ãã®èšäºã¯ãããããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãå¶åŸ¡ããæ¹æ³ãã·ãªãŒãºèšäºã® XNUMX çªç®ã§ãã ã·ãªãŒãºã®ãã¹ãŠã®èšäºã®å
容ãšãªã³ã¯ãèŠã€ãããŸãã
ã»ãã¥ãªãã£ãªã¹ã¯ãå®å
šã«æé€ããããšã«ã€ããŠè©±ããŠãæå³ããããŸããã ååãšããŠãŒãã«ããããšã¯ã§ããŸããã ãŸãããããã¯ãŒã¯ã®å®å
šæ§ãé«ããåªåãããã«ã€ããŠããœãªã¥ãŒã·ã§ã³ã®äŸ¡æ ŒããŸããŸãé«ããªã£ãŠãããšããããšãç解ããå¿
èŠããããŸãã ãããã¯ãŒã¯ã«ãšã£ãŠåççãªãã³ã¹ããè€éããã»ãã¥ãªãã£ã®éã®ãã¬ãŒããªããèŠã€ããå¿
èŠããããŸãã
ãã¡ãããã»ãã¥ãªãã£èšèšã¯ã¢ãŒããã¯ãã£å šäœã«ææ©çã«çµ±åãããŠããã䜿çšãããã»ãã¥ãªã㣠ãœãªã¥ãŒã·ã§ã³ã¯ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã®æ¡åŒµæ§ãä¿¡é Œæ§ã管çæ§ãªã©ã«åœ±é¿ãäžãããããããããèæ ®ããå¿ èŠããããŸãã
ãã ããä»ç§ãã¡ã話ããŠããã®ã¯ãããã¯ãŒã¯ã®æ§ç¯ã«ã€ããŠã§ã¯ãªãããšãæãåºããŠãã ããã åŒç€Ÿã«ãããš
ç§ãã¡ã®çŸåšã®èª²é¡ã¯ããããã¯ãŒã¯ ã¬ãã«ã§ã»ãã¥ãªãã£ã«é¢é£ãããªã¹ã¯ãç¹å®ãããããã劥åœãªã¬ãã«ãŸã§è»œæžããããšã§ãã
ãããã¯ãŒã¯ã»ãã¥ãªãã£ç£æ»
çµç¹ã ISO 27k ããã»ã¹ãå®è£ ããŠããå Žåãã»ãã¥ãªãã£ç£æ»ãšãããã¯ãŒã¯å€æŽã¯ããã®ã¢ãããŒãå ã®ããã»ã¹å šäœã«ã·ãŒã ã¬ã¹ã«é©åããã¯ãã§ãã ãããããããã®æšæºã¯äŸç¶ãšããŠç¹å®ã®ãœãªã¥ãŒã·ã§ã³ã«é¢ãããã®ã§ã¯ãªããæ§æã«é¢ãããã®ã§ããèšèšã«é¢ãããã®ã§ããããŸãã...ãããã¯ãŒã¯ãã©ãããã¹ããã詳现ã«èŠå®ããæ確ãªã¢ããã€ã¹ãæšæºã¯ãããŸãããããããã®ã¿ã¹ã¯ã®è€éããšçŸããã§ãã
èãããããããã¯ãŒã¯ ã»ãã¥ãªãã£ç£æ»ãããã€ãåãäžããŸãã
- æ©åšæ§æç£æ»ïŒåŒ·åïŒ
- ã»ãã¥ãªãã£èšèšç£æ»
- ã¢ã¯ã»ã¹ç£æ»
- ããã»ã¹ç£æ»
æ©åšæ§æç£æ»ïŒåŒ·åïŒ
ã»ãšãã©ã®å Žåãããããããã¯ãŒã¯ã®ã»ãã¥ãªãã£ãç£æ»ããŠæ¹åããããã®æè¯ã®åºçºç¹ã§ããããã§ãã ç§èŠã§ãããããã¯ãã¬ãŒãã®æ³åã®è¯ãäŸã§ã (åªåã® 20% ãçµæã® 80% ãçã¿åºããæ®ãã® 80% ã®åªåã§ã¯çµæã® 20% ããçã¿åºãããŸãã)ã
èå¿ãªã®ã¯ãæ©åšãæ§æããéã®ã»ãã¥ãªãã£ã®ããã¹ã ãã©ã¯ãã£ã¹ãã«é¢ããŠãéåžžã¯ãã³ããŒããã®æšå¥šäºé ããããšããããšã§ãã ãããã硬åããšãããŸãã
