CISCO Elephant Flow Detection User Guide
Phallo ea litlou e kholo haholo (ka kakaretso ea li-byte), phallo e tsoelang pele e thehiloeng ke TCP (kapa li-protocols tse ling) e lekantsoeng holim'a sehokelo sa marang-rang. Ka tloaelo, phallo ea litlou e kholo ho feta 1 GB/10 metsotsoana. Li ka baka khatello ea ts'ebetso ho Snort cores. Phallo ea litlou ha e ngata, empa e ka nka karolo e sa lekanyetsoang ea kakaretso ea bandwidth ka nako e itseng. Li ka lebisa mathateng, joalo ka tšebeliso e phahameng ea CPU, marotholi a pakete, joalo-joalo.
Ho tloha setsing sa tsamaiso ea 7.2.0 ho ea pele (lisebelisoa tsa Snort 3 feela), u ka sebelisa tšobotsi ea phallo ea tlou ho lemoha le ho lokisa phallo ea tlou, e thusang ho fokotsa khatello ea tsamaiso le ho rarolla mathata a boletsoeng.
- Mabapi le Ho Fumana Phallo ea Litlou le Tokiso, leqepheng la 1
- Ntlafatso ea Phallo ea Tlou ho tsoa ho Intelligent Application Bypass, leqepheng la 1
- Lokisa Phallo ea Tlou, leqepheng la 2
Mabapi le Ho Fumana Phallo ea Tlou le Tokiso
U ka sebelisa mokhoa oa ho lemoha phallo ea tlou ho bona le ho lokisa phallo ea tlou. Mekhoa e latelang ea ho lokisa e ka etsoa:
- Phallo ea tlou ea Bypass-O ka hlophisa phallo ea tlou hore e fete tlhahlobo ea Snort. Haeba sena se hlophisitsoe, Snort ha e fumane pakete efe kapa efe ho tsoa phallong eo.
- Phallo ea tlou ea Throttle - U ka sebelisa moeli oa sekhahla ho phallo 'me u tsoele pele ho hlahloba phallo. Sekhahla sa phallo se baloa ka matla 'me 10% ea tekanyo ea phallo e fokotsehile. Snort e romela kahlolo (Phallo ea QoS ka sekhahla sa phallo e tlase ka 10%) mochining oa firewall. Haeba u khetha ho tlola lits'ebetso tsohle ho kenyeletsoa le lits'ebetso tse sa tsejoeng, u ke ke ua lokisa ts'ebetso ea throttle (rate-limit) bakeng sa phallo efe kapa efe.
Hlokomela Hore tlhahlobo ea phallo ea litlou e sebetse, Snort 3 e tlameha ho ba enjine ea ho lemoha.
Ntlafatso ea Phallo ea Tlou ho tloha ho Intelligent Application Bypass
Intelligent Application Bypass (IAB) e tlohetsoe ho tloha ho mofuta oa 7.2.0 ho ea pele bakeng sa lisebelisoa tsa Snort 3.
Bakeng sa lisebelisoa tse sebelisang 7.2.0 kapa hamorao, u tlameha ho lokisa litlhophiso tsa phallo ea tlou tlas'a karolo ea Litlhophiso tsa Phallo ea Tlou ho leano la AC (tabo ea litlhophiso tse tsoetseng pele).
Ntlafatso ea kamora ho fihla ho 7.2.0 (kapa hamorao), haeba u sebelisa sesebelisoa sa Snort 3, litlhophiso tsa phallo ea tlou li tla nkuoa li be li sebelisoe ho tsoa karolong ea Litlhophiso tsa Phallo ea Tlou eseng karolo ea Intelligent Application Bypass Settings, kahoo haeba u Ha o so fallele ho li-setting tsa litlhophiso tsa Elephant Flow, sesebelisoa sa hau se tla lahleheloa ke kemiso ea phallo ea tlou ts'ebetsong e latelang.
Tafole e latelang e bonts'a IAB kapa litlhophiso tsa phallo ea tlou tse ka sebelisoang ho mofuta oa 7.2.0 kapa hamorao le ho mofuta oa 7.1.0 kapa pejana tse sebelisang lienjine tsa Snort 3 kapa Snort 2.
Lokisa Phallo ea Tlou
O ka lokisa phallo ea tlou ho nka mehato ea phallo ea tlou, e thusang ho rarolla mathata, joalo ka khatello ea sistimi, ts'ebeliso e phahameng ea CPU, marotholi a pakete, joalo-joalo.
Tlhokomeliso : Ho lemoha ho phalla ha litlou ha ho sebetse bakeng sa phallo e hloekisitsoeng, e tšeptjoang, kapa e fetisang kapele, e sa sebetseng ka Snort. Kaha ho phalla ha litlou ho bonoa ke Snort, mokhoa oa ho lemoha phallo ea tlou ha o sebetse bakeng sa sephethephethe se patiloeng.
Tsamaiso
Mohato oa 1
Setšoantšo sa 1: Lokisa ho Fumana Phallo ea Tlou
Mohato oa 2 Konopo ea toggle ea Elephant Flow Detection e nolofalitsoe ka ho sa feleng. O ka hlophisa litekanyetso bakeng sa li-byte tsa phallo le nako ea phallo. Ha li feta boleng ba hau bo hlophisitsoeng, liketsahalo tsa phallo ea tlou lia hlahisoa.
Bohato ba 3 Ho lokisa phallo ea tlou, lumella konopo ea Toggle Flow Remediation.
Mohato oa 4 Ho beha litekanyetso tsa ho lokisa phallo ea tlou, lokisa litekanyetso tsa ts'ebeliso ea CPU %, nako ea lifensetere tsa nako e tsitsitseng, le ho theoha ha pakete %.
Mohato oa 5 U ka etsa liketso tse latelang bakeng sa tokiso ea phallo ea tlou ha e kopana le mekhoa e hlophisitsoeng:
a. Fetola phallo - Numella konopo ena hore e fete tlhahlobo ea Snort bakeng sa lits'ebetso tse khethiloeng kapa li-filters. Khetha ho tsoa ho:
• Lisebelisoa tsohle ho kenyeletsoa le lits'ebetso tse sa tsejoeng—Khetha khetho ena ho feta sephethephethe sa lits'ebetso. Haeba u lokisa khetho ena, u ke ke ua lokisa ketso ea throttle (tekanyo-tekanyo) bakeng sa phallo efe kapa efe.
• Kgetha Ditshebediso/Disefe—Khetha kgetho ena ho kgetha ditshebediso kapa disefe tseo sephethephethe sa tsona o batlang ho feta; sheba Ho Beakanya Maemo a Kopo le Lisefe.
b. Thibela phallo-Lumella konopo ena ho sebelisa moeli oa sekhahla ho phallo le ho tsoela pele ho hlahloba phallo. Hlokomela hore o ka khetha lits'ebetso kapa li-filters ho feta tlhahlobo ea Snort le ho theola phallo e setseng.
Hlokomela
Ho tlosoa ha throttle ho tloha ho phallo ea tlou e thothomelang ho etsahala ha tsamaiso e tsoa ka thata, ke hore, percen.tagMarotholi a pakete ea Snort a tlase ho feta moeli oa hau o hlophisitsoeng. Ka lebaka leo, ho fokotsa sekhahla ho boetse ho tlosoa.
U ka boela ua tlosa ho thothomela ha tlou e phallang ka letsoho, u sebelisa litaelo tse latelang tsa ts'ireletso ea litšokelo:
• hlakola efd-throttle <5-tuple/all> bypass—Taelo ena e tlosa ho lla ha tlou e phallang le ho feta tlhahlobo ea Snort.
• clear efd-throttle <5-tuple/all>—Taelo ena e tlosa ho thothomela ho tloha phallong ea tlou ea throttled le tlhahlobo ea Snort e ntse e tsoela pele. Tokiso ea phallo ea tlou ha e tlosoe ka mor'a ho sebelisa taelo ena.
Bakeng sa tlhahisoleseling e eketsehileng mabapi le litaelo tsena, bona Cisco Secure Firewall Threat Defense Command Reference.
Tlhokomeliso
Ho nka khato mabapi le phallo ea litlou (ho feta le ho fokotsa phallo) ha ho tšehetsoe lisebelisoa tsa letoto la Cisco Firepower 2100.
Bohato ba 6 Karolong ea Molao oa Tokiso ea Tokiso, tobetsa Eketsa Molao ho lokisa melao ea L4 ea lethathamo la phihlello (ACL) bakeng sa phallo e tlamehang ho lokoloha ho lokisoeng.
Bohato ba 7 Fensetereng ea Add Rule, sebelisa konopo ea Marang-rang ho eketsa lintlha tsa marang-rang, ke marang-rang a mohloli le marang-rang ao u eang ho ona. Sebelisa tab ea Li-Ports ho kenya sebaka sa mohloli le sebaka seo u eang ho sona.
Haeba ho na le phallo ea tlou 'me e lumellana le melao e hlalositsoeng, ketsahalo e hlahisoa ka lebaka e le Phallo ea Tlou e Lemohuoe sehloohong sa Lebaka la kholomo ea Liketsahalo tsa Khokahano.
Mohato oa 8 Karolong ea Molao oa Tokiso ea Tokiso, u ka khona view phallo e lokolotsoeng ketsong ea ho lokisa.
Mohato 9 Tobetsa OK ho boloka litlhophiso tsa phallo ea tlou.
Mohato 10 Tobetsa Boloka ho boloka pholisi.
Seo u lokelang ho se etsa ka mor'a moo
Kenya liphetoho tsa tlhophiso; sheba Deploy Configuration Changes.
Kamora ho hlophisa litlhophiso tsa phallo ea tlou ea hau, beha leihlo liketsahalo tsa khokahano ea hau ho bona hore na phallo efe kapa efe e bonoa, e fetiloe, kapa e thijoa. U ka khona view sena sebakeng sa Lebaka la ketsahalo ea khokahano ea hau. Mabaka a mararo a ho hokahana ha phallo ea tlou ke:
• Phallo ea Tlou
• Phallo ea Tlou e Khōlō
• Phallo ea Tlou E Tšeptjoa
Tlhokomeliso Ho nolofalletsa ho lemoha phallo ea tlou feela ha ho bake liketsahalo tsa khokahano bakeng sa phallo ea tlou. Haeba ketsahalo ea khokahano e se e kentsoe ka lebaka le leng hape phallo e boetse e le phallo ea tlou, joale lebala la Lebaka le na le tlhahisoleseling ena. Leha ho le joalo, ho etsa bonnete ba hore u rema litlou tsohle tse phallang, u tlameha ho lumella ho rekoa ha likhokahano melaong e sebetsang ea taolo ea phihlello.
Sheba ho Cisco Secure Firewall Elephant Flow Detection bakeng sa lintlha tse ling.
Bala haholoanyane ka Bukana ena & Khoasolla PDF:
Litokomane / Lisebelisoa
 |
CISCO Tlou Phallo ea Phallo [pdf] Bukana ea Mosebelisi 7.4, Ho Fumana Phallo ea Tlou, Ho fumanoa |