Understanding SPAN, RSPAN and ERSPAN: Techniques for Network Traffic Monitoring

SPAN, RSPAN, le ERSPANke mekhoa e sebelisoang marang-rang ho hapa le ho beha leihlo sephethephethe bakeng sa tlhahlobo. Mona ke kakaretso e khuts'oane ea e 'ngoe le e' ngoe:

SPAN (Switched Port Analyser)

Morero: E sebelisoa ho bonts'a sephethe-phethe ho tloha likoung tse itseng kapa li-VLAN ha u fetohela boema-kepeng bo bong bakeng sa tlhahlobo.

Sebelisa Nyeoe: E loketse tlhahlobo ea sephethephethe sa lehae ka switch e le 'ngoe. Sephethephethe se bonts'oa boema-kepe bo khethiloeng moo mohlahlobi oa marang-rang a ka se nkang.

RSPAN ( SPAN e hole)

Morero: E eketsa bokhoni ba SPAN ho li-switches tse ngata marang-rang.

Sebelisa Case: E lumella ho lekola sephethephethe ho tloha ho switch e 'ngoe ho ea ho e' ngoe holim'a sehokelo sa trunk. E na le thuso bakeng sa maemo ao sesebelisoa sa ho beha leihlo se fumanehang ho switjha e fapaneng.

ERSPAN (Sehole se Kentsoeng SPAN)

Morero: E kopanya RSPAN le GRE (Generic Routing Encapsulation) ho kenyelletsa sephethe-phethe sa seipone.

Sebelisa Nyeoe: E lumella ho beha leihlo sephethephethe ho marang-rang a tsamaisoang. Sena se bohlokoa ho meralo e rarahaneng ea marang-rang moo sephethephethe se hlokang ho ts'oaroa ka likarolo tse fapaneng.

Fetolela koung Analyzer (SPAN)ke mokhoa o sebetsang hantle, o phahameng oa ho lekola sephethephethe. E tsamaisa kapa e bonts'a sephethe-phethe ho tloha boema-kepe ba mohloli kapa VLAN ho ea boema-kepeng boo u eang ho bona. Ka linako tse ling sena se bitsoa tlhahlobo ea nako. SPAN e sebelisetsoa ho rarolla mathata a khokahanyo le ho bala ts'ebeliso ea marang-rang le ts'ebetso, har'a tse ling tse ngata. Ho na le mefuta e meraro ea li-SPAN tse tšehetsoeng lihlahisoa tsa Cisco ...

a. SPAN kapa SPAN ea lehae.

b. SPAN e hole (RSPAN).

c. Remoutured SPAN (ERSPAN).

Ho tseba: "Mylinking™ Network Packet Broker e nang le SPAN, RSPAN le ERSPAN Features"

SPAN / traffic mirroring / port mirroring e sebelisetsoa merero e mengata, ka tlase e kenyelletsa tse ling.

- Ho kenya tšebetsong IDS/IPS ka mokhoa o hlephileng.

- Litharollo tsa ho rekota mehala ea VOIP.

- Mabaka a ho latela ts'ireletso ho beha leihlo le ho sekaseka sephethephethe.

- Ho rarolla mathata a khokahano, ho lekola sephethephethe.

Ho sa tsotelehe mofuta oa SPAN o sebetsang, mohloli oa SPAN e ka ba boema-kepe ba mofuta ofe kapa ofe, ke hore, boema-kepe bo tsamaisoang, boema-kepe ba 'mele, boema-kepe, trunk, VLAN (likou tsohle tse sebetsang li beiloe leihlo ke switch), EtherChannel (ebang ke kou kapa kou eohle. -mahokelo a likanale) joalo-joalo Hlokomela hore boema-kepe bo lokiselitsoeng sebaka sa SPAN HA E TLA ba karolo ea VLAN ea mohloli oa SPAN.