ãŸããå€ãã®å Žåããããã®æšå¥šäºé ã«åºã¥ããŠã¢ã³ã±ãŒããèŠã€ãã (ãŸãã¯èªåã§ã¢ã³ã±ãŒããäœæãã) ããšãã§ããŸããããã¯ãæ©åšã®æ§æããããã®ããã¹ã ãã©ã¯ãã£ã¹ãã«ã©ã®çšåºŠæºæ ããŠããããå€æãããã®çµæã«åŸã£ãŠãããã¯ãŒã¯ã«å€æŽãå ããã®ã«åœ¹ç«ã¡ãŸãã ã ããã«ãããå®è³ªçã«ã³ã¹ãããããã«ãéåžžã«ç°¡åã«ã»ãã¥ãªã㣠ãªã¹ã¯ãå€§å¹ ã«è»œæžã§ããŸãã
äžéšã® Cisco ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã®äŸãããã€ã瀺ããŸãã
Cisco IOS èšå®ã®åŒ·å
Cisco IOS-XR èšå®ã®åŒ·å
Cisco NX-OS èšå®ã®åŒ·å
ã·ã¹ã³ã®ããŒã¹ã©ã€ã³ ã»ãã¥ãªã㣠ãã§ã㯠ãªã¹ã ãããã®ææžã«åºã¥ããŠãåã¿ã€ãã®æ©åšã®æ§æèŠä»¶ã®ãªã¹ããäœæã§ããŸãã ããšãã°ãCisco N7K VDC ã®å Žåããããã®èŠä»¶ã¯æ¬¡ã®ããã«ãªããŸãã
ãã .
ãã®ããã«ããŠããããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£å ã®ããŸããŸãªã¿ã€ãã®ã¢ã¯ãã£ããªæ©åšçšã«æ§æãã¡ã€ã«ãäœæã§ããŸãã 次ã«ãæåãŸãã¯èªååã䜿çšããŠããããã®æ§æãã¡ã€ã«ããã¢ããããŒããã§ããŸãã ãã®ããã»ã¹ãèªååããæ¹æ³ã«ã€ããŠã¯ããªãŒã±ã¹ãã¬ãŒã·ã§ã³ãšèªååã«é¢ããå¥ã®èšäºã·ãªãŒãºã§è©³ãã説æããŸãã
ã»ãã¥ãªãã£èšèšç£æ»
éåžžãäŒæ¥ãããã¯ãŒã¯ã«ã¯ãäœããã®åœ¢ã§æ¬¡ã®ã»ã°ã¡ã³ããå«ãŸããŠããŸãã
- DC (å ¬å ±ãµãŒãã¹ DMZ ããã³ã€ã³ãã©ããã ããŒã¿ ã»ã³ã¿ãŒ)
- ã€ã³ã¿ãŒãããã¢ã¯ã»ã¹
- ãªã¢ãŒãã¢ã¯ã»ã¹VPN
- WANãšããž
- ãã©ã³ã
- ãã£ã³ãã¹ïŒãªãã£ã¹ïŒ
- åºæ¬
ã¿ã€ãã«ã¯ä»¥äžããåŒçš
ãããã®ã»ã°ã¡ã³ãããšã«ãã»ãã¥ãªãã£èŠä»¶ããªã¹ã¯ãããã³ããã«å¿ãããœãªã¥ãŒã·ã§ã³ãç°ãªããŸãã
ã»ãã¥ãªãã£èšèšã®èŠ³ç¹ããééããå¯èœæ§ã®ããåé¡ã«ã€ããŠããããããåå¥ã«èŠãŠã¿ãŸãããã ãã¡ãããããäžåºŠç¹°ãè¿ããŸããããã®èšäºã¯æ±ºããŠå®å šã§ãããã®ããã«æ¯ãèããã®ã§ã¯ãªãããã®çã«æ·±ãå€é¢çãªããŒããéæããã®ã¯ïŒäžå¯èœã§ã¯ãªãã«ããŠãïŒç°¡åã§ã¯ãããŸããããããã¯ç§ã®å人çãªçµéšãåæ ããŠããŸãã
å®ç§ãªè§£æ±ºçã¯ãããŸããïŒå°ãªããšããŸã ïŒã ããã¯åžžã«åŠ¥åã§ãã ãã ããã©ã¡ãã®ã¢ãããŒãã䜿çšãããã¯ããã®é·æãšçæã®äž¡æ¹ãç解ããäžã§æèçã«æ±ºå®ããããšãéèŠã§ãã
ããŒã¿ã»ã³ã¿ãŒ
å®å
šæ§ã®èŠ³ç¹ããæãéèŠãªã»ã°ã¡ã³ãã
ãããŠããã€ãã®ããã«ãããã§ãæ®éçãªè§£æ±ºçã¯ãããŸããã ããã¯ãã¹ãŠããããã¯ãŒã¯èŠä»¶ã«å€§ããäŸåããŸãã
ãã¡ã€ã¢ãŠã©ãŒã«ã¯å¿ èŠã§ãã?
