Nezávislí návštěvníci
UV (nezávislý návštěvník): jmenovitěUnikátní návštěvník, počítačový klient, který navštěvuje webovou stránku, je návštěvníkem. síťový provoz síťový provoz.
The"80/20"rule
Intraditionalnetworks,userswhousethesameapplicationaregenerallyplacedinthesameworkgroup,andtheserverstheyfrequentlyusearealsoplacedtogether.TheworkinggroupislocatedinthesamephysicalnetworksegmentorVLAN(virtuallocalareanetwork).Thepurposeofthisistolimitthedatatrafficgeneratedbetweentheclientandtheserveronthenetworkwithinthesamenetworksegment.Inthesamenetworksegment,youcanusearelativelyhigh-bandwidthswitchtoconnecttheclientandserver,insteadofusingarelativelylow-bandwidthrouter.Thisnetworkdesignmodethatcontrolsmostofthenetworktrafficlocallyiscalledthe"80/20rule",thatis,80%ofthenetworktrafficislocaltraffic(usingswitchestoexchangedata)andistransmittedinthesamenetworksegment;only20%Ofthenetworktrafficneedstopassthroughthenetworkbackbone(routerorLayer3switch).
The"80"and"20"inthe"80/20"rulecannotbesimplyunderstoodasnumbers,butshouldbeunderstoodasthewaynetworktrafficisdistributed,thatis,mostnetworktrafficisconfinedtothelocalworkinggroup.Partofthetrafficpassesthroughthenetworkbackbone.Therefore,inactualnetworkdesign,aslongasmostofthenetworktrafficislocalandasmallpartofthenetworktrafficpassesthroughthebackbone,itisconsideredtocomplywiththe"80/20"rule,regardlessoftheactualnumberratio.
Application
Inthecampusnetwork,thesoftware-onlymultimediaelectronicclassroomisasmallnetworkthatconformstothe"80/20"rule.Multimedianetworkclassroomsaremainlyusedinthesameclassroomorteachingbuilding.Multicastandbroadcastmethodsareoftenusedtosendmultimediadatafromtheteachercomputertothestudentcomputer,soalotofdatastreamsaregenerated.Ifnotprocessed,thedatastreamwillforma"broadcaststorm"andspreadtootherpartsofthenetwork.Therefore,thenetworksegmentwherethemultimedianetworkclassroomislocatedneedstobedividedintoanindependentsubnettosuppressthebroadcaststorm.
Pravidlo „20/80“
S postupným obohacováním síťových aplikací již pravidlo „80/20“ nemůže plně splňovat potřeby návrhu sítě. Postupně se propaguje model nazývaný „centralizované úložiště, distribuované výpočty“. poštovní systémy a stále populárnější VOD (video na vyžádání), knihovna multimediálních zdrojů, vzdělávací datové centrum (EDC),digitální knihovna atd.;distribuceVýpočet znamená, že se data stahují do každé pracovní stanice za účelem zpracování, jako je například knihovna multimediálních zdrojů v síti, aby se vytvořil multimediální kurzový software, procházela digitální knihovna atd. vytvořeno z pravidla "80/20" a sloučeno nové pravidlo, což je pravidlo "20/80".
Inanetworkthatcomplieswiththe"20/80"rule,onlyabout20%ofthenetworktrafficisconfinedtothelocalworkinggroup,andabout80%ofthenetworktrafficistransmittedthroughthenetworkbackbone.Thischangeofnetworktrafficmodehasbroughtagreatloadtothebackboneswitchofthecampusnetwork.Therefore,inanidealstate,thebackboneswitchshouldbeabletoprovideperformancethatmatchesthatofthebackboneswitchesconnectedbelow,thatis,providewire-speedthree-layerswitching,thatistosay,howfastthebackboneswitchbelowcanrun,thebackboneswitchaboveshouldalsobeabletoHowfasttorun.Similarly,iftherearemanyVLANsdividedbyfunction(suchasteaching,scientificresearch,andadministrativemanagement)inthenetwork,theseVLANsarealsodifficulttomanage.Intheprevious"80/20"rule,serverswereoftendistributedinVLANs,soaccesswasfasterforeachworkgroup.However,inthe"20/80"rule,serversareoftenconcentratedinthecenterofthenetwork,soforeachworkinggroup,cross-VLANaccessmustbeimplemented.
