English

Kumvetsetsa SPAN, RSPAN ndi ERSPAN: Techniques for Network Traffic Monitoring

SPAN, RSPAN, ndi ERSPANndi njira zomwe zimagwiritsidwa ntchito pamanetiweki kujambula ndi kuyang'anira kuchuluka kwa magalimoto kuti aunike. Nayi chidule cha chilichonse:

SPAN (Switched Port Analyzer)

Cholinga: Amagwiritsidwa ntchito kuwonetsa kuchuluka kwa magalimoto kuchokera kumadoko ena kapena ma VLAN posinthira kupita kudoko lina kuti awonedwe.

Mlandu Wogwiritsa Ntchito: Ndiwoyenera kuwunikira kuchuluka kwamayendedwe amderalo pa switch imodzi. Magalimoto amawonetsedwa padoko lokhazikitsidwa pomwe makina osanthula netiweki amatha kuwajambula.

RSPAN (SPAN yakutali)

Cholinga: Imakulitsa luso la SPAN pakusintha kangapo pamanetiweki.

Mlandu Wogwiritsa Ntchito: Imalola kuyang'anira kuchuluka kwa magalimoto kuchokera pa switch kupita ku ina kudzera pa ulalo waukulu. Zothandiza pazochitika zomwe chipangizo chowunikira chili pakusintha kosiyana.

ERSPAN (Encapsulated Remote SPAN)

Cholinga: Akuphatikiza RSPAN ndi GRE (Generic Routing Encapsulation) kuti atseke magalimoto owoneka bwino.

Mlandu Wogwiritsa Ntchito: Imaloleza kuyang'anira kuchuluka kwa magalimoto pamanetiweki oyendetsedwa. Izi ndizothandiza pamapangidwe ovuta a maukonde pomwe magalimoto amafunika kujambulidwa pamagawo osiyanasiyana.

Sinthani Port Analyzer (SPAN)ndi njira yabwino, yowunikira momwe magalimoto amayendera. Imawongolera kapena kuyang'anira magalimoto kuchokera padoko kapena VLAN kupita kudoko komwe mukupita. Izi nthawi zina zimatchedwa kuwunika kwa gawo. SPAN imagwiritsidwa ntchito pothana ndi zovuta zamalumikizidwe ndikuwerengera magwiritsidwe ntchito ndi magwiridwe antchito, pakati pa ena ambiri. Pali mitundu itatu ya ma SPAN omwe amathandizidwa pazinthu za Cisco ...

a. SPAN kapena SPAN yakomweko.

b. SPAN yakutali (RSPAN).

c. SPAN Yolumikizidwa yakutali (ERSPAN).

Kudziwa: "Mylinking™ Network Packet Broker yokhala ndi SPAN, RSPAN ndi ERSPAN Features"

SPAN, RSPAN, ERSPAN

SPAN / traffic mirroring / port mirroring imagwiritsidwa ntchito pazifukwa zambiri, pansipa pali zina.

- Kugwiritsa ntchito IDS/IPS m'njira zachiwerewere.

- Mayankho ojambulira mafoni a VOIP.

- Zifukwa zotsatirira chitetezo zowunika ndikuwunika kuchuluka kwa magalimoto.

- Kuthetsa zovuta zolumikizana, kuyang'anira kuchuluka kwa magalimoto.

Kaya mtundu wa SPAN ukuyenda, gwero la SPAN likhoza kukhala doko lamtundu uliwonse, mwachitsanzo, doko lolowera, doko lolowera, thunthu, VLAN (madoko onse omwe akugwira ntchito amayang'aniridwa ndi switch), EtherChannel (kaya doko kapena doko lonse). -malo olumikizirana ndi njira) ndi zina zotero. Dziwani kuti doko losankhidwira kopita SPAN SINGAKHALE mbali ya gwero la SPAN VLAN.

Magawo a SPAN amathandizira kuyang'anira kuchuluka kwa magalimoto (ingress SPAN), egress traffic (egress SPAN), kapena magalimoto oyenda mbali zonse ziwiri.

- Ingress SPAN (RX) imakopera magalimoto omwe amalandilidwa ndi madoko oyambira ndi ma VLAN kupita kudoko komwe akupita. SPAN imakopera magalimoto asanasinthidwe (mwachitsanzo pamaso pa VACL kapena ACL fyuluta, QoS kapena ingress kapena egress apolisi).

