa VoIP;
• Gusesengura igihe cyo gutinda hakoreshejwe uburyo bwo kugenzura imikoranire y'imiyoboro;
• Gutahura ibitagenda neza ukurikije urujya n'uruza rw'abantu kuri interineti.
Uburyo bwo gukwirakwiza amakuru kuri SPAN bushobora kwerekezwa mu buryo bugaragara ku zindi mbuga ku gikoresho kimwe cyo gukwirakwiza amakuru, cyangwa bukagaragazwa mu buryo butaziguye ku zindi mashini zo kuri interineti zegereye Urwego rwa 2 rw'igikoresho cyo gukwirakwiza amakuru (RSPAN).
Uyu munsi tugiye kuvuga ku ikoranabuhanga ryo kugenzura urujya n'uruza rw'abantu kuri interineti rya Remote ryitwa ERSPAN (Encapsulated Remote Switch Port Analyzer) rishobora koherezwa mu byiciro bitatu bya IP. Iyi ni inyongera ya SPAN kuri Encapsulated Remote.
Amahame shingiro y'imikorere ya ERSPAN
Mbere na mbere, reka turebe imikorere ya ERSPAN:
• Kopi y'ipaki ivuye aho ikomoka yoherezwa kuri seriveri kugira ngo igenzurwe binyuze muri Generic Routing Encapsulation (GRE). Aho seriveri iherereye ntabwo ari ho hagaritswe.
• Hakoreshejwe uburyo bwa User Defined Field (UDF) bwa chip, ihinduka ry’amabaiti kuva kuri 1 kugeza kuri 126 rikorwa hashingiwe ku rubuga rwa Base binyuze ku rutonde rw’abahanga, kandi amagambo y’ingenzi y’itsinda ahuzwa kugira ngo harebwe uko isomo rimeze, nko gukoresha intoki za TCP mu buryo butatu na RDMA;
• Igipimo cyo gushyiraho ingero z'inkunga;
• Ishyigikira uburebure bwo gufata paki (Gukata paki), ikagabanya umuvuduko kuri seriveri y’intego.
Ukoresheje izi porogaramu, urashobora kubona impamvu ERSPAN ari igikoresho cy'ingenzi mu kugenzura imiyoboro iri mu bigo by'amakuru muri iki gihe.
Imirimo y'ingenzi ya ERSPAN ishobora gusobanurwa mu buryo bubiri:
• Kugaragara kw'itsinda: Koresha ERSPAN kugira ngo ukusanye ibiganiro bishya byose byakozwe na TCP na Remote Direct Memory Access (RDMA) kuri seriveri y'inyuma kugira ngo igaragazwe;
• Gukemura ibibazo by’itumanaho: Ifata umurongo w’itumanaho ry’itumanaho kugira ngo ikore isesengura ry’amakosa iyo habayeho ikibazo cy’itumanaho.
Kugira ngo ibi bigerweho, igikoresho cya interineti gikeneye gukusanya amakuru ashimishije umukoresha aturutse ku makuru menshi, gukora kopi, no gushyira buri gikoresho cya kopi mu "gikoresho cya superframe" cyihariye gikubiyemo amakuru ahagije kugira ngo kibashe koherezwa neza ku gikoresho cyakira. Byongeye kandi, fasha igikoresho cyakira gukuramo no kugarura amakuru yose yagenzuwe mbere.
Igikoresho cyakira gishobora kuba indi seriveri ishyigikira gusohora uduce duto twa ERSPAN.
Isesengura ry'ubwoko bwa ERSPAN n'imiterere ya paki
Paki za ERSPAN zishyirwa mu masanduku hakoreshejwe GRE hanyuma zoherezwa ahantu hose hashobora kwandikirwa aderesi ya IP hakoreshejwe Ethernet. ERSPAN ubu ikoreshwa cyane cyane kuri interineti ya IPv4, kandi ubufasha bwa IPv6 buzakenerwa mu gihe kizaza.
Ku bijyanye n'imiterere rusange ya ERSAPN, ibi bikurikira ni ifoto y'ipaki y'indorerwamo ya paki za ICMP:
Porotokole ya ERSPAN imaze igihe kinini itera imbere, kandi hamwe no kongera ubushobozi bwayo, hashyizweho verisiyo nyinshi, zitwa "Ubwoko bwa ERSPAN". Ubwoko butandukanye bufite imiterere itandukanye y'umutwe w'amashusho.
Bisobanurwa mu gice cya mbere cya Verisiyo cy'umutwe wa ERSPAN:
Byongeye kandi, agace ka Protocol Type mu mutwe wa GRE kandi kerekana ubwoko bwa ERSPAN bw'imbere. Agace ka Protocol Type 0x88BE kerekana ubwoko bwa ERSPAN II, naho 0x22EB kerekana ubwoko bwa ERSPAN III.
1. Ubwoko bwa I
Agasanduku ka ERSPAN ka Type I gashyiramo IP na GRE hejuru y'umutwe w'ikirahure cy'umwimerere. Iyi kireko yongeraho byte 38 hejuru y'ikirahure cy'umwimerere: 14 (MAC) + 20 (IP) + 4 (GRE). Akamaro k'ubu buryo ni uko bufite ingano nto y'umutwe kandi igabanya ikiguzi cyo kohereza. Ariko, kubera ko gashyira amashami ya GRE Flag na Verisiyo kuri 0, ntabwo gatwara amashami maremare kandi Ubwoko bwa I ntibukoreshwa cyane, bityo nta mpamvu yo kwagura byinshi.
Imiterere ya GRE header ya Type I ni iyi ikurikira:
2. Ubwoko bwa kabiri
Mu bwoko bwa II, imirima ya C, R, K, S, S, Recur, Flags, na Verisiyo mu mutwe wa GRE yose ni 0 uretse S. Kubwibyo, imirima ya Sequence Number igaragara mu mutwe wa GRE wo mu bwoko bwa II. Ni ukuvuga ko ubwoko bwa II bushobora kwemeza ko paki za GRE zikurikirana, ku buryo umubare munini wa paki za GRE zitari mu murongo ukwiye udashobora gutondekwa bitewe n'ikosa rya network.
Imiterere ya GRE header yo mu bwoko bwa II ni iyi ikurikira:
Byongeye kandi, imiterere ya frame ya ERSPAN Type II yongeraho umutwe wa ERSPAN wa byte 8 hagati y'umutwe wa GRE n'umubumbe w'umwimerere.
Imiterere y'umutwe wa ERSPAN wo mu bwoko bwa II ni iyi ikurikira:
Amaherezo, nyuma gato y'ishusho y'umwimerere, hari kode isanzwe ya Ethernet cyclic redundancy check (CRC) ya byte 4.
Ni ngombwa kumenya ko mu ishyirwa mu bikorwa, indorerwamo idafite aho ihuriye na FCS y'indorerwamo y'umwimerere, ahubwo agaciro gashya ka CRC kabarwa hashingiwe kuri ERSPAN yose. Ibi bivuze ko igikoresho cyakira kidashobora kwemeza ukuri kwa CRC y'indorerwamo y'umwimerere, kandi dushobora gutekereza gusa ko indorerwamo zitangiritse ari zo zonyine zigaragara.
3. Ubwoko bwa gatatu
Ubwoko bwa III butanga umutwe munini kandi woroshye wo guhuza kugira ngo ukemure ibibazo birushaho kuba bigoye kandi bitandukanye byo kugenzura umuyoboro, harimo ariko bitagarukira gusa ku gucunga umuyoboro, kumenya aho winjirira, gusesengura imikorere n'ibitinda, n'ibindi byinshi. Ibi bice bigomba kumenya ibipimo byose by'umwimerere bya frame y'indorerwamo no gushyiramo ibitari muri frame y'umwimerere ubwayo.
Umutwe wa ERSPAN Type III ugizwe n'umutwe wa byte 12 utegetswe hamwe n'umutwe muto udasanzwe wa byte 8 ku rubuga rwa interineti.
Imiterere y'umutwe wa ERSPAN kuri Type III ni iyi ikurikira:
Nanone, nyuma y'ishusho y'indorerwamo y'umwimerere hari CRC ya byte 4.
Nkuko bigaragara mu buryo bw'umutwe bwa Type III, uretse kugumana imirima ya Ver, VLAN, COS, T na Session ID hashingiwe ku bwoko bwa II, imirima myinshi yihariye yongewemo, nka:
• BSO: ikoreshwa mu kwerekana ubusugire bw'umutwaro w'amakuru anyura muri ERSPAN. 00 ni ishusho nziza, 11 ni ishusho mbi, 01 ni ishusho ngufi, 11 ni ishusho nini;
• Igihe: cyoherejwe mu isaha ya mudasobwa ihujwe n'igihe cya sisitemu. Iyi field ya biti 32 ishyigikira nibura mikorosegonda 100 za Timestamp granularity;
• Ubwoko bwa Frame (P) n'ubwoko bwa Frame (FT): iya mbere ikoreshwa mu kugaragaza niba ERSPAN ifite Ethernet protocol frames (PDU frames), naho iya nyuma ikoreshwa mu kugaragaza niba ERSPAN ifite Ethernet frames cyangwa paki za IP.
• HW ID: ikimenyetso cyihariye cya moteri ya ERSPAN muri sisitemu;
• Gra (Ubunini bw'igihe): Igaragaza Ubunini bw'igihe. Urugero, 00B ihagarariye Ubunini bwa microsegonda 100, Ubunini bwa nanosegonda 01B 100, Ubunini bwa 10B IEEE 1588, naho 11B isaba imitwe mito yihariye ya platform kugira ngo igere ku Bunini buri hejuru.
• Indangamuntu ya Platf vs. Amakuru yihariye ya Platf: Amasambu y'amakuru yihariye ya Platf afite imiterere n'ibikubiye mu nyandiko bitewe n'agaciro ka Platf ID.
Icyitonderwa ni uko amashami atandukanye y’umutwe ashyigikiwe haruguru ashobora gukoreshwa muri porogaramu zisanzwe za ERSPAN, ndetse no mu kwerekana amafuremu y’amakosa cyangwa amafuremu ya BPDU, mu gihe hagumana paki y’umwimerere ya Trunk na VLAN ID. Byongeye kandi, amakuru y’ingenzi yerekeye igihe n’andi mashami y’amakuru bishobora kongerwa kuri buri furemu ya ERSPAN mu gihe cyo kwerekana amafuremu.
Dukoresheje imitwe y'imikorere ya ERSPAN, dushobora kugera ku isesengura ryiza ry'urujya n'uruza rw'itumanaho, hanyuma tugashyiraho ACL ijyanye nayo muri gahunda ya ERSPAN kugira ngo ihuze n'uruza rw'itumanaho dushishikajwe narwo.
ERSPAN ishyira mu bikorwa uburyo bwo kugaragara kw'igihe cya RDMA
Reka dufate urugero rwo gukoresha ikoranabuhanga rya ERSPAN kugira ngo tugere ku ishusho ya RDMA mu buryo bwa RDMA:
RDMA: Remote Direct Memory Access ifasha adaptateri ya network ya server A gusoma no kwandika Memory ya server B ikoresheje amakarita y’ikoranabuhanga (inics) n’amaswichi, bigatuma habaho bandwidth iri hejuru, latency iri hasi, ndetse n’ikoreshwa ry’umutungo rike. Ikoreshwa cyane mu buryo bwa big data no mu buryo bwo kubika amakuru bufite imikorere myiza.
RoCEv2: RDMA ikoresheje Verisiyo ya 2 ya Converged Ethernet. Amakuru ya RDMA akubiye muri UDP Header. Nimero y'aho ugana ni 4791.
Imikorere ya buri munsi no kubungabunga RDMA bisaba gukusanya amakuru menshi, akoreshwa mu gukusanya imirongo y’amazi ya buri munsi n’ibiza bidasanzwe, ndetse n’ishingiro ryo kubona ibibazo bidasanzwe. Hamwe na ERSPAN, amakuru menshi ashobora gufatwa vuba kugira ngo haboneke amakuru y’ubwiza bwa microsecond forwarding na protocole interactions status of switching chip. Binyuze mu mibare n’isesengura ry’amakuru, isuzuma ry’ubwiza bwa RDMA kuva ku mpera kugeza ku mpera rirashobora kuboneka.
Kugira ngo tugere ku iyerekwa rya RDAM, dukeneye ERSPAN guhuza amagambo y'ingenzi yo gukoresha RDMA mu gihe dukoresha ikoranabuhanga, kandi tugomba gukoresha urutonde rw'abahanga.
Ibisobanuro by'urutonde rw'inzobere ku rwego rwo hejuru rw'urutonde rw'ibice bihuza:
UDF igizwe n'ibice bitanu: ijambo ry'ingenzi rya UDF, umurima w'ibanze, umurima wa offset, umurima w'agaciro, n'umurima wa mask. Kubera ubushobozi bwo kwandika ibikoresho, UDF umunani zose hamwe zishobora gukoreshwa. UDF imwe ishobora guhuza na byte ebyiri ntarengwa.
• Ijambo ry'ingenzi rya UDF: UDF1... UDF8 Irimo amagambo umunani y'ingenzi ya domaine ihuza UDF
• Umwanya w'ibanze: ugaragaza aho utangira umushinga uhuza UDF. Ibi bikurikira
Umutwe_w'umutwe wa L4 (ukoreshwa kuri RG-S6520-64CQ)
Umutwe_w'umutwe wa L5 (kuri RG-S6510-48VS8Cq)
• Guhagarika: bigaragaza guhagarara hashingiwe ku murima w'ibanze. Agaciro kari hagati ya 0 na 126
• Agace k'agaciro: agaciro gahuye. Gashobora gukoreshwa hamwe n'agace k'agapfukamunwa kugira ngo hakosorwe agaciro runaka gahuye. Igice cyemewe ni byte ebyiri
• Agace ka mask: mask, biti yemewe ni byte ebyiri
(Ongeramo: Niba hakoreshejwe inyandiko nyinshi mu mwanya umwe uhuza UDF, imirima y'ibanze n'iya offset igomba kuba imwe.)
Udupaki tubiri tw’ingenzi dufitanye isano n’imiterere y’igihe cya RDMA ni Paketi y’Itangazo ry’Ihungabana (CNP) na Negative Acknowledgment (NAK):
Iya mbere ikorwa na RDMA receiver nyuma yo kwakira ubutumwa bwa ECN bwoherejwe na switch (iyo eout Buffer igeze ku mupaka), irimo amakuru yerekeye flow cyangwa QP itera kuziba kw'amakuru. Iya nyuma ikoreshwa mu kwerekana ko RDMA transmission ifite ubutumwa bwo gusubiza ku ipaki.
Reka turebe uburyo bwo guhuza ubu butumwa bubiri dukoresheje urutonde rw'abahanga:
urutonde rw'impuguke rwongerewe rw'abakoresha rdma
tanga uburenganzira bwo gukoresha udp iyo ari yo yose cyangwa indi eq 4791udf 1 l4_header 8 0x8100 0xFF00(Ihuye na RG-S6520-64CQ)
tanga uburenganzira bwo gukoresha udp iyo ari yo yose cyangwa indi eq 4791udf 1 l5_header 0 0x8100 0xFF00(Ihuye na RG-S6510-48VS8CQ)
urutonde rw'impuguke rwongerewe rw'abakoresha rdma
tanga uburenganzira bwo gukoresha udp iyo ari yo yose cyangwa indi eq 4791udf 1 l4_header 8 0x1100 0xFF00 udf 2 l4_header 20 0x6000 0xFF00(Ihuye na RG-S6520-64CQ)
tanga uburenganzira bwo gukoresha udp iyo ari yo yose cyangwa indi eq 4791udf 1 l5_header 0 0x1100 0xFF00 udf 2 l5_header 12 0x6000 0xFF00(Ihuye na RG-S6510-48VS8CQ)
Intambwe ya nyuma, ushobora kwiyumvisha ikiganiro cya RDMA ushyira urutonde rw'inzobere mu buryo bukwiye bwa ERSPAN.
Andika mu ipaji ya nyuma
ERSPAN ni kimwe mu bikoresho by'ingenzi mu miyoboro y'amakuru iri kwiyongera muri iki gihe, urujya n'uruza rw'amakuru rugenda rurushaho kuba rugoye, ndetse n'ibikenewe mu mikorere no kubungabunga imiyoboro.
Bitewe n’ubwiyongere bw’imikorere ya O&M, ikoranabuhanga nka Netconf, RESTconf, na gRPC rikunzwe cyane n’abanyeshuri ba O&M muri O&M yikora kuri interineti. Gukoresha gRPC nk'uburyo bw'ibanze bwo kohereza amakuru ku mirasire bifite ibyiza byinshi. Urugero, hashingiwe kuri protocole ya HTTP/2, ishobora gushyigikira uburyo bwo gusunika amakuru munsi y’umurongo umwe. Hamwe na encoding ya ProtoBuf, ingano y'amakuru igabanukaho kimwe cya kabiri ugereranije na format ya JSON, bigatuma kohereza amakuru byihuta kandi neza kurushaho. Tekereza gato, niba ukoresha ERSPAN kugira ngo ugaragaze imiyoboro ishimishije hanyuma ukayohereza kuri seriveri y'isesengura kuri gRPC, ese bizamura cyane ubushobozi n'imikorere myiza y'imikorere no kubungabunga imiyoboro?
Igihe cyo kohereza: Gicurasi-10-2022
