CN108494583A - A kind of method and device generating network topology based on sFlow - Google Patents

A kind of method and device generating network topology based on sFlow Download PDF

Info

Publication number
CN108494583A
CN108494583A CN201810158539.8A CN201810158539A CN108494583A CN 108494583 A CN108494583 A CN 108494583A CN 201810158539 A CN201810158539 A CN 201810158539A CN 108494583 A CN108494583 A CN 108494583A
Authority
CN
China
Prior art keywords
node
address
network
flow
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810158539.8A
Other languages
Chinese (zh)
Inventor
徐剑秋
熊常春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Vcmy Technology Co Ltd
Original Assignee
Guangzhou Vcmy Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Vcmy Technology Co Ltd filed Critical Guangzhou Vcmy Technology Co Ltd
Priority to CN201810158539.8A priority Critical patent/CN108494583A/en
Publication of CN108494583A publication Critical patent/CN108494583A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method and devices generating network topology based on sFlow, are related to field of computer technology, including:The flow data with identical five-tuple is determined as a set out of sFlow flow datas, and set is deposited into network flow Hash table;The source IP address of network flow, is determined as the starting point of topological structure by the network node data for obtaining network flow;When first node in ttl value sequence is first order node, first node is determined as to the first order node of topological structure;Or when first node is not first order node and when including multiple, then the next-hop ip address of source IP address is matched with the IP address of multiple first nodes, and by multiple first nodes as the first order node of topological structure;When it is the purpose IP address of network flow to determine the next-hop ip address of first order node, then purpose IP address is determined as to the next stage node of first node.