çãã¯æçœã§ããããã«æããŸããããã¹ãŠãæã£ãã»ã©æ確ã§ã¯ãããŸããã ãããŠãããªãã®éžæã¯ããã ãã§ã¯ãªã圱é¿ãäžããå¯èœæ§ããããŸã äŸ¡æ Œ.
äŸ1ã é ããŸãã
äžéšã®ãããã¯ãŒã¯ ã»ã°ã¡ã³ãéã§äœé 延ãå¿ é ã®èŠä»¶ã§ããå Žå (ããšãã°ã亀æã®å Žåã«åœãŠã¯ãŸããŸã)ããããã®ã»ã°ã¡ã³ãéã§ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããããšã¯ã§ããŸããã ãã¡ã€ã¢ãŠã©ãŒã«ã®é 延ã«é¢ããç 究ãèŠã€ããã®ã¯é£ããã§ããã1 mksec 以äžã®é 延ãå®çŸã§ããã¹ã€ãã ã¢ãã«ã¯ã»ãšãã©ãããŸããããã®ããããã€ã¯ãç§ãéèŠã§ããå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ã¯é©ããªããšæããŸãã
äŸ2ã ããã©ãŒãã³ã¹
éåžžãäžäœã® L3 ã¹ã€ããã®ã¹ã«ãŒãããã¯ãæã匷åãªãã¡ã€ã¢ãŠã©ãŒã«ã®ã¹ã«ãŒãããããã XNUMX æ¡é«ããªããŸãã ãããã£ãŠãé«åŒ·åºŠã®ãã©ãã£ãã¯ã®å Žåã¯ããã®ãã©ãã£ãã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã€ãã¹ã§ããããã«ããå¿ èŠãããå¯èœæ§ãé«ããªããŸãã
äŸ3ã ä¿¡é Œæ§ã
ãã¡ã€ã¢ãŠã©ãŒã«ãç¹ã«ææ°ã® NGFW (次äžä»£ FW) ã¯è€éãªããã€ã¹ã§ãã ããã㯠L3/L2 ã¹ã€ãããããã¯ããã«è€éã§ãã ãããã¯å€æ°ã®ãµãŒãã¹ãšæ§æãªãã·ã§ã³ãæäŸãããããä¿¡é Œæ§ãã¯ããã«äœãããšã¯é©ãã¹ãããšã§ã¯ãããŸããã ãµãŒãã¹ã®ç¶ç¶æ§ããããã¯ãŒã¯ã«ãšã£ãŠéèŠãªå Žåã¯ãå¯çšæ§ã®åäžã«ã€ãªãããã®ãã€ãŸããã¡ã€ã¢ãŠã©ãŒã«ã«ããã»ãã¥ãªãã£ããéåžžã® ACL ã䜿çšããã¹ã€ãã (ãŸãã¯ããŸããŸãªçš®é¡ã®ãã¡ããªãã¯) äžã«æ§ç¯ããããããã¯ãŒã¯ã®ç°¡çŽ åããéžæããå¿ èŠãããå ŽåããããŸãã
äžèšã®äŸã®å Žåããããã (ãã€ãã®ããã«) 劥åç¹ãèŠã€ããå¿ èŠããããŸãã 次ã®è§£æ±ºçãæ€èšããŠãã ããã
- ããŒã¿ã»ã³ã¿ãŒå ã§ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããªãããšã«æ±ºããå Žåã¯ãå¢çä»è¿ã§ã®ã¢ã¯ã»ã¹ãå¯èœãªéãå¶éããæ¹æ³ãèããå¿ èŠããããŸãã ããšãã°ãã€ã³ã¿ãŒããã (ã¯ã©ã€ã¢ã³ã ãã©ãã£ãã¯çš) ããå¿ èŠãªããŒãã®ã¿ãéãããžã£ã³ã ãã¹ãããã®ã¿ããŒã¿ ã»ã³ã¿ãŒãžã®ç®¡çã¢ã¯ã»ã¹ãéãããšãã§ããŸãã ãžã£ã³ã ãã¹ãã§ãå¿ èŠãªãã¹ãŠã®ãã§ã㯠(èªèšŒ/èªå¯ããŠã€ã«ã¹å¯Ÿçããã°èšé²ãªã©) ãå®è¡ããŸãã
