CN113746654B - IPv6 address management and flow analysis method and device - Google Patents
IPv6 address management and flow analysis method and device Download PDFInfo
- Publication number
- CN113746654B CN113746654B CN202010479321.XA CN202010479321A CN113746654B CN 113746654 B CN113746654 B CN 113746654B CN 202010479321 A CN202010479321 A CN 202010479321A CN 113746654 B CN113746654 B CN 113746654B
- Authority
- CN
- China
- Prior art keywords
- information
- ipv6
- ipv6 address
- address
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005206 flow analysis Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004458 analytical method Methods 0.000 claims abstract description 31
- 238000007405 data analysis Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 25
- 238000010276 construction Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract description 6
- 238000012423 maintenance Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 71
- 238000010586 diagram Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000013439 planning Methods 0.000 description 2
- 238000009411 base construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
- H04L41/0853—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
Abstract
The invention discloses a method and a device for IPv6 address management and flow analysis, wherein the method comprises the following steps: acquiring IPv6 address registration information, collected IPv6 routing information and flow stream data carrying an IPv6 address; analyzing the IPv6 routing information to obtain IPv6 address attribution information; determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library; and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result. The invention realizes automatic establishment and updating of the address management library, and avoids the defects of inaccurate and untimely updating of the manual maintenance address library; and combining the IPv6 address management library with the flow direction data, and carrying out flow analysis on the flow direction data, so that the data analysis dimension is increased, and the quality of an analysis result is improved.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for IPv6 address management and flow analysis.
Background
The internet protocol version 6 (Internet Protocol Version, IPv 6) is a next generation IP protocol for replacing IPv4, and the use of IPv6 can not only solve the problem of the number of network address resources, but also solve the obstacle of various access devices connecting to the internet.
The IPv6 service is being deployed in an accelerated scale, and the service flow is rapidly increased, however, the schemes for IPv6 service address management and flow analysis in the prior art still have many shortcomings, firstly, the current management on the IPv6 user address is mainly performed by using manual management of a static address table, and the management efficiency and the data accuracy are poor; secondly, in the prior art, the IPv6 traffic is generally collected in a Simple Network Management Protocol (SNMP) mode, the IPv6 user traffic cannot be identified, the development condition of the IPv6 user cannot be tracked and accurately mastered in time, and the development evaluation and network planning of the IPV6 service are affected; finally, in the prior art, the IPv6 flow is analyzed in a DPI mode, so that analysis of user-oriented flow can be realized, but acquisition probes are required to be deployed at all outlets, and along with the increase of the network scale, the investment is linearly increased, and the investment is huge.
Disclosure of Invention
The present invention has been made in view of the above problems, and it is an object of the present invention to provide a method and apparatus for IPv6 address management and traffic analysis that overcomes or at least partially solves the above problems.
According to one aspect of the present invention, there is provided a method of IPv6 address management and traffic analysis, comprising the steps of:
acquiring IPv6 address registration information, collected IPv6 routing information and flow stream data carrying an IPv6 address;
analyzing the IPv6 routing information to obtain IPv6 address attribution information;
determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library;
and carrying out flow analysis on the flow direction data of the flow from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result.
According to another aspect of the present invention, there is provided an apparatus for IPv6 address management and traffic analysis, comprising:
the data acquisition module is used for acquiring IPv6 address registration information, collected IPv6 routing information and flow stream data carrying an IPv6 address;
the data analysis module is used for analyzing the IPv6 routing information to obtain IPv6 address attribution information;
the address management library construction module is used for determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library;
and the flow analysis module is used for carrying out flow analysis on the flow direction data of the flow from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result.
According to yet another aspect of the present invention, there is provided a computing device comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the above-described method for IPv6 address management and traffic analysis.
According to still another aspect of the present invention, there is provided a computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to a method of IPv6 address management and traffic analysis as described above.