Classificationconcept
Manynetworkapplicationshavetheirowncharacteristicsandhavedifferentrequirementsforthenetworkenvironment.Therefore,onlytimelyandaccurateidentificationandclassificationofnetworktrafficcanbeaccuratelyProvideasuitablenetworkenvironmentfordifferentapplications,effectivelyusenetworkresources,andprovideuserswithbetterservicequality.Theresearchonnetworktrafficclassificationisveryextensive,andtherearemanymethodsused,buttheyaremainlybasedonthefollowingthreelevels:(1)Packet-leveltrafficclassification:mainlyfocusesonthecharacteristicsofpacketsAnditsarrivalprocess,suchasthedistributionofdatapacketsize,thedistributionofdatapacketarrivaltimeinterval,etc.;
(2)Klasifikace toku na úrovni toku:Především se zaměřte na charakteristiky offlow a jeho proces příchodu, může to být připojení TCP nebo tok UDP. Mezi nimi tok obvykle odkazuje na pět řad složených ze zdrojové IP adresy, zdrojového portu, cílové IP adresy, cílového portu a aplikačního protokolu;
(3)Stream-leveltrafficclassification:mainlyfocusesonhostpairsAndtheapplicationtrafficbetweenthem,usuallyreferstoatripletcomposedofsourceIPaddress,destinationIPaddress,andapplicationprotocol,whichissuitableforstudyingthelong-termtrafficstatisticscharacteristicsofthebackbonenetworkonamorecoarse-grainedbasis.
Intheabovethreelevelsoftrafficclassification,themostwidelyusedisFlow-leveltrafficclassification.Thismethodofanalyzingdatatransmittedinthenetworkbystreamisaninevitablerequirementforthedevelopmentofpacketswitchingnetworks.
EvaluationIndex
Akeymetricfortrafficclassificationistheaccuracyofacertainclassificationtechnologyorclassificationmodeltoclassifyunknowndataobjects.Theevaluationcriteriausuallyusedtomeasuretheaccuracyofclassificationmainlyincludethefollowingfouraspects:
True(truepositive,TP):indicatesthenumberofpositivesamplescorrectlypredictedbytheclassificationmodel,thatis,theybelongtocategoryAandareThenumberofsamplespredictedtobecategoryA.
Falsenegative(FN):indicatesthenumberofpositivesamplesthatareincorrectlypredictedbytheclassificationmodelasnegative,thatis,thenumberofsamplesthatbelongtocategoryAbutarepredictedtonotbelongtocategoryA.
Falsepositive(FP):indicatesthenumberofnegativesamplesthatareincorrectlypredictedbytheclassificationmodelaspositive,thatis,thenumberofsamplesthatdonotbelongtocategoryAbutarepredictedtobelongtocategoryA.
Truenegative(TN):indicatesthenumberofnegativesamplescorrectlypredictedbytheclassificationmodel,thatis,thenumberofsamplesthatdonotbelongtocategoryAandarepredictedtonotbelongtocategoryA.
Inaddition,classificationmethodsbasedonmachinelearningusuallyusetwoothermetricstoevaluatetheirclassificationresults,whicharedefinedasfollows:recall:recall=TP/(TP+FN),whichmeansTheproportionofsamplesincategoryAthatarecorrectlypredicted.
Precision(precision):precision=TP/(TP+FP),whichmeansthatamongallthesamplespredictedtobeclassA,theproportionofsamplesthatreallybelongtoclassA.Manytrafficclassificationstudiesuseflowaccuracyorbyteaccuracyasametricfortheirexperimentalresults.Flowaccuracyrepresentstheproportionofcorrectlyclassifiedflows,whilebyteaccuracypaysmoreattentiontothecorrectclassificationofflows.Thenumberofbytescarried.Amongthem,thedefinitionofaccuracyisasfollows:
Přesnost:přesnost=(TP+TN)/(TP+TN+FP+FN), což znamená, že počet vzorků správně předpokládaný klasifikačním modelem je v celkovém procentu ve vzorku.
Switch
Withoutathree-layerswitch,VLANscannotcommunicate.VLANsaresimilartothelogicalpartitionsofharddisksandcanbesimplyunderstoodasdividingthesameharddiskintodifferentharddiskdriveletters.Butunlikelogicaldisks,communicationbetweenVLANsisnotassimpleascopyingfilesfromonelogicaldisktoanotherlogicaldisk.Instead,routersmustrelyonthemtocommunicatebetweenVLANs.
Funkce
1. Páteř sítě je nezbytná pro třívrstvý přepínač
Tosaythattheroleofthethree-layerswitchinmanynetworkequipment,itisnotdescribedas"mainstay".Fortoomuch.Inthecampusnetworkandmetropolitanareaeducationnetwork,thebackbonenetwork,metropolitanareanetworkbackbone,andconvergencelayerallhavethree-layerswitches.Especiallythecorebackbonenetworkmustusethree-layerswitches,otherwisetheentirenetworkhasthousandsofunits.Allofthecomputersareinthesamesubnet.Notonlyaretherenosecurityatall,butalsothebroadcaststormcannotbeisolatedbecausethebroadcastdomaincannotbedivided.Ifatraditionalrouterisused,althoughthebroadcastcanbeisolated,theperformancecannotbeguaranteed.Theperformanceofthethree-layerswitchisveryhigh,withboththefunctionofthethree-layerroutingandthenetworkspeedofthetwo-layerswitching.Layer2switchingisbasedonMACaddressing,andLayer3switchingistoforwardserviceflowsbasedonLayer3addresses;inadditiontothenecessaryroutingdecisionprocess,mostofthedataforwardingprocessishandledbyLayer2switching,whichimprovestheefficiencyofpacketforwarding..Thethree-layerswitchrealizestheroutingfunctionofIPthroughtheuseofahardwareswitchingmechanism,anditsoptimizedroutingsoftwareimprovestheefficiencyoftheroutingprocessandsolvesthespeedproblemoftraditionalroutersoftwarerouting.Therefore,itcanbesaidthatthethree-layerswitchhas"thefunctionofarouterandtheperformanceofaswitch."
2.Přepínání vrstvy 3 je nezbytné pro připojení podsítí.
Iftherearemorethanacertainnumberofcomputersonthesamenetwork(usuallyaround200,dependingonthecommunicationprotocol),itislikelytobeBecauseofthelargenumberofbroadcastsonthenetwork,thenetworktransmissionefficiencyislow.Inordertoavoidbroadcastingstormscausedbybroadcastingonlargeswitches,itcanbefurtherdividedintomultiplevirtualnetworks(VLANs).Butdoingsowillcauseaproblem:thecommunicationbetweenVLANsmustbeimplementedthroughrouters.However,traditionalroutersarealsodifficulttohandlethecommunicationtasksbetweenVLANs,becausetheroutingcapabilitiesoftraditionalordinaryroutersaretooweakcomparedtothenetworktrafficofthelocalareanetwork.Andthepriceofgigabitroutersisalsoveryunacceptable.IfyouuseGigabitportsor100MportsonaLayer3switchtoconnecttodifferentsubnetsorVLANs,youcaneconomicallysolvetheproblemofrelyingonroutersforcommunicationbetweensubnetsaftersubnettingwhilemaintainingperformance.Therefore,thethree-layerswitchisanidealdeviceforconnectingsubnets.
Advantages
Inadditiontoexcellentperformance,thethree-layerswitchalsohassomefeaturesthatthetraditionaltwo-layerswitchdoesnothave.Thesefeaturescanbeusedfortheconstructionofcampusnetworksandmetropolitaneducationnetworks.Itbringsmanybenefits,listedasfollows:
1, vysoká škálovatelnost
Whenthethree-layerswitchisconnectedtomultiplesubnets,thesubnetonlyestablishesalogicalconnectionwiththethird-layerswitchmodule,Unliketraditionalexternalroutersthatneedtoincreaseports,therebyprotectingusers'investmentincampusnetworksandmetropolitaneducationnetworks.Andtomeettheneedsoftheschool'srapidgrowthinnetworkapplicationsin3to5years.
2.Vysoký výkon
Thethree-layerswitchhastheabilitytoconnecttolarge-scalenetworks,andthefunctioncanbasicallyreplacesometraditionalrouters,butthepriceisclosetothetwo-layerswitch.Thepriceofa100MLayer3switchisonlytensofthousands,whichissimilartothepriceofahigh-endLayer2switch.
3. Vestavěný mechanismus zabezpečení
Thethree-layerswitchcanbethesameasanordinaryrouter,withthefunctionofaccesslist,whichcanrealizeone-wayortwo-waycommunicationbetweendifferentVLANs.Ifyousetitintheaccesslist,youcanrestrictusersfromaccessingspecificIPaddresses,sothattheschoolcanprohibitstudentsfromaccessingunhealthysites.Theaccesslistcanbeusednotonlytoprohibitinternalusersfromaccessingcertainsites,butalsotopreventillegalusersoutsidethecampusnetworkandmetropolitanareaeducationnetworkfromaccessingtheinternalnetworkresourcesofthecampusnetworkandmetropolitanareaeducationnetwork,therebyimprovingnetworksecurity.