- PSEFABRIC ã§èª¬æãããŠããã¹ããŒã ãšåæ§ã«ãããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯ã®è«çããŒãã£ã·ã§ã³ãã»ã°ã¡ã³ãã«äœ¿çšã§ããŸãã
äŸ p002 ã ãã®å Žåãé 延ã®åœ±é¿ãåãããããã©ãã£ãã¯ãŸãã¯åŒ·åºŠã®é«ããã©ãã£ãã¯ã 002 ã€ã®ã»ã°ã¡ã³ã (pXNUMXãVRF ã®å Žå) å ãééãããã¡ã€ã¢ãŠã©ãŒã«ãééããªãããã«ã«ãŒãã£ã³ã°ãèšå®ããå¿ èŠããããŸãã ç°ãªãã»ã°ã¡ã³ãéã®ãã©ãã£ãã¯ã¯åŒãç¶ããã¡ã€ã¢ãŠã©ãŒã«ãééããŸãã VRF éã§æŒæŽ©ããã«ãŒãã䜿çšããŠããã¡ã€ã¢ãŠã©ãŒã«ãééãããã©ãã£ãã¯ã®ãªãã€ã¬ã¯ããåé¿ããããšãã§ããŸãã - ãããã®èŠå (é 延/ããã©ãŒãã³ã¹) ãéèŠã§ã¯ãªã VLAN ã«å¯ŸããŠã®ã¿ããã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§äœ¿çšããããšãã§ããŸãã ãã ããåãã³ããŒã®ãã® MOD ã®äœ¿çšã«é¢é£ããå¶éã泚ææ·±ã調ã¹ãå¿ èŠããããŸãã
- ãµãŒãã¹ ãã§ãŒã³ ã¢ãŒããã¯ãã£ã®äœ¿çšãæ€èšããããšãã§ããŸãã ããã«ãããå¿ èŠãªãã©ãã£ãã¯ã®ã¿ããã¡ã€ã¢ãŠã©ãŒã«ãééã§ããããã«ãªããŸãã çè«çã«ã¯è¯ãããã§ãããå®çšŒåç°å¢ã§ãã®ãœãªã¥ãŒã·ã§ã³ãèŠãããšããããŸããã ç§ãã¡ã¯çŽ 5 幎åã« Cisco ACI/Juniper SRX/F3 LTM ã®ãµãŒãã¹ ãã§ãŒã³ããã¹ãããŸããããåœæããã®ãœãªã¥ãŒã·ã§ã³ã¯ç§ãã¡ã«ãšã£ãŠãç²éãã«æããŸããã
ä¿è·ã¬ãã«
次ã«ããã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããããã«ã©ã®ããŒã«ã䜿çšããããšãã質åã«çããå¿
èŠããããŸãã NGFW ã«éåžžååšããæ©èœã®äžéšã次ã«ç€ºããŸã (äŸ:
- ã¹ããŒããã« ãã¡ã€ã¢ãŠã©ãŒã« (ããã©ã«ã)
- ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«
- è åšã®é²æ¢ (ãŠã€ã«ã¹å¯Ÿçãã¹ãã€ãŠã§ã¢å¯Ÿçãè匱æ§)
- URLãã£ã«ã¿ãªã³ã°
- ããŒã¿ãã£ã«ã¿ãªã³ã°ïŒã³ã³ãã³ããã£ã«ã¿ãªã³ã°ïŒ
- ãã¡ã€ã«ã®ããã㯠(ãã¡ã€ã« ã¿ã€ãã®ãããã¯)
- ãã¹ãããã¯ã·ã§ã³
ãããŠããã¹ãŠãæãããªããã§ã¯ãããŸããã ä¿è·ã¬ãã«ãé«ãã»ã©è¯ãããã§ãã ãããããããèæ ®ããå¿ èŠããããŸã
- äžèšã®ãã¡ã€ã¢ãŠã©ãŒã«æ©èœãå€ã䜿çšãããšãåœç¶é«äŸ¡ã«ãªããŸãïŒã©ã€ã»ã³ã¹ãè¿œå ã¢ãžã¥ãŒã«ïŒã
- äžéšã®ã¢ã«ãŽãªãºã ã䜿çšãããšããã¡ã€ã¢ãŠã©ãŒã«ã®ã¹ã«ãŒãããã倧å¹
ã«äœäžããé
延ãå¢å ããå¯èœæ§ããããŸããäŸãåç
§ããŠãã ããã
ãã㧠- ä»ã®è€éãªãœãªã¥ãŒã·ã§ã³ãšåæ§ã«ãè€éãªä¿è·æ¹æ³ã䜿çšãããšããœãªã¥ãŒã·ã§ã³ã®ä¿¡é Œæ§ãäœäžããå¯èœæ§ããããŸããããšãã°ãã¢ããªã±ãŒã·ã§ã³ ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšãããšãéåžžã«æšæºçãªåäœã¢ããªã±ãŒã·ã§ã³ (DNSãSMB) ããããã¯ãããããšããããŸããã
ãã€ãã®ããã«ããããã¯ãŒã¯ã«æé©ãªãœãªã¥ãŒã·ã§ã³ãèŠã€ããå¿ èŠããããŸãã
ã©ã®ãããªä¿è·æ©èœãå¿ èŠã«ãªãããšãã質åã«æ確ã«çããããšã¯äžå¯èœã§ãã 第äžã«ãããã¯ãã¡ãããéä¿¡ãŸãã¯ä¿åããä¿è·ããããšããŠããããŒã¿ã«äŸåããããã§ãã 第 XNUMX ã«ãå®éã«ã¯ãå€ãã®å Žåãã»ãã¥ãªã㣠ããŒã«ã®éžæã¯ãã³ããŒã«å¯Ÿããä¿¡é Œãšä¿¡é Œã®åé¡ã«ãªããŸãã ã¢ã«ãŽãªãºã ããã®å¹æãç¥ãããå®å šã«ãã¹ãããããšãã§ããŸããã
ãããã£ãŠãéèŠãªã»ã°ã¡ã³ãã§ã¯ãããŸããŸãªäŒæ¥ããã®ãªãã¡ãŒãå©çšããããšãè¯ã解決çãšãªãå¯èœæ§ããããŸãã ããšãã°ããã¡ã€ã¢ãŠã©ãŒã«ã§ãŠã€ã«ã¹å¯Ÿçæ©èœãæå¹ã«ããªããããã¹ãäžã§ããŒã«ã«ã« (å¥ã®ã¡ãŒã«ãŒã®) ãŠã€ã«ã¹å¯Ÿçä¿è·ã䜿çšããããšãã§ããŸãã
ã»ã°ã¡ã³ããŒã·ã§ã³
ããŒã¿ã»ã³ã¿ãŒ ãããã¯ãŒã¯ã®è«çã»ã°ã¡ã³ãåã«ã€ããŠè©±ããŠããŸãã ããšãã°ãVLAN ããµãããããžã®åå²ãè«ççãªåå²ã§ãããèªæã®ããšãªã®ã§ããã§ã¯èæ ®ããŸããã FW ã»ãã¥ãªã㣠ãŸãŒã³ãVRF (ããã³ããŸããŸãªãã³ããŒã«é¢é£ãããããã®é¡äŒŒç©)ãè«çããã€ã¹ (PA VSYSãCisco N7K VDCãCisco ACI ããã³ããªã©) ãªã©ã®ãšã³ãã£ãã£ãèæ ®ããèå³æ·±ãã»ã°ã¡ã³ããŒã·ã§ã³ã
ãã®ãããªè«çã»ã°ã¡ã³ããŒã·ã§ã³ãšçŸåšéèŠã®ããããŒã¿ã»ã³ã¿ãŒèšèšã®äŸã以äžã«ç€ºããŸãã
PSEFABRICãããžã§ã¯ãã®p002 .