Likopano tsa SPAN li tšehetsa ho lekola sephethephethe sa ingress (ingress SPAN), egress traffic (egress SPAN), kapa sephethephethe se phallang ka mahlakoreng ka bobeli.

- Ingress SPAN (RX) e kopitsa sephethephethe se amoheloang ke boema-kepe ba mohloli le li-VLAN ho ea boema-kepeng boo u eang ho bona. SPAN e kopitsa sephethephethe pele ho phetoho leha e le efe (mohlala pele ho sefe kapa sefe sa VACL kapa ACL, QoS kapa sepolesa se kenang kapa sa egress).

- Egress SPAN (TX) likopi tsa sephethephethe se fetisitsoeng ho tsoa likoung tsa mohloli le li-VLAN ho ea boema-kepeng boo u eang ho bona. Ho sefa kapa ho fetoloa hohle ho nepahetseng ka VACL kapa ACL filter, QoS kapa ingress kapa egress liketso tsa sepolesa li nkuoa pele sephethephethe se fetisetsa sephethephethe ho ea boema-kepeng ba SPAN.

- Ha mantsoe a bohlokoa ka bobeli a sebelisoa, SPAN e kopitsa sephethephethe sa marang-rang se amoheloang le ho fetisoa ke likou tsa mohloli le li-VLAN ho ea boema-kepeng boo u eang ho bona.

- SPAN/RSPAN hangata e hlokomoloha liforeimi tsa CDP, STP BPDU, VTP, DTP le PAgP. Leha ho le joalo mefuta ena ea sephethephethe e ka fetisoa haeba taelo ea replicate ea encapsulation e lokiselitsoe.

SPAN kapa SPAN ea Lehae

SPAN liipone sephethephethe ho tloha segokanyimmediamentsi sa sebolokigolo se le seng kapa ho feta ho switjha ho ya ho sehokelo se le seng kapa ho feta ho switjha e le nngwe; kahoo SPAN hangata e bitsoa LOCAL SPAN.

Litaelo kapa lithibelo ho SPAN ea lehae:

- Boema-kepe ba Layer 2 le boema-kepe ba Layer 3 bo ka hlophisoa e le boema-kepe ba mohloli kapa moo bo eang teng.

- Mohloli e ka ba kou e le 'ngoe kapa ho feta kapa VLAN, empa eseng motsoako oa tsena.

- Li-ports tsa trunk ke likou tse sebetsang tsa mohloli tse kopantsoeng le likou tsa mehloli e seng tsa kutu.

- Ho ka hlophisoa likou tse fihlang ho tse 64 tsa SPAN switch switch.

- Ha re lokisa boema-kepe boo ho eang ho bona, tlhophiso ea eona ea mantlha e hlakotsoe. Haeba tlhophiso ea SPAN e tlositsoe, tlhophiso ea mantlha boema-kepeng boo e tla khutlisoa.

- Ha o lokisa boema-kepe boo u eang ho bona, boema-kepe bo tlosoa ho sephutheloana sefe kapa sefe sa EtherChannel haeba e ne e le karolo ea e 'ngoe. Haeba e ne e le boema-kepe bo tsamaisoang, peakanyo ea sebaka sa SPAN e tlolisa tekiso ea boema-kepe bo tsamaisoang.

- Boema-kepe ha bo tšehetse tšireletso ea boema-kepe, netefatso ea 802.1x, kapa li-VLAN tsa lekunutu.

- Boema-kepe bo ka sebetsa joalo ka boema-kepe bakeng sa karolo e le 'ngoe feela ea SPAN.

- Kou e ke ke ea hlophisoa joalo ka boema-kepe haeba e le sebaka sa mohloli oa nako kapa karolo ea mohloli oa VLAN.

- Li-port channel interfaces (EtherChannel) li ka hlophisoa e le li-ports tsa mohloli empa eseng kou ea SPAN.

- Tataiso ea sephethephethe ke "bobeli" ka mokhoa o ikhethileng bakeng sa mehloli ea SPAN.

- Boema-kepe ha bo ke ke ba nka karolo ketsahalong ea lifate tse menahaneng. Ha e khone ho tšehetsa DTP, CDP joalo-joalo. SPAN ea Lehae e kenyelletsa li-BPDU ho sephethephethe se shebiloeng, kahoo li-BPDU life kapa life tse bonoang boema-kepeng ba moo u eang li kopitsoa ho tsoa boema-kepeng ba mohloli. Kahoo le ka mohla u se ke ua hokela switch ho mofuta ona oa SPAN kaha e ka baka loop ea marang-rang.

- Ha VLAN e hlophisitsoe joalo ka mohloli oa SPAN (haholo-holo e bitsoa VSPAN) ka likhetho tse peli tsa ingress le egress tse hlophisitsoeng, fetisetsa lipakete tse kopitsoang ho tsoa boema-kepeng ba mohloli ha feela lipakete li fetoha VLAN e tšoanang. Kopi e le 'ngoe ea pakete e tsoa ho sephethephethe sa ingress ho port ingress,' me kopi e 'ngoe ea pakete e tsoa ho sephethephethe sa egress ho port egress.

- VSPAN e shebella feela sephethephethe se tlohang kapa se kenang likoung tsa Layer 2 ho VLAN.

SPAN, RSPAN, le ERSPAN ke mekhoa e sebelisoang marang-rang ho hapa le ho beha leihlo sephethephethe bakeng sa tlhahlobo. Mona ke kakaretso e khuts'oane ea e 'ngoe le e' ngoe:

SPAN (Switched Port Analyser)

Morero: E sebelisoa ho bonts'a sephethe-phethe ho tloha likoung tse itseng kapa li-VLAN ha u fetohela boema-kepeng bo bong bakeng sa tlhahlobo.
Sebelisa Taba: E loketse tlhahlobo ea sephethephethe sa lehae ka switch e le 'ngoe. Sephethephethe se bonts'oa boema-kepe bo khethiloeng moo mohlahlobi oa marang-rang a ka se nkang.

RSPAN ( SPAN e hole)

Morero: E eketsa bokhoni ba SPAN ho li-switches tse ngata marang-rang.
Sebelisa Taba: E lumella ho lekola sephethephethe ho tloha ho switch e 'ngoe ho ea ho e 'ngoe holim'a sehokelo sa kutu. E na le thuso bakeng sa maemo ao sesebelisoa sa ho beha leihlo se fumanehang ho switjha e fapaneng.

ERSPAN (Sehole se Kentsoeng SPAN)

Morero: E kopanya RSPAN le GRE (Generic Routing Encapsulation) ho kenyelletsa sephethe-phethe sa seipone.
Sebelisa Taba: E lumella ho beha leihlo sephethephethe ho pholletsa le marang-rang a tsamaisoang. Sena se bohlokoa ho meralo e rarahaneng ea marang-rang moo sephethephethe se hlokang ho ts'oaroa ka likarolo tse fapaneng.

SPAN e hole (RSPAN)

Remote SPAN (RSPAN) e ts'oana le SPAN, empa e ts'ehetsa likou tsa mohloli, li-VLAN tsa mohloli, le likou tsa libaka ho li-switch tse fapaneng, tse fanang ka sephethephethe sa ho lekola hole ho tsoa likoung tsa mohloli tse ajoang ka li-switches tse ngata mme se lumella sebaka seo u eang ho sona ho kenya lisebelisoa tsa ho hapa marang-rang. Seboka se seng le se seng sa RSPAN se tsamaisa sephethephethe sa SPAN holim'a RSPAN VLAN e khethiloeng ke mosebedisi ho li-switches tsohle tse nkang karolo. Ka mor'a moo, VLAN ena e tšeloa li-switch tse ling, e leng se lumellang hore sephethephethe sa nako ea RSPAN se tsamaisoe ka li-switches tse ngata ebe se isoa seteisheneng sa ho hapa. RSPAN e na le karolo ea mohloli oa RSPAN, RSPAN VLAN, le sebaka sa RSPAN.

Litaelo kapa lithibelo ho RSPAN:

- VLAN e ikhethileng e tlameha ho hlophisoa bakeng sa sebaka sa SPAN se tla tšela li-switches tse mahareng ka lihokelo tsa trunk tse lebisang boema-kepe.

- E ka theha mofuta o tšoanang oa mohloli - bonyane boema-kepe bo le bong kapa bonyane VLAN e le 'ngoe empa e ke ke ea ba motsoako.

- Sebaka sa kopano ke RSPAN VLAN ho fapana le kou e le 'ngoe, kahoo likou tsohle tsa RSPAN VLAN li tla fumana sephethephethe se bonts'itsoeng.

- Lokisa VLAN efe kapa efe e le RSPAN VLAN ha feela lisebelisoa tsohle tsa marang-rang tse nkang karolo li tšehetsa tlhophiso ea li-VLAN tsa RSPAN, 'me u sebelise RSPAN VLAN e tšoanang bakeng sa nako e' ngoe le e 'ngoe ea RSPAN.

- VTP e ka phatlalatsa tlhophiso ea li-VLAN tse baloang 1 ho isa ho 1024 joalo ka li-VLAN tsa RSPAN, e tlameha ho lokisa ka letsoho li-VLAN tse baloang ho feta 1024 joalo ka li-VLAN tsa RSPAN ho lisebelisoa tsohle tsa marang-rang, tsa mahareng le tsa moo li eang teng.

- Ho ithuta ka aterese ea MAC ho koetsoe ho RSPAN VLAN.

Remoutured SPAN (ERSPAN)

Encapsulated remote SPAN (ERSPAN) e tlisa generic routing encapsulation (GRE) bakeng sa sephethephethe sohle se hapiloeng 'me e lumella hore e atolosoe libakeng tsohle tsa Layer 3.

ERSPAN keCisco mong'a ntloe fumaneha feela ho li-platform tsa Catalyst 6500, 7600, Nexus, le ASR 1000 ho fihlela joale. ASR 1000 e tšehetsa mohloli oa ERSPAN (ho beha leihlo) feela ho Fast Ethernet, Gigabit Ethernet, le li-interfaces tsa port-channel.

Litaelo kapa lithibelo ho ERSPAN:

- Mehloli ea ERSPAN ha e kopitse sephethephethe sa ERSPAN GRE-encapsulated ho tsoa likoung tsa mohloli. Seboka se seng le se seng sa mohloli oa ERSPAN se ka ba le likou kapa li-VLAN joalo ka mehloli, empa eseng ka bobeli.

- Ho sa tsotelehe boholo bo hlophisitsoeng ba MTU, ERSPAN e theha lipakete tsa Layer 3 tse ka bang bolelele ba li-byte tse 9,202. Sephethephethe sa ERSPAN se ka fokotsoa ke sehokelo sefe kapa sefe sa marang-rang se qobellang boholo ba MTU bo ka tlase ho li-byte tse 9,202.

- ERSPAN ha e tšehetse ho arohana ha liphutheloana. "Do not fragment" bit e behiloe hloohong ea IP ea lipakete tsa ERSPAN. Linako tsa ERSPAN ha li khone ho kopanya liphutheloana tse arohaneng tsa ERSPAN.

- ID ea ERSPAN e khetholla sephethephethe sa ERSPAN se fihlang atereseng e le 'ngoe ea IP ho tsoa mehloling e fapaneng e fapaneng ea ERSPAN; ID ea ERSPAN e hlophisitsoeng e tlameha ho lumellana le lisebelisoa tsa mohloli le moo e eang teng.

- Bakeng sa boema-kepe ba mohloli kapa mohloli oa VLAN, ERSPAN e ka lekola ho kena, ho tsoa, kapa ho kena le ho tsoa ha sephethephethe. Ka linako tsohle, ERSPAN e beha leihlo sephethephethe kaofela, ho kenyeletsoa liforeimi tsa Multicast le Bridge Protocol Data Unit (BPDU).

- Khokahano ea kotopo e tšehelitsoeng e le likou tsa mohloli bakeng sa karolo ea mohloli oa ERSPAN ke GRE, IPinIP, SVTI, IPv6, IPv6 over IP tunnel, Multipoint GRE (mGRE) le Secure Virtual Tunnel Interfaces (SVTI).

- Khetho ea filthara ea VLAN ha e sebetse nakong ea tlhahlobo ea ERSPAN ho li-interface tsa WAN.

- ERSPAN ho Cisco ASR 1000 Series Routers e tšehetsa feela Layer 3 interfaces. Mahokelo a Ethernet ha a tšehetsoe ho ERSPAN ha a hlophisoa e le likhokahano tsa Layer 2.

- Ha lenaneo le hlophisitsoe ka ERSPAN tlhophiso ea CLI, ID ea seboka le mofuta oa seboka li ke ke tsa fetoloa. Ho li fetola, o tlameha ho qala ka ho sebelisa mofuta oa taelo ea tlhophiso ho tlosa seboka ebe o hlophisa seboka hape.

- Cisco IOS XE Release 3.4S :- Tlhokomelo ea lipakete tsa kotopo tse sa sirelelitsoeng tsa IPsec e tšehetsoa ho IPv6 le IPv6 over IP tunnel interfaces feela ho mananeo a mohloli oa ERSPAN, eseng ho li-session tsa sebaka sa ERSPAN.

- Cisco IOS XE Release 3.5S, tšehetso e ile ea eketsoa bakeng sa mefuta e latelang ea likhokahano tsa WAN e le likou tsa mohloli bakeng sa seboka sa mohloli: Serial (T1/E1, T3/E3, DS0) , Pakete holim'a SONET (POS) (OC3, OC12) le Multilink PPP (li-multilink, pos, le mantsoe a bohlokoa a serial a kenyelelitsoe ho taelo ea sebopeho sa mohloli).

Ho sebelisa ERSPAN joalo ka SPAN ea Lehae:

Ho sebelisa ERSPAN ho lekola sephethephethe ka koung e le 'ngoe kapa ho feta kapa VLAN ka sesebelisoa se le seng, re tlameha ho theha mohloli oa ERSPAN le linako tsa sebaka sa ERSPAN ka sesebelisoa se le seng, phallo ea data e etsahala ka har'a router, e ts'oanang le ea SPAN ea lehae.

Lintlha tse latelang lia sebetsa ha u sebelisa ERSPAN joalo ka SPAN ea lehae:

- Mananeo ka bobeli a na le ID ea ERSPAN e tšoanang.

- Likopano ka bobeli li na le aterese ea IP e tšoanang. Aterese ena ea IP ke aterese ea IP ea li-routers; ke hore, aterese ea IP ea loopback kapa aterese ea IP e hlophisitsoeng boema-kepeng bofe kapa bofe.

(config)# monitor session 10 mofuta oa ersspan-source

(config-mon-ersspan-src)# sebopeho sa mohloli Gig0/0/0

(config-mon-ersspan-src)# sebaka seo u eang ho sona

(config-mon-ersspan-src-dst)# ip aterese 10.10.10.1

(config-mon-ersspan-src-dst)# ea mantlha aterese ea ip 10.10.10.1

(config-mon-ersspan-src-dst)# ersspan-id 100

Nako ea poso: Aug-28-2024

Ho utloisisa SPAN, RSPAN le ERSPAN: Techniques for Network Traffic Monitoring

SPAN (Switched Port Analyser)

RSPAN ( SPAN e hole)

ERSPAN (Sehole se Kentsoeng SPAN)

Ho sebelisa ERSPAN joalo ka SPAN ea Lehae:

Mohala

Mohala

E-mail

E-mail

Skype

Skype

Holimo