4.Vhodný formulový časový přenos
Educationnetworkoftenneedstotransmitmultimediainformation,whichisafeatureofeducationnetwork.Thethree-layerswitchhasaQoS(QualityofService)controlfunction,whichcanallocatedifferentbandwidthstodifferentapplications.Forexample,whentransmittingvideostreamsoncampusnetworksandmetropolitaneducationnetworks,acertainamountofdedicatedbandwidthcanbereservedforvideotransmission,whichisequivalenttoopeningupdedicatedchannelsinthenetwork,andotherapplicationscannotoccupythesereservedbandwidths.Bandwidth,soitcanensurethestabilityofvideostreaming.TheordinaryLayer2switchdoesnothavethisfeature,sowhenthevideodataistransmitted,thevideojitterphenomenonwilloccursuddenlyandslowly.
Inaddition,video-on-demand(VOD)isalsoafrequentlyusedserviceineducationnetworks.However,becausesomeVODsystemsusebroadcasttotransmit,andbroadcastpacketscannotbeimplementedacrossnetworksegments,VODcannotbeimplementedacrossnetworksegments;ifVODisimplementedinunicastform,althoughitcanbeimplementedacrossnetworksegments,itsupportsAtthesametime,thenumberofconnectionsisverysmall,generallydozensofconnectionsoccupyallbandwidth.Thethree-layerswitchhasamulticastfunction,andVODdatapacketsaresenttoeachsubnetintheformofmulticast,whichnotonlyrealizescross-networksegmenttransmission,butalsoensurestheperformanceofVOD.5.BillingfunctionIncollegecampusnetworksandmetropolitaneducationnetworksinsomeareas,thereislikelytobebillingrequirements,becausethethree-layerswitchcanidentifytheIPaddressinformationinthedatapacket,soitcancountthedatatrafficofthecomputerinthenetwork,Youcanchargeaccordingtotheflow,youcanalsocountthetimethecomputerisconnectedtothenetwork,andchargeaccordingtothetime.ItisdifficultforordinaryLayer2switchestodobothatthesametime.
Whentheupsurgeofbuildingcampusnetworksandmetropolitanareaeducationnetworksissetoffacrossthecountry,Ibelievethatthethree-layerswitchwithitsexcellentperformanceandmoderatepricewillsurelymakeabigdifferenceinthisupsurge.
Controller
Reasons
NetworktrafficcontrollerbitSaver(alsoknownasapplicationtrafficmanager,bandwidthmanagerorQoSdevice)asearlyas2000Ithasappeared,andwasfirstdevelopedbyPackteerintheUnitedStates.However,sincetheproblemofnetworkbandwidthhasnotyetbeensignificant,enterpriseITdepartmentsarenotpayingenoughattentiontobandwidth.Withtheapplicationofvariousnewnetworktechnologiesandthedevelopmentofnetworkmultimediatechnology,theproblemofnetworkbandwidthshortageisbecomingmoreandmoreobvious.Especiallysince2005,P2Papplicationshavebroughtaseriousthreattobandwidthmanagement,sothebandwidthmanagermarkethasbeengreatlydeveloped.Accordingtoincompletestatistics,thismarkethasexceedednearly2.5billionUSdollars.China'sbandwidthmanagementmarkethasonlygraduallyreceivedattentionsince2004.In2007,China'sbandwidthmanagementmarketsharewasalso200millionyuan.ItisexpectedthatChina'sbandwidthmanagementmarketwillgrowatarateofmorethan20%.InadditiontoforeignPackteerandAllotcompanieswithbandwidthmanagementequipmentproviders,domesticmanufacturerssuchasBeijingYingzhixingda,ChanxunTechnology,etc.,bandwidthmanagementequipmentofforeignmanufacturershavenotyetrealizedthelocalizationoftheinterface,andtheyareallenteredintheformofauthorizedagents.China:Domesticmanufacturershavegonethroughthreetofouryearsofproductresearchanddevelopment,andtheirproductshavebecomeincreasinglystable.Themarket,technology,andproductcompetitionwillbeginin2008.
Basicfunctions
Thebasicfunctionofthebandwidthmanagerisverysimple,whichistoallocateandmonitorbandwidthaccordingtoapplicationsandusers.Becauseitisaseven-layernetworkmanagementdevice,networkmanagerscandirectlyallocatebandwidthtoapplicationsanduserswithouthavinghighnetworkknowledge,whichreducestheinvestmentofnetworkmanagerstoacertainextent.Althoughthefunctionisverysimple,therearemanyapplicationsthatcanbeimplemented,butmostusersdonothaveagoodunderstandingofbandwidthmanagementapplications.ForeignbandwidthmanagementequipmentisexpensiveanddoesnotsupportChinesedisplay.Therefore,theapplicationsofPackteerandAllotaremainlyconcentratedintelecommunicationsandfinance.AlthoughdomesticmanufacturerssuchasBeijingYingzhixingdahavemadegainsineducation,government,energyandmedicalindustries,theirproductseriesIthasonlybeenformedforoneyear,sovendorsdidnotinvesttoomuchinthepromotionofmarketapplications,resultinginusers'applicationofbandwidthmanagementinitsinfancy.
