NetFlow thiab IPFIX yog ob qho thev naus laus zis siv rau kev saib xyuas thiab tshuaj xyuas kev ntws ntawm network. Lawv muab kev nkag siab txog cov qauv kev khiav tsheb hauv network, pab txhawb kev ua haujlwm zoo dua, kev daws teeb meem, thiab kev tshuaj xyuas kev ruaj ntseg.
NetFlow:
NetFlow yog dab tsi?
NetFlowyog thawj qhov kev daws teeb meem saib xyuas kev ntws, uas Cisco tau tsim thawj zaug thaum xyoo 1990s. Muaj ntau hom version sib txawv, tab sis feem ntau cov kev xa tawm yog raws li NetFlow v5 lossis NetFlow v9. Txawm hais tias txhua hom version muaj peev xwm sib txawv, qhov kev ua haujlwm yooj yim tseem zoo li qub:
Ua ntej, lub router, switch, firewall, lossis lwm hom khoom siv yuav ntes cov ntaub ntawv ntawm lub network "flows" - feem ntau yog cov pob ntawv uas sib koom ua ke xws li qhov chaw nyob thiab qhov chaw mus, qhov chaw, thiab qhov chaw nres nkoj, thiab hom protocol. Tom qab ib qho flow tau ploj mus lossis lub sijhawm tau teev tseg ua ntej dhau mus, lub cuab yeej yuav xa cov ntaub ntawv flow mus rau ib qho chaw hu ua "flow collector".
Thaum kawg, "lub tshuab ntsuas kev ntws" ua rau nkag siab txog cov ntaub ntawv ntawd, muab kev nkag siab hauv daim ntawv ntawm kev pom, kev suav lej, thiab kev tshaj tawm keeb kwm thiab lub sijhawm tiag tiag. Hauv kev xyaum, cov neeg sau thiab cov neeg ntsuas feem ntau yog ib lub koom haum, feem ntau ua ke ua ib qho kev daws teeb meem loj dua ntawm kev saib xyuas kev ua haujlwm hauv network.
NetFlow ua haujlwm raws li lub xeev. Thaum lub tshuab neeg siv khoom ncav tes mus rau lub server, NetFlow yuav pib ntes thiab sau cov metadata los ntawm cov dej ntws. Tom qab lub rooj sib tham raug xaus, NetFlow yuav xa tawm ib daim ntawv teev tag nrho mus rau tus neeg sau.
Txawm hais tias nws tseem siv ntau, NetFlow v5 muaj ntau qhov kev txwv. Cov teb xa tawm tau kho, kev saib xyuas tsuas yog txhawb nqa hauv kev taw qhia ingress, thiab cov thev naus laus zis niaj hnub xws li IPv6, MPLS, thiab VXLAN tsis txhawb nqa. NetFlow v9, tseem muaj npe hu ua Flexible NetFlow (FNF), daws qee qhov kev txwv no, tso cai rau cov neeg siv los tsim cov qauv kev cai thiab ntxiv kev txhawb nqa rau cov thev naus laus zis tshiab.
Ntau tus neeg muag khoom kuj muaj lawv tus kheej cov kev siv ntawm NetFlow, xws li jFlow los ntawm Juniper thiab NetStream los ntawm Huawei. Txawm hais tias qhov kev teeb tsa yuav txawv me ntsis, cov kev siv no feem ntau tsim cov ntaub ntawv ntws uas sib xws nrog NetFlow cov neeg sau thiab cov tshuaj ntsuam.
Cov yam ntxwv tseem ceeb ntawm NetFlow:
~ Cov Ntaub Ntawv NtwsNetFlow tsim cov ntaub ntawv ntws uas suav nrog cov ntsiab lus xws li qhov chaw nyob IP thiab qhov chaw mus, cov chaw nres nkoj, cov cim sijhawm, cov pob ntawv thiab cov lej byte, thiab cov hom protocol.