Description

A kind of method and device generating network topology based on sFlow
Technical field
The present invention relates to field of computer technology, more particularly relate to a kind of method generating network topology based on sFlow And device.
Background technology
SFlow (RFC3176) is a kind of network monitor technology by IETF approvals as a draft standard in 2001, it Using the stochastical sampling of LAN and wide area network data packet stream to being transmitted in whole network, allow user in detail, grasp in real time Performance, trend and the problem of transmission over networks stream.
SFlow systems are mainly by the sFlow of implantation router or interchanger agencies (Agent) and a central data device Composition, system acquire initial data by router or interchanger from network, and then giving Agent it is encoded into specific format Data packet, be transmitted to central data device.SFlow technologies can allow user voluntarily to configure sampling rate and poll time, can be with Collect complete data packet header information, the complete second layer to layer 7 details and physical transfer information, as interchanger/ Port interface information.SFlow contains abundant and comprehensive complicated information, supports packet header capture, supports to be based on outputting and inputting Port and IP address, IP subnets and service class, autonomous system, BGP groups, SNMP countings, TCP, UDP or ICMP flow etc., The second layer is to layer 7 data packet and byte count.
It is that the Agent acquisitions on each router flow through the network flow letter of itself due to the collected data of sFlow Breath, shows only the data on flows on single router, does not have correlation between multiple routers, existing cannot be from entire net The problem of flow information is seen in the range of network.
Invention content
The embodiment of the present invention provides a kind of method and device generating network topology based on sFlow, solves existing multiple roads By there is no correlation between device, there are problems that see flow information in the range of whole network.
An embodiment of the present invention provides a kind of methods generating network topology based on sFlow, including:
The flow data with identical five-tuple is determined as a set out of sFlow flow datas, and the set is deposited Enter into network flow Hash table;
The source IP address of the network flow, is determined as the starting point of topological structure by the network node data for obtaining network flow;
When first node in the ttl value sequence is first order node, first node is determined as institute State the first order node of topological structure;Or when the first node is not first order node and when including multiple, then by the source The next-hop ip address of IP address is matched with the IP address of multiple first nodes, and multiple first nodes are equal First order node as the topological structure;
It, then will be described when it is the purpose IP address of the network flow to determine the next-hop ip address of the first order node Purpose IP address is determined as the next stage node of the first node.
Preferably, described that the set is deposited into network flow Hash table, it specifically includes:
It is matched in the Hash table according to the hash index value of the set, it is described when existing in the Hash table When hash index value, the set is added in network flow data corresponding with the hash index value;When the Hash When the hash index value being not present in table, increase the network corresponding with the hash index value in the Hash table Flow data is for storing the set.
Preferably, it is described by it is described set be added in network flow data corresponding with the hash index value after, Further include:
Update in the network data flow includes following information:Agent_ip, ttl value, acquisition data packet number, next_ip;
Ttl value is determined according to following formula:
Wherein, n represents the data packet number of acquisition.
Preferably, described when the purpose IP address that the next-hop ip address of the determining first order node is the network flow When after, further include:
When determining the whole nodes for not completing and including in the traversal network flow node, then obtained from the ttl value sequence First node is taken, and judges whether first node is first order node.
The embodiment of the present invention additionally provides a kind of device generating network topology based on sFlow, including:
Storage unit, for the flow data with identical five-tuple to be determined as a set out of sFlow flow datas, and The set is deposited into network flow Hash table;
First determination unit, the network node data for obtaining network flow determine the source IP address of the network flow For the starting point of topological structure;
Second determination unit, for when first node in the ttl value sequence is first order node, by described the One node is determined as the first order node of the topological structure;Or when the first node is not first order node and includes more When a, then the next-hop ip address of the source IP address is matched with the IP address of multiple first nodes, and will be more A first node is determined as the first order node of the topological structure;
Third determination unit, for when the purpose that the next-hop ip address of the determining first order node is the network flow When IP address, then the destination IP address is determined as to the next stage node of the first node.
Preferably, the storage unit is specifically used for:
