NetFlow na IPFIX byombi ni ikoranabuhanga rikoreshwa mu kugenzura no gusesengura imikorere y'umuyoboro w'itumanaho. Bitanga ubumenyi ku miterere y'urujya n'uruza rw'itumanaho, bigafasha mu kunoza imikorere, gukemura ibibazo, no gusesengura umutekano.
NetFlow:
NetFlow ni iki?
NetFlowni igisubizo cy’umwimerere cyo kugenzura imikorere y’amakuru, cyatangijwe na Cisco mu mpera z’imyaka ya 1990. Hari verisiyo nyinshi zitandukanye, ariko inyinshi mu zikoreshwa zishingiye kuri NetFlow v5 cyangwa NetFlow v9. Nubwo buri verisiyo ifite ubushobozi butandukanye, imikorere y’ibanze ikomeza kuba imwe:
Ubwa mbere, router, switch, firewall, cyangwa ubundi bwoko bw'igikoresho bizafata amakuru kuri "imiyoboro" ya network - muri make itsinda ry'amapaki asangiye ibiranga nk'aho isoko n'aho iherereye, aho iherereye n'aho iherereye, hamwe n'ubwoko bwa protocole. Iyo imikorere irangiye cyangwa igihe cyagenwe kimaze, igikoresho kizahereza inyandiko z'imiyoboro ku kintu kizwi nka "flow collector".
Amaherezo, "umusesenguzi w'imigendekere y'ibikorwa" usobanura izo nyandiko, utanga ubumenyi mu buryo bwo kwerekana amashusho, imibare, hamwe n'amakuru arambuye y'amateka n'ayo mu gihe nyacyo. Mu by'ukuri, abakusanya n'abasesengura akenshi baba ari ikintu kimwe, akenshi bahurizwa hamwe mu buryo bunini bwo kugenzura imikorere y'umuyoboro.
NetFlow ikora ku buryo buhamye. Iyo imashini y'umukiriya igeze kuri seriveri, NetFlow izatangira gufata no guteranya amakuru y'ibizamini bivuye mu nzira. Nyuma y'uko igihe girangiye, NetFlow izohereza inyandiko imwe yuzuye kuri firime.
Nubwo ikoreshwa cyane, NetFlow v5 ifite imbogamizi nyinshi. Inzego zoherezwa mu mahanga zirahari, igenzura rishyigikirwa gusa mu cyerekezo cy’ingress, kandi ikoranabuhanga rigezweho nka IPv6, MPLS, na VXLAN ntirishyigikiwe. NetFlow v9, nanone izwi nka Flexible NetFlow (FNF), ikemura zimwe muri izi mbogamizi, yemerera abakoresha kubaka ibishushanyo mbonera byihariye no kongeramo inkunga y’ikoranabuhanga rishya.
Abacuruzi benshi bafite kandi uburyo bwabo bwite bwo gushyira mu bikorwa NetFlow, nka jFlow yo muri Juniper na NetStream yo muri Huawei. Nubwo imiterere yayo ishobora gutandukana gato, ubu buryo bukunze gutanga inyandiko z'ibikorwa bihuye n'abakusanya n'abasesengura NetFlow.
Ibiranga by'ingenzi bya NetFlow:
~ Amakuru y'Iterambere: NetFlow ikora inyandiko z'imigendekere y'amakuru zirimo amakuru arambuye nka aderesi za IP z'aho zikomoka n'aho zijya, ibyambu, ibihe, umubare wa paki na byte, hamwe n'ubwoko bwa protocole.
~ Gukurikirana ibinyabiziga: NetFlow itanga uburyo bwo kureba imiterere y'urujya n'uruza rw'abantu kuri interineti, ifasha abayobozi kumenya porogaramu zikomeye, aho zisohokera, n'aho urujya n'uruza ruturuka.
~Gusuzuma indwara zidasobanutse neza: Mu gusesengura amakuru ajyanye n'imigendekere y'itumanaho, NetFlow ishobora kubona ibitagenda neza nko gukoresha bandwidth nyinshi, umuvuduko w'itumanaho, cyangwa imiterere idasanzwe y'urujya n'uruza rw'abantu.
~ Isesengura ry'Umutekano: NetFlow ishobora gukoreshwa mu gutahura no gukora iperereza ku bibazo by’umutekano, nko kugaba ibitero bya Distributed denial-of-service (DDoS) cyangwa kugerageza kwinjira mu buryo butemewe.
Verisiyo za NetFlow: NetFlow yagiye ihinduka uko igihe cyagiye gihita, kandi verisiyo zitandukanye zarasohotse. Zimwe muri verisiyo zizwi cyane zirimo NetFlow v5, NetFlow v9, na Flexible NetFlow. Buri verisiyo itanga uburyo bwo kunoza no kongera ubushobozi.
IPFIX:
IPFIX ni iki?
Icyitegererezo cya IETF cyavutse mu ntangiriro za 2000, Internet Protocol Flow Information Export (IPFIX) gisa cyane na NetFlow. Mu by'ukuri, NetFlow v9 yabaye ishingiro rya IPFIX. Itandukaniro ry'ibanze hagati y'ibi byombi ni uko IPFIX ari icyitegererezo gifunguye, kandi gishyigikirwa n'abacuruzi benshi b'itumanaho uretse Cisco. Uretse andi mashami make yongewemo muri IPFIX, ubundi imiterere iba isa cyane. Mu by'ukuri, IPFIX rimwe na rimwe yitwa "NetFlow v10".
Bitewe nuko isa na NetFlow, IPFIX ishyigikirwa cyane n'ibisubizo byo kugenzura imiyoboro ndetse n'ibikoresho byayo.
IPFIX (Internet Protocol Flow Information Export) ni protocole isanzwe ifunguye yakozwe na Internet Engineering Task Force (IETF). Ishingiye ku bisobanuro bya NetFlow Verisiyo ya 9 kandi itanga imiterere isanzwe yo kohereza inyandiko z'inzira ziturutse ku bikoresho bya interineti.
IPFIX yubakira ku bitekerezo bya NetFlow kandi ikabyagura kugira ngo bitange uburyo bworoshye bwo gukorana n'abandi bacuruzi n'ibikoresho bitandukanye. Ishyiramo igitekerezo cya templates, ikemerera gusobanura imiterere n'ibirimo mu nyandiko. Ibi bituma habaho gushyiramo amashami yihariye, gushyigikira protocole nshya, no kwagura.
Ibiranga by'ingenzi bya IPFIX:
~ Uburyo bushingiye ku gishushanyo mbonera: IPFIX ikoresha ibishushanyo mbonera kugira ngo isobanure imiterere n'ibikubiye mu nyandiko zigenda, itanga ubworoherane mu kwakira amakuru atandukanye n'amakuru yihariye ya protocole.
~ Gukorana neza: IPFIX ni umurongo ngenderwaho ufunguye, utuma habaho ubushobozi bwo kugenzura imikorere y'amakuru ku bacuruzi n'ibikoresho bitandukanye by'itumanaho.
~ Inkunga ya IPv6: IPFIX ishyigikira IPv6, bigatuma ikoreshwa mu kugenzura no gusesengura urujya n'uruza rw'abantu mu miyoboro ya IPv6.
~Umutekano Ukomeje: IPFIX irimo ibikoresho by'umutekano nka Transport Layer Security (TLS) no kugenzura ubuziranenge bw'ubutumwa kugira ngo birinde ibanga n'ubuziranenge bw'amakuru ajyanye n'ingendo mu gihe cyo kohereza ubutumwa.
IPFIX ishyigikiwe cyane n'abacuruzi batandukanye b'ibikoresho byo kuri interineti, bigatuma iba amahitamo adashingiye ku bagurisha kandi akoreshwa cyane mu kugenzura imikorere y'imiyoboro.
None se, itandukaniro riri hagati ya NetFlow na IPFIX ni irihe?
Igisubizo cyoroshye ni uko NetFlow ari protocole ya Cisco yashyizweho ahagana mu 1996 kandi IPFIX niyo sosiyete yemewe n’amategeko.
Porotokole zombi zifite intego imwe: gufasha injeniyeri n'abayobozi b'imiyoboro gukusanya no gusesengura uburyo umuyoboro wa IP unyuramo. Cisco yashyizeho NetFlow kugira ngo swichi na routers zayo bibashe gutanga aya makuru y'agaciro. Bitewe n'ubwiganze bwa Cisco, NetFlow yahise iba ihame risanzwe ryo gusesengura urujya n'uruza rw'imiyoboro. Ariko, abanywanyi b'inganda babonye ko gukoresha porotokole igenzurwa n'umukeba wayo mukuru atari igitekerezo cyiza, bityo IETF yayoboye umuhate wo gushyiraho porotokole ifunguye yo gusesengura urujya n'uruza, ari yo IPFIX.
IPFIX ishingiye kuri verisiyo ya 9 ya NetFlow kandi yatangijwe bwa mbere ahagana mu 2005 ariko byatwaye imyaka myinshi kugira ngo ikoreshwe mu nganda. Kuri iyi ngingo, ayo mabwiriza yombi ni amwe kandi nubwo ijambo NetFlow rigikoreshwa cyane, ishyirwa mu bikorwa ryinshi (nubwo atari ryose) rijyanye n'amahame ya IPFIX.
Dore imbonerahamwe igaragaza itandukaniro riri hagati ya NetFlow na IPFIX:
| Igice | NetFlow | IPFIX |
|---|---|---|
| Inkomoko | Ikoranabuhanga ry'umutungo ryakozwe na Cisco | Porotokole ishingiye ku nganda ishingiye kuri NetFlow Verisiyo ya 9 |
| Igenamiterere ry'ibipimo ngenderwaho | Ikoranabuhanga rya Cisco | Igipimo gifunguye cyagenwe na IETF muri RFC 7011 |
| Guhindura imiterere | Verisiyo zahinduwe zifite imiterere yihariye | Ubworoherane bwinshi no gukorana neza hagati y'abacuruzi |
| Imiterere y'amakuru | Amapaki y'ingano idahinduka | Uburyo bushingiye ku gishushanyo mbonera cy'imiterere y'inyandiko z'uruhererekane rw'amakuru akoreshwa mu buryo bushobora guhindurwa |
| Inkunga y'imbonerahamwe | Ntibishyigikiwe | Ingero zihindagurika zo gushyiramo urubuga rworoshye |
| Inkunga y'Abacuruzi | Mbere na mbere ibikoresho bya Cisco | Ubufasha bwagutse ku bacuruzi b'imiyoboro |
| Kwagura | Guhindura ibintu mu buryo buciriritse | Gushyiramo imirima yihariye n'amakuru yihariye yerekeye porogaramu |
| Itandukaniro rya Porotokole | Impinduka zishingiye kuri Cisco | Inkunga ya IPv6 karemano, amahitamo meza yo gukoresha ikoranabuhanga |
| Ibiranga umutekano | Ibintu by'umutekano bike | Uburinzi bw'urutonde rw'umutekano (TLS) mu bijyanye no gufunga, ubuziranenge bw'ubutumwa |
Gukurikirana Imikorere y'Umuyoboroni ugukusanya, gusesengura, no gukurikirana urujya n'uruza rw'abantu banyura mu gice runaka cy'umuyoboro cyangwa umuyoboro. Intego zishobora gutandukana kuva ku gukemura ibibazo byo guhuza no gutegura uburyo bwo gushyira bandwidth mu gihe kizaza. Gukurikirana ubwikorezi bw'amakuru no gupima amapaki bishobora no kuba ingirakamaro mu kumenya no gukemura ibibazo by'umutekano.
Gukurikirana imikorere y'amakuru (flow monitoring) biha amatsinda y'itumanaho igitekerezo cyiza cy'uko umuyoboro ukora, bigatanga ubumenyi ku mikoreshereze rusange, ikoreshwa rya porogaramu, imbogamizi zishobora kubaho, ibintu bidasobanutse bishobora kugaragaza ibibazo by'umutekano, n'ibindi. Hari amahame n'imiterere bitandukanye bikoreshwa mu kugenzura imikorere y'umuyoboro, harimo NetFlow, sFlow, na Internet Protocol Flow Information Export (IPFIX). Buri kimwe gikora mu buryo butandukanye gato, ariko byose bitandukanye no kureba imiterere y'amakuru (port mirroring) no kugenzura ipaki mu buryo bwimbitse kuko bitagaragaza ibiri muri buri paki inyura hejuru y'umuyoboro cyangwa inyura mu buryo burambuye. Ariko, gukurikirana imikorere y'amakuru bitanga amakuru menshi kurusha SNMP, muri rusange bigarukira ku mibare migari nka paki rusange n'ikoreshwa rya bandwidth.
Ibikoresho byo Gukoresha Umuyoboro w'Ikoranabuhanga Bigereranyijwe
| Ikiranga | NetFlow v5 | NetFlow v9 | sFlow | IPFIX |
| Ifunguye cyangwa Ifite umutungo | Ubwishingizi bw'umutungo | Ubwishingizi bw'umutungo | Fungura | Fungura |
| Ingero cyangwa Ishingiye ku Mikorere | Mbere na mbere bishingira ku mikorere; Uburyo bwo gupima ingero burahari | Mbere na mbere bishingira ku mikorere; Uburyo bwo gupima ingero burahari | Byatanzweho icyitegererezo | Mbere na mbere bishingira ku mikorere; Uburyo bwo gupima ingero burahari |
| Amakuru yafashwe | Amakuru ya metadata n'ibarurishamibare, harimo bytes zoherejwe, counters za interface n'ibindi | Amakuru ya metadata n'ibarurishamibare, harimo bytes zoherejwe, counters za interface n'ibindi | Imitwe yuzuye ya paki, imitwaro y'igice cy'ipaki | Amakuru ya metadata n'ibarurishamibare, harimo bytes zoherejwe, counters za interface n'ibindi |
| Gukurikirana Injira/Isohoka | Kwinjira gusa | Kwinjira no Gusohoka | Kwinjira no Gusohoka | Kwinjira no Gusohoka |
| Ubufasha bwa IPv6/VLAN/MPLS | No | Yego | Yego | Yego |
Igihe cyo kohereza: Werurwe-18-2024