- Egress SPAN (TX) imakopera magalimoto omwe amatumizidwa kuchokera kumadoko ndi ma VLAN kupita kudoko komwe akupita. Zosefera zonse zoyenera kapena kusinthidwa ndi VACL kapena ACL fyuluta, QoS kapena ingress kapena egress ntchito zapolisi zimachitidwa musanayambe kusinthana magalimoto kupita ku doko lofikira la SPAN.

- Mawu onsewa akagwiritsidwa ntchito, SPAN imakopera kuchuluka kwa magalimoto pamanetiweki omwe amalandilidwa ndikutumizidwa ndi madoko oyambira ndi ma VLAN kupita kudoko komwe akupita.

- SPAN/RSPAN nthawi zambiri imanyalanyaza mafelemu a CDP, STP BPDU, VTP, DTP ndi PAgP. Komabe mitundu yamagalimotoyi imatha kutumizidwa ngati lamulo la encapsulation replicate lakonzedwa.

SPAN kapena Local SPAN

SPAN imayang'ana magalimoto kuchokera ku mawonekedwe amodzi kapena angapo posinthira kupita kumalo amodzi kapena angapo pa switch yomweyo; choncho SPAN nthawi zambiri imatchedwa LOCAL SPAN.

Malangizo kapena zoletsa ku SPAN yakwanuko:

- Madoko onse a Layer 2 ndi madoko a Layer 3 amatha kukhazikitsidwa ngati magwero kapena kopita.

- Gwero litha kukhala doko limodzi kapena angapo kapena VLAN, koma osati kusakanikirana kwa izi.

- Madoko a thunthu ndi madoko ovomerezeka osakanikirana ndi madoko omwe si athunthu.

- Mpaka madoko 64 a SPAN amatha kukhazikitsidwa pa switch.

- Tikakonza malo omwe tikupita, kasinthidwe kake koyambirira kumalembedwa. Ngati kasinthidwe ka SPAN kachotsedwa, kasinthidwe koyambirira padokolo kumabwezeretsedwa.

- Mukakonza doko lopitako, dokolo limachotsedwa ku mtolo uliwonse wa EtherChannel ngati linali gawo limodzi. Ngati linali doko loyendetsedwa, kasinthidwe kopita ku SPAN kumapondereza kasinthidwe ka doko.

- Madoko omwe akupita sagwirizana ndi chitetezo pamadoko, kutsimikizika kwa 802.1x, kapena ma VLAN achinsinsi.

- Doko limatha kukhala ngati doko lolowera gawo limodzi lokha la SPAN.

- Doko silingasinthidwe ngati doko lolowera ngati lili kochokera pagawo lapakati kapena gawo la gwero la VLAN.

- Malo olumikizirana ndi madoko (EtherChannel) amatha kukhazikitsidwa ngati madoko koma osati malo opita ku SPAN.

- Mayendedwe amayendedwe ndi "onse" mwachisawawa kwa magwero a SPAN.

- Madoko omwe amapita satenga nawo gawo pamitengo yotalikirapo. Sitingathe kuthandizira DTP, CDP ndi zina zotero. Local SPAN imaphatikizapo ma BPDU mumsewu womwe umawunikidwa, kotero ma BPDU aliwonse omwe amawonedwa padoko amakopedwa kuchokera padoko. Chifukwa chake musamalumikize chosinthira ku mtundu uwu wa SPAN chifukwa zitha kuyambitsa kuzungulira kwa netiweki.

- VLAN ikasinthidwa kukhala gwero la SPAN (lomwe limatchedwa VSPAN) ndi njira zonse zolowera ndi egress zokonzedwa, tumizani mapaketi obwereza kuchokera padoko loyambira pokhapokha mapaketiwo asinthidwa mu VLAN yomweyo. Kope limodzi la paketi limachokera ku ingress traffic pa doko la ingress, ndipo kope lina la paketi limachokera ku egress traffic pa egress port.

- VSPAN imayang'anira magalimoto okha omwe amachoka kapena kulowa madoko a Layer 2 mu VLAN.

SPAN, RSPAN, ERSPAN 1

SPAN, RSPAN, ndi ERSPAN ndi njira zomwe zimagwiritsidwa ntchito pamanetiweki kujambula ndi kuyang'anira kuchuluka kwa magalimoto kuti aunike. Nayi chidule cha chilichonse:

SPAN (Switched Port Analyzer)

  • Cholinga: Amagwiritsidwa ntchito kuwonetsa kuchuluka kwa magalimoto kuchokera kumadoko ena kapena ma VLAN posinthira kupita kudoko lina kuti awonedwe.
  • Gwiritsani Ntchito Case: Zoyenera kuwunika zamayendedwe amderalo pa switch imodzi. Magalimoto amawonetsedwa padoko lokhazikitsidwa pomwe makina osanthula netiweki amatha kuwajambula.