According to the method and the device for IPv6 address management and flow analysis, the IPv6 address registration information, the collected IPv6 routing information and the flow direction data carrying the IPv6 address are acquired; analyzing the IPv6 routing information to obtain IPv6 address attribution information; determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library; and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result. The invention collects flow direction data based on a route monitoring mode, and combines IPv6 address attribution information and IPv6 address registration information to construct an IPv6 address management library, thereby realizing automatic establishment and updating of the address management library and avoiding the defects of inaccurate and untimely updating of a manual maintenance address library; and combining the IPv6 address management library with the flow direction data, and carrying out flow analysis on the flow direction data, so that the data analysis dimension is increased, and the quality of an analysis result is improved.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a flow chart of a method for IPv6 address management and traffic analysis according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an IPv6 address management user configuration page provided by an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for IPv6 address management and traffic analysis according to an embodiment of the present invention;
FIG. 4 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flow chart of an embodiment of a method of IPv6 address management and traffic analysis of the present invention, as shown in fig. 1, the method comprising the steps of:
s101: and acquiring IPv6 address registration information, collected IPv6 routing information and traffic flow direction data carrying the IPv6 address.
Specifically, the IP address is used to identify the location of the terminal in the IP network, and belongs to the network-oriented address type as the most important code number resource of the internet network layer. In this step, the IP packet is acquired at the network layer, and the destination IP address is further acquired according to the IP packet, so that the path searching and the forwarding of the IP packet are performed.
In an alternative manner, step S101 further includes steps 1-3:
step 1: and acquiring IPv6 address registration information by synchronizing with a network interface controller of the global area.
Specifically, IPv6 address registration country information can be acquired by synchronizing with a Network Interface Controller (NIC) of a global area. For domestic addresses, the province information, the type information and the county information of the addresses can be further analyzed and acquired based on the standard of the Ministry of industry and communication IPv6 access address addressing coding technical requirements.
Step 2: IPv6 routing information is collected by border gateway protocol (Border Gateway Protocol, BGP) routing processes.
Step 2 further comprises: running a BGP routing process, simulating router behaviors, establishing BGP protocol connection with a routing reflector, and obtaining address release information and address withdrawal information of an IPv6 address by utilizing BGP path attribute information; and collecting IPv6 routing information according to the address release information and the address withdrawal information of the IPv6 address.
It should be noted that, the system server route collection program needs to additionally support the BGP route protocol BGP-MP (i.e., backward compatibility) for establishing BGP protocol connection with the route reflector, so as to collect IPv6 route information, and the route collection program and the route reflector need to follow the BGP protocol establishment process during the establishment process. The specific process is as follows: first, establishing a TCP session through a transmission control protocol (TCP, transmission Control Protocol) connection, and then sending an open message; after receiving the open message, transmitting negotiation parameters according to the actual supporting condition; and then the creation of the bgp neighbor is achieved by sending keepalive. The interactive process of the route collection program and the route reflector is real-time, the IPv6 route information is generated into a current IPv6 route data table according to the collected IPv6 route information and is stored in a database in real time, the route data consistent with the current network is ensured, and the route change information is stored in a route change table for use in the troubleshooting of the route fault.
Furthermore, two path attribute information of Multiprotocol ReachableNLRI (mp_reach_nlri) and Multiprotocol Unreachable NLRI (mp_unreach_nlri) of BGP-MP are needed to be used for acquiring IPv6 information, wherein MP-REACH-NLRI is a multi-protocol reachable NLRI used for issuing reachable routes and next hop information, and MP-UNREACH-NLRI is a multi-protocol unreachable NLRI used for tearing down unreachable routes; specifically, the mp_reach_nlri message may obtain address release information of IPv6, and in combination with BGP Communities Attribute and PathAttributes, may collect IPv6 routing attributes, and through the mp_unreach_nlri message, may obtain address withdrawal information of IPv 6.
Step 3: and collecting flow direction data carrying the IPv6 address through a Netflow collector.
Specifically, in this embodiment, flow data with IPv6 addresses is collected based on a Netflow data flow analysis technology, where Netflow is a network packet switching technology, and Netflow is used to accurately analyze and meter flow directions of different types of traffic flows in a network, and needs to distinguish various types of data packets transmitted in the network. Because of the non-connection-oriented nature of the IP network, communications of different types of services in the network may be a set of IP packets sent by any one terminal device to another terminal device, where the set of packets actually forms a Flow of a certain service in the network, so by differentiating all flows transmitted in the whole network, and accurately recording the transmission time, the transmission direction, and the size of the flows, the Flow and the Flow direction of all services in the whole network can be analyzed and counted.
The NetFlow technique can be based on 7 attributes of IP packets: the source IP address, destination IP address, source communication port number, destination communication port number, third layer protocol type, type of service (TOS) byte, and logical network port (iflndex) input or output by the network device to distinguish flows of various different types of traffic transmitted in the network. The NetFlow technology can track and measure each Flow separately, record the Flow characteristics of the transmission direction, the destination and the like, and count the Flow information of the start and end time, the service type, the number of contained data packets, the number of bytes and the like.
The method comprises the steps that a Netflow v9 data packet is needed for collecting flow direction data carrying an IPv6 address, the Netflow v9 data packet consists of a template and data, the template part for analyzing the data is firstly identified according to the Netflow v9 data packet, then the actually packaged data is obtained according to the referenced template, and the flow direction data carrying the IPv6 address is extracted according to the actually packaged data.
S102: and analyzing the IPv6 routing information to obtain IPv6 address attribution information.
In an alternative manner, step S102 further includes: and analyzing the autonomous system attribute information and the group attribute information in the IPv6 routing information to obtain address attribution operator information, attribution area information, service type information and/or address attribution content source information of the IPv6 address.
Specifically, the autonomous system (autonomous system, AS) attribute information and community (community) attribute information in the collected IPv6 routing information are analyzed to obtain address home operator information, home area information (such AS information of province, local city, district, etc.), service type information (such AS family, collector, IDC, etc.), and/or address home content source (Internet Content Provider, ICP) information of the IPv6 address.
Further, for the IPv6 address in the network of the same communication company, acquiring the province of the IPv6 address according to an AS area planning distribution list and autonomous system PATH (AS PATH) attribute information based on the IPv6 routing information; and acquiring the service type of the address according to the communication attribute information of the IPv6 routing information. For IPv6 addresses of other operators, acquiring the information of the operators to which the addresses belong according to ASPATH attributes of IPv6 routing information; for the ICP clients (such AS Ali, tech, hundred degrees, etc.) with AS, the ICP client information of the address is obtained according to the ASPATH attribute information of the IPv6 routing information.
S103: and determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library.
The address management information corresponding to each IPv6 address is further determined through the IPv6 address attribution information acquired in step S102 and the IPv6 address registration information acquired in step S101. Wherein, table 1 is an address format of an IPv6 address, and as shown in table 1, the IPv6 address includes the following fields:
table 1 address format of IPv6 addresses
Wherein, the IPv6 access address block Prefix (Prefix of IPv6 Access Address Block, PB) is a bit string with length of n; the addressing identifier (Addressing Identifier, AI) is a bit string with the length of s+t, and comprises an IPv6 access address province identifier PI with the length of sbit (s > 0) and an IPv6 access address access type identifier AT with the length of tbit (t > 0); IPv6 access address County Code (CC) is a bit string with length of 8; the subnet space identifier (Subnet Space Identifier, SSI) is a bit string of length 56- (n+s+t); the Interface Identifier (IID) is a bit string of length 64.
Based on the address management information corresponding to each IPv6 address, an IPv6 address management library is constructed, the IPv6 address management library can provide basis for identifying and analyzing IPv6 service flow, and address management library information can be dynamically and automatically updated. And dynamically acquiring corresponding routing information from a routing data table according to attribute information such as ASPATH, community, next hop (next hop address) and the like of the configured IPv6 routing information, thereby realizing IPv6 address management. Fig. 2 is a schematic diagram of an IPv6 address management user configuration page, as shown in fig. 2, by using a network page, objects such as a network, a user, a service and the like can be configured, and different object types can be independently distinguished, so that the problem of inaccurate traffic identification caused by repeated reference of address segment information due to repetition of IPv6 routing attributes such as a network and a service and the like is avoided.
S104: and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result.
In an alternative manner, step S104 further includes:
matching an IPv6 address in the flow direction data with an IPv6 address in an IPv6 address management library aiming at each flow direction data to obtain address management information corresponding to the matched IPv6 address, and setting a plurality of dimension labels for the flow direction data according to the address management information corresponding to the matched IPv6 address; and matching the dimension labels in the flow direction data of each flow with dimension labels in a preset analysis strategy, and analyzing the matched flow direction data to obtain a flow analysis result.
Specifically, the flow direction data counted by the network device is received through the Netflow v9 protocol, and attribute information comprising the IP data packet is collected: a source IP address; a target IP address; a source communication port number; a target communication port number; a third layer protocol type; service type bytes and traffic flow data of logical network ports input or output by the network device.
The flow and flow message of each IPv6 route can obtain approximate scale conditions according to a basic calculation formula, wherein the calculation formula is as follows: (actual flow rate/sampling rate/8) 1000.1000.1000/. Times.1000/. Times. average number of packets per flow average packet size; the actual flow rate is the actual flow rate of each IPv6 route, the average packet number per flow is generally 2, the average packet size is generally about 820 bytes, and the average flow of the current network is about 60 w/s.
For example, in the flow stream of the current network flow of 60w/s, since the IPv6 address field has 128 bits, the simple addressing method cannot meet the identification performance under a large amount of flow stream data, the acquired important flow stream data information is saved through the acquisition program, a plurality of dimension labels such as a network, a user, a service type and the like are set for the flow stream data, the corresponding IPv6 address of each flow data is found in an IPv6 address management library by utilizing the longest matching principle of the address field, and the corresponding thin route is identified according to the network, the user and the service dimension label defined by the route, so that the IPv6 address can be efficiently searched, the identification capability of the service address is accelerated, and the flow identification performance is improved.
Further, for address attribution content sources such as key ICP (Ali, tech, hundred degrees, etc.), and dynamic IPV6 address identification of users such as attribution area information, service types, etc., the address attribution content sources, attribution area information, service types, etc. can be marked by carrying out multidimensional marking on the traffic flow data of the users.
Further, the defined various analysis schemes are issued to each flow acquisition machine according to the configuration of different filtering conditions and summarizing modes, each acquisition machine cleans data of different schemes according to the configuration, then flow direction data are converged according to converging conditions in the analysis schemes, and then the data are stored in a database, so that various analysis views can be generated according to the summarizing modes of different analysis schemes; and carrying out secondary filtering and summarization by utilizing the flow direction data stored in the database, and presenting a final result in a Web front end or report form mode to form flow direction data sizes comprising various content sources, flow matrixes from various content sources to different service types, flow matrixes from various content sources to various regional (attribution area) users and the like for analysis.
In an alternative manner, analyzing the matched flow direction data to obtain a flow analysis result further includes: and analyzing the flow information of the corresponding IPv6 user, the user type, the user active area, the user mobile phone type, the broadband type, the areas and/or the content sources to obtain a flow analysis result.
For example, the user type of the IPv6 user may be analyzed, distinguishing home zone (ground/city), service type (handset/broadband type), etc.; or, the flow direction condition of IPv6 of each province to the external network can be analyzed; alternatively, individual icp traffic flow conditions may be analyzed. Or, the number of active users under a certain IPv6 address can be counted according to different devices and different service types, the IPv6 traffic flow data can be counted, and the change track can be analyzed according to the graph, or the number of active users under a certain IPv6 address can be counted according to the granularity of devices, various places and various time periods and the like of different attribution areas, so that the active condition of the IPv6 address can be analyzed, thereby finding an IPv6 hot spot area, analyzing main ICP content and the like.
By adopting the method provided by the embodiment, the IPv6BGP route is monitored in real time, the IPv6 route information is collected to construct an IPv6 address management library, so that the dynamic management of the IPv6 address information is realized, the dynamic identification of the network to which the IPv6 address belongs and a user is realized based on the IPv6 route attribute information, and therefore, a user address dynamic management means is provided for the IPv6 route real-time monitoring, and the defects of inaccuracy and untimely updating of a manual maintenance address library are overcome; combining the IPv6 address management library with the flow direction data, and carrying out flow analysis on the flow direction data, so that the data analysis dimension is increased, and the quality of an analysis result is improved; meanwhile, the flow v9 protocol is utilized to collect and analyze flow direction data, so that the flow direction analysis of IPv6 business can be supported, and especially, after the dynamic address of IPv6 routing is identified, the flow direction analysis of IPv6 users can be carried out, and the real-time flow condition of the current network can be accurately mastered, thereby realizing the dynamic flow analysis method of the IPv6 users, overcoming the defect that the SNMP mode in the prior art cannot collect users and information, and solving the defect that the investment for collecting data by using the DPI mode is larger.
Example two
Fig. 3 is a schematic structural diagram of an embodiment of an apparatus for IPv6 address management and traffic analysis according to the present invention. As shown in fig. 3, the apparatus includes: a data acquisition module 301, a data analysis module 302, an address management library construction module 303 and a flow analysis module 304.
The data acquisition module 301 is configured to acquire IPv6 address registration information, collected IPv6 routing information, and traffic flow data carrying an IPv6 address.
In an alternative manner, the data acquisition module 301 further comprises: an address registration information acquisition sub-module 3011, a routing information collection sub-module 3012, and a traffic flow data collection sub-module 3013.
The address registration information obtaining submodule 3011 is configured to obtain IPv6 address registration information by synchronizing with a network interface controller in a global area.
The routing information collection submodule 3012 is configured to collect IPv6 routing information via BGP routing processes.
Specifically, the routing information collection submodule 3012 is further configured to: running a BGP routing process, simulating router behaviors, establishing BGP protocol connection with a routing reflector, and obtaining address release information and address withdrawal information of an IPv6 address by utilizing BGP path attribute information; and collecting IPv6 routing information according to the address release information and the address withdrawal information of the IPv6 address.
And the traffic flow direction data collection submodule 3013 is used for collecting traffic flow direction data carrying the IPv6 address through the Netflow collector.
The data analysis module 302 is configured to analyze the IPv6 routing information to obtain IPv6 address attribution information.
In an alternative approach, the data analysis module 302 is further configured to: and analyzing the autonomous system attribute information and the group attribute information in the IPv6 routing information to obtain address attribution operator information, attribution area information, service type information and/or address attribution content source information of the IPv6 address.
The address management base construction module 303 is configured to determine address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and construct an IPv6 address management base.
The flow analysis module 304 is configured to perform flow analysis on flow direction data from multiple dimensions according to the IPv6 address management library, so as to obtain a flow analysis result.
In an alternative approach, the flow analysis module 304 is further to: matching an IPv6 address in the flow direction data with an IPv6 address in an IPv6 address management library aiming at each flow direction data to obtain address management information corresponding to the matched IPv6 address, and setting a plurality of dimension labels for the flow direction data according to the address management information corresponding to the matched IPv6 address; and matching the dimension labels in the flow direction data of each flow with dimension labels in a preset analysis strategy, and analyzing the matched flow direction data to obtain a flow analysis result.
In an alternative manner, the flow analysis module 304 is further configured to: and analyzing the flow information of the corresponding IPv6 user, the user type, the user active area, the user mobile phone type, the broadband type, the areas and/or the content sources to obtain a flow analysis result.
By adopting the device provided by the embodiment, the IPv6 address registration information, the collected IPv6 routing information and the flow direction data carrying the IPv6 address are obtained; analyzing the IPv6 routing information to obtain IPv6 address attribution information; determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library; and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result. The embodiment collects flow direction data based on a route monitoring mode, and combines IPv6 address attribution information and IPv6 address registration information to construct an IPv6 address management library, so that the address management library is automatically built and updated, and the defects of inaccuracy and timeliness in updating the manual maintenance address library are overcome; and combining the IPv6 address management library with the flow direction data, and carrying out flow analysis on the flow direction data, so that the data analysis dimension is increased, and the quality of an analysis result is improved.
