½ð²Ê»ã

µã»÷ÏÂÔØ¡¶ÍòÕ×Ô°ÇøÒÔÌ«²Ê¹â×êÑл㱨¡· £¬½âËøÍòÕ×Ô°ÇøÍøÂ罨ÉèÖ¸ÄÏ
Á¢¼´ÏÂÔØ
ÎÞ¸Ð×¼Èë ÈËÎïͳ¹Ü Ø­ RG-SAM+5.X ÐÂÒ»´ú¸ßУAIÈÏ֤ƽ̨°ä²¼
date
Ô¤Ô¼Ö±²¥
½ð²Ê»ã - Ê×Ò³
²úÆ·
< ·µ»ØÖ÷²Ëµ¥
²úÆ·ÖÐÐÄ
²úÆ·
½â¾ö¹æ»®
< ·µ»ØÖ÷²Ëµ¥
½â¾ö¹æ»®ÖÐÐÄ
ÐÐÒµ
ºÏ×÷ͬ°é
·µ»ØÖ÷²Ëµ¥
Ñ¡ÔñÇøÓò/˵»°
½ð²Ê»ã - Ê×Ò³
½ð²Ê»ã - Ê×Ò³ ½ð²Ê»ã - Ê×Ò³

CSS°²Õû¸öϵ¼¼Êõ°×ƤÊé

CSS°²Õû¸öϵÖØÒªÊÇͨ¹ýÓ²¼þ°²È«¼à¿Ø¼¼Êõ¡¢Ó²¼þ°²È«·À»¤¼¼Êõ¡¢·á˶µÄÉ豸°²È«ÖÎÀí±£ÕÏϵͳµÄ°²È«£»Í¨¹ýÌṩÍòÕ×λ°²È«·À»¤Ä£¿é £¬Äܹ»¶ÔÍøÂçÖеÄÊý¾Ý½øÐÐ2-7²ãµÄ°²È«¼à¿Ø·À»¤¡£

  • ½ð²Ê»ã - Ê×Ò³

    °ä²¼¹¦·ò£º2009-09-25

  • ½ð²Ê»ã - Ê×Ò³

    µã»÷Á¿£º

  • ½ð²Ê»ã - Ê×Ò³

    µãÔÞ£º

·ÖÏíÖÁ

½ð²Ê»ã - Ê×Ò³
½ð²Ê»ã - Ê×Ò³
½ð²Ê»ã - Ê×Ò³

ÎÒÏëÆÀÂÛ

    ÍøÂ簲ȫÎÊÌâÒѾ­³ÉΪÐÅÏ¢»¯Éç»áµÄÒ»¸ö½¹µãÎÊÌâ £¬¸üÊÇÐÅÏ¢»¯Ð£Ô°µÄ½¹µãÎÊÌ⡣Ŀǰ԰ÇøÍøÂ簲ȫµÄ·¢Õ¹Ç÷ÏòÊÇ“¶à±øÖÖЭͬ×÷Õ½” £¬Ô°ÇøÍøÂçÖÐËùÓеĻù´¡ÍøÂçÉ豸¹²Í¬È¥Ô¤·À¡¢·¢ÏÖ°²È«ÎÊÌ⡣Ϊ´Ë £¬½ð²Ê»ãÍøÂçÍƳöÁËGSNÈ«¾Ö°²È«ÍøÂç £¬Í¨¹ýÕûºÏϵͳ²ãÃæºÍÍøÂç²ãÃæµÄ°²È«³É·Ö £¬³ÉÁ¢È«¾Ö»¯µÄ°²È«ÍøÂç¡£¶øÉ豸¼¶´ËÍⰲȫ·À»¤ÊÇGSNÈ«¾Ö°²È«ÍøÂçµÄÒ»¸ö³ÁÒª×é³É²¿ÃÅ £¬²¢ÇÒ £¬ºÜ¶àµÄÍøÂç»·¾³²¢Ã»ÓÐÇ°ÌáÈ¥²¿ÊðÆëÈ«µÄÈ«¾Ö»¯°²È«ÍøÂç £¬´ËʱÉ豸¼¶´ËÍⰲȫ·À»¤ÏÔµÃÓÈΪ³ÁÒª¡£Îª´Ë £¬½ð²Ê»ãÍøÂçÍƳöÁËÉ豸¼¶µÄ°²È«·À»¤ÏµÍ³—CSS°²Õû¸öϵ £¬Îª¶ÀÁ¢É豸Ìṩȫ·½Î»µÄ°²È«·À»¤¡£

  

1 CSS°²Õû¸öϵ¸ÅÊö

 

    ºÚ¿Í¶ÔÍÆËã»úÍøÂç×é³ÉµÄÍþв´óÌå¿É·ÖΪÁ½ÖÖ£ºÒ»ÊǶÔÍøÂçÖÐÉ豸µÄÍþв,Õë¶ÔÉ豸ϵͳµÄ·ì϶»ò²»¼°½øÐй¥»÷,µ¼ÖÂϵͳ²»ÄÜÕý³£¹¤×÷ £¬ÉõÖÁ̱»¾¡£¶þÊǶÔÍøÂçÖÐÐÅÏ¢µÄÍþв £¬ÒÔ¸÷À෽ʽÓÐÑ¡ÔñµØ·ÛËé,ÇÔÈ¡ÍøÂçÖеÄÊý¾ÝÐÅÏ¢¡£CSS°²Õû¸öϵÕýÊÇͨ¹ý´Ó“ϵͳ”ºÍ“Êý¾Ý”Á½·½ÃæµÄ°²È«¼¼ÊõÀ´±£»¤ÍøÂçµÄ°²È«¡£

 

    CSS°²Õû¸öϵÖØÒªÊÇͨ¹ýÓ²¼þ°²È«¼à¿Ø¼¼Êõ¡¢Ó²¼þ°²È«·À»¤¼¼Êõ¡¢·á˶µÄÉ豸°²È«ÖÎÀí±£ÕÏϵͳµÄ°²È« £¬Í¨¹ýÓ²¼þµÄËí·¼¼Êõ¡¢ÈÏÖ¤¼¼Êõ¡¢¼ÓÃܼ¼Êõ±£»¤ÁËÍøÂçÉ豸´«ÊäµÄÊý¾ÝµÄ°²È«¡£´Ë±í £¬»¹ÌṩÁËÍòÕ×λµÄ°²È«·À»¤Ä£¿éͬʱ±£»¤ÏµÍ³ºÍÊý¾Ý¡£Í¨¹ýÌṩÍòÕ×λ°²È«·À»¤Ä£¿é £¬Äܹ»¶ÔÍøÂçÖеÄÊý¾Ý½øÐÐ2-7²ãµÄ°²È«¼à¿Ø·À»¤¡£

 

½ð²Ê»ã - Ê×Ò³
 

                                  ͼ1-1

 

    Ó²¼þµÄ°²È«¼à¿Ø¼¼Êõ £¬ÖØÒªÔ̺¬£ºÓ²¼þIPFIX£¨IP Flow Information Export£© £¬Á÷¼à¿ØºÍ×Ô¶¯Á÷ËٶȽÚÔì £¬Ï޶ȷ¸·¨Êý¾ÝÁ÷¡£

 

    Ó²¼þ°²È«·À»¤¼¼Êõ £¬ÖØÒªÓУº·ÀDos¹¥»÷¡¢·ÀɨÃè¡¢·ÀÔ´IPµØÖ·ºýŪ¡¢SPOH¡¢CPP¡¢LPM+HDR¡£

 

    ·á˶µÄÉ豸°²È«ÖÎÀí £¬ÖØÒªÊÇ£ºCPP¡¢SSH¡¢SNMPV3¡¢AAA¡¢ÖÎÀíÔ´IPµØÖ·Ï޶ȡ£
Ó²¼þËí·¡¢ÈÏÖ¤¡¢¼ÓÃÜ£ºMPLS¡¢VPLS¡¢VPWS¡¢Des¡¢SHA¡£

 

    ÍòÕ×λ°²È«·À»¤Ä£¿é£ºÍòÕ×λµÄÈëÇÖ¼ì²â¡¢·À»ðǽ¡¢ÍøÂç·ÖÎöÄ£¿é¡£

 

½ð²Ê»ã - Ê×Ò³
 

                                    Í¼1-2

 

    ÏÂÃæ¶Ô¸÷Àలȫ¼¼Êõ½øÐоßÌåµÄ½éÉÜ

 

2 CSS°²Õû¸öϵÂÛÊö

 

2.1 Ó²¼þµÄ°²È«¼à¿Ø¼¼Êõ

 

    Ó²¼þµÄ°²È«¼à¿Ø¼¼ÊõÖØÒªÔ̺¬£ºÓ²¼þIPFIX£¨IP Flow Information Export£© £¬Á÷¼à¿ØºÍ×Ô¶¯Á÷ËٶȽÚÔì £¬Ï޶ȷ¸·¨Êý¾ÝÁ÷¡£

 

    ½øÐÐÁ÷Á¿¼à¿ØºÍÁ÷Á¿·ÖÎöÊÇÕû¸öÍøÂçºÏÀí»¯µÄ³ÁÒª»·½Ú £¬ËüÄÜÔÚ×î¶ÌµÄ¹¦·òÄÚ·¢ÏÖ°²È«Íþв £¬ÔÚµÚÒ»¹¦·ò½øÐзÖÎö £¬Í¨¹ýÁ÷Á¿·ÖÎöÀ´È·¶¨¹¥»÷ £¬¶øºó·¢³öÔ¤¾¯ £¬¼±¾ç²ÉÈ¡´ëÊ©¡£ÈôºÎÔÚÖ÷ÌâµÄÍøÂçÉ豸Éϼà¿ØÁ÷Á¿¡¢ÏÞ¶ÈÒì³£Á÷Á¿¾Í³ÉÁ¶¯÷È˹Ø×¢µÄ¼¼ÊõÎÊÌâ¡£

 

    Ä¿Ç°ºÃ¶à³§É̶¼Õ¼ÓÐ×Ô¼ºË½ÓеÄÁ÷Á¿¼à¿Ø¼¼Êõ £¬ÏñCiscoÓÐNetflow £¬»ªÎªÓÐNetstream £¬JuniperÓÐJ-flow¡£ÕâЩÁ÷Á¿¼à¿Ø¼¼ÊõÏ໥·ÖÆç £¬±ØÒªºó¶ÜÌṩÏàÓ¦µÄ´¦ÖÃÈí¼þ £¬¼Ó´óÓû§µÄ²¿ÊðÄѶȺÍÊý¾Ý¼¯³ÉÄѶÈ £¬ÕâÖÖÇé¿ö¼«´óµÄ¹ÊÕÏÁËÁ÷Á¿¼à¿Ø¼¼ÊõµÄ·¢Õ¹¡£

 

    IPFIXÊÇ×îеÄÁ÷Á¿¼à¿Ø¼¼Êõ¹ú¼Ê³ß¶È £¬ÔÚIPFIXµÄRFC3917±»ÌáÒéÒÔÀ´ £¬IETFÔÚ×öÁ÷Êä³öµÄ³ß¶È»¯¹¤×÷ £¬ÕâÒ²ÊÇÄ¿Ç°¸÷´ó³§ÉÌ´óÁ¦Íƶ¯µÄÒ»¸ö³ß¶È¡£Í¨¹ýIPFIXÕâÖֳ߶Ȼ¯µÄÁ÷Á¿¼à¿Ø¼¼Êõ £¬¸÷¸ö³§É̵ÄÍøÂçÉ豸Äܹ»Ñ¡È¡Í³Ò»ÖÖÁ÷Á¿¼à¿Ø³ß¶È £¬¼«´ó´¦Ëù±ãÁËÍøÂçÁ÷Á¿µÄ¼à¿ØºÍÏÖʵ²¿Êð¡£

 

    ´«Í³µÄÊý¾ÝÁ÷Á¿¼à¿Ø¼¼ÊõÑ¡È¡ÁËÌض¨µÄÊý¾ÝÊôÐÔÈ¥±êʾһ¸öÊý¾ÝÁ÷¡£ÀýÈç £¬ÓÃÔ´/Ö÷ÕÅIPµØÖ·¡¢Ô´/Ö÷ÕŶ˱êÓï¡¢Èý²ãºÍ̸ÀàÐͱêʾһ¸öÊý¾ÝÁ÷£¨²É¼¯Á÷Á¿µÄʱ³½Ò²Ö»²É¼¯ÏàÓ¦µÄÕ⼸¸öÊôÐÔ£©¡£ÍøÂçÖеÄÊý¾ÝÁ÷Á¿ÓÐן÷Àà¸÷ÑùµÄÊôÐÔ £¬Ö»Êǵ¥Ò»µÄÑ¡È¡Ìض¨µÄÊôÐÔÈ¥±êʾÊý¾ÝÁ÷²¢²»ÄÜÈ«ÃæÆëÈ«µÄ²É¼¯¼à¿ØÁ÷Á¿¡£µ«ÊÇ £¬ÈôÊÇÑ¡È¡¶àÖÖÊôÐÔÈ¥°µÊ¾Ò»¸öÊý¾ÝÁ÷ £¬ÄDzɼ¯µÄÁ÷Á¿½«»á´ó´óÔö³¤ £¬¼«´óµÄÔö³¤ÁËÍøÂçÉ豸¡¢´ø¿íºÍÉϲã·þÎñÆ÷µÄѹÁ¦¡£

 

    IPFIXÑ¡È¡ÁË“Ä£°å”µÄÌåʽ½Ã½ÝµÄ½ç˵һ¸öÊý¾ÝÁ÷¡£ÔÚIPFIXµÄÊý¾Ý½á¹¹ÖÐ £¬ÍøÂçÖÎÀíÔ±Äܹ»ÔÚ“Ä£°å”ÖнýݵĽç˵Ïë²É¼¯µÄÍøÂçÁ÷Á¿µÄÊôÐÔ £¬¶øºóÔÚÊä³öµÄÊý¾ÝÁ÷ÖÐÄܹ»Ô̺¬Òѽç˵µÄ“Ä£°å”ÒÔ¼°Ïà¶ÔӦģ°åµÄÊý¾ÝÁ÷ £¬Í¨¹ýÕâÖÖ·½Ê½ £¬ÍøÂçÖÎÀíÔ±Äܹ»×ÔÓɵÄÔö³¤¸ü¸ÄÓò£¨Ôö³¤»ò¸ü¸ÄÌض¨µÄ²ÎÊý»òºÍ̸£© £¬ÒÔ±ã¸ü·½±ãµØ¼à¿ØIPÁ÷Á¿µÄÐÅÏ¢¡£ÁíÒ»·½Ãæ £¬ÓÉÓÚÊä³öÌåʽӵÓпÉÀ©´óÐÔ £¬Òò¶øÈôÊÇÁ÷Á¿¼à¿ØµÄÒªÇó²úÉúŤת £¬ÍøÂçÖÎÀíÔ±ÃÇÒ²²»ÓÃÉý¼¶ËûÃǵÄ·ÓÉÆ÷Èí¼þ»òÖÎÀí¹¤¾ß¡£

 

    ½ð²Ê»ãÍøÂçÊ®ÍòÕײúÆ·µÄIPFIX¼¼ÊõÊÇͨ¹ýÔÚÿ¸öÏß¿¨¶ÔÊý¾ÝÁ÷Á¿½øÐвɼ¯ £¬¹ýÂË £¬¶øºó°Ñ²É¼¯µ½µÄÊý¾Ý·¢Ë͵½»¥»»»úµÄ¶àÒµÎñ¿¨ÉϽøÐгõ²½·ÖÎöͳ¼Æ £¬×îºó·¢Ë͵½Éϲã·þÎñÆ÷½øÐÐÊý¾ÝÍøÂçͳ¼Æ £¬ÏÔʾ³öͼÐλ¯µÄÁ˾Ö¡£Í¨¹ýÏß¿¨ÍøÂç²É¼¯Êý¾Ý £¬ÓÉÒµÎñ¿¨½øÐгõ²½·ÖÎö £¬×îºóÓÉÉϲã·þÎñÆ÷ÍøÂçͳ¼ÆÊý¾Ý¡¢ÏÔʾÁ˾Ö £¬ÕæÕýʵÏÖÁËÉ¢²¼Ê½µÄÁ÷Á¿¼à¿Ø¼¼Êõ¡£

 

    ʹÓÃIPFIX¼¼Êõ £¬Í¨¹ý¶ÔÍøÂç¹Ç¸ÉÁ´Â·µÄÁ÷Á¿¼à¿Ø £¬ÓÉ»¥»»»ú½«²É¼¯µÄÊý¾Ý·¢Ë͵½Éϲã·þÎñÆ÷ £¬Æ¾¾Ý²É¼¯µÄÊý¾Ý½øÐÐģʽƥÅä¡¢»ùÏß·ÖÎöµÈ £¬Äܹ»½øÐÐDoS/DDoS¹¥»÷ºÍÈä³æµÈ²¡¶¾¼ì²â £¬Í¬Ê±½áºÏ¼Í¼µÄÔ´Êý¾Ý°üÓйØÌص㼱¾ç¶¨Î»ÍøÂçÖеÄÒì³£ÐÐΪ¡£

 

2.2 Ó²¼þ°²È«·À»¤¼¼Êõ

 

    Ó²¼þµÄ°²È«·À»¤¼¼Êõ £¬ÖØÒªÔ̺¬£º·ÀDos¹¥»÷¡¢·ÀɨÃè¡¢·ÀÔ´IPµØÖ·ºýŪ¡¢SPOH¡¢CPP¡¢LPM+HDR

 

    Ëæ×ÅÍøÂçµÄ·¢Õ¹ £¬Ä¿Ç°Õë¶ÔÍøÂçÖеĺÍ̸ÒÔ¼°ÏµÍ³·ì϶µÄ¹¥»÷¼¿Á©¡¢»¨Ç»Ò²Ô½À´Ô½¶à £¬½ð²Ê»ãÍøÂçµÄÊ®ÍòÕײúƷͨ¹ýѡȡרÃÅÕë¶Ô¹¥»÷¼¿Á©Éè¼ÆµÄASICоƬÕë¶ÔÍøÂçÖеĸ÷À๥»÷½øÐа²È«µÄ·À»¤ £¬±£ÕÏÔÚ´¦Öð²È«ÎÊÌâµÄͬʱÒÀÈ»²»Ó°ÏìÍøÂçÕý³£Êý¾ÝµÄת·¢¡£

 

    ½ð²Ê»ãÊ®ÍòÕײúÆ·Äܹ»ÊµÏÖ¶ÔDoS¹¥»÷¡¢É¨Ãè¡¢Ô´IPµØÖ·ºýŪµÈ¹¥»÷¼¿Á©µÄ·À»¤ £¬Í¨¹ýCPP£¨Control Plane Policy£©¼¼Êõ £¬Í¨¹ýÓ²¼þ·½Ê½¶Ô·¢ÍùCPUµÄ¸÷ÀàÊý¾Ý½øÐнÚÔì £¬±£ÕÏÁËCPUµÄ°²È«²»±äµÄÔËÐС£´Ë±í»¹¼Ì³ÐÁËÔ­À´ÍòÕײúÆ·µÄSPOH¼¼Êõ¡¢LPM+HDR¼¼Êõ¡£

 

    SPOH¼´»ùÓÚÓ²¼þµÄͬ²½Ê½´¦Öü¼Êõ £¬ÔÚÏß¿¨µÄÿ¸ö¶Ë¿ÚÉÏÀûÓÃFFPÓ²¼þ½øÐа²È«·À»¤ºÍÖÇÄܱ£ÏÕ £¬¸÷¶Ë¿ÚÄܹ»Í¬²½µØ¡¢²»Ó°ÏìÕû»ú»úÄܵؽøÐÐÓ²¼þ´¦Öá£×ƥÅ䣨LPM£©¼¼Êõ½â¾öÁË“Á÷¾«È·Æ¥Å䔵ı׶Ë £¬Ö§³ÖÒ»¸öÍø¶ÎʹÓÃÒ»¸öÓ²¼þת°ä·¢Ïî £¬¶Å¾øÁ˹¥»÷ºÍ²¡¶¾¶ÔÓ²¼þ´æ´¢¿Õ¼äµÄ·çÏÕ¡£HDRÅ×ÆúÁË´«Í³·½Ê½CPU²Î¼Ó“Ò»´Î·ÓÉ”µÄЧÄÜÓ°Ïì £¬ÔÚ·ÓÉת·¢Ç°ÐγÉ·ÓɱíÏî £¬Ô¤·ÀÁ˹¥»÷ºÍ²¡¶¾¶ÔCPUÀûÓÃÂʵķçÏÕ¡£LPM+HDR¼¼ÊõµÄ½áºÏ²»½ö¼«´óµØÌáÉýÁË·ÓÉЧÄÜ £¬²¢ÇÒ±£ÏÕÉ豸ÔÚ²¡¶¾ºÍ¹¥»÷»·¾³ÏµIJ»±äÔËÐС£

 

2.2.1 ·ÀDoS¹¥»÷

 

    ÖØÒªÄܹ»·À»¤Land¹¥»÷¡¢·À·¸·¨TCP±¨ÎĹ¥»÷¡¢·ÀÔ´IPµØÖ·ºýŪ¡£

 

Land¹¥»÷

 

    Land¹¥»÷ÖØÒªÊǹ¥»÷Õß½«Ò»¸öSYN°üµÄÔ´µØÖ·ºÍÖ÷ÕŵØÖ·¶¼ÉèÖÃΪָ±êÖ÷»úµÄµØÖ· £¬Ô´ºÍÖ÷ÕŶ˱êÓïÉèÖÃΪһÑùÖµ £¬Ôì³É±»¹¥»÷Ö÷»úÒòÊÔͼÓë×Ô¼º³ÉÁ¢TCPÏνӶøÏÝÈëËÀÑ­»· £¬ÉõÖÁϵͳ±ÀÀ£¡£½ð²Ê»ãÍøÂçÊ®ÍòÕײúƷͨ¹ýÅ×ÆúÔ´ºÍÖ÷ÕÅIPÒ»ÑùµÄIPv4/IPv6Êý¾Ý°ü¡¢Å×ÆúÔ´ºÍÖ÷ÕÅTCP/UDP¶Ë¿ÚÒ»ÑùµÄIPv4/IPv6Êý¾Ý°üµÄ·½Ê½ÓÐЧµÄÔ¤·ÀÁËLand¹¥»÷

 

·¸·¨TCP±¨ÎĹ¥»÷

 

    ÔÚTCP±¨Îĵı¨Í·ÖÐ £¬Óм¸¸ö±êÖ¾×ֶΣº

 

    1. SYN£ºÏνӳÉÁ¢±êÖ¾ £¬TCP SYN±¨ÎľÍÊÇ°ÑÕâ¸ö±êÖ¾ÉèÖÃΪ1 £¬À´ÒªÇó³ÉÁ¢ÏνÓ£»

 

    2. ACK£º»ØÓ¦±êÖ¾ £¬ÔÚÒ»¸öTCPÏνÓÖÐ £¬³ýÁ˵ÚÒ»¸ö±¨ÎÄ£¨TCP SYN£©±í £¬ËùÓб¨ÎĶ¼ÉèÖøÃ×ֶΠ£¬×÷Ϊ¶ÔÉÏÒ»¸ö±¨ÎĵÄÏàÓ¦£»

 

    3. FIN£ºÊµÏÖ±êÖ¾ £¬µ±Ò»Ì¨ÍÆËã»ú½Ó¹Üµ½Ò»¸öÉèÖÃÁËFIN±êÖ¾µÄTCP±¨Îĺó £¬»á²ð³ýÕâ¸öTCPÏνÓ£»

 

    4. RST£º¸´Î»±êÖ¾ £¬µ±IPºÍ̸ջ½Ó¹Üµ½Ò»¸öÖ¸±ê¶Ë¿Ú²»´æÔÚµÄTCP±¨ÎĵÄʱ³½ £¬»á»ØÓ¦Ò»¸öRST±êÖ¾ÉèÖõı¨ÎÄ£»

 

    5. PSH£ºÍ¨ÖªºÍ̸ջ¾¡¿ì°ÑTCPÊý¾ÝÌá½»¸øÉϲ㷨ʽ´¦Öá£

 

    ºÜ¶à¹¥»÷Êý¾Ýͨ¹ý·¸·¨ÉèÖñêÖ¾×Ö¶ÎÒÔÖÁÖ÷»ú´¦ÖõÄ×ÊÔ´¿÷ËðÉõÖÁϵͳ±ÀÀ£ £¬ÀýÈçÒÔϼ¸ÖÖʱʱÉèÖõķ¸·¨TCP±¨ÎÄ¡£

 

SYN±ÈÌغÍFIN±ÈÌØͬʱÉèÖÃ

 

    Õý³£Çé¿öÏ £¬SYN±êÖ¾£¨ÏνÓÒªÇó±êÖ¾£©ºÍFIN±êÖ¾£¨ÏνӲð³ý±êÖ¾£©ÊDz»ÄÜͬʱ³Ê´Ë¿ÌÒ»¸öTCP±¨ÎÄÖеÄ¡£²¢ÇÒRFCҲûÓ뮶¨IPºÍ̸ջÈôºÎ´¦ÖÃÕâÑùµÄ»ûÐα¨ÎÄ £¬Òò¶ø £¬¸÷¸ö²Ù×÷ϵͳµÄºÍ̸ջÔÚÊÕµ½ÕâÑùµÄ±¨ÎĺóµÄ´¦Ö÷½Ê½Ò²·ÖÆç £¬¹¥»÷Õß¾ÍÄܹ»ÀûÓÃÕâ¸öÌصã £¬Í¨¹ý·¢ËÍSYNºÍFINͬʱÉèÖõı¨ÎÄ £¬À´ÅжϲÙ×÷ϵͳµÄÀàÐÍ £¬¶øºóÕë¶Ô¸Ã²Ù×÷ϵͳ £¬½øÇ°½øÒ»²½µÄ¹¥»÷¡£

 

ûÓÐÉèÖÃÈκαêÖ¾µÄTCP±¨ÎĹ¥»÷

 

    Õý³£Çé¿öÏ £¬ÈκÎTCP±¨ÎijÇÊÐÉèÖÃSYN £¬FIN £¬ACK £¬RST £¬PSHÎå¸ö±êÖ¾ÖеÄÖÁÉÙÒ»¸ö±êÖ¾ £¬µÚÒ»¸öTCP±¨ÎÄ£¨TCPÏνÓÒªÇó±¨ÎÄ£©ÉèÖÃSYN±êÖ¾ £¬ºóÐø±¨ÎĶ¼ÉèÖÃACK±êÖ¾¡£ÓеĺÍ̸ջ»ùÓÚÕâÑùµÄÈç¹û £¬Ã»ÓÐÕë¶Ô²»ÉèÖÃÈκαêÖ¾µÄTCP±¨ÎĵĴ¦Öùý³Ì £¬Òò¶ø £¬ÕâÑùµÄºÍ̸ջÈôÊÇÊÕµ½ÁËÕâÑùµÄ±¨ÎÄ £¬¿ÉÄÜ»á±ÀÀ£¡£¹¥»÷ÕßÀûÓÃÁËÕâ¸öÌصã £¬¶ÔÖ¸±êÍÆËã»ú½øÐй¥»÷¡£

 

ÉèÖÃÁËFIN±ê־ȴûÓÐÉèÖÃACK±êÖ¾µÄTCP±¨ÎĹ¥»÷

 

    Õý³£Çé¿öÏ £¬ACK±êÖ¾ÔÚ³ýÁ˵ÚÒ»¸ö±¨ÎÄ£¨SYN±¨ÎÄ£©±í £¬ËùÓеı¨ÎĶ¼ÉèÖà £¬Ô̺¬TCPÏνӲð³ý±¨ÎÄ£¨FIN±êÖ¾ÉèÖõı¨ÎÄ£©¡£µ«ÓеĹ¥»÷ÕßÈ´¿ÉÄÜÏòÖ¸±êÍÆËã»ú·¢ËÍÉèÖÃÁËFIN±ê־ȴûÓÐÉèÖÃACK±êÖ¾µÄTCP±¨ÎÄ £¬ÕâÑù¿ÉÄܵ¼ÖÂÖ¸±êÍÆËã»ú±ÀÀ£¡£

 

    ½ð²Ê»ãÍøÂçÊ®ÍòÕײúÆ·ÔÚ»¥»»»úÖÐÄܹ»ÒÔÓ²¼þµÄ·½Ê½ÊµÏÖÅ×ÆúSYN±ÈÌغÍFIN±ÈÌØͬʱÉèÖõÄTCP±¨ÎÄ¡¢Å×ÆúûÓÐÉèÖÃÈκαêÖ¾µÄTCP±¨ÎÄ¡¢Å×ÆúÉèÖÃÁËFIN±ê־ȴûÓÐÉèÖÃACK±êÖ¾µÄTCP±¨ÎĹ¥»÷´Ó¶ø±£ÕÏ·¸·¨µÄTCP±¨ÎIJ»»á¾­¹ýÖ÷Ì⻥»»»ú´«Êäµ½ÍøÂçµÄÆäËûÇøÓò £¬Í¬ÑùÒ²¿É±£ÕÏÕë¶Ô»¥»»»ú×ÔÉí¹¥»÷µÄ·¸·¨TCP±¨ÎIJ»»áÓ°Ïìµ½»¥»»»ú×ÔÉí¡£

 

·ÀÔ´IPµØÖ·ºýŪ

 

    ´ÓÑϸñÒâ˼ÉÏÀ´Ëµ £¬IPÔ´µØÖ·ºýŪ²¢²»ÊÇÒ»ÖÖÍøÂç¹¥»÷·½Ê½ £¬¶øÊÇÍøÂç¹¥»÷ʱΪÁË´ïµ½ÍøÂç¹¥»÷Ö÷ÕÅÑ¡È¡µÄ¼¼Êõ¼¿Á©¡£

 

    µ±Ö÷ÕÅÖ÷»úÒªÓëÔ´Ö÷»ú½øÐÐͨѶʱ £¬ËüÒԽӹܵ½µÄIP°üµÄIPÍ·ÖÐIPÔ´µØÖ·×÷ΪÆä·¢Ë͵ÄIP°üµÄÖ÷ÕŵØÖ· £¬À´ÓëÔ´Ö÷»ú½øÐÐÊý¾ÝͨѶ¡£IPµÄÕâÖÖÊý¾ÝͨѶ·½Ê½¹ÌÈ»¼«¶Èµ¥Ò»ºÍ¸ßЧ £¬µ«ËüͬʱҲ×é³ÉÁËÒ»¸öIPÍøÉϵݲȫÒþ»¼ £¬Ô´IPµØÖ·ºýŪµÄ¸ù»ùµÀÀí¾ÍÊÇÀûÓÃIP°ü´«ÊäʱµÄ·ì϶ £¬¼´ÔÚIP°üת·¢µÄʱ³½Â·ÓÉÉ豸ͨ³£²»½øÐÐÔ´IPµØÖ·µÄÑéÖ¤ £¬ÔÚÓë¶Ô·½Ö÷»úͨѶµÄʱ³½Î±Ôì²»ÊôÓÚ±¾»úµÄIPµØÖ·½øÐкýŪ¡£

 

    Äܹ»ËµÍøÂçÖдó²¿ÃŹ¥»÷¶¼ÊÇÓÉ´óÎÞÊýµÄ¹¥»÷¶¼Í¨¹ýαÔìÔ´IPµÄ·½Ê½ÆðÍ·ÌáÒé¡£

 

    Ê®ÍòÕײúÆ·Ñ¡È¡ÈýÖÖ·½Ê½ÓÐЧµÄÔ¤·ÀÁËÔ´IPµØÖ·¹¥»÷

 

    ÔÚ»¥»»»úÖÐʵÏÖÁËRFC2827 £¬Íø¹ØÅ×ÆúÔ´IP·Ç±¾Íø¶ÎµÄÊý¾Ý°ü £¬Äܹ»ÓÐЧµØÔ¤·À±¾Íø¶ÎµÄ¹¥»÷ÕßÌáÒéµÄαÔìÔ´IPµØÖ·µÄ¹¥»÷¡£

 

    µØÖ·°ó¶¨ £¬Ô̺¬IP£«MAC£«¶Ë¿ÚµÄ°ó¶¨ºÍIP£«MACµÄ°ó¶¨ £¬Í¨¹ý¶ÔÖ÷»úµÄIPµØÖ·ºÍMACµØÖ·µÄ°ó¶¨ £¬Äܹ»±£ÕÏÔÚ±¾µØÍøÂçÖо­¹ýÖ÷Ì⻥»»»ú´«ÊäµÄÊý¾Ý¶¼ÊǵÄÕýÈ·µÄÖ÷»ú·¢³öµÄ¡£·¸·¨µÄÊý¾Ý½«»áÅ×Æú¡£

 

    802.1x £¬½áºÏÎÒ˾µÄSAMƽ̨Äܹ»ÊµÏÖÓû§Õ˺š¢MACµØÖ·¡¢IPµØÖ·¡¢»¥»»»úIP¡¢»¥»»»ú¶Ë¿ÚµÈ¶àÔªËØÖ®¼äµÄ½Ã½ÝËÁÒâ°ó¶¨ £¬¿ÉÓÐЧ½ÚÔìÓû§µÄ½ÓÈë £¬È·¶¨Óû§µÄΨһÐÔ £¬Èç¸ßУ¡¢µ±¾Ö»ú¹¹¡¢¿í´øÓ×ÇøµÈ £¬±£Õϲ»»áÓз¸·¨Î±ÔìµÄÔ´IPµØÖ·ºýŪµÄÊý¾ÝÁ÷Á¿Í¨¹ý¡£

 

2.2.2 CPP £¬½ÚÔìƽÃæ±£»¤

 

    Ö»¹Üͨ¹ý¼ÓÃÜÈÏÖ¤Äܹ»±£»¤ÍøÂçÖеÄͨѶºÍ̸ £¬µ«ÊÇËü²¢²»ÄÜÆëÈ«µÄÔ¤·À·¸·¨¶ñÒâÓû§¶Ô·ÓÉÒýÇ棨CPU£©ÉÏÌض¨ºÍ̸µÄ¹¥»÷¡£ÀýÈç £¬¹¥»÷ÕßÈÔÄܹ»ÀûÓÃαÔìµÄÊý¾Ý°ü¶Ô×¼¾ßÌåºÍ̸ £¬Ïò·ÓÉÆ÷·¢Æð¹¥»÷¡£Ö»¹ÜÕâЩÊý¾Ý°üÎÞ·¨Í¨¹ý¼øȨ²é³­ £¬µ«Êǹ¥»÷ÈÔÄܹ»¿÷ËðCPUÉϵÄ×ÊÔ´(CPUÑ­»·ºÍͨѶ¶ÓÁÐ) £¬Òò¶øÔÚijÖÖˮƽÉÏ´ïµ½¹¥»÷µÄÖ÷ÕÅ¡£

 

    ½ð²Ê»ãÍøÂçÊ®ÍòÕײúƷͨ¹ýÓ²¼þµÄ·½Ê½¶Ô·¢Íù½ÚÔìƽÃæµÄÊý¾Ý½øÐзÖÀà £¬°Ñ·ÖÆçµÄºÍ̸Êý¾Ý¹éÀൽ·ÖÆçµÄ¶ÓÁжøºó¶Ô·ÖÆçµÄ¶ÓÁнøÐÐÏÞËÙ £¬×¨ÃŶÔ·ÓÉÒýÇæ½øÐб£»¤ £¬·´¶Ô±í½çµÄ DOS ¹¥»÷¡£²¢ÇÒ²¢²»Ó°Ïìת·¢ËÙ¶È £¬ËùÒÔCPP¿ÉÄÜÔÚ²»Ï޶ȻúÄܵÄÇ°ÌáÏ £¬½Ã½ÝÇÒÓÐÁ¦µÄÔ¤·À¹¥»÷ £¬²¢ÇÒ±£ÕÏÁ˼´±ãÓдó¹æÄ£¹¥»÷Êý¾Ý·¢ÍùCPUµÄʱ³½ÒÀÈ»Äܹ»ÔÚ»¥»»»úÄÚ²¿¶ÔÊý¾Ý½øÐзֱæ¶Ô±í¡£

 

CPPÌṩÈýÖÖ±£»¤²½Öè £¬À´±£»¤CPUµÄÀûÓÃÂÊ¡£

 

    1. Äܹ»ÅäÖÃCPU½ÓÊÜÊý¾ÝÁ÷µÄ×Ü´ø¿í £¬´ÓÈ«¾ÖÉϱ£»¤CPU¡£

 

    2. Äܹ»É豸QOS¶ÓÁÐ £¬ÎªÃ¿ÖÖ¶ÓÁÐÉèÖôø¿í¡£

 

    3. ΪÿÖÖÀàÐ͵ı¨ÎÄÉèÖÃ×î´óËٶȡ£

 

¾ßÌåʵÏÖ·½Ê½ÈçÏ£º

 

    1. Õë¶Ô·ÖÆçµÄϵͳ±¨ÎĽøÐзÖÀà¡£CPP¿ÉÕë¶Ôarp¡¢bpdu¡¢dhcp¡¢igmp¡¢rip¡¢ospf¡¢pim¡¢gvrp¡¢vvrpµÄ±¨ÎĽøÐзÖÀà £¬²¢±ðÀëÉèÖ÷ÖÆçµÄ´ø¿í¡£

 

    2. CPU¶Ë¿Ú¹²ÓÐ8¸öÓÅÏȼ¶¶ÓÁÐ(queue) £¬ÄúÄܹ»ÅäÖÃÿÖÖÀàÐ͵ı¨ÎĶÔÓ¦µÄ¶ÓÁÐ £¬Ó²¼þ½«Æ¾¾ÝÄúµÄÅäÖÃ×Ô¶¯µØ½«ÕâÖÖÀàÐ͵ı¨ÎĵÄË͵½Ö¸¶¨¶ÓÁÐ £¬²¢¿É±ðÀëÉèÖöÓÁеÄ×î´óËٶȡ£
¶ÓÁеĵ÷¶ÈÄܹ»Ñ¡È¡µÄËã·¨ÓÐSP £¬SP+WRR £¬WRR £¬DRR £¬SP+DRRµÈ¡£

 

    3. Äܹ»ÅäÖÃCPU¶Ë¿ÚµÄ×ܵĴø¿í £¬´ÓÈ«¾ÖÉϱ£»¤CPU¡£

 

    ´Ë±í £¬»¹¼Ì³ÐÁËÔ­ÓÐRG-S6800EϵÁеݲȫ¼¼ÊõÈçSPOH £¬LPM+HDR¡£

 

SPOH

 

    ¼´»ùÓÚÓ²¼þµÄͬ²½Ê½´¦Öü¼Êõ¡£Ô°ÇøÍøµÄÖÐÓÐÎå´óÀàÊý¾Ý´¦ÖÃÐÐΪL2/L3/ACL/QOS/×é²¥ £¬ÆäÖÐL2/L3/×é²¥µÈÖ°ÄÜÌṩµÄÊÇÊý¾ÝÔÚ·ÖÆç¶Ë¿ÚÖ®¼äµÄת·¢´¦Öà £¬Êý¾ÝµÄ´¦ÖÃÓëÓйصĶà¸ö¶Ë¿Ú¶¼ÓйØÁª £¬±ØҪͬʱÔÚ·ÖÆç¶Ë¿ÚÖ®¼äЭµ÷ºÃ³ä·ÖµÄ×ÊÔ´ÄÜÁ¦±£ÕÏÏßËÙµÄת·¢ £¬±ØҪΪÓйض˿ÚÌṩͳһµ÷¶È´¦Öá£ACLºÍQOSµÈÖ°ÄÜÌṩµÄÊÇÕë¶Ôµ¥¶À¶Ë¿ÚµÄÊý¾Ý´¦ÖÃÐÐΪ £¬Êý¾ÝµÄ´¦ÖÃÓëÆäËü¶Ë¿ÚûÓÐÈκθÉϵ¡£

 

    SPOH¼¼ÊõÕë¶ÔACL¡¢QOSµÈÕë¶Ôµ¥¶À¶Ë¿ÚµÄÊý¾Ý´¦ÖÃÐÐΪ £¬Í¨¹ýΪASICоƬ¸÷¶Ë¿ÚÔö³¤Äܹ»¶ÀÁ¢Ó²¼þ´¦ÖÃACL/QOSÖ°ÄܵÄFFPÄ£¿é£¨fast filter processor£© £¬¸÷¶Ë¿Ú¾ÍÄܹ»Í¬²½µØ½øÐÐÕâЩְÄܵÄÓ²¼þ´¦Öá£

 

    SPOHÉè¼Æ±£ÕÏÁËÔÚ²¡¶¾»·¾³ºÍ¸´ÔÓ´óÊý¾ÝÁ¿»·¾³Ï £¬¼´±ãÆôÓÃÁË´óÁ¿µÄACLºÍQOSÖ°ÄÜ £¬

 

    CPU²û·¢ºã¶¨ £¬²¢ÇÒ²»»áÓ°ÏìÕû»ú´¦ÖûúÄÜ £¬´ó´óÌáÉýÁ˲úÆ·µÄ°²È«·À»¤ÄÜÁ¦¡£

 

LPM+HDR

 

    ×ƥÅ䣨LPM£©Èý²ã»¥»»¼¼ÊõÄܹ»½â¾ö´«Í³·½Ê½“ÂŴλ¥»»”µ±Ñ¡È¡“Á÷¾«È·Æ¥Å䔶ø´øÀ´´æ´¢¿Õ¼äѹÁ¦¹ý´óµÄÎÊÌâ¡£×ƥÅ䣨LPM£©¼¼ÊõÖ§³Ö¾²Ì¬Â·ÓÉ¡¢¶¯Ì¬½ø½¨µ½µÄ·Óɶ¼Ö±½ÓÒÔÍø¶Î´ó¾Ö´æ´¢ÓÚÓ²¼þת°ä·¢ £¬Ò»¸öÖ÷ÕÅÍø¶ÎʹÓÃÒ»¸öת°ä·¢Ïî £¬¶øÖ±Á¬Íø¶Î½öÌìÉú±íÏîÄÚÈÝΪ“Ö÷ÕÅIPµØÖ·”µÄÖ÷»úת°ä·¢ £¬¶ÔÓÚÆäËü²»Ã÷Ö÷ÕÅÍø¶ÎIPµØÖ·µÄÊý¾Ý°üÖ±½Óͨ¹ýÓ²¼þȱʡ·ÓÉת·¢¡£Òò¶ø £¬LPM¼¼ÊõµÄÀûÒæÊǼ«´óµØ½ÚÔ¼´æ´¢¿Õ¼ä £¬²¡¶¾ºÍ¹¥»÷Êý¾ÝÄܹ»Í¨¹ýÓ²¼þÍø¶Î·ÓÉ»òȱʡ·ÓɽøÐÐת·¢ £¬²»Ôö³¤¶î±íµÄÓ²¼þ±íÏî £¬Ô¤·ÀÁË´æ´¢Òç³öÎÊÌâ £¬±£ÏÕÉ豸µÄÕý³£ÔËÐС£

 

    ÔÚLPM¼¼ÊõÖÐÒÀÈ»±£ÁôÁËCPU²Î¼ÓÒ»´Î·ÓɵıØÒª £¬¹ÌȻÿ¸öÍø¶ÎÖ»ÓÐÒ»´ÎCPU²Î¼ÓµÄ±ØÒª £¬µ«ÊÇÔÚÈý²ãÉ豸ռÓÐÖ±Á¬Íø¶Î £¬Ö÷»úת°ä·¢ÊýÁ¿±ÈÁ¦¶àµÄÇé¿öÏ £¬CPUµÄµÚÒ»´Î²Î¼ÓÒÀÈ»»á¶ÔÈý²ãת·¢µÄ´¦ÖÃЧÄܲúÉúһЩӰÏì £¬HDR¼¼ÊõÄܹ»½øÒ»²½ÓÅ»¯LPM¼¼ÊõµÄ´¦ÖÃЧÄÜ £¬Ö÷»úÖ±½Ó·ÓÉ£¨HDR£ºHost direct Route£©ÓÃÓÚ½â¾öCPU²Î¼Ó“Ò»´Î·ÓÉ”µÄ²»¼°¡£Ö÷»úÖ±½Ó·ÓÉ£¨HDR£©Ö§³ÖÈý²ãÉ豸ÔÚ×ƥÅäÓ²¼þת·¢ÖеÄÏÂÒ»Ìø½ÚµãºÍÊý¾Ýת·¢³ö¿ÚÔËÐÐARPºÍ̸ʱ°Ñ¶ÔÓ¦µÄMACµØÖ·Ö±½ÓÏÂÔص½Ó²¼þת°ä·¢¡£Òò¶ø £¬Ã»ÓÐÁ˵ÚÒ»´ÎCPU²Î¼Ó·ÓɵÄЧÄÜÓ°Ïì £¬ÍøÂçÖеÄËùÓÐÖ÷»ú£¨Host£©¶¼Äܹ»Í¨¹ý×ƥÅäÓ²¼þת°ä·¢½øÐÐÖ±½ÓµÄÈý²ãת·¢¡£

 

    LPM+HDRÈý²ã»¥»»¼¼Êõ²»±ØÒªCPU²Î¼Ó¡¢½ÚÔ¼ÁË»º´æ¿Õ¼ä £¬²»½ö¼«´óµØÌá¸ßÁË·ÓÉЧÄÜ £¬²¢ÇÒÔ¤·ÀÁ˲¡¶¾ºÍ¹¥»÷¶ÔÍøÂçÉ豸×ÔÉíµÄÓ°Ïì £¬Ìá¸ßÉ豸µÄ²»±äÐÔ¡£

 

2.3 ·á˶µÄÉ豸°²È«ÖÎÀí

 

    CPP¼¼Êõ £¬±£ÕÏÔÚ´óÊý¾ÝÁ÷Á¿µÄÍøÂç»·¾³Ï £¬·¢ÍùCPUµÄÊý¾Ý¶¼¾­¹ýºÏÀíµÄµ÷¶È¡¢ÏÞËÙ £¬Ê¹CPUÔÚÖ°ºÎÇé¿ö϶¼²»»á³öÏÖ¹ýÔصÄÇé¿ö £¬¼«´óµØ±£ÏÕÁËÖ÷ÌâÉ豸µÄ²»±äÐÔ¡£

 

    ÌṩSSHv1/v2µÄ¼ÓÃܵǽºÍÖÎÀíÖ°ÄÜ £¬ÔÚÔ¶³ÌµÇ¼É豸µÄʱ³½·¢Ë͵ÄÊý¾Ý¶¼ÊǾ­¹ý»úÃܵÄ £¬Ô¤·ÀÖÎÀíÐÅÏ¢Ã÷ÎÄ´«ÊäÒý·¢µÄDZÔÚÍþв¡£

 

    Telnet/WebµÇ¼µÄÔ´IPÏÞ¶ÈÖ°ÄÜ £¬ÏÞ¶ÈÖ»ÓкϷ¨IPµÄÖÕ¶ËÄÜÁ¦µÇ½ÖÎÀíÉ豸 £¬Ô¤·À·¸·¨ÈËÔ±¶ÔÍøÂçÉ豸µÄÖÎÀí¡£

 

    SNMPV3Ìṩ¼ÓÃܺÍÕç±ðÖ°ÄÜ £¬Äܹ»È·±£Êý¾Ý´ÓºÏ·¨µÄÊý¾ÝÔ´·¢³ö £¬È·±£Êý¾ÝÔÚ´«Êä¹ý³ÌÖв»±»´Û¸Ä £¬²¢ÇÒ¼ÓÃܱ¨ÎÄ £¬È·±£Êý¾ÝµÄ»úÃÜÐÔ¡£

 

2.4 Ó²¼þËí·¡¢ÈÏÖ¤¡¢¼ÓÃÜ

 

    Êý¾ÝµÄ°²È«¼¼Êõ £¬ÖØÒªÔ̺¬Ëí·¼¼Êõ¡¢ÈÏÖ¤¼¼Êõ¡¢¼ÓÃܼ¼Êõ¡£Ëí·¼¼ÊõÖØÒªÔ̺¬MPLS¡¢VPLS¡¢VPWS £¬ÈÏÖ¤¼¼ÊõÖØÒªÔ̺¬MD5¼ÓÃÜËã·¨ £¬¼ÓÃܼ¼ÊõÖØÒªÓÐDes¡¢3Des¡¢SHAµÈ¼ÓÃܼ¼Êõ

 

2.4.1 Ëí·¼¼Êõ

 

    Ëí·¼¼Êõ £¬ÓÉÓÚInternetÖÐIPµØÖ·×ÊԴǷȱ £¬ÆóÒµÄÚ²¿ÍøÂçʹÓõĶàΪ˽ÓÐIPµØÖ· £¬´ÓÕâЩµØÖ··¢³öµÄÊý¾Ý°üÊDz»ÄÜͨ¹ýInternet´«ÊäµÄ £¬±ØÐëÑ¡È¡ºÏ·¨IPµØÖ·¡£ÊµÏÖÕâÖÖµØַת»»µÄ·½Ê½ÓжàÖÖ£º¾²Ì¬IPµØַת»»¡¢¶¯Ì¬IPµØַת»»¡¢¶Ë¿Ú´úÌæ¡¢Êý¾Ý°ü·â×°µÈ¡£Òª¿ÉÄÜʹµÃÆóÒµÍøÄÚÒ»¸ö¾ÖÓòÍøµÄÊý¾ÝͨÃ÷µØ´©¹ý¹«ÓÃÍø´ïµ½ÁíÒ»¸ö¾ÖÓòÍø £¬Ð鹹רÓÃÍøÑ¡È¡ÁËÒ»ÖÖ³ÆΪËí·µÄ¼¼Êõ¡£Ëí·¼¼ÊõµÄ¸ù»ù¹ý³ÌÊÇÔÚÔ´¾ÖÓòÍøÓ빫ÓÃÍøµÄ½Ó¿Ú´¦½«¾ÖÓòÍø·¢Ë͵ÄÊý¾Ý£¨¿ÉËùÒÔISOÆß²ãÄ£ÐÍÖеÄÊý¾ÝÁ´Â·²ã»òÍøÂç²ãÊý¾Ý£©×÷Ϊ¸ºÔØ·â×°ÔÚÒ»ÖÖÄܹ»ÔÚ¹«ÓÃÍøÉÏ´«ÊäµÄÊý¾ÝÌåʽÖÐ £¬ÔÚÖ÷ÕžÖÓòÍøÓ빫ÓÃÍøµÄ½Ó¿Ú´¦½«¹«ÓÃÍøµÄÊý¾Ý½â·â×°ºó £¬È¡³ö¸ºÔؼ´Ô´¾ÖÓòÍø·¢Ë͵ÄÊý¾ÝÔÚÖ÷ÕžÖÓòÍø´«Êä¡£ÓÉÓÚ·â×°Óë½â·â×°Ö»ÔÚÁ½¸ö½Ó¿Ú´¦ÓÉÉ豸ÒÀÕÕËí·ºÍ̸ÅäÖýøÐÐ £¬¾ÖÓòÍøÖеÄÆäËûÉ豸½«²»»á·¢¾õµ½ÕâÒ»¹ý³Ì¡£±»·â×°µÄÊý¾Ý°üÔÚËí·µÄÁ½¸ö¶ËµãÖ®¼äͨ¹ý¹«¹²»¥ÁªÍøÂç½øÐзÓÉ¡£±»·â×°µÄÊý¾Ý°üÔÚ¹«¹²»¥ÁªÍøÂçÉÏ´«µÝʱËù¾­¹ýµÄÂß¼­õ辶³ÆΪËí·¡£

 

    Ëí·¼¼ÊõÄ¿Ç°ÖØÒªÀûÓÃÔÚVPN£¨Virtual Private Network£©Ð鹹רÍøÖÐ £¬ÖØÒªÊÇÒÔMPLSµÄ·½Ê½ÊµÏÖ¡£ÓÃMPLSºÍ̸ʵÏÖVPNµÄ·½Ê½ £¬ÓÖ¿É·ÖΪLayer2 MPLS VPNºÍLayer3 MPLS VPN ¡£

 

Èý²ãVPN

 

    Layer3 MPLS VPN¼´BGP/MPLS VPNs £¬Ê¹ÓÃÀàËÆ´«Í³Â·Óɵķ½Ê½½øÐÐIP·Ö×éµÄת·¢¡£ÔÚ·ÓÉÆ÷½Ó¹Üµ½IPÊý¾Ý°üÒÔÀ´ £¬Í¨¹ýÔÚת°ä·¢²éÕÒIPÊý¾Ý°üµÄÖ÷ÕŵØÖ· £¬¶øºóʹÓÃÔ¤ÏȳÉÁ¢µÄLSP½øÐÐIPÊý¾Ý¿çÔËÓªÉ̹ǸÉÍøµÄ´«ËÍ¡£ÔËÓªÉÌÍøÂçͨ¹ýÆä·ÓÉÆ÷£¨Ô̺¬PE£©ºÍ¿Í»§Â·ÓÉÆ÷£¨CE£©¼äµÄRIP¡¢OSPF¡¢BGPµÈ·ÓɺÍ̸ £¬»ñµÃÓû§Õ¾µãµÄ¿É´ïÐÅÏ¢ £¬²¢ÓÃÕâЩÐÅÏ¢À´³ÉÁ¢ÉÏÊöLSP¡£

 

¶þ²ãVPN

 

    Layer2 VPN´óÌå·ÖΪÈýÀà £¬µÚÒ»ÖÖ½Ð×öVPWS(Virtual¡¡Private¡¡Wire¡¡Service) £¬Óõã¶ÔµãÏνӷ½Ê½ÊµÏÖVPNÄÚÿ¸öÕ¾µãÖ®¼äµÄͨѶ¡£ÕâÖÖ·½Ê½¶àÓÃÓÚÔÚʹÓÃATM¡¢FRÏνӵÄÓû§ £¬Óû§ºÍÍøÂçÌṩÉÌÖ®¼äµÄÏνÓά³Ö²»±ã £¬µ«ÒµÎñ¾­·â×°ºóÔÚÍøÂçÌṩÉ̵ÄIP¹Ç¸ÉÍøÉÏ´«Êä¡£ÔÚµÚ¶þÖÖ½Ð×öVPLS£¨Virtual Private LAN Service£© £¬ÔËÓªÉÌÍøÂç·ÂÕæLAN SWITCH»òÇŽÓÆ÷µÄÖ°ÄÜ £¬ÏνÓÓû§ËùÓеÄLAN³ÆΪһ¸öµ¥Ò»µÄÇŽӵÄLAN¡£VPLSºÍVPWSµÄÖØÒª·ÖÆçÔÚÓÚVPWSÖ»Ìṩµãµ½µãÒµÎñ £¬¶øVPLSÌṩµãµ½¶àµãÒµÎñ¡£¼´VPWSÖеÄCEÉ豸ѡÔñijһÌõÐé¹¹Ïß £¬½«Êý¾Ý·¢Ë͵½Ä³Ò»Óû§Õ¾µã£»¶øVPLSÖеÄCEÉ豸ֻÊǵ¥Ò»µÄµ½ËùÓÐÖ÷ÕŵصÄÊý¾Ý·¢Ë͵½Ïνӵ½ÆäµÄPEÉ豸¼´¿É¡£

 

2.4.2 ÈÏÖ¤¼¼Êõ

 

    ÀûÓÃÈÏÖ¤¼¼Êõ £¬Ê¹Êý¾ÝÔÚ´«Êä¹ý³ÌÖÐÈôÊDZ»ºÚ¿Í½Ø»ñ²¢´Û¸ÄÄܹ»ÊµÊ±Ôڽӹܶ˾­¹ýУÑé±»·¢ÏÈ¡£½ð²Ê»ãÊ®ÍòÕײúÆ·ÖØҪʹÓÃMD5Ëã·¨ºÍSHAËã·¨±£ÕÏÊý¾Ý´«ÊäµÄ¿¿µÃסÐÔ¡£

 

    MD5µÄµäÐÍÀûÓÃÊǶÔÒ»¶ÎÐÅÏ¢£¨Message£©£¨ÀýÈç·ÓɺÍ̸µÄÐÅÏ¢µÈ£©²úÉúÐÅÏ¢ÌáÒª£¨Message-Digest£© £¬ÒÔÔ¤·À±»´Û¸Ä¡£ºÃ±È £¬ÔÚ´«Êä·ÓÉÐÅϢʱ £¬ÔÚ·¢³ö±¨ÎÄ֮ǰÓÃMD5Ëã·¨»á¶Ô±¨ÎĽøÐÐÍÆËã £¬ÌìÉúÒ»¶ÎÊðÃû¸½ÔÚ±¨Îĺ󡣽ӹܶËÊÕµ½±¨ÎĺóͬÑùÀûÓÃMD5½øÐÐÍÆËãÌìÉúÒ»¶ÎÊðÃû £¬ÈôÊÇÌìÉúµÄÊðÃûÓëÔ­À´¸½´øµÄÊðÃûÒ»Ñù £¬ÔòÖ¤Ã÷Êý¾ÝÔÚ´«ÊäµÄ¹ý³ÌÖÐûÓб»´Û¸Ä £¬³ÖÐøʹÓÃÔ­À´µÄ±¨ÎÄ¡£ÈôÊÇ·ÖÆçÔòÅú×¢Êý¾ÝÔÚ´«ÊäµÄ¹ý³ÌÖб»Å¤×ª £¬½Ó¹Üµ½µÄÊý¾Ý»á±»Å×Æú¡£ÓÐЧµÄÔ¤·ÀÁËÃýÎóµÄ¡¢¶ñÒâ´Û¸ÄµÄÐÅÏ¢±»½Ó¹Ü¡£

 

    SHAËã·¨ÓëMD5Ëã·¨·ÖÆçµÄÊÇ£ºMD5²úÉú128λÐÂÎÅÌáÒª £¬SHA²úÉúÊÇ160λÐÂÎÅÌáÒª £¬SHAÔ½·¢°²È«¡£

 

2.4.3 ¼ÓÃܼ¼Êõ

 

    ¼ÓÃܼ¼Êõʹ³ÁÒªµÄÊý¾ÝÐÅÏ¢ÔÚ´«ÊäµÄ¹ý³ÌÖм´±ã±»ºÚ¿Í½Ø»ñ £¬ºÚ¿ÍµÃµ½µÄÒ²Ö»ÊÇÒ»¶ÑÂÒÂë £¬¶¼ÊÇÎÞÓõÄÐÅÏ¢¡£±£ÕÏÁ˳ÁÒªÊý¾ÝÐÅÏ¢²»»áй¶¡£Ä¿Ç°ÖØÒªÓûúÃÜËã·¨ÊÇDesËã·¨¡¢3DesËã·¨¡£

 

    DES(Data Encryption Standard)  £¬Ê¹ÓÃ56λÃÜÔ¿¶Ô64λµÄÊý¾Ý¿é½øÐмÓÃÜ ¡£3DES £¬Èý³ÁDESÍÆËã £¬ÒªÆÆ·ÑDESµÄÈý±¶¹¦·ò £¬´ÓÁíÒ»·½ÃæÀ´¿´ £¬Èý³ÁDESµÄÃÜÔ¿³¤¶ÈÊÇ112λ  £¬°²È«ÐÔÊǼ«¶È¸ßµÄ¡£

 

2.5 ÍòÕ×λµÄ°²È«·À»¤Ä£¿é

 

    ·À»ðǽµÄ´«Í³½ÇÉ«ÒѾ­²úÉúÁ˱䶯¡£½ñÌìµÄ·À»ðǽ²»½öÄܹ»±£»¤Ô°ÇøÍøÂçÃâÊÜδ¾­ÊÚȨµÄ±í²¿½ÓÈëµÄ¹¥»÷ £¬»¹Äܹ»Ô¤·Àδ¾­ÊÚȨµÄÓû§½ÓÈëÔ°ÇøÍøÂçµÄ×ÓÍø¡¢¹¤×÷×éºÍLAN¡£FBIÊý¾ÝÏÔʾ70%µÄ°²È«ÎÊÌⶼÀ´×ÔÄÚ²¿¡£ÀûÓ÷À»ðǽ±£»¤ÄÚ²¿µÄÍøÂç³ÉΪĿǰ԰ÇøÍøµÄ»ð¼±±ØÒª¡£

 

    ½ð²Ê»ãÍøÂçµÄÊ®ÍòÕײúÆ·ÌṩÁËÍòÕ×λµÄ°²È«·À»¤Ä£¿é £¬ÕâÖÖ°²È«·À»¤Ä£¿é×°ÖÃÔÚ»¥»»»úµÄÄÚ²¿ £¬¶ÔÓÚÄÇЩ»ú¼Ü¿Õ¼ä¼«¶ÈÓÐÏ޵ĿռäÀ´Ëµ £¬ÕâÖÖÄ£¿é¼«¶È³ÁÒª¡£Í¬Ê± £¬ÍòÕ×λµÄ°²È«·À»¤Ä£¿éÄܹ»Ìṩ·À»ðǽ¡¢ÈëÇÖ¼ì²â¡¢ÍøÂç·ÖÎöÖ°ÄÜ £¬Äܹ»Ìṩ2~7²ãÖÇÄܵķþÎñ £¬Ê¹½ð²Ê»ãÍøÂçµÄÊ®ÍòÕײúÆ·ÕæÕý³ÉΪÁË¿ÉÄÜΪÓû§ÌṩÖÇÄÜ·þÎñµÄÖ÷Ìâ·ÓÉ»¥»»»ú¡£

 

    ·À»ðǽÄ£¿éÄܹ»ÀûÓÃÊ®ÍòÕ×»¥»»»úµÄ׳´ó´¦ÖÃÄÜÁ¦ £¬Ö±½Ó´Óϵͳ±³°åÌáÈ¡Êý¾ÝÁ÷Á¿ £¬·À»ðǽÄ£¿éµÄ´¦ÖÃÄÜÁ¦Äܹ»´ïµ½ÍòÕ×λÒÔÉÏ¡£Õë¶ÔÄ¿Ç°Òµ½çºÃ¶à·À»ðǽÄ£¿é¶¼ÊÇÖ±½Ó×°ÖÃÔÚÍòÕ×»¥»»»úÄÚ²¿ £¬¶øÕâЩ·À»ðǽÄ£¿éµÄ´¦Öü¶±ðÖ»ÓÐǧÕ×λ £¬ºÜÄѽøÐÐÍòÕ×λÊý¾ÝµÄÏßËÙ´¦ÖôӶøµ¼ÖÂÍøÂçÑÓʱÉõÖÁϵͳ²»²»±äµÄÇé¿ö £¬½ð²Ê»ãÍøÂçÍòÕ×·À»ðǽÄ£¿éÄܹ»±£ÕÏÍòÕ×ÏßËÙ´¦Öà £¬Ô¤·ÀÁËÖ÷ÌâÄ£¿éµÄ²»²»±äÐÔ¡£Í¬Ê±·À»ðǽÄ£¿éÊǼ¯³ÉÔÚÉ豸ÄÚ²¿µÄ £¬Ï÷¼õÁ˱ØÒªÖÎÀíµÄÉ豸µÄÊýÁ¿¡£

 

    ·À»ðǽÄ£¿éÄܹ»²¿ÊðÔÚÔ°ÇøÍøÂçÊý¾ÝÖÐÐĵÄÖ÷ÌâÉ豸 £¬½ñÌìµÄÔ°ÇøÍøÂç²»½ö½ö±ØÒªÖܱߵݲȫ £¬»¹±ØÒªÏνÓÒµÎñͬ°éºÍÌṩ԰Çø°²È«ÇøÓò £¬ÎªÔ°ÇøµÄ¸÷¸ö²¿ÃÅÌṩ°²È«·þÎñ¡£·À»ðǽÄ£¿éÄܹ»ÈÃÓû§ºÍÖÎÀíÔ±ÒÔ·ÖÆçµÄÕ½ÊõÔÚÆóÒµÖÐÉèÁ¢°²È«ÇøÓò £¬ÌṩһÖֽýݡ¢¾­¼Ã¡¢»ùÓÚ»úÄܽâ¾ö¹æ»®¡£
 

ÓйرêÇ©£º

½ð²Ê»ã - Ê×Ò³ ½ð²Ê»ã - Ê×Ò³

µãÔÞ

¸ü¶à¼¼Êõ²©ÎÄ

ÈκαØÒª £¬ÇëÁªÏµ½ð²Ê»ã

½ð²Ê»ã - Ê×Ò³

·µ»Ø¶¥²¿

ÊÕÆð
½ð²Ê»ã - Ê×Ò³ ÎĵµAI¸±ÊÖ
½ð²Ê»ã - Ê×Ò³ ÎĵµÆÀ¼Û
ev-close ev-close-m
¸Ã×ÊÁÏÊÇ·ñ½â¾öÁËÄúµÄÎÊÌ⣿
ev-close ev-close-m
Äú¶Ôµ±Ç°Ò³ÃæµÄÖÐÒâ¶ÈÈôºÎ£¿
²»Õ¦µÎ
¼«¶ÈºÃ
dark-star dark-star dark-star dark-star dark-star
ev-close ev-close-m
ÄúÖÐÒâµÄÔ­ÒòÊÇ£¨¶àÑ¡£©£¿
Äú¶ÔÎĵµÊÇ·ñ»¹ÓÐÆäËüµÄÎÊÌâ»ò½¨Ò飿
Ϊ¾¡¿ì½â¾öÎÊÌâ £¬ÇëÄúÁôÏÂÁªÏµ·½Ê½ÒÔ±ã»Ø¸´
ÓÊÏä
ÊÖ»úºÅ
ev-bg
¸Ð¼¤ÄúµÄ·´À¡£¡
½ð²Ê»ã - Ê×Ò³
½ð²Ê»ã - Ê×Ò³
½ð²Ê»ã - Ê×Ò³
ÇëÑ¡Ôñ·þÎñÏîÄ¿
¹Ø¹ØÕ÷ѯҳ
ÊÛÇ°Õ÷ѯ ÊÛÇ°Õ÷ѯ
ÊÛÇ°Õ÷ѯ
ÊÛºó·þÎñ ÊÛºó·þÎñ
ÊÛºó·þÎñ
¶¨¼û·´À¡ ¶¨¼û·´À¡
¶¨¼û·´À¡
¸ü¶àÁªÏµ·½Ê½
¡¾ÍøÕ¾µØͼ¡¿