~ Kev Saib Xyuas TshebNetFlow muab kev pom tseeb rau cov qauv tsheb khiav hauv network, tso cai rau cov thawj coj txheeb xyuas cov ntawv thov saum toj kawg nkaus, cov chaw kawg, thiab cov chaw tsheb khiav.
~Kev Tshawb Pom Qhov Txawv TxawvLos ntawm kev tshuaj xyuas cov ntaub ntawv ntws, NetFlow tuaj yeem ntes tau qhov tsis zoo xws li kev siv bandwidth ntau dhau, kev sib tsoo ntawm network, lossis cov qauv tsheb khiav tsis zoo.
~ Kev Tshawb Fawb Txog Kev Ruaj NtsegNetFlow siv tau los nrhiav thiab tshawb nrhiav cov teeb meem kev ruaj ntseg, xws li kev tawm tsam tsis kam lees kev pabcuam (DDoS) lossis kev sim nkag mus tsis raug cai.
Cov Qauv NetFlowNetFlow tau hloov zuj zus raws sijhawm, thiab ntau hom versions tau tso tawm. Qee cov versions tseem ceeb suav nrog NetFlow v5, NetFlow v9, thiab Flexible NetFlow. Txhua version qhia txog kev txhim kho thiab cov peev xwm ntxiv.
IPFIX:
IPFIX yog dab tsi?
Ib qho qauv IETF uas tau tshwm sim thaum ntxov xyoo 2000s, Internet Protocol Flow Information Export (IPFIX) zoo ib yam li NetFlow heev. Qhov tseeb, NetFlow v9 tau ua lub hauv paus rau IPFIX. Qhov sib txawv tseem ceeb ntawm ob qho no yog tias IPFIX yog tus qauv qhib, thiab tau txais kev txhawb nqa los ntawm ntau tus neeg muag khoom sib txuas lus tsis suav nrog Cisco. Tsuas yog ob peb qhov chaw ntxiv ntxiv rau hauv IPFIX, cov hom ntawv yuav luag zoo ib yam. Qhov tseeb, IPFIX qee zaum txawm tias hu ua "NetFlow v10".
Vim yog ib feem ntawm nws qhov zoo sib xws rau NetFlow, IPFIX txaus siab rau kev txhawb nqa dav dav ntawm cov kev daws teeb meem saib xyuas network nrog rau cov khoom siv network.
IPFIX (Internet Protocol Flow Information Export) yog ib qho protocol qhib uas tau tsim los ntawm Internet Engineering Task Force (IETF). Nws yog raws li NetFlow Version 9 specification thiab muab ib hom ntawv txheem rau kev xa tawm cov ntaub ntawv ntws los ntawm cov khoom siv network.
IPFIX tsim los ntawm cov tswv yim ntawm NetFlow thiab nthuav lawv kom muaj kev ywj pheej ntau dua thiab kev sib koom tes thoob plaws ntau tus neeg muag khoom thiab cov khoom siv. Nws qhia txog lub tswv yim ntawm cov qauv, tso cai rau kev txhais cov qauv ntaub ntawv ntws thiab cov ntsiab lus. Qhov no ua rau muaj kev suav nrog cov teb kev cai, kev txhawb nqa rau cov txheej txheem tshiab, thiab kev nthuav dav.
Cov yam ntxwv tseem ceeb ntawm IPFIX:
~ Txoj Kev Siv QauvIPFIX siv cov qauv los txhais cov qauv thiab cov ntsiab lus ntawm cov ntaub ntawv ntws, muab kev ywj pheej hauv kev ua raws li cov ntaub ntawv sib txawv thiab cov ntaub ntawv tshwj xeeb ntawm cov txheej txheem.
~ Kev sib koom tes ua haujlwmIPFIX yog tus qauv qhib, ua kom muaj peev xwm saib xyuas kev ntws sib xws thoob plaws ntau lub network vendors thiab cov khoom siv.
~ Kev Txhawb Nqa IPv6IPFIX txhawb nqa IPv6, ua rau nws tsim nyog rau kev saib xyuas thiab tshuaj xyuas cov tsheb khiav hauv IPv6 tes hauj lwm.