Example III
The embodiment of the invention provides a nonvolatile computer storage medium, which stores at least one executable instruction, and the computer executable instruction can execute the method for IPv6 address management and flow analysis in any of the method embodiments.
The executable instructions may be particularly useful for causing a processor to:
acquiring IPv6 address registration information, collected IPv6 routing information and flow stream data carrying an IPv6 address; analyzing the IPv6 routing information to obtain IPv6 address attribution information; determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library; and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result.
Example IV
FIG. 4 illustrates a schematic diagram of an embodiment of a computing device of the present invention, and the embodiments of the present invention are not limited to a particular implementation of the computing device.
As shown in fig. 4, the computing device may include:
a processor (processor), a communication interface (Communications Interface), a memory (memory), and a communication bus.
Wherein: the processor, communication interface, and memory communicate with each other via a communication bus. A communication interface for communicating with network elements of other devices, such as clients or other servers, etc. The processor is configured to execute a program, and may specifically perform relevant steps in the above-mentioned method embodiment of IPv6 address management and traffic analysis.
In particular, the program may include program code including computer-operating instructions.
The processor may be a central processing unit, CPU, or specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included by the server may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
And the memory is used for storing programs. The memory may comprise high-speed RAM memory or may further comprise non-volatile memory, such as at least one disk memory.
The program may be specifically operative to cause the processor to:
acquiring IPv6 address registration information, collected IPv6 routing information and flow stream data carrying an IPv6 address; analyzing the IPv6 routing information to obtain IPv6 address attribution information; determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library; and carrying out flow analysis on the flow direction data from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components according to embodiments of the present invention may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present invention can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present invention may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.
Claims (10)
1. A method for IPv6 address management and traffic analysis, comprising the steps of:
acquiring IPv6 address registration information, collecting IPv6 routing information and carrying flow stream data of an IPv6 address;
analyzing the IPv6 routing information to obtain IPv6 address attribution information;
determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library;
according to the IPv6 address management library, carrying out flow analysis on the flow direction data of the flow from multiple dimensions to obtain a flow analysis result;
the collecting IPv6 routing information further includes: collecting IPv6 route information through BGP route process; the system server route acquisition program supports a BGP backward compatible route protocol and is used for establishing BGP protocol connection with the route reflector so as to collect IPv6 route information; the multi-protocol reachable NLRI path attribute message of the BGP backward compatible routing protocol is used for acquiring the address release information of IPv 6; the multi-protocol unreachable NLRI path attribute information using BGP backward compatible routing protocol withdraws unreachable routes; and acquiring IPv6 routing Attributes by combining Communities Attribute of BGP and Path Attributes attribute information, and acquiring an address revocation message of IPv6 through an MP_UNREACH_NLRI message.
2. The method of claim 1, wherein obtaining IPv6 address registration information and traffic flow data carrying an IPv6 address further comprises:
the IPv6 address registration information is acquired by synchronizing with a network interface controller of a global area;
and collecting flow direction data carrying the IPv6 address through a Netflow collector.
3. The method of claim 1, wherein the collecting IPv6 routing information by the BGP routing process further comprises:
running a BGP routing process, simulating router behaviors, establishing BGP protocol connection with a routing reflector, and obtaining address release information and address withdrawal information of an IPv6 address by utilizing BGP path attribute information;
and collecting IPv6 routing information according to the address release information and the address withdrawal information of the IPv6 address.
4. The method of claim 1, wherein the analyzing the IPv6 routing information to obtain IPv6 address attribution information further comprises:
and analyzing the autonomous system attribute information and the group attribute information in the IPv6 routing information to obtain address attribution operator information, attribution area information, service type information and/or address attribution content source information of the IPv6 address.
5. The method according to any one of claims 1-4, wherein performing traffic analysis on the traffic flow data from multiple dimensions according to the IPv6 address management library to obtain a traffic analysis result further comprises:
matching an IPv6 address in the flow direction data with an IPv6 address in the IPv6 address management library for each flow direction data to obtain address management information corresponding to the matched IPv6 address, and setting a plurality of dimension labels for the flow direction data according to the address management information corresponding to the matched IPv6 address;
and matching the dimension labels in the flow direction data of each flow with dimension labels in a preset analysis strategy, and analyzing the matched flow direction data to obtain a flow analysis result.
6. The method of claim 5, wherein analyzing the matched flow direction data to obtain a flow analysis result further comprises:
and analyzing the flow information of the corresponding IPv6 user, the user type, the user active area, the user mobile phone type, the broadband type, the areas and/or the content sources to obtain a flow analysis result.
7. An apparatus for IPv6 address management and traffic analysis, comprising:
the data acquisition module is used for acquiring IPv6 address registration information, collecting IPv6 routing information and carrying flow direction data of the IPv6 address;
the data analysis module is used for analyzing the IPv6 routing information to obtain IPv6 address attribution information;
the address management library construction module is used for determining address management information corresponding to each IPv6 address according to the IPv6 address attribution information and the IPv6 address registration information, and constructing an IPv6 address management library;
the flow analysis module is used for carrying out flow analysis on the flow direction data of the flow from multiple dimensions according to the IPv6 address management library to obtain a flow analysis result;
the data acquisition module is further configured to: collecting IPv6 route information through BGP route process; the system server route acquisition program supports a BGP backward compatible route protocol and is used for establishing BGP protocol connection with the route reflector so as to collect IPv6 route information; the multi-protocol reachable NLRI path attribute message of the BGP backward compatible routing protocol is used for acquiring the address release information of IPv 6; the multi-protocol unreachable NLRI path attribute information using BGP backward compatible routing protocol withdraws unreachable routes; and acquiring IPv6 routing Attributes by combining Communities Attribute of BGP and Path Attributes attribute information, and acquiring an address revocation message of IPv6 through an MP_UNREACH_NLRI message.
8. The apparatus of claim 7, wherein the data acquisition module is further configured to:
the IPv6 address registration information is acquired by synchronizing with a network interface controller of a global area;
and collecting flow direction data carrying the IPv6 address through a Netflow collector.
9. A computing device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction that causes the processor to perform operations corresponding to a method for IPv6 address management and traffic analysis according to any one of claims 1-6.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to a method of IPv6 address management and traffic analysis according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010479321.XA CN113746654B (en) | 2020-05-29 | 2020-05-29 | IPv6 address management and flow analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010479321.XA CN113746654B (en) | 2020-05-29 | 2020-05-29 | IPv6 address management and flow analysis method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113746654A CN113746654A (en) | 2021-12-03 |
| CN113746654B true CN113746654B (en) | 2024-01-12 |
Family
ID=78725068
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010479321.XA Active CN113746654B (en) | 2020-05-29 | 2020-05-29 | IPv6 address management and flow analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113746654B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114466398A (en) * | 2021-12-20 | 2022-05-10 | 中盈优创资讯科技有限公司 | Method and device for analyzing 5G terminal user behaviors through netflow data |
| CN115225613B (en) * | 2022-07-13 | 2024-04-12 | 杭州安恒信息技术股份有限公司 | IPv6 address information determining method, device, equipment and medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1399742A (en) * | 1999-06-30 | 2003-02-26 | 倾向探测公司 | Method and apparatus for monitoring traffic in network |
| CN1578947A (en) * | 2001-10-29 | 2005-02-09 | 媒体网国际公司 | Method system and data structure for multimedia communications |
| CN101043453A (en) * | 2007-03-19 | 2007-09-26 | 华为技术有限公司 | Method and apparatus for gathering and analyzing flux |
| CN101730012A (en) * | 2008-10-21 | 2010-06-09 | 中国移动通信集团公司 | Method and system for addressing