It is matched in the Hash table according to the hash index value of the set, it is described when existing in the Hash table When hash index value, the set is added in network flow data corresponding with the hash index value;When the Hash When the hash index value being not present in table, increase the network corresponding with the hash index value in the Hash table Flow data is for storing the set.
Preferably, the storage unit is additionally operable to:
Update in the network data flow includes following information:Agent_ip, ttl value, acquisition data packet number, next_ip;
Ttl value is determined according to following formula:
Wherein, n represents the data packet number of acquisition.
Preferably, the third determination unit is additionally operable to:
When determining the whole nodes for not completing and including in the traversal network flow node, then obtained from the ttl value sequence First node is taken, and judges whether first node is first order node.
The embodiment of the present invention provides a kind of method and device generating network topology based on sFlow, and this method includes:From The flow data with identical five-tuple is determined as a set in sFlow flow datas, and the set is deposited into network flow In Hash table;The source IP address of the network flow, is determined as the starting point of topological structure by the network node data for obtaining network flow; When first node in the ttl value sequence is first order node, first node is determined as the topology and is tied The first order node of structure;Or when the first node is not first order node and when including multiple, then by the source IP address Next-hop ip address is matched with the IP address of multiple first nodes, and by multiple first nodes as described The first order node of topological structure;When determining that the next-hop ip address of the first order node is the destination IP of the network flow When location, then the destination IP address is determined as to the next stage node of the first node.In this method, in scattered data source On the basis of, with the data on flows in individual router, the correlation of network flow is extracted, passes through a series of step and algorithm, meter Calculate the flow information of whole network, topology status, network flow trend, the networks such as path information of overall importance.So as to from Global angle understands the operating status of whole network, and solving between existing multiple routers does not have correlation, and existing cannot The problem of flow information is seen in the range of whole network.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of method flow schematic diagram generating network topology based on sFlow provided in an embodiment of the present invention;
Fig. 2 is circuit theory schematic diagram provided in an embodiment of the present invention;
Fig. 3 is the network topology structure product process schematic diagram that the embodiment of the present invention one provides;
Fig. 4 is network topology structure schematic diagram to be generated provided by Embodiment 2 of the present invention;
Fig. 5 is the network topology structure schematic diagram of generation provided by Embodiment 2 of the present invention;
Fig. 6 is a kind of apparatus structure schematic diagram generating network topology based on sFlow provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Fig. 1 is a kind of method flow schematic diagram generating network topology based on sFlow provided in an embodiment of the present invention, is such as schemed Shown in 1, this method mainly includes the following steps that:
Step 101, the flow data with identical five-tuple is determined as a set out of sFlow flow datas, and by institute Set is stated to be deposited into network flow Hash table;
Step 102, the source IP address of the network flow is determined as topological structure by the network node data for obtaining network flow Starting point;
Step 103, when first node in the ttl value sequence is first order node, by first node It is determined as the first order node of the topological structure;Or when the first node is not first order node and when including multiple, then The next-hop ip address of the source IP address is matched with the IP address of multiple first nodes, and by multiple described One node is as the first order node of the topological structure;
Step 104, when it is the purpose IP address of the network flow to determine the next-hop ip address of the first order node, The destination IP address is then determined as to the next stage node of the first node.
In the method provided in an embodiment of the present invention for generating network topology based on sFlow, it is to be based on network flow as object, goes The flow information of statistics network.In embodiments of the present invention, a network flow is based on unidirectional between source address, destination address Network packet, an and network flow is uniquely determined by five-tuple information, i.e. five-tuple information identical network flow information It is just regarded as same class network flow data, wherein five-tuple includes mainly source address, destination address, source port, destination interface And protocol type.