~Kev Ruaj Ntseg Zoo DuaIPFIX muaj cov yam ntxwv kev ruaj ntseg xws li Transport Layer Security (TLS) encryption thiab kev kuaj xyuas kev ncaj ncees ntawm cov lus los tiv thaiv kev ceev ntiag tug thiab kev ncaj ncees ntawm cov ntaub ntawv ntws thaum lub sijhawm xa tawm.
IPFIX tau txais kev txhawb nqa dav los ntawm ntau tus neeg muag khoom siv network, ua rau nws yog tus neeg muag khoom nruab nrab thiab siv dav rau kev saib xyuas kev ntws ntawm network.
Yog li, qhov txawv ntawm NetFlow thiab IPFIX yog dab tsi?
Cov lus teb yooj yim yog tias NetFlow yog Cisco proprietary protocol uas tau qhia txog xyoo 1996 thiab IPFIX yog nws tus kwv tij uas tau pom zoo los ntawm lub cev.
Ob qho tib si protocols ua haujlwm tib lub hom phiaj: pab cov engineers network thiab cov thawj coj kom sau thiab tshuaj xyuas cov kev khiav tsheb IP theem network. Cisco tsim NetFlow kom nws cov switches thiab routers tuaj yeem tso tawm cov ntaub ntawv muaj nqis no. Vim muaj kev tswj hwm ntawm Cisco iav, NetFlow sai sai los ua tus qauv de-facto rau kev tshuaj xyuas kev khiav tsheb network. Txawm li cas los xij, cov neeg sib tw hauv kev lag luam tau pom tias kev siv cov protocol protocol uas tswj hwm los ntawm nws tus neeg sib tw tseem ceeb tsis yog lub tswv yim zoo thiab yog li ntawd IETF tau coj kev siv zog los ua tus qauv qhib protocol rau kev tshuaj xyuas kev khiav tsheb, uas yog IPFIX.
IPFIX yog raws li NetFlow version 9 thiab thawj zaug tau qhia txog xyoo 2005 tab sis siv sijhawm ntau xyoo los ua kom tau txais kev siv los ntawm kev lag luam. Lub sijhawm no, ob txoj cai no zoo ib yam thiab txawm hais tias lo lus NetFlow tseem muaj ntau dua, feem ntau ntawm cov kev siv (txawm tias tsis yog txhua yam) sib xws nrog tus qauv IPFIX.
Nov yog ib daim ntawv qhia txog qhov sib txawv ntawm NetFlow thiab IPFIX:
| Aspect | NetFlow | IPFIX |
|---|---|---|
| Keeb kwm | Cov thev naus laus zis tshwj xeeb uas Cisco tsim tawm | Cov txheej txheem kev lag luam raws li NetFlow Version 9 |
| Kev Tsim Qauv | Cisco-specific technology | Tus qauv qhib uas IETF txhais hauv RFC 7011 |
| Kev ywj pheej | Cov qauv hloov zuj zus nrog cov yam ntxwv tshwj xeeb | Kev ywj pheej ntau dua thiab kev sib koom tes ntawm cov neeg muag khoom |
| Hom Ntawv | Cov pob khoom loj ruaj khov | Txoj kev siv template rau cov ntaub ntawv teev cia uas hloov tau raws li qhov xav tau |
| Kev Txhawb Nqa Qauv | Tsis txhawb nqa | Cov qauv dynamic rau kev suav nrog thaj chaw yooj ywm |
| Kev Txhawb Nqa Tus Muag Khoom | Feem ntau yog Cisco cov khoom siv | Kev txhawb nqa dav dav thoob plaws cov neeg muag khoom sib txuas lus |
| Kev nthuav dav | Kev hloov kho tshwj xeeb | Kev suav nrog cov teb kev cai thiab cov ntaub ntawv tshwj xeeb rau daim ntawv thov |
| Cov Kev Sib Txawv ntawm Cov Txheej Txheem | Cov kev hloov pauv tshwj xeeb ntawm Cisco | Kev txhawb nqa IPv6 haiv neeg, cov kev xaiv sau cov ntaub ntawv ntws zoo dua |
| Cov Nta Kev Ruaj Ntseg | Cov yam ntxwv kev ruaj ntseg txwv | Kev ruaj ntseg ntawm Transport Layer (TLS) encryption, kev ncaj ncees ntawm cov lus |
Kev Saib Xyuas Kev Ntws Hauv Networkyog kev sau, kev tshuaj xyuas, thiab kev saib xyuas cov tsheb khiav hla ib lub network lossis ntu network. Lub hom phiaj yuav txawv ntawm kev daws teeb meem kev sib txuas mus rau kev npaj kev faib bandwidth yav tom ntej. Kev saib xyuas kev ntws thiab kev kuaj pob ntawv tuaj yeem pab tau hauv kev txheeb xyuas thiab kho cov teeb meem kev ruaj ntseg.
Kev saib xyuas kev ntws muab rau cov pab pawg sib tham txog seb lub network ua haujlwm li cas, muab kev nkag siab txog kev siv tag nrho, kev siv daim ntawv thov, tej zaum yuav muaj teeb meem, qhov tsis zoo uas yuav ua rau muaj kev hem thawj rau kev ruaj ntseg, thiab ntau ntxiv. Muaj ntau tus qauv sib txawv thiab hom ntawv siv hauv kev saib xyuas kev ntws hauv network, suav nrog NetFlow, sFlow, thiab Internet Protocol Flow Information Export (IPFIX). Txhua tus ua haujlwm sib txawv me ntsis, tab sis txhua tus txawv ntawm kev sib piv ntawm qhov chaw nres nkoj thiab kev tshuaj xyuas pob tob tob uas lawv tsis ntes cov ntsiab lus ntawm txhua pob ntawv hla lub chaw nres nkoj lossis los ntawm qhov hloov. Txawm li cas los xij, kev saib xyuas kev ntws muab cov ntaub ntawv ntau dua li SNMP, uas feem ntau txwv rau cov ntaub ntawv dav dav xws li kev siv pob ntawv tag nrho thiab bandwidth.
Cov Cuab Yeej Siv Network Flow Piv Txwv
| Feature | NetFlow v5 | NetFlow v9 | sFlow | IPFIX |
| Qhib los yog Tus Tswv Cuab | Tus kheej | Tus kheej | Qhib | Qhib |
| Sampled los yog Flow Based | Feem ntau yog raws li kev ntws; Hom qauv muaj | Feem ntau yog raws li kev ntws; Hom qauv muaj | Qauv kuaj | Feem ntau yog raws li kev ntws; Hom qauv muaj |
| Cov Ntaub Ntawv Tau Txais | Cov ntaub ntawv metadata thiab cov ntaub ntawv suav txheeb cais, suav nrog cov bytes hloov pauv, cov interface counters thiab lwm yam | Cov ntaub ntawv metadata thiab cov ntaub ntawv suav txheeb cais, suav nrog cov bytes hloov pauv, cov interface counters thiab lwm yam | Cov Npe Pob Khoom Tag Nrho, Ib Feem Ntawm Cov Nyiaj Them Rau Pob Khoom | Cov ntaub ntawv metadata thiab cov ntaub ntawv suav txheeb cais, suav nrog cov bytes hloov pauv, cov interface counters thiab lwm yam |
| Kev Saib Xyuas Kev Nkag Mus/Kev Tawm Mus | Tsuas Yog Nkag Mus Xwb | Kev Nkag Mus thiab Kev Tawm Mus | Kev Nkag Mus thiab Kev Tawm Mus | Kev Nkag Mus thiab Kev Tawm Mus |
| Kev Txhawb Nqa IPv6 / VLAN / MPLS | No | Yog | Yog | Yog |
Lub sijhawm tshaj tawm: Lub Peb Hlis-18-2024
