CN110650037B - Heterogeneous network device configuration method and device - Google Patents
Heterogeneous network device configuration method and device Download PDFInfo
- Publication number
- CN110650037B CN110650037B CN201910842074.2A CN201910842074A CN110650037B CN 110650037 B CN110650037 B CN 110650037B CN 201910842074 A CN201910842074 A CN 201910842074A CN 110650037 B CN110650037 B CN 110650037B
- Authority
- CN
- China
- Prior art keywords
- command line
- strategy
- policy
- template
- heterogeneous network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
Abstract
The invention provides a heterogeneous network equipment configuration method and a heterogeneous network equipment configuration device, wherein the method comprises the following steps: determining the version number of the heterogeneous network equipment to be configured, and determining the policy type according to the policy information, wherein the version corresponding to the version number corresponds to the policy type; decomposing the command line into different attributes according to the command line characteristics corresponding to the strategy type, and assembling the different attributes into a strategy template, wherein the information of the strategy template comprises a version number, a function name and attributes; generating a corresponding command line template according to the information of the strategy template and the characteristics of the command line; receiving input parameters required by a policy function; generating a device configuration command line according to a corresponding command line template based on the input parameters required by the strategy function; and configuring the heterogeneous network equipment to be configured according to the equipment configuration command line. The scheme solves the technical problems that the workload of code development is large, the period is long and errors are easy to occur when the management system configures the newly added equipment.
Description
Technical Field
The present invention relates to the field of device management technologies, and in particular, to a method and an apparatus for configuring a heterogeneous network device.
Background
At present, a plurality of network equipment manufacturers exist in the market, and the configuration command lines of equipment such as firewalls, routers and switches with different types and software versions are different greatly, but the functions are similar. The management system is used for managing equipment of different manufacturers, and the configuration of the equipment is executed by the management system to the equipment. Different equipment and different versions of each manufacturer are configured differently, when the equipment version is newly added or upgraded, the management system needs to adapt to the new equipment version, code development needs to be performed on all strategies of the newly added equipment version, the workload is large, the period is long, and configuration errors easily occur when new network equipment is manually configured.
Disclosure of Invention
The embodiment of the invention provides a method and a device for configuring heterogeneous network equipment, which solve the technical problems that in the prior art, when the equipment version is newly added, a management system carries out code development on all strategies of the newly added equipment version, the workload is large, the period is long, and configuration errors are easy to occur when new network equipment is manually configured.
The heterogeneous network equipment configuration method provided by the embodiment of the invention comprises the following steps:
determining the version number of heterogeneous network equipment to be configured, and determining a strategy type according to strategy information of the heterogeneous network equipment to be configured, wherein the version corresponding to the version number corresponds to the strategy type;
decomposing the command line into different attributes according to the command line characteristics corresponding to the strategy type, and assembling the different attributes into a strategy template, wherein the information of the strategy template comprises a version number, a function name and attributes;
generating a corresponding command line template according to the information of the strategy template and the command line characteristics;
receiving input parameters required by a strategy function;
generating a device configuration command line according to a corresponding command line template based on the input parameters required by the strategy function;
and configuring the heterogeneous network equipment to be configured according to the equipment configuration command line.
The heterogeneous network equipment configuration device provided by the embodiment of the invention comprises:
the version number and policy type determining module is used for determining the version number of the heterogeneous network equipment to be configured and determining the policy type according to the policy information of the heterogeneous network equipment to be configured, wherein the version corresponding to the version number corresponds to the policy type;
the strategy template assembly module is used for decomposing the command line into different attributes according to the command line characteristics corresponding to the strategy type and assembling the different attributes into the strategy template, wherein the information of the strategy template comprises a version number, a function name and attributes;
the command line template generating module is used for generating a corresponding command line template according to the information and the command line characteristics of the strategy template;
the parameter receiving module is used for receiving input parameters required by the strategy function;
the equipment configuration command line generation module is used for generating an equipment configuration command line according to a corresponding command line template based on the input parameters required by the strategy function;
and the configuration module is used for configuring the heterogeneous network equipment to be configured according to the equipment configuration command line.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the method when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program for executing the method is stored in the computer-readable storage medium.
