NetFlow na IPFIX ni ikoranabuhanga ryikoranabuhanga rikoreshwa mugukurikirana imiyoboro no gusesengura. Batanga ubushishozi mumikino yo mu muhanda, gufasha mu buryo bwo gukora neza, gukemura ibibazo, no gusesengura umutekano.
NetFlow:
NetFlow ni iki?
Netflownicyo gisubizo cyambere cyo gukurikirana, cyateguwe na Cisco mu mpera za 90. Imiterere nyinshi zitandukanye zirahari, ariko kohereza byinshi bishingiye kuri NetFlow v5 cyangwa NetFlow V9. Mugihe buri verisiyo ifite ubushobozi butandukanye, igikorwa cyibanze gikomeza kuba kimwe:
Ubwa mbere, router, hinduranya, firewall, cyangwa ubundi bwoko bwigikoresho buzafata amakuru kumuyoboro rusange nkibintu hamwe na aderesi, hamwe nubwoko bwa protocole. Nyuma yo gusinzira yasinziriye cyangwa igihe cyagenwe cyarangiye, igikoresho kizohereza hanze inyandiko zigenda zizwi ku kigo kizwi ku izina rya "Umukiriya".
Hanyuma, umusesengura "ushimangira izo nyandiko, atanga ubushishozi muburyo bwo gusuzuma, imibare, no gutanga amakuru arambuye kandi nyayo. Mubikorwa, abakusanya no gusesengura akenshi ni ikigo kimwe, akenshi uhuzwa mubisubizo binini byo gukurikirana imikorere.
NetFlow ikora kumurongo nyabagendwa. Iyo imashini yabakiriya igera kuri seriveri, NetFlow izatangira gufatwa no gukusanya metadata uhereye kumurongo. Nyuma yuko amasomo arangiye, NetFlow azohereza hanze yujuje ibyangombwa byuzuye kuri mugenzi wawe.
Nubwo bikunze gukoreshwa, Netflow V5 ifite aho ntarengwa. Imirima yoherejwe hanze, igakurikirana ishyigikiwe gusa mu cyerekezo cyo gusetsa, hamwe nikoranabuhanga rigezweho nka IPV6, mpls, na vxlan ntabwo bishyigikiwe. NetFlow V9, nanone yaranditse nka NetFible NetFlow (FNF), akemuriza zimwe muri izi mbogamizi, yemerera abakoresha kubaka inyandikorugero mbi kandi yongera inkunga kubuhanga bushya.
Abacuruzi benshi nabo bafite ishyirwa mubikorwa ryabo ryabantu bahanganye, nka JFLlow kuva kuri Juniper na Netstiser kuva Huawei. Nubwo iboneza rishobora gutandukana runaka, ishyirwa mubikorwa akenshi ritanga inyandiko zifatika zifite abakusanya nabashumba.
Ibiranga urufunguzo rwa NetFlow:
~ Amakuru atemba: Uruganda rukora ibicuruzwa birimo ibisobanuro nkibisobanuro nicyerekezo cya IP ya Aderesi, Ibyambu, igihe, paki na byte ibara, nuburyo bwa protocole.
~ Gukurikirana traffic: NetFlow itanga kugaragara muburyo bwo gutwara abantu, kwemerera abayobozi kumenya porogaramu zo hejuru, impfizi, hamwe ninkomoko yumuhanda.
~Anomaly Kumenya: Mugusesengura amakuru atemba, NetFlow arashobora kubona anomalies nko gukoresha imiyoboro ikabije, ubwinshi bw'imiyoboro, cyangwa imiterere idasanzwe.
~ Isesengura ry'umutekano: Umuvumo urashobora gukoreshwa mu kumenya no gukora iperereza ku bintu by'umutekano, nko guhakana guhakana-serivisi (DDOS) ibitero cyangwa kugerageza kubijyanye no gushaka.
NetFlow verisiyo: NetFlow yahindutse mugihe, kandi verisiyo zitandukanye zasohotse. Imirasire igaragara ikubiyemo NetFlow V5, Netflow V9, na NetFible NetFlow. Buri verisiyo itangiza kuzamura hamwe nubushobozi bwinyongera.