ãããã¯ãŒã¯ã®è«çéšåãå®çŸ©ããããç°ãªãã»ã°ã¡ã³ãéã§ãã©ãã£ãã¯ãã©ã®ããã«ç§»åããããã©ã®ããã€ã¹ã§ã©ã®ãããªæ段ã§ãã£ã«ã¿ãªã³ã°ãå®è¡ããããã説æã§ããŸãã
ãããã¯ãŒã¯ã«æ確ãªè«çããŒãã£ã·ã§ã³ããªããããŸããŸãªããŒã¿ ãããŒã«ã»ãã¥ãªã㣠ããªã·ãŒãé©çšããããã®ã«ãŒã«ãæ£åŒåãããŠããªãå Žåãããã¯ãç¹å®ã®ã¢ã¯ã»ã¹ãéããšãã«ãã®åé¡ã解決ããå¿ èŠããããé«ã確çã§åé¡ã解決ããå¿ èŠãããããšãæå³ããŸããæ¯åéãæ¹æ³ã§è§£æ±ºããŸãã
å€ãã®å Žåãã»ã°ã¡ã³ããŒã·ã§ã³ã¯ FW ã»ãã¥ãªã㣠ãŸãŒã³ã®ã¿ã«åºã¥ããŠããŸãã 次ã«ã次ã®è³ªåã«çããå¿ èŠããããŸãã
- ã©ã®ãããªã»ãã¥ãªãã£ãŸãŒã³ãå¿ èŠã§ãã
- ãããã®åãŸãŒã³ã«ã©ã®ã¬ãã«ã®ä¿è·ãé©çšããŸãã
- ãŸãŒã³å ãã©ãã£ãã¯ã¯ããã©ã«ãã§èš±å¯ãããŸãã?
- ããã§ãªãå ŽåãåãŸãŒã³å ã§ã©ã®ãã©ãã£ã㯠ãã£ã«ã¿ãªã³ã° ããªã·ãŒãé©çšãããã
- ãŸãŒã³ã®åã㢠(éä¿¡å /å®å ) ã«ã©ã®ãã©ãã£ã㯠ãã£ã«ã¿ãªã³ã° ããªã·ãŒãé©çšãããã
TCAM
ããããåé¡ã¯ãã«ãŒãã£ã³ã°ãšã¢ã¯ã»ã¹ã®äž¡æ¹ã«ãã㊠TCAM (Ternary Content Addressable Memory) ãäžååã§ããããšã§ãã ç§ã®æèŠã§ã¯ãããã¯æ©åšãéžæããéã®æãéèŠãªåé¡ã® XNUMX ã€ã§ããããããã®åé¡ã«ã¯é©åãªçšåºŠã®æ³šæãæãå¿ èŠããããŸãã
äŸ 1. 転éããŒãã« TCAMã
ç§ãã¡ã«èããããŠãã ãã
ããã¢ã«ã 7k ãã¡ã€ã¢ãŠã©ãŒã«
IPv4 転éããŒãã«ã®ãµã€ãº* = 32K ã§ããããšãããããŸãã
ããã«ããã®ã«ãŒãæ°ã¯ãã¹ãŠã® VSYS ã«å ±éã§ããèšèšã«åŸã£ãŠ 4 ã€ã® VSYS ã䜿çšããããšã«æ±ºãããšä»®å®ããŸãã
ãããã®å VSYS ã¯ãBB ãšããŠäœ¿çšããã¯ã©ãŠãã® 4 ã€ã® MPLS PE ã« BGP çµç±ã§æ¥ç¶ãããŸãã ãããã£ãŠã2 ã€ã® VSYS ã¯ãã¹ãŠã®ç¹å®ã®ã«ãŒããçžäºã«äº€æããã»ãŒåãã«ãŒãã®ã»ãã (ãã ãç°ãªã NH) ãæã€è»¢éããŒãã«ãæã¡ãŸãã ãªããªãå VSYS ã«ã¯ 2 ã€ã® BGP ã»ãã·ã§ã³ (åãèšå®) ããããMPLS çµç±ã§åä¿¡ããåã«ãŒãã«ã¯ 2 ã€ã® NH ãããããããã£ãŠè»¢éããŒãã«ã« 32 ã€ã® FIB ãšã³ããªããããŸãã ãããããŒã¿ ã»ã³ã¿ãŒå ã®å¯äžã®ãã¡ã€ã¢ãŠã©ãŒã«ã§ããããã¹ãŠã®ã«ãŒããèªèããŠããå¿ èŠããããšä»®å®ãããšãããŒã¿ ã»ã³ã¿ãŒå ã®ã«ãŒãã®åèšæ°ã 4K/(2 * 4) = XNUMXK ãè¶ ããããšã¯ã§ããªãããšãæå³ããŸããããã§ã(åãèšèšã®) 2 ã€ã®ããŒã¿ ã»ã³ã¿ãŒããããããŒã¿ ã»ã³ã¿ãŒéã§ãæ¡åŒµãããã VLAN (ããšãã°ãvMotion çš) ã䜿çšãããå Žåãã«ãŒãã£ã³ã°ã®åé¡ã解決ããã«ã¯ããã¹ã ã«ãŒãã䜿çšããå¿ èŠããããŸãã ã ãã ããããã¯ã2 ã€ã®ããŒã¿ ã»ã³ã¿ãŒã®å Žåã䜿çšã§ãããã¹ãã®æ°ã¯ 4096 åãŸã§ã§ããããšãæå³ãããã¡ãããããã§ã¯ååã§ã¯ãªãå¯èœæ§ããããŸãã
äŸ 2. ACL TCAMã
L3 ã¹ã€ããïŒãŸã㯠L3 ã¹ã€ããã䜿çšããä»ã®ãœãªã¥ãŒã·ã§ã³ïŒCisco ACI ãªã©ïŒïŒã§ãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããäºå®ãããå Žåã¯ãæ©åšãéžæãããšãã« TCAM ACL ã«æ³šæããå¿ èŠããããŸãã
Cisco Catalyst 4500 ã® SVI ã€ã³ã¿ãŒãã§ã€ã¹ã§ã®ã¢ã¯ã»ã¹ãå¶åŸ¡ãããšããŸãã
ãã®èšäº ãã€ã³ã¿ãŒãã§ã€ã¹äžã®éä¿¡ïŒããã³åä¿¡ïŒãã©ãã£ãã¯ãå¶åŸ¡ããã«ã¯ã4096 TCAM åç·ã®ã¿ã䜿çšã§ããŸãã TCAM3 ã䜿çšãããšãçŽ 4000 äžã® ACE (ACL ã©ã€ã³) ãåŸãããŸãã
TCAM ãäžååã§ãããšããåé¡ã«çŽé¢ããå Žåã¯ããã¡ããããŸã第äžã«ãæé©åã®å¯èœæ§ãæ€èšããå¿ èŠããããŸãã ãããã£ãŠã転éããŒãã«ã®ãµã€ãºã«åé¡ãããå Žåã¯ãã«ãŒããéçŽããå¯èœæ§ãèæ ®ããå¿ èŠããããŸãã ã¢ã¯ã»ã¹ã® TCAM ãµã€ãºã«åé¡ãããå Žåã¯ãã¢ã¯ã»ã¹ãç£æ»ããå€ããªã£ãéè€ã¬ã³ãŒããåé€ããå Žåã«ãã£ãŠã¯ã¢ã¯ã»ã¹ãéãæé ãæ¹èšããŸã (ã¢ã¯ã»ã¹ã®ç£æ»ã«é¢ããç« ã§è©³çŽ°ã«èª¬æããŸã)ã
é«å¯çšæ§
åé¡ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã« HA ã䜿çšããã¹ããããããšã XNUMX ã€ã®ç¬ç«ããããã¯ã¹ãã䞊è¡ããŠãèšçœ®ãããã®ãã¡ã® XNUMX ã€ã«é害ãçºçããå Žåã«ãã©ãã£ãã¯ã XNUMX ã€ç®ã®ããã¯ã¹ã«ã«ãŒãã£ã³ã°ããã¹ãããšããããšã§ãã
çãã¯æçœã§ã - HA ã䜿çšããããšã§ãã ãã®çåãäŸç¶ãšããŠçããçç±ã¯ãæ®å¿µãªããšã«ãçè«äžããã³å®£äŒäžã® 99 ããŒã»ã³ããšå®éã®ã¢ã¯ã»ã·ããªãã£ã®å°æ°ç¹ä»¥äžã®æ°ããŒã»ã³ãããããã»ã©ãã©è²ãšã¯ã»ã©é ãããšãå€æããŠããããã§ãã HA ã¯è«ççã«éåžžã«è€éã§ãããŸããŸãªæ©åšãããŸããŸãªãã³ã㌠(äŸå€ã¯ãããŸããã§ãã) äžã§åé¡ããã°ãèŠã€ããããµãŒãã¹ãåæ¢ããŸããã