RSPAN (SPAN yakutali)

  • Cholinga: Imakulitsa luso la SPAN pamasinthidwe angapo pamanetiweki.
  • Gwiritsani Ntchito Case: Imalola kuyang'anira kuchuluka kwa magalimoto kuchokera pa switch kupita ku ina kudzera pa ulalo waukulu. Zothandiza pazochitika zomwe chipangizo chowunikira chili pakusintha kosiyana.

ERSPAN (Encapsulated Remote SPAN)

  • Cholinga: Amaphatikiza RSPAN ndi GRE (Generic Routing Encapsulation) kuti atseke magalimoto owoneka bwino.
  • Gwiritsani Ntchito Case: Imalola kuyang'anira kuchuluka kwa magalimoto pamanetiweki omwe amadutsa. Izi ndizothandiza pamapangidwe ovuta a maukonde pomwe magalimoto amafunika kujambulidwa pamagawo osiyanasiyana.

SPAN yakutali (RSPAN)

Remote SPAN (RSPAN) ndi yofanana ndi SPAN, koma imathandizira ma doko oyambira, ma VLAN, ndi madoko omwe amapita pamasinthidwe osiyanasiyana, omwe amapereka kuwunika kwakutali kuchokera kumadoko oyambira omwe amagawidwa pamasinthidwe angapo ndikulola komwe akupita kuyika zida zojambulira maukonde. Gawo lililonse la RSPAN limakhala ndi kuchuluka kwa magalimoto a SPAN pa RSPAN VLAN yodziwika ndi ogwiritsa ntchito pamasinthidwe onse omwe akutenga nawo mbali. VLAN iyi imalumikizidwa ku masiwichi ena, kulola kuti magawo a RSPAN anyamulidwe pa masiwichi angapo ndikuperekedwa kumalo ojambulira komwe akupita. RSPAN ili ndi gawo la gwero la RSPAN, RSPAN VLAN, ndi gawo lopita la RSPAN.

Malangizo kapena zoletsa ku RSPAN:

- VLAN yeniyeni iyenera kukonzedwa kuti ikhale yopita ku SPAN yomwe idzadutsa masiwichi apakatikati kudzera pamalunki athunthu olowera kudoko komwe mukupita.

- Itha kupanga mtundu womwewo - doko limodzi kapena VLAN imodzi koma sizingakhale zosakaniza.

- Malo omwe gawoli likupita ndi RSPAN VLAN osati doko limodzi losinthira, kotero madoko onse mu RSPAN VLAN alandila magalimoto owoneka bwino.

- Konzani VLAN iliyonse ngati RSPAN VLAN bola ngati zida zonse zomwe zikugwira nawo ntchito zimathandizira ma RSPAN VLAN, ndikugwiritsa ntchito RSPAN VLAN yomweyo pagawo lililonse la RSPAN

- VTP imatha kufalitsa masinthidwe a ma VLAN owerengeka 1 mpaka 1024 ngati ma RSPAN VLAN, akuyenera kukonza pamanja ma VLAN owerengeka kuposa 1024 ngati ma RSPAN VLAN pazida zonse zoyambira, zapakatikati, ndi zofikira.

- Kuphunzira adilesi ya MAC kwayimitsidwa mu RSPAN VLAN.

SPAN, RSPAN, ERSPAN 2

SPAN Yolumikizidwa yakutali (ERSPAN)

Encapsulated remote SPAN (ERSPAN) imabweretsa generic routing encapsulation (GRE) pamagalimoto onse omwe agwidwa ndikulola kuti iwonjezeke pamadomeni a Layer 3.

ERSPAN ndiCisco mwinindipo ikupezeka kokha ku nsanja za Catalyst 6500, 7600, Nexus, ndi ASR 1000 mpaka pano. ASR 1000 imathandizira gwero la ERSPAN (kuyang'anira) kokha pa Fast Ethernet, Gigabit Ethernet, ndi malo olumikizira doko.

Malangizo kapena zoletsa ku ERSPAN:

- Magawo a ERSPAN samatengera kuchuluka kwa magalimoto a ERSPAN GRE kuchokera kumadoko oyambira. Gawo lililonse la ERSPAN gwero likhoza kukhala ndi madoko kapena ma VLAN monga magwero, koma osati zonse ziwiri.