IPFIX:
Ipfix ni iki?
Ibipimo bya IETF byagaragaye mu ntangiriro ya 2000, amakuru ya interineti yohereza ibicuruzwa hanze (IPFIX) birasa cyane na NetFlow. Mubyukuri, NetFlow V9 yabaye ishingiro rya IPFIX. Itandukaniro ryibanze hagati yabyo ni uko IPFIX ari ibipimo bifunguye, kandi bishyigikirwa nabacuruzi benshi batandukanije na cisco. Usibye imirima mike yongeweho muri IPFIX, ubukorikori ubundi buryo busa. Mubyukuri, IPFIX rimwe na rimwe ivugwa ko ari "NetFlow V10".
Bitewe nigice cyacyo kuri NetFlow, IPFyix ifite inkunga yo gushyigikirwa mubisubizo byo gukurikirana imiyoboro hamwe nibikoresho bya Network.
IPFIX (Internet Porotokole yoherejwe hanze) ni protocole isanzwe yateguwe na interineti yubushakashatsi kuri interineti (IETF). Ishingiye kuri NetFlow Version 9 Ibisobanuro kandi itanga imiterere isanzwe yo kohereza ibicuruzwa bivuye mubikoresho bya Network.
IPFIX yubaka ku bitekerezo bya NetFlow hanyuma ikayagura kugirango batange guhinduka no gukora imikoranire hejuru yumushinga nibikoresho bitandukanye. Imenyesha igitekerezo cya templates, yemerera ibisobanuro byingirakamaro imiterere yubukorikori. Ibi bishoboza kwinjiza imirima yihariye, inkunga kuri protocole nshya, kandi yagutse.
Ibintu by'ingenzi bya IPFIX:
~ Umwanya ushingiye: IPFIX ikoresha inyandikorugero kugirango isobanure imiterere n'ibirimo byanditseho imiterere, bitanga guhinduka mugukira imirima itandukanye hamwe namakuru yihariye ya protocole.
~ Imikoranire: IPFIX ni igipimo gifunguye, cyemeza ko ukurikirana ibikorwa byo gukurikirana abantu bakurikirana imiyoboro itandukanye.
~ Inkunga ya IPV6: IPFIX kavukire iPV6, bigatuma iba ikurikirana no gusesengura traffic mumiyoboro ya IPV6.
~Umutekano wazamutse: IPFIX ikubiyemo umutekano nkumutekano wimodoka (TLS) encryption nubunyangamugayo Kugenzura kugirango birinde ibanga nubusugire bwamakuru atemba mugihe cyo kohereza.
IPFIX ishyigikiwe cyane nibikoresho bitandukanye byumuyoboro, bigatuma umucuruzi-utabogamye kandi uhitamo cyane kugenzura imiyoboro.
None, ni irihe tandukaniro riri hagati ya NetFlow na Ipfix?
Igisubizo cyoroshye nuko NetFlol ari protocole ya CISco yatangijwe hafi ya 1996 na IPFIX nimiterere yacyo murumuna we yemeje umuvandimwe.
Porotokole zombi zikora intego imwe: Gushoboza injeniyeri n'abayobozi gukusanya no gusesengura urwego rwa Network. Cisco yateje imbere inshundura kugirango impinduka zayo naba router zishobora gusohoka aya makuru yingirakamaro. Urebye uburyo bw'ibikoresho bya Cisco, NetFlow yahise ahinduka de-actto yo gusesengura imihanda. Ariko, abanywanyi b'inganda bamenye ko gukoresha protocole yihariye iyobowe n'umuntu mukuru, bityo ietf yavuze ko ingufu mu buryo bwo gutegura protocole ifunguye yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic yo gusesengura traffic.
IPFIX ishingiye kuri NetFlow Version 9 kandi yabanje gutangizwa hafi 2005 ariko yafashe imyaka myinshi kugirango yureze inganda. Kuri iyi ngingo, protocole ebyiri ni kimwe kandi nubwo ijambo ryuzuye riracyari ryirinze gushyira mubikorwa byinshi (nubwo atari byose) bihuye nibisanzwe bya IPFIX.