Fig. 2 is circuit theory schematic diagram provided in an embodiment of the present invention, as shown in Fig. 2, opening the routing of sFlow functions Device/exchange opportunity is periodically sent in the message to Collector of sFlow, and Collector is the data storage being collected into number According in library;Then, network topology generation unit can periodically go to obtain the incremental data of sFlow stream informations, according to corresponding steps In the topological data storage to database for generating whole network with rule.Wherein, the table such as Tables 1 and 2 of databases storage Shown, wherein table 1 is the header data of collected sFlow, and the flow data that table 2 is collected sFlow.
Conventionally, as after receiving the message of sFlow, sFlow is stored to database by Collector, The sFlow of database purchase can be the data source that subsequent algorithm extracts correlation information.The collected data of the data source are Agent acquisitions on each router flow through the network flow information of the data of itself, show only on single router Data on flows cannot see flow information without correlation in the range of whole network.
1 sFlow of table collects header data
version The version number of sFlow
agent_addr_version Sample the version number (IPV4 or IPV6) of agency
agent_ip Sample the address of agency
sub_id Sub-agent serial number
sequence_num The sequence number of sample
sysuptime Current time
samples_count Number of samples
The collected flow datas of 2 sFlow of table
Field Meaning
src_ip Source IP address
dst_ip Purpose IP address
next_ip Next hop router IP address
src_port TCP/UDP source port address
dst_port TCP/UDP destination interfaces address
ttl Life span
if_speed Interface rate
tcp_flags TCP labels (including TCP connection number)
ip_protocol IP protocol type (such as Transmission Control Protocol, udp protocol)
tos IP type of service
src_as The source domains AS
dst_as The domains purpose AS
src_mask Source address subnet mask digit
dst_mask Destination address subnet mask digit
src_mac Source MAC
dst_mac Target MAC (Media Access Control) address
interface_port The port value of input/output interface
In a step 101, since in the message of sFlow, there is the relevant information of Agent on the head of each message, because This, can extract the node IP address of Agent from the head of sFlow messages.
Further, since in the message of sFlow, there are the source address of the message and purposes for the flow data of each message Address, therefore the information of host can be extracted from the flow data of sFlow messages.
In embodiments of the present invention, the flow data for traversing sFlow extracts the five-tuple of flow data, will have identical five yuan The flow data of group is determined as a set, and then determining multiple set are respectively stored into network flow Hash table.
It should be noted that in embodiments of the present invention, be in it will gather storage to network flow Hash table one by one, It needs first to calculate each hash index value for entering network flow data according to five-tuple information, sees this value in network flow Hash It whether there is in table, that is, the hash index value by each set needed to be matched with Hash table.It should when existing in Hash table When hash index value, by and hash index value it is corresponding set be added in network flow data corresponding with hash index value;When When the hash index value being not present in Hash table, increase network flow data corresponding with hash index value in Hash table, and Set corresponding with hash index value is added in newly-built network flow data, and according to network flow data.
For example, when network flow to be stored in network flow Hash table, each can be calculated according to five-tuple information The hash index value h_index of the network flow data of entrance, sees that this value whether there is in network flow Hash table, when there is no When, increase a new list item in network flow Hash table to store;When it is present, it is found from network flow Hash table identical The network flow data of hash index value h_index, and update the relevant information of the network flow data.
When updating network flow data, since network flow data is come up from different Agent acquisitions, every Network flow data all contains multiple nodes and uploads the data come up, and the data of each node acquisition are as shown in Table 1 and Table 2, main Include the relevant informations such as agent_ip, ttl value, the data packet number of acquisition, next_ip.
Wherein, shown in the calculating of ttl value such as formula (1)::
In a particular application, n represents the data packet number of acquisition;Wherein, the quantity of data packet refers to that every system counts once According to data on flows, value is just incremented by primary.The value of next_ip is a set, may exist multiple values, the i.e. network flow When data packet stream is through the node, there are mulitpaths may be selected for next-hop.Agent_ip is the address of sampling agency.
Before step 102, it is also necessary to be ranked up the data in network flow Hash table for reference with ttl value, specifically Ground:The data update for having traversed all-network flow data completion network flow Hash table passes through selected and sorted algorithm according to ttl value It is ranked up, selects the maximum flow data of ttl value to come foremost every time.To complete ttl value sequence.It should be noted that In embodiments of the present invention, in ttl value sequence, the node of foremost is come, indicates the node that the network flow passes through at first.