- Mosasamala kanthu za kukula kwa MTU kokhazikika, ERSPAN imapanga mapaketi a Layer 3 omwe amatha kutalika mpaka 9,202 byte. Magalimoto a ERSPAN atha kuchepetsedwa ndi mawonekedwe aliwonse pamanetiweki omwe amakakamiza kukula kwa MTU kochepera 9,202 byte.

- ERSPAN sichirikiza kugawikana kwa paketi. "Do not fragment" bit imayikidwa pamutu wa IP wa mapaketi a ERSPAN. Magawo opita a ERSPAN sangathe kuphatikizanso mapaketi a ERSPAN ogawanika.

- ID ya ERSPAN imasiyanitsa kuchuluka kwa magalimoto a ERSPAN omwe amafika pa adilesi ya IP ya komwe akupita kuchokera ku magawo osiyanasiyana oyambira a ERSPAN; ID yokhazikitsidwa ya ERSPAN iyenera kufanana ndi zomwe zimachokera ndi komwe zikupita.

- Pa doko loyambira kapena gwero la VLAN, ERSPAN imatha kuyang'anira kulowera, kutuluka, kapena zonse zomwe zikubwera komanso zotuluka. Mwachikhazikitso, ERSPAN imayang'anira magalimoto onse, kuphatikizapo mafelemu a Multicast ndi Bridge Protocol Data Unit (BPDU).

- Mawonekedwe a tunnel omwe amathandizidwa ngati madoko a gawo la ERSPAN ndi GRE, IPinIP, SVTI, IPv6, IPv6 over IP tunnel, Multipoint GRE (mGRE) ndi Secure Virtual Tunnel Interfaces (SVTI).

- Chosefera cha VLAN sichigwira ntchito mugawo lowunikira la ERSPAN pa WAN.

- ERSPAN pa Cisco ASR 1000 Series Routers imathandizira magawo atatu okha. Malumikizano a Efaneti sagwiritsidwa ntchito pa ERSPAN akasinthidwa kukhala malo a Layer 2.

- Gawo likakhazikitsidwa kudzera mu ERSPAN kasinthidwe CLI, ID ya gawo ndi mtundu wa gawo sizingasinthidwe. Kuti muwasinthe, choyamba muyenera kugwiritsa ntchito mtundu uliwonse wa lamulo la kasinthidwe kuti muchotse gawolo ndikukonzanso gawolo.

- Cisco IOS XE Release 3.4S :- Kuyang'anira mapaketi osatetezedwa a IPsec kumathandizidwa pa IPv6 ndi IPv6 pa IP tunnel interfaces kokha ku magawo a ERSPAN, osati magawo a ERSPAN kopita.

- Cisco IOS XE Release 3.5S, chithandizo chinawonjezedwa pamitundu yotsatira ya WAN yolumikizira monga madoko oyambira gawo: Seri (T1/E1, T3/E3, DS0) , Paketi pa SONET (POS) (OC3, OC12) ndi Multilink PPP (ma multilink, pos, ndi serial keywords adawonjezedwa ku lamulo la mawonekedwe a gwero).

SPAN, RSPAN, ERSPAN 3

Kugwiritsa ntchito ERSPAN ngati Local SPAN:

Kuti tigwiritse ntchito ERSPAN kuyang'anira kuchuluka kwa magalimoto kudzera pa doko limodzi kapena angapo kapena ma VLAN mu chipangizo chomwecho, tiyenera kupanga gwero la ERSPAN ndi magawo a ERSPAN pa chipangizo chomwecho, kuyenda kwa data kumachitika mkati mwa rauta, zomwe zimakhala zofanana ndi zomwe zili mu SPAN .

Zotsatirazi zikugwira ntchito mukamagwiritsa ntchito ERSPAN ngati SPAN yakomweko:

- Magawo onsewa ali ndi ID ya ERSPAN yofanana.

- Magawo onsewa ali ndi adilesi ya IP yofanana. Adilesi ya IP iyi ndi adilesi yake ya IP ya ma routers; ndiye kuti, adilesi ya IP ya loopback kapena adilesi ya IP yokhazikitsidwa padoko lililonse.

(config)# polojekiti gawo 10 mtundu ersspan-source
(config-mon-ersspan-src)# gwero mawonekedwe Gig0/0/0
(config-mon-ersspan-src)# kopita
(config-mon-ersspan-src-dst)# ip adilesi 10.10.10.1
(config-mon-ersspan-src-dst)# chiyambi ip adilesi 10.10.10.1
(config-mon-ersspan-src-dst)# ersspan-id 100

SPAN, RSPAN, ERSPAN 4

Nthawi yotumiza: Aug-28-2024
Dinani Enter kuti musake kapena ESC kuti mutseke