Dore imbonerahamwe iri muri make itandukaniro riri hagati ya netflow na ipfix:
| Icyerekezo | Netflow | Ipfix |
|---|---|---|
| Inkomoko | Ikoranabuhanga rifatika ryateguwe na Cisco | Inganda-Standard Potokole ishingiye kuri NetFlow Version 9 |
| Ibipimo ngenderwaho | Cisco-Ikoranabuhanga ryihariye | Gufungura Ibipimo byasobanuwe na IETF muri RFC 7011 |
| Guhinduka | Guhindura imiterere nibintu byihariye | Byinshi byoroshye no gukora imikoranire kuri vendors |
| Imiterere yamakuru | Ibipaki-ingano | Inyandikorugero ishingiye kubikoresho byihariye byanditse |
| Inyandikorugero | Ntabwo ashyigikiwe | Dynamic Inyandikorugero zo guhubuka |
| Inkunga y'abacuruzi | Ibikoresho bya Cisco | Inkunga yagutse hirya no hino |
| Ubugari | Ibicuruzwa bigarukira | Gushiramo imirima ya Customes hamwe na Porogaramu yihariye |
| Itandukaniro rya Porotokole | Cisco-yihariye | Ubuvugizi bwa IPV6, kuzamura imirongo yo gufata amajwi |
| IBIKURIKIRA | Ibiranga umutekano | Umutekano wo gutwara abantu (TLS) encryption, Ubunyangamugayo |
Gukurikirana imiyoboroni icyegeranyo, gusesengura, no kugenzura ibinyabiziga binyuranyije na neti cyangwa igice cya Network. Intego zirashobora gutandukana mubibazo byo gukemura ibibazo byo gutegura itangwa rya barwetth. Gukurikirana ingendo hamwe nipaki birashobora no kuba ingirakamaro mukumenya no gushura ibibazo byumutekano.
Gukurikirana ingendo biha amatsinda meza yerekana uburyo umuyoboro ukorera, utanga ubushishozi mubikorwa rusange, gukoresha ubushishozi, ibikoresho bishobora gukoresha ibiranga umutekano, nibindi byinshi. Hariho ibipimo byinshi bitandukanye hamwe nimiterere itandukanye kumurongo ukurikirana, harimo NetFlow, SFlow, na enterineti ya protocole yohereza amakuru (IPFIX). Buri gikorwa gikora muburyo butandukanye, ariko byose bitandukanye nindorerwamo ya Port na Packet yimbitse mugihe badafata ibikubiye muri buri paki cyangwa unyuze kumurongo. Nyamara, Gukurikirana Urugendo rutanga amakuru arenze SNMP, muri rusange bigarukira kuri imibare yagutse nka paki yose hamwe na bandidth.
Urusobe rutemba
| Ibiranga | NetFlow V5 | NetFlow V9 | sflow | Ipfix |
| Gufungura cyangwa gutunga | Nyirubwite | Nyirubwite | Fungura | Fungura |
| Uruhare cyangwa gutemba | Mbere na mbere bishingiye; Uburyo bwa Sampled burahari | Mbere na mbere bishingiye; Uburyo bwa Sampled burahari | Urugero | Mbere na mbere bishingiye; Uburyo bwa Sampled burahari |
| Amakuru yafashwe | Metadata n'amakuru y'ibarurishamibare, harimo na bytes yimuwe, intera iringaniye kandi rero | Metadata n'amakuru y'ibarurishamibare, harimo na bytes yimuwe, intera iringaniye kandi rero | Imitwe yuzuye y'ipaki, packeti igice | Metadata n'amakuru y'ibarurishamibare, harimo na bytes yimuwe, intera iringaniye kandi rero |
| Inshinge / kugenzura e-eng | Gutera gusa | Inshire na egress | Inshire na egress | Inshire na egress |
| IPV6 / VLAN / MPLS | No | Yego | Yego | Yego |
Igihe cyohereza: Werurwe-18-2024