Furthermore, it is also necessary to the data in network flow Hash table are ranked up with data packet number for reference, specifically:Time The data update for having gone through all-network flow data completion network flow Hash table passes through selected and sorted algorithm according to data packet number It is ranked up, selects the maximum value of data packet number to come foremost every time.To complete data packet number sequence.It needs to illustrate , in embodiments of the present invention, in data packet number sequence, the node of front is come, indicates the network flow by most Node.
In a step 102, traverses network stream topology table obtains the network node data of network flow, by the source IP of network flow Address is determined as the starting point of topological structure.
In step 103, the maximum node of ttl value in node-flow is obtained, i.e., obtains sequence foremost from ttl value sequence Node, judge whether the node is first order node, when determining that the node of foremost is first order node in ttl value sequence When, by the node directly as the next stage node of topological structure starting point, as first order node.
When it is not first order node to determine the node of foremost in ttl value sequence, need first to determine that the node includes one A node still includes multiple nodes:When determining that the node includes multiple nodes, the upper level section on topological structure is obtained Point next_ip values, the next_ip values of even higher level of node are matched with multiple nodes, and by the node include it is multiple Node is as the next stage node of even higher level of node, and multiple next stage nodes at this time are coordination.For example, when multiple When the even higher level of node of node is source IP address, then this multiple node is set up in parallel as first order node;When multiple nodes When even higher level of node is first order node, then this multiple node is set up in parallel as second level node.
When determining that the node only includes a node, this node is directly matched to the next_ip values of even higher level of node, And using this node as the next stage node of even higher level of node.
At step 104, when it is the purpose IP address of network flow to determine the next-hop ip address of first order node, by mesh IP address be determined as the next stage node of first node;When determining that the next-hop ip address of first segment node is not network flow When purpose IP address, then the next-hop ip address of first order node is determined as second level node, until next-hop ip address is The purpose IP address of network flow.
It should be noted that in embodiments of the present invention, since multiple nodes can be existed simultaneously on certain grade of node, then when When determining that next-hop ip address is the purpose IP address of network flow, it is also necessary to the network flow is traversed, until including in network flow Whole nodes generate network topology, it is determined that the network flow generates network topology structure and completes.
Fig. 3 is the network topology structure product process schematic diagram that the embodiment of the present invention one provides, as shown in figure 3, the flow It mainly includes the following steps that:
Step 201, traverses network stream topology table obtains the network node data of network flow.
Step 202, starting point of the source IP address as topological structure of network flow is obtained from the flow data of network flow.
Step 203, the maximum node of ttl value in node-flow is obtained.
Step 204, judge whether be the first order intermediate node.If so, step 205 is executed, if it is not, thening follow the steps 206。
Step 205, it is the first order by the intermediate node of the first order directly as the next stage node of topological structure starting point Node.
Step 206, then judge whether the node of this grade exists simultaneously multiple node datas.If it is not, 207 are thened follow the steps, If so, executing step 208.
Step 207, the value of the next_ip of superior node is directly matched, and as the next stage node of superior node.
Step 208, the value of the next_ip of superior node is obtained, and is matched one by one, this grade of node is respectively integrated into higher level Next stage node in node.
Step 209, judge this grade of node next_ip whether the purpose IP address of network flow, if so, execute step 210, If it is not, executing step 203.
Step 210, by purpose IP address as the next stage node of the node of this grade.
Step 211, the node data for judging whether to have completed traverses network stream, if so, thening follow the steps 212, if not It continues to execute step 203.
Step 212, according to the network topology of above-mentioned data generating network stream.
Fig. 4 is network topology structure schematic diagram to be generated provided by Embodiment 2 of the present invention, and Fig. 5 is the embodiment of the present invention two The network topology structure schematic diagram of the generation of offer;Below in conjunction with Fig. 4 and Fig. 5, opened up based on sFlow generation networks to be discussed in detail The method flutterred.
As shown in figure 4, in the network topology, M1 and M2 as terminal, R1, R2, R3, R4, R5 as router according to Above-mentioned network topology deployment.In R1, R2, R3, R4, R5, the function of sFlow Agent is opened.After startup, to sFlow's Collector uploads the message of the collected sFlow of Agent.
Assuming that M1 has sent a TCP session to M2, which includes 10 data packets, wherein
The path of 8 data packets is:M1->R1->R2->R3->R5->M2;The path of 2 data packets is:M1->R1-> R2->R4->R5->M2。
The step of method includes:
Step 301, the IP address of Agent in sFlow messages is extracted:
NodeList:
[
R1:{ip:1.1.1.1/32,type:router},
R2:{ip:2.2.2.2/32,type:router},
R3:{ip:3.3.3.3/32,type:router},
R4:{ip:4.4.4.4/32,type:router},
R5:{ip:5.5.5.5/32,type:router}
]
Step 302, the information of host in sFlow message flow datas is extracted:
NodeList:
[
R1:{ip:1.1.1.1/32,type:router},
R2:{ip:2.2.2.2/32,type:router},
R3:{ip:3.3.3.3/32,type:router},
R4:{ip:4.4.4.4/32,type:router},
R5:{ip:5.5.5.5/32,type:router},
M1:{ip:10.10.11.1/24,type:host},
M2:{ip:10.10.12.1/24,type:host}
]
Step 303, the flow data for traversing sFlow, the flow data for extracting identical five-tuple are a set, and deposit has been created In the network flow Hash table built up:
Step 304, traverses network stream Hash table is ranked up, often using ttl value as reference value by selected and sorted algorithm The maximum flow data of secondary selection ttl value comes foremost.Complete sequence after, come the node of front, be the network flow at first The node of process:
Step 305, traverses network stream Hash table is arranged using data packet number as reference value by selected and sorted algorithm Sequence selects the maximum value of data packet number to come foremost every time.After completing sequence, the node of front is come, is the network Stream passes through most nodes.
Step 306, with the source IP address of network flow (src_ip) for starting point, purpose IP address (dst_ip) is terminal, warp It is intermediate node to cross the node-flow that ttl value is ranked up, and carries out the generation of the topological structure of network flow:
Step 307, according to the network topology of the data generating network stream of above-mentioned generation:
According to the topological structure of above-mentioned generation, above-mentioned network diagram can be supplemented relevant topological data, generated as schemed Network topology structure schematic diagram shown in 5.
Based on same inventive concept, an embodiment of the present invention provides a kind of device generating network topology based on sFlow, by The principle of technical problem and a kind of similar based on the sFlow generations method of network topology, therefore the device are solved in the device Implementation may refer to the implementation of method, and overlaps will not be repeated.
Fig. 6 is a kind of apparatus structure schematic diagram generating network topology based on sFlow provided in an embodiment of the present invention, is such as schemed Shown in 6, which includes storage unit 401, the first determination unit 402, the second determination unit 403 and third determination unit 404.
Storage unit 401, for the flow data with identical five-tuple to be determined as a collection out of sFlow flow datas It closes, and the set is deposited into network flow Hash table;
First determination unit 402, the network node data for obtaining network flow are true by the source IP address of the network flow It is set to the starting point of topological structure;
Second determination unit 403 is used for when first node in the ttl value sequence is first order node, by institute State the first order node that first node is determined as the topological structure;Or when the first node is not first order node and packet When including multiple, then the next-hop ip address of the source IP address is matched with the IP address of multiple first nodes, and Multiple first nodes are determined as to the first order node of the topological structure;
Third determination unit 404, for being the network flow when the next-hop ip address for determining the first order node When purpose IP address, then the destination IP address is determined as to the next stage node of the first node.
Preferably, the storage unit 401 is specifically used for:
It is matched in the Hash table according to the hash index value of the set, it is described when existing in the Hash table When hash index value, the set is added in network flow data corresponding with the hash index value;When the Hash When the hash index value being not present in table, increase the network corresponding with the hash index value in the Hash table Flow data is for storing the set.
Preferably, the storage unit 402 is additionally operable to:
Update in the network data flow includes following information:Agent_ip, ttl value, acquisition data packet number, next_ip;
Ttl value is determined according to following formula:
Wherein, n represents the data packet number of acquisition.
Preferably, the third determines that single 404 yuan are additionally operable to:
When determining the whole nodes for not completing and including in the traversal network flow node, then obtained from the ttl value sequence First node is taken, and judges whether first node is first order node.
It should be appreciated that one of the above based on sFlow generate network topology device include unit only according to the equipment The logical partitioning that the function that device is realized carries out in practical application, can carry out the superposition or fractionation of said units.And the reality Apply a kind of base that the function that a kind of device being generated network topology based on sFlow that example provides is realized is provided with above-described embodiment It is corresponded in the method that sFlow generates network topology, for the more detailed process flow that the device is realized, above-mentioned It has been described in detail in embodiment of the method one, has been not described in detail herein.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, the present invention can be used in one or more wherein include computer usable program code computer The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (8)

1. a kind of method generating network topology based on sFlow, which is characterized in that including:
The flow data with identical five-tuple is determined as a set out of sFlow flow datas, and the set is deposited into In network flow Hash table;
The source IP address of the network flow, is determined as the starting point of topological structure by the network node data for obtaining network flow;
When first node in the ttl value sequence is first order node, first node is determined as described open up Flutter the first order node of structure;Or when the first node is not first order node and when including multiple, then by the source IP The next-hop ip address of location is matched with the IP address of multiple first nodes, and by the multiple first node conducts The first order node of the topological structure;
When it is the purpose IP address of the network flow to determine the next-hop ip address of the first order node, then by the purpose IP address is determined as the next stage node of the first node.
2. the method as described in claim 1, which is characterized in that it is described that the set is deposited into network flow Hash table, have Body includes:
It is matched in the Hash table according to the hash index value of the set, when there are the Hash in the Hash table When index value, the set is added in network flow data corresponding with the hash index value;When in the Hash table There is no when the hash index value, increase the network fluxion corresponding with the hash index value in the Hash table According to for storing the set.
3. method as claimed in claim 2, which is characterized in that described to be added to the set and the hash index value phase After in corresponding network flow data, further include:
Update in the network data flow includes following information:Agent_ip, ttl value, the data packet number of acquisition, next_ip;
Ttl value is determined according to following formula:
Wherein, n represents the data packet number of acquisition.
4. the method as described in claim 1, which is characterized in that described when the next-hop ip address for determining the first order node For the network flow purpose IP address when after, further include:
When determining the whole nodes for not completing and including in the traversal network flow node, then the is obtained from the ttl value sequence One node, and judge whether first node is first order node.
5. a kind of device generating network topology based on sFlow, which is characterized in that including:
Storage unit, for the flow data with identical five-tuple to be determined as a set out of sFlow flow datas, and by institute Set is stated to be deposited into network flow Hash table;
The source IP address of the network flow is determined as opening up by the first determination unit, the network node data for obtaining network flow Flutter the starting point of structure;
Second determination unit is used for when first node in the ttl value sequence is first order node, by described first Node is determined as the first order node of the topological structure;Or when the first node is not first order node and includes multiple When, then the next-hop ip address of the source IP address is matched with the IP address of multiple first nodes, and will be multiple The first node is determined as the first order node of the topological structure;
Third determination unit, for when the destination IP that the next-hop ip address of the determining first order node is the network flow When location, then the destination IP address is determined as to the next stage node of the first node.
6. device as claimed in claim 5, which is characterized in that the storage unit is specifically used for:
It is matched in the Hash table according to the hash index value of the set, when there are the Hash in the Hash table When index value, the set is added in network flow data corresponding with the hash index value;When in the Hash table There is no when the hash index value, increase the network fluxion corresponding with the hash index value in the Hash table According to for storing the set.
7. device as claimed in claim 6, which is characterized in that the storage unit is additionally operable to:
Update in the network data flow includes following information:Agent_ip, ttl value, the data packet number of acquisition, next_ip;
Ttl value is determined according to following formula:
Wherein, n represents the data packet number of acquisition.
8. device as claimed in claim 5, which is characterized in that the third determination unit is additionally operable to:
When determining the whole nodes for not completing and including in the traversal network flow node, then the is obtained from the ttl value sequence One node, and judge whether first node is first order node.
CN201810158539.8A 2018-02-24 2018-02-24 A kind of method and device generating network topology based on sFlow Pending CN108494583A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810158539.8A CN108494583A (en) 2018-02-24 2018-02-24 A kind of method and device generating network topology based on sFlow

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810158539.8A CN108494583A (en) 2018-02-24 2018-02-24 A kind of method and device generating network topology based on sFlow

Publications (1)

Publication Number Publication Date
CN108494583A true CN108494583A (en) 2018-09-04

Family

ID=63340684

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810158539.8A Pending CN108494583A (en) 2018-02-24 2018-02-24 A kind of method and device generating network topology based on sFlow

Country Status (1)

Country Link
CN (1) CN108494583A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672662A (en) * 2018-10-11 2019-04-23 中山大学 Dependence construction method is serviced in a kind of micro services environment
CN111885110A (en) * 2020-06-23 2020-11-03 合肥富煌君达高科信息技术有限公司 Automatic acquisition method for topological structure of signal synchronization system
CN113098704A (en) * 2019-12-23 2021-07-09 中国移动通信集团湖南有限公司 Network topology structure determination method and device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090303882A1 (en) * 2004-02-18 2009-12-10 Woven Systems, Inc. Mechanism for implementing load balancing in a network
US7664873B1 (en) * 2001-06-20 2010-02-16 Juniper Networks, Inc Generating path-centric traffic information for analysis using an association of packet-centric information to path-centric information
CN101917732A (en) * 2010-07-16 2010-12-15 中国科学院计算技术研究所 Wireless flow judging method
CN102215136A (en) * 2010-04-01 2011-10-12 中国科学院计算技术研究所 Flow topology generation method and device
CN104468273A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Method and system for recognizing application type of flow data
CN107733721A (en) * 2017-11-13 2018-02-23 杭州迪普科技股份有限公司 A kind of network anomaly detection method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7664873B1 (en) * 2001-06-20 2010-02-16 Juniper Networks, Inc Generating path-centric traffic information for analysis using an association of packet-centric information to path-centric information
US20090303882A1 (en) * 2004-02-18 2009-12-10 Woven Systems, Inc. Mechanism for implementing load balancing in a network
CN102215136A (en) * 2010-04-01 2011-10-12 中国科学院计算技术研究所 Flow topology generation method and device
CN101917732A (en) * 2010-07-16 2010-12-15 中国科学院计算技术研究所 Wireless flow judging method
CN104468273A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Method and system for recognizing application type of flow data
CN107733721A (en) * 2017-11-13 2018-02-23 杭州迪普科技股份有限公司 A kind of network anomaly detection method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672662A (en) * 2018-10-11 2019-04-23 中山大学 Dependence construction method is serviced in a kind of micro services environment
CN109672662B (en) * 2018-10-11 2021-03-26 中山大学 Method for constructing service dependency relationship in micro-service environment
CN113098704A (en) * 2019-12-23 2021-07-09 中国移动通信集团湖南有限公司 Network topology structure determination method and device and electronic equipment
CN111885110A (en) * 2020-06-23 2020-11-03 合肥富煌君达高科信息技术有限公司 Automatic acquisition method for topological structure of signal synchronization system
CN111885110B (en) * 2020-06-23 2022-07-19 合肥富煌君达高科信息技术有限公司 Automatic acquisition method for topological structure of signal synchronization system

Similar Documents

Publication Publication Date Title
US8751642B2 (en) Method and system for management of sampled traffic data
US7027448B2 (en) System and method for deriving traffic demands for a packet-switched network
US8310942B2 (en) Flow statistics aggregation
CN104579810B (en) Software defined network traffic sampling method and system
CN101488925B (en) Method for collecting and designing VPN flow by using Netflow
CN107566279B (en) Router alias analysis method based on routing information and Traceroute information
CN108494583A (en) A kind of method and device generating network topology based on sFlow
CN105847069A (en) Physical path determination for virtual network packet flows
CN101867503B (en) Cross-domain BGP routing policy deployment method
CN101068214B (en) Route convergent method and equipment
CN103746914B (en) Set up method, the apparatus and system of private network tags and original VRF corresponding relations
CN111327525B (en) Network routing method and device based on segmented routing
CN103326900A (en) Traffic playback method and system for virtual network
CN108011865A (en) SDN flow paths method for tracing, apparatus and system based on flowing water print and stochastical sampling
Vazquez et al. Internet topology at the router and autonomous system level
CN105099721B (en) Safeguard the method and apparatus of multicast member
CN105075197B (en) Communication system, control device, communication means and program
CN108075928B (en) General simulation model and method for network flow
CN106982164A (en) A kind of method for discovering network topology and equipment
Teixeira et al. BGP routing changes: Merging views from two ISPs
US20230344755A1 (en) Determining flow paths of packets through nodes of a network
Cohen et al. Algorithms and estimators for accurate summarization of internet traffic
CN113746654A (en) IPv6 address management and flow analysis method and device
CN108566335B (en) Network topology generation method based on NetFlow
CN106888105A (en) A kind of three layers of discovery method and device of virtual link end to end

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180904