ApplicationScope
BandwidthapplicationsinthetelecommunicationsandfinancialfieldsaremainlymanifestedinSLA(ServiceLevelAgreement),throughbandwidthmanagementequipmenttoprovidedifferentlevelsofbandwidthservicestousersofdifferentlevels,Soastoguaranteethereturnoninvestmentofcorecustomers.
Ineducation,governmentandotherapplications,thebandwidthmanagermainlyfocusesonthemanagementofP2P,especiallythemanagementofBT.Atthesametime,bandwidthmanagementequipmenthasalsobeguntoappearasaQoSguaranteeequipmentforvideoconferencing.AstheclientsofP2Pandotherapplicationsarecontinuouslyupgraded,onlydomesticproductswithindependentresearchanddevelopmentcanrealizetherapidlaunchofmanagementstrategiesaccordingtothenewversion.Inthisapplication,internationalmanufacturershavenoadvantage.
Samozřejmě, jako správce šířky pásma má také více aplikací. Jako jsou následující aplikace:
First,thetransparencyofnetworkapplications,throughthebandwidthmanager,thestatusofpreviouslyunknownnetworkapplicationscanbeviewedindetail.
Second,preventsuddensurgeintrafficandattacksfromunknownapplications,suchasDoSattacks,toensurenetworksecurity.
3.Evaluatethevalueofcoreapplications,andunderstandtheutilizationandefficiencyofcoreapplicationsthroughmonitoringofcoreapplicationtraffic.
Čtyři. Zajistěte šířku pásma vyžadovanou klíčovými aplikacemi (jako je CRM, VPN, bezdrátová síť, videokonference, VoIP atd.), abyste zajistili, že klíčové aplikace nebudou kdykoli blokovány
5.Accuratelyevaluatetheloadcapacityofthenetworkandtheimpactofnewapplicationsontheoverallnetworkapplicationstoensuretherationalityofthecustomer'sITinvestment.
Six.Realizetheprovisionofdifferentnetworkresourceallocationsaccordingtotheuser'sleveltoensurethenetworkvalueofthecoreusersofthecustomer.
Seven.Reducetherepetitiveoperationsofnetworkmanagersandprovidequantitativedataforapplications,sothatthemanagementcanmakedecisionsbasedontheapplicationstatus.
Theseapplicationsonlyappearinsomespecificcases,andmostusershavenoteffectivelyintegratedbandwidthmanagementwiththeirownnetworkmanagement.Theapplicationprospectsaregreat.
Flowcontrolinthenetwork
Methodstoincreasetheuser'savailableresources:choosethepathreasonably,makethepathlessoptimalwhentheloadislight,andmorediversionwhentheloadisheavy;Increasethenumberofhierarchicalconnectionsandshuntconnectionsunderheavyload;increasechannelloans;increaseinformationrate;appropriatelyincreasebuffers,etc.Waystoreduceusers'demandforresources:rejectcertainservicerequests;requireuserstoreducetheload;reasonablyallocateusers'useofresources,suchasusingreservations,polling,andpriority.Theessenceofreducingtheuser'sdemandforresourcesistoreducetheservicelevelandquality,ortoprovideservicesinareasonablemanner.
Inmanycomputernetworks,thewidelyusedflowcontrolmethodisbasedonreducinguserdemand.Thefollowingisacentralizedflowcontrolmethod:
1.Waitingfortransmissionmethod.Itisalsocalledsuppressedsendingmode.Whenthebufferofthereceivingnodehasbeenoccupiedalotandthenodeentersthedangerousstageofdeadlock,thesendingnodewillsendamessagetosuspendsending,andwhenthedangerousstageislifted,thesendingwillbenotifiedtosuspendsending.Thenode,resumedatatransmission.
2.Reservebuffermode.Beforestartingdatatransmission,thesourcehostmustfirstunderstandtheavailablebuffersofthedestinationhost,reservethebuffer,andthencontrolitsowndatatransmissionaccordingtothebufferallocatedbythedestinationhost.Whenthebufferisusedup,waitfortheotherpartytoallocatethebufferagainbeforecontinuingtosend.
3.Licenční metoda.
4.Metoda likvidace datové jednotky.