HA ã䜿çšãããšããµãŒãã¹ãåæ¢ããã«åã ã®ããŒãã®é»æºããªãã«ããããŒãéãåãæ¿ããããšãã§ããŸããããã¯ãã¢ããã°ã¬ãŒããè¡ãå Žåãªã©ã«éèŠã§ãããåæã«ãäž¡æ¹ã®ããŒããåæ¢ããå¯èœæ§ã¯ãŒãã§ã¯ãããŸãããåæã«å£ããå¯èœæ§ãããã次åã®ã¢ããã°ã¬ãŒãã¯ãã³ããŒãçŽæããã»ã©ã¹ã ãŒãºã«é²ãŸãªãå¯èœæ§ããããŸã (ãã®åé¡ã¯ãå®éšå®€ã®æ©åšã§ã¢ããã°ã¬ãŒãããã¹ãããæ©äŒãããã°åé¿ã§ããŸã)ã
HA ã䜿çšããªãå Žåãäºéé害ã®èŠ³ç¹ãã㯠(2 ã€ã®ç¬ç«ãããã¡ã€ã¢ãŠã©ãŒã«ããããã) ãªã¹ã¯ã¯ã¯ããã«äœããªããŸããããã®åŸ... ã»ãã·ã§ã³ãåæãããŠããªãå Žåããããã®ãã¡ã€ã¢ãŠã©ãŒã«éã§åãæ¿ãããã³ã«ãã©ãã£ãã¯ã倱ãããŸãã ãã¡ãããã¹ããŒãã¬ã¹ ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããããšãã§ããŸããããããããšãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããæå³ãã»ãšãã©å€±ãããŸãã
ãããã£ãŠãç£æ»ã®çµæãå€ç«ãããã¡ã€ã¢ãŠã©ãŒã«ãçºèŠããããããã¯ãŒã¯ã®ä¿¡é Œæ§ãé«ããããšãèããŠããå Žåã¯ããã¡ãã HA ãæšå¥šããããœãªã¥ãŒã·ã§ã³ã® XNUMX ã€ã§ãããããã«äŒŽãæ¬ ç¹ãèæ ®ããå¿ èŠããããŸãããã®ã¢ãããŒãã§ã¯ããããããç¹ã«ãããã¯ãŒã¯ã«éã£ãŠã¯ãå¥ã®ãœãªã¥ãŒã·ã§ã³ã®æ¹ãé©ããŠããã§ãããã
管çæ§
ååãšããŠãHA ã¯å¶åŸ¡æ§ãéèŠããŸãã 2 ã€ã®ããã¯ã¹ãåå¥ã«æ§æããæ§æã®åæãä¿ã€ãšããåé¡ã«å¯ŸåŠããã®ã§ã¯ãªããXNUMX ã€ã®ããã€ã¹ããããã®ããã«ç®¡çã§ããŸãã
ããããããããå€ãã®ããŒã¿ã»ã³ã¿ãŒãšãã¡ã€ã¢ãŠã©ãŒã«ãããå Žåããã®çåã¯æ°ããªã¬ãã«ã§çããŸãã åé¡ã¯æ§æã ãã§ã¯ãªãã
- ããã¯ã¢ããæ§æ
- ã¢ããããŒã
- ã¢ããã°ã¬ãŒã
- ç£èŠ
- ãã®ã³ã°
ããããã¹ãŠã¯éäžç®¡çã·ã¹ãã ã«ãã£ãŠè§£æ±ºã§ããŸãã
ãããã£ãŠãããšãã°ãããã¢ã«ãã®ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŠããå Žåã¯ã
ããã©ã ãã®ãããªè§£æ±ºçã§ãã
ç¶ç¶ããããã«ã
åºæïŒ habr.com