English

Gusobanukirwa SPAN, RSPAN na ERSPAN: Ubuhanga bwo gukurikirana traffic traffic

SPAN, RSPAN, na ERSPANni tekinike ikoreshwa muguhuza gufata no gukurikirana traffic kugirango isesengurwe. Dore incamake muri buri:

SPAN (Isesengura rya Port Port)

Intego: Yifashishijwe mu kwerekana indorerwamo ziva ku byambu byihariye cyangwa VLANs kuri switch ku kindi cyambu cyo gukurikirana.

Koresha Urubanza: Nibyiza kubisesengura ryumuhanda waho kuri switch imwe. Urujya n'uruza rwerekanwe ku cyambu cyagenwe aho isesengura ry'urusobe rishobora kugifata.

RSPAN (Umuyoboro wa kure)

Intego: Yagura ubushobozi bwa SPAN muburyo bwinshi bwo guhinduranya murusobe.

Koresha Urubanza: Emerera gukurikirana traffic kuva kumurongo umwe ujya mubindi hejuru yumurongo. Nibyiza kuri ssenariyo aho igikoresho cyo kugenzura giherereye muburyo butandukanye.

ERSPAN (Encapsulated Remote SPAN)

Intego: Ihuza RSPAN na GRE (Generic Routing Encapsulation) kugirango ikurikirane traffic traffic.

Koresha Urubanza: Emerera kugenzura urujya n'uruza rwinshi. Ibi ni ingirakamaro muburyo bugoye bwububiko aho traffic igomba gufatwa mubice bitandukanye.

Hindura icyambu Isesengura (SPAN)ni uburyo bunoze, bukora neza bwo kugenzura ibinyabiziga. Iyobora cyangwa indorerwamo yimodoka iva ku cyambu cyangwa VLAN kugera ku cyambu. Ibi rimwe na rimwe byitwa gukurikirana amasomo. SPAN ikoreshwa mugukemura ibibazo byihuza no kubara imikoreshereze yimikorere nibikorwa, mubindi byinshi. Hariho ubwoko butatu bwa SPAN bushyigikiwe nibicuruzwa bya Cisco…

a. SPAN cyangwa SPAN yaho.

b. Umuyoboro wa kure (RSPAN).

c. Encapsulated remote SPAN (ERSPAN).

Kumenya: "Mylinking ™ Umuyoboro wa Packet Broker hamwe na SPAN, RSPAN na ERSPAN Ibiranga"

SPAN, RSPAN, ERSPAN

SPAN / traffic mirroring / port mirroring ikoreshwa mubikorwa byinshi, hepfo harimo bimwe.

- Gushyira mubikorwa IDS / IPS muburyo bwubusambanyi.

- VOIP guhamagara ibisubizo byafashwe amajwi.

- Impamvu zubahiriza umutekano zo gukurikirana no gusesengura traffic.

- Gukemura ibibazo byihuza, gukurikirana traffic.

Hatitawe ku bwoko bwa SPAN bukora, isoko ya SPAN irashobora kuba ubwoko bwicyambu icyo aricyo cyose ni icyambu cyanyuze inzira, icyambu gihindura umubiri, icyambu cyinjira, umutiba, VLAN (ibyambu byose bikurikiranwa na switch), EtherChannel (haba icyambu cyangwa icyambu cyose -Umuyoboro uhuza) nibindi Menya ko icyambu cyagenewe icyerekezo cya SPAN NTIBISHOBORA kuba igice cya SPAN isoko VLAN.

Imyitozo ya SPAN ishyigikira kugenzura urujya n'uruza rwinjira (kwinjira muri SPAN), egress traffic (egress SPAN), cyangwa traffic itemba mubyerekezo byombi.

- Ingress SPAN (RX) ikoporora traffic yakiriwe nicyambu cyaturutse hamwe na VLANs ku cyambu. SPAN ikoporora traffic mbere yo guhinduka (urugero mbere ya VACL cyangwa ACL iyungurura, QoS cyangwa kwinjira cyangwa polisi ya egress).

- Egress SPAN (TX) ikoporora ibinyabiziga biva ku byambu biva muri VLANs bigana ku cyambu. Ibyingenzi byose byungururwa cyangwa bihindurwa na VACL cyangwa ACL muyunguruzi, QoS cyangwa kwinjira cyangwa ibikorwa bya polisi ya egress bikorwa mbere yuko uhinduranya ugana ibinyabiziga ku cyambu cya SPAN.

- Iyo ijambo ryibanze ryombi ryakoreshejwe, SPAN ikoporora urujya n'uruza rwakiriwe kandi rwoherejwe nicyambu cyaturutse hamwe na VLANs ku cyambu.

- SPAN / RSPAN mubisanzwe yirengagiza CDP, STP BPDU, VTP, DTP na PAgP. Nyamara ubu bwoko bwumuhanda burashobora koherezwa niba ensapsulation yigana itegeko ryashyizweho.

SPAN cyangwa SPAN

SPAN yerekana indorerwamo ziva kumurongo umwe cyangwa nyinshi kuri switch kuri imwe cyangwa nyinshi kuri interineti imwe; niyo mpamvu SPAN ivugwa cyane nka LOCAL SPAN.

Amabwiriza cyangwa ibibujijwe kuri SPAN yaho:

- Byombi Layeri 2 yahinduwe ibyambu na Layeri 3 ibyambu birashobora gushyirwaho nkinkomoko cyangwa ibyambu.

- Inkomoko irashobora kuba icyambu kimwe cyangwa byinshi cyangwa VLAN, ariko ntabwo ivanze ryibi.

- Ibyambu byibyambu ni ibyambu byemewe byemewe bivanze nibyambu bitari inkomoko.

- Ibyambu bigera kuri 64 bya SPAN birashobora gushyirwaho kuri switch.

- Iyo dushyizeho icyerekezo, icyerekezo cyacyo cyanditse hejuru. Niba iboneza rya SPAN ryakuweho, iboneza ryumwimerere kuri icyo cyambu rirasubizwa.

- Iyo ugenekereje aho ugana, icyambu kivanwa muri bundle iyo ari yo yose ya EtherChannel niba yari igice kimwe. Niba byari icyambu cyanyuze, iboneza rya SPAN rirenga ibyerekezo byerekanwe.

- Icyambu cyerekezo ntigishyigikira umutekano wicyambu, 802.1x kwemeza, cyangwa VLAN yigenga.

- Icyambu gishobora gukora nkicyerekezo cyerekezo cya SPAN imwe gusa.

- Icyambu ntigishobora gushyirwaho nkicyerekezo cyerekezo niba ari isoko yicyerekezo cyigihe cyangwa igice cyinkomoko VLAN.

- Imiyoboro ya porte (EtherChannel) irashobora gushyirwaho nkibyambu nkomoko ariko ntabwo ari icyerekezo cya SPAN.

- Icyerekezo cyumuhanda "byombi" muburyo busanzwe bwa SPAN.

- Icyambu cyerekezo ntigishobora kwitabira kurugero rwibiti. Ntushobora gushyigikira DTP, CDP nibindi. Kubwibyo ntuzigere uhuza switch kuri ubu bwoko bwa SPAN kuko bishobora gutera urusobe.

. Kopi imwe yipaki iva mumodoka yinjira kumurongo winjira, naho iyindi kopi yapaki iva mumodoka ya egress kumurongo wa egress.

- VSPAN ikurikirana traffic gusa isiga cyangwa yinjira mubyambu bya Layeri 2 muri VLAN.

SPAN, RSPAN, ERSPAN 1

SPAN, RSPAN, na ERSPAN nubuhanga bukoreshwa muguhuza gufata no gukurikirana traffic kugirango isesengurwe. Dore incamake muri buri:

SPAN (Isesengura rya Port Port)

  • Intego: Byakoreshejwe mu kwerekana indorerwamo ziva ku byambu byihariye cyangwa VLANs kuri switch ku kindi cyambu cyo gukurikirana.
  • Koresha Urubanza: Nibyiza kubisesengura ryumuhanda waho kuri switch imwe. Urujya n'uruza rwerekanwe ku cyambu cyagenwe aho isesengura ry'urusobe rishobora kugifata.

RSPAN (Umuyoboro wa kure)

  • Intego: Yagura ubushobozi bwa SPAN muburyo bwinshi bwo guhinduranya murusobe.
  • Koresha Urubanza: Emerera gukurikirana ibinyabiziga biva kumurongo umwe ujya mubindi hejuru yumurongo. Nibyiza kuri ssenariyo aho igikoresho cyo kugenzura giherereye muburyo butandukanye.

ERSPAN (Encapsulated Remote SPAN)

  • Intego: Ihuza RSPAN na GRE (Generic Routing Encapsulation) kugirango ikurikirane traffic traffic.
  • Koresha Urubanza: Emerera kugenzura urujya n'uruza rwinshi. Ibi ni ingirakamaro muburyo bugoye bwububiko aho traffic igomba gufatwa mubice bitandukanye.

Umuyoboro wa kure (RSPAN)

Hafi ya SPAN (RSPAN) isa na SPAN, ariko ishyigikira ibyambu bituruka, isoko VLANs, hamwe nibyambu byerekanwa kuri sisitemu zitandukanye, zitanga uburyo bwo gukurikirana kure yimodoka zituruka kumyambu yatanzwe ikwirakwizwa kuri sisitemu nyinshi kandi ikemerera aho igana ihuza ibikoresho byo gufata imiyoboro. Buri somo rya RSPAN ritwara urujya n'uruza rwa SPAN hejuru yumukoresha wagenwe RSPAN VLAN muburyo bwose bwitabira. Iyi VLAN ihita ihindurwamo izindi switch, bigatuma inzira ya RSPAN yimodoka itwarwa mumasoko menshi hanyuma igashyikirizwa sitasiyo ifata. RSPAN igizwe na RSPAN isoko yisoko, RSPAN VLAN, hamwe na RSPAN.

Amabwiriza cyangwa ibibujijwe kuri RSPAN:

- VLAN yihariye igomba gushyirwaho aho SPAN igana izanyura hagati yimikorere hagati ikoresheje imiyoboro ihuza inzira yerekeza.

- Irashobora gukora ubwoko bumwe bwinkomoko - byibuze icyambu kimwe cyangwa byibura VLAN imwe ariko ntibishobora kuvangwa.

- Aho amasomo azerekeza ni RSPAN VLAN aho kuba icyambu kimwe gihinduranya, bityo ibyambu byose muri RSPAN VLAN bizakira traffic traffic.

- Hindura VLAN iyariyo yose nka RSPAN VLAN mugihe cyose ibikoresho byose byurusobe bitabiriye gushyigikira iboneza rya RSPAN VLANs, kandi ukoreshe RSPAN VLAN imwe kuri buri somo rya RSPAN

.

- Kwiga adresse ya MAC birahagarikwa muri RSPAN VLAN.

SPAN, RSPAN, ERSPAN 2

Encapsulated remote SPAN (ERSPAN)

Encapsulated remote SPAN (ERSPAN) izana rusange ya routing encapsulation (GRE) kumodoka zose zafashwe kandi ikemerera kwaguka kumurongo wa 3.

ERSPAN ni aCiscoibiranga kandi iraboneka gusa kuri Catalyst 6500, 7600, Nexus, na ASR 1000 platform kugeza ubu. ASR 1000 ishyigikira isoko ya ERSPAN (gukurikirana) gusa kuri Ethernet yihuta, Ethernet ya Gigabit, hamwe nu murongo wa port-umuyoboro.

Amabwiriza cyangwa ibibujijwe kuri ERSPAN:

- Isoko rya ERSPAN ntirigana kopi ya ERSPAN GRE-ikubiyemo ibinyabiziga biva ku byambu. Buri soko rya ERSPAN rishobora kugira ibyambu cyangwa VLAN nkisoko, ariko sibyombi.

- Hatitawe ku bunini bwa MTU bwagenwe, ERSPAN ikora Layeri 3 yamapaki ashobora kuba maremare 9,202. Imodoka ya ERSPAN irashobora guhanurwa ninteruro iyo ari yo yose murusobe rukoresha ubunini bwa MTU buto burenze 9,202 bytes.

- ERSPAN ntabwo ishyigikiye gucamo ibice. "Ntugabanye" biti yashyizwe mumutwe wa IP yumupaki wa ERSPAN. Icyerekezo cya ERSPAN ntigishobora guteranya udupaki twa ERSPAN.

- Indangamuntu ya ERSPAN itandukanya traffic ERSPAN igera kumurongo umwe IP igana hamwe na ERSPAN itandukanye; indangamuntu ya ERSPAN igomba guhuza inkomoko nibikoresho bigenewe.

- Ku cyambu cyangwa isoko VLAN, ERSPAN irashobora gukurikirana ibyinjira, egress, cyangwa byombi byinjira na traffic. Mburabuzi, ERSPAN ikurikirana traffic yose, harimo multicast na Bridge Protocol Data Unit (BPDU).

- Imigaragarire ya tunnel ishyigikiwe nkibyambu byamasoko ya ERSPAN isomo ni GRE, IPinIP, SVTI, IPv6, IPv6 hejuru ya IP tunnel, Multipoint GRE (mGRE) hamwe na Interineti ya Virtual Tunnel (SVTI).

- Akayunguruzo VLAN ihitamo ntabwo ikora mumikorere yo gukurikirana ERSPAN kumurongo wa WAN.

- ERSPAN kuri Cisco ASR 1000 Series Routers ishyigikira gusa Layeri 3. Imigaragarire ya Ethernet ntabwo ishyigikiwe kuri ERSPAN mugihe igizwe na Layeri 2.

- Iyo isomo ryashyizweho binyuze muri ERSPAN iboneza CLI, indangamuntu y'icyiciro n'ubwoko bw'isomo ntibishobora guhinduka. Kugirango ubihindure, ugomba kubanza gukoresha nta buryo bwo kuboneza itegeko kugirango ukureho isomo hanyuma uhindure isomo.

- Cisco I.

- Cisco I. na Multilink PPP (multilink, pos, na serial ijambo ryibanze byongewe kumasoko yimbere yimbere).

SPAN, RSPAN, ERSPAN 3

Gukoresha ERSPAN nka SPAN Yibanze:

Kugira ngo ukoreshe ERSPAN kugirango ukurikirane traffic unyuze ku cyambu kimwe cyangwa byinshi cyangwa VLAN mu gikoresho kimwe, tugomba gukora isoko ya ERSPAN hamwe na ERSPAN aho igana mu gikoresho kimwe, amakuru atemba abera imbere muri router, bisa nkibyo muri SPAN yaho.

Ibintu bikurikira birakurikizwa mugihe ukoresha ERSPAN nka SPAN yaho:

- Amasomo yombi afite indangamuntu imwe ya ERSPAN.

- Amasomo yombi afite aderesi ya IP imwe. Iyi aderesi ya IP niyo router ifite IP adresse; ni ukuvuga, aderesi ya IP cyangwa aderesi ya IP yagizwe ku cyambu icyo ari cyo cyose.

(config) # gukurikirana amasomo 10 andika erspan-isoko
(config-mon-erspan-src) # isoko yimbere Gig0 / 0/0
(config-mon-erspan-src) # aho igana
(config-mon-erspan-src-dst) # ip adresse 10.10.10.1
(config-mon-erspan-src-dst) # inkomoko ip adresse 10.10.10.1
(config-mon-erspan-src-dst) # erspan-id 100

SPAN, RSPAN, ERSPAN 4

Igihe cyo kohereza: Kanama-28-2024
Kanda enter kugirango ushakishe cyangwa ESC kugirango ufunge