In the embodiment of the invention, the command line is decomposed into different attributes according to the version number of the heterogeneous network equipment to be configured, the strategy type corresponding to the version number and the command line characteristics, the different attributes are assembled into the strategy template, when the equipment version is newly added, the configuration command line corresponding to the equipment version can be generated according to the strategy template and the input parameters required by the strategy function, and then configuration is carried out, so that a management system is not required to carry out code development on all strategies, the workload is reduced, the period is shortened, and compared with manual configuration, errors are not easy to occur.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for configuring a heterogeneous network device according to an embodiment of the present invention;
fig. 2 is a block diagram of a configuration apparatus for a heterogeneous network device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
In an embodiment of the present invention, a method for configuring a heterogeneous network device is provided, and as shown in fig. 1, the method includes:
step 101: determining the version number of heterogeneous network equipment to be configured, and determining a strategy type according to strategy information of the heterogeneous network equipment to be configured, wherein the version corresponding to the version number corresponds to the strategy type;
step 102: decomposing the command line into different attributes according to the command line characteristics corresponding to the strategy type, and assembling the different attributes into a strategy template, wherein the information of the strategy template comprises a version number, a function name and attributes;
step 103: generating a corresponding command line template according to the information of the strategy template and the command line characteristics;
step 104: receiving input parameters required by a policy function;
step 105: generating a device configuration command line according to a corresponding command line template based on the input parameters required by the strategy function;
step 106: and configuring the heterogeneous network equipment to be configured according to the equipment configuration command line.
In step 101, in the embodiment of the present invention, a version number is determined according to a manufacturer, a model, and a software version of a heterogeneous network device to be configured, and the version number has uniqueness and is used for distinguishing different manufacturers, device models, and software versions. And then determining the policy type according to the policy information to be configured, wherein the version corresponding to the version number is in a corresponding relation with the policy type.
The policy information to be configured shall refer to the function to be implemented by the heterogeneous network device to be configured, that is, the policy of the network device, including but not limited to the security policy, the SNAT policy, the DNAT policy, the static routing, and the ACL policy. The determined policy type may include one or more of a security policy, a SNAT policy, a DNAT policy, a static route, and an ACL policy.
For example, the security policy: also referred to as inter-domain policy, refers to access rules between secure domains (a secure domain: a logical entity, one or more interfaces may be bound to a secure domain, and the secure domains are isolated from each other).
In the embodiment of the present invention, in step 102, the "command line characteristics" refer to the configuration command characteristics of the policy under such version. The command line is composed of different attributes, each including an attribute name, an attribute key, and an attribute content. According to different policy characteristics, a policy can be decomposed into one or more attributes, for example, a security policy can be decomposed into attributes such as a source security domain, a destination security domain, a service, a source address, a destination address, a description, an action, a policy identifier and the like, the content of each attribute can have one or more, and the content of the attribute is processed in a circulating manner. As in the above example, the security policy has a source address attribute, and the source address may have one or more entries. The management system will process the content one by one in order according to the command line template to generate a plurality of commands.
The attribute content may define a variety of formats; for example, the static route may be divided into three attributes, namely, a destination address, an egress interface, and a next hop, and taking a destination address as an attribute as an example, a keyword of the attribute may be destination, and the content is a specific IP address and mask information, where the IP address may select multiple formats: 10.10.10.0/24, 10.10.10.0255.255.255.0, and the user can also customize the format.
Therefore, in step 102, decomposing the command line into different attributes according to the command line characteristics of the version corresponding to the policy type may include:
and dividing the command line corresponding to the strategy type in the command line into a plurality of attributes according to the characteristics of the command line of the version corresponding to the strategy type, wherein the attribute content of each attribute comprises one or more attributes.
In the embodiment of the present invention, in step 103, different command line templates may be generated by a template engine, i.e., a template generation module.
Taking ACL policy as an example, the attributes include ACL number, ACL entry identifier, action, source address, destination address, protocol and port, where the attributes such as source address, destination address and protocol port are all optional.
acl number${ACL_NUM}
rule{RULE_IDENTIFY}${ACTION}ip${SOURCE_IP}${DESTINATION_IP
If the source address is a mandatory attribute, the template is defined as:
acl number${ACL_NUM}
rule{RULE_IDENTIFY}${ACTION}ip source${SOURCE_IP}。
the format of each attribute can be flexibly organized according to actual requirements.
In the embodiment of the present invention, in step 104, the input parameters required by the policy function may be a destination address, an outgoing interface, and the like, and then step 105 automatically generates a device configuration command line (a command that can be identified); for example, the policy of the security policy identifies the attribute, and the attribute key is: the rule name, the attribute parameter is policyKey, and the attribute content is: testKey, command line template is: rule name $ { policyKey }, when the attribute content is entered, then the final command line is: and a rule name testKey, so that the equipment diversity can be shielded. And finally, step 106 is to configure the heterogeneous network devices to be configured based on the command lines, so that an administrator can configure the network devices without being familiar with configuration information of each manufacturer, and the method is simple to operate and convenient to configure.
Based on the same inventive concept, an embodiment of the present invention further provides a heterogeneous network device configuration apparatus, as described in the following embodiments. As the principle of solving the problem of the heterogeneous network device configuration apparatus is similar to that of the heterogeneous network device configuration method, the implementation of the heterogeneous network device configuration apparatus may refer to the implementation of the heterogeneous network device configuration method, and repeated details are not described herein. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 2 is a block diagram of a configuration apparatus for a heterogeneous network device according to an embodiment of the present invention, as shown in fig. 2, including:
a version number and policy type determining module 201, configured to determine a version number of the heterogeneous network device to be configured, and determine a policy type according to policy information of the heterogeneous network device to be configured, where a version corresponding to the version number corresponds to the policy type;
a policy template assembly module 202, configured to decompose the command line into different attributes according to the command line characteristics corresponding to the policy type, and assemble the different attributes into a policy template, where information of the policy template includes a version number, a function name, and an attribute;
the command line template generating module 203 is used for generating a corresponding command line template according to the information of the strategy template and the characteristics of the command line;
a parameter receiving module 204, configured to receive an input parameter required by the policy function;
a device configuration command line generation module 205, configured to generate a device configuration command line according to a corresponding command line template based on the input parameters required by the policy function;
the configuration module 206 is configured to configure the heterogeneous network device to be configured according to the device configuration command line.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores a computer program for executing the method.
In summary, the method and apparatus for configuring heterogeneous network devices provided by the present invention determine a version number and a policy type corresponding to the version number according to the heterogeneous network devices to be configured and policy information, decompose a command line into different attributes according to the command line characteristics of the version associated with the policy, assemble the different attributes into a policy template, generate different command line templates according to the information and the command line characteristics of the policy template, generate a device configuration command line based on the input parameters required by the policy function, and configure the heterogeneous network devices to be configured according to the device configuration command line, so that differences of different device versions can be shielded, and the problem of easy errors in manual configuration is solved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A heterogeneous network device configuration method is characterized by comprising the following steps:
determining the version number of heterogeneous network equipment to be configured, and determining a strategy type according to strategy information of the heterogeneous network equipment to be configured, wherein the version corresponding to the version number corresponds to the strategy type; the policy type includes one or more of a security policy, a SNAT policy, a DNAT policy, a static route, and an ACL policy;
decomposing the command line into different attributes according to the command line characteristics of the version corresponding to the strategy type, and assembling the different attributes into a strategy template, wherein the command line characteristics refer to the configuration command characteristics of the strategy in one version; the command line consists of different attributes, wherein each attribute comprises an attribute name, an attribute keyword and attribute content; the information of the strategy template comprises a version number, a function name and an attribute;
generating a corresponding command line template according to the information of the strategy template and the command line characteristics;
receiving input parameters required by a strategy function;
generating a device configuration command line according to a corresponding command line template based on the input parameters required by the strategy function;
and configuring the heterogeneous network equipment to be configured according to the equipment configuration command line.
2. The method for configuring heterogeneous network devices according to claim 1, wherein decomposing a command line into different attributes according to the command line characteristics of the version corresponding to the policy type includes:
and dividing the command line corresponding to the strategy type in the command line into a plurality of attributes according to the characteristics of the command line of the version corresponding to the strategy type, wherein the attribute content of each attribute comprises one or more attributes.
3. An apparatus for configuring a heterogeneous network device, comprising:
the version number and policy type determining module is used for determining the version number of the heterogeneous network equipment to be configured and determining the policy type according to the policy information of the heterogeneous network equipment to be configured, wherein the version corresponding to the version number corresponds to the policy type; the policy type comprises one or more of a security policy, a SNAT policy, a DNAT policy, static routing, and an ACL policy;
the strategy template assembly module is used for decomposing the command line into different attributes according to the command line characteristic corresponding to the strategy type and assembling the different attributes into the strategy template, wherein the command line characteristic refers to the configuration command characteristic of the strategy under one version; the command line consists of different attributes, wherein each attribute comprises an attribute name, an attribute keyword and attribute content; the information of the strategy template comprises a version number, a function name and an attribute;
the command line template generating module is used for generating a corresponding command line template according to the information and the command line characteristics of the strategy template;
the parameter receiving module is used for receiving input parameters required by the strategy function;
the equipment configuration command line generation module is used for generating an equipment configuration command line according to a corresponding command line template based on the input parameters required by the strategy function;
and the configuration module is used for configuring the heterogeneous network equipment to be configured according to the equipment configuration command line.
4. The heterogeneous network device configuration apparatus of claim 3, wherein the policy template assembly module is specifically configured to:
and dividing the command line corresponding to the strategy type in the command line into a plurality of attributes according to the command line characteristics of the version corresponding to the strategy type, wherein the attribute content of each attribute comprises one or more attributes.
5. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 2 when executing the computer program.
6. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910842074.2A CN110650037B (en) | 2019-09-06 | 2019-09-06 | Heterogeneous network device configuration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910842074.2A CN110650037B (en) | 2019-09-06 | 2019-09-06 | Heterogeneous network device configuration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110650037A CN110650037A (en) | 2020-01-03 |
| CN110650037B true CN110650037B (en) | 2023-03-14 |
Family
ID=68991656
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910842074.2A Active CN110650037B (en) | 2019-09-06 | 2019-09-06 | Heterogeneous network device configuration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110650037B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917592A (en) * | 2020-08-12 | 2020-11-10 | 中国工商银行股份有限公司 | Centralized operation method and device for heterogeneous brand network equipment |
| CN112636953A (en) * | 2020-12-07 | 2021-04-09 | 杭州迪普科技股份有限公司 | Policy command issuing method and device and electronic equipment |
| CN112367211B (en) * | 2021-01-13 | 2021-04-13 | 武汉思普崚技术有限公司 | Method, device and storage medium for generating configuration template by device command line |
| CN113422778B (en) * | 2021-07-01 | 2022-11-11 | 中国工商银行股份有限公司 | Firewall policy configuration method and device and electronic equipment |
| CN113922979B (en) * | 2021-08-23 | 2023-07-04 | 北京天融信网络安全技术有限公司 | Network security equipment configuration system, configuration method and computer equipment |
| CN113791826A (en) * | 2021-09-18 | 2021-12-14 | 上海中通吉网络技术有限公司 | Method and device for generating initialization configuration of network equipment in batch |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN107911249A (en) * | 2017-11-28 | 2018-04-13 | 新华三技术有限公司 | Order line sending method, device and the equipment of a kind of network equipment |
| CN110187986A (en) * | 2019-05-31 | 2019-08-30 | 深信服科技股份有限公司 | A kind of command management method, system, device and computer readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003173301A (en) * | 2001-12-07 | 2003-06-20 | Hitachi Ltd | Network, server and policy server of storage |
-
2019
- 2019-09-06 CN CN201910842074.2A patent/CN110650037B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN107911249A (en) * | 2017-11-28 | 2018-04-13 | 新华三技术有限公司 | Order line sending method, device and the equipment of a kind of network equipment |
| CN110187986A (en) * | 2019-05-31 | 2019-08-30 | 深信服科技股份有限公司 | A kind of command management method, system, device and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于正则表达式匹配的网络设备自动管理系统;李林广等;《微计算机信息》;20121015(第10期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110650037A (en) | 2020-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110650037B (en) | Heterogeneous network device configuration method and device | |
| US10951477B2 (en) | Identification of conflict rules in a network intent formal equivalence failure | |
| US10873505B2 (en) | Validation of layer 2 interface and VLAN in a networked environment | |
| CN110785965B (en) | System and method for performing network assurance checks on correct deployment of configurations in a fabric | |
| US11303531B2 (en) | Generation of counter examples for network intent formal equivalence failures | |
| US10972352B2 (en) | Validation of routing information base-forwarding information base equivalence in a network | |
| US11063827B2 (en) | Validation of layer 3 bridge domain subnets in a network | |
| EP3643011B1 (en) | Network validation between the logical level and the hardware level of a network | |
| US10812336B2 (en) | Validation of bridge domain-L3out association for communication outside a network | |
| CN110785963A (en) | Collecting network model and node information from a network | |
| US10528444B2 (en) | Event generation in response to validation between logical level and hardware level | |
| CN112367211B (en) | Method, device and storage medium for generating configuration template by device command line | |
| US20180367394A1 (en) | Validation of cross logical groups in a network | |
| US11570055B2 (en) | Connectivity templates | |
| US20230336421A1 (en) | Virtualized Network Functions | |
| US20230208765A1 (en) | Enhanced management of communication rules over multiple computing networks | |
| CN110800259B (en) | Distributed fault code aggregation across application-centric dimensions | |
| CN110798341B (en) | Service opening method, device and system | |
| US20200057677A1 (en) | Security-aware partitioning of processes | |
| CN112653564A (en) | Equipment opening configuration method and device | |
| US11516088B1 (en) | Network configuration verification in computing systems | |
| Basile et al. | A model of capabilities of Network Security Functions | |
| Brenner et al. | Designing CMDB data models with good utility and limited complexity | |
| US20230214506A1 (en) | Auto generating build time policies from run time policies for shift left security | |
| US11818015B2 (en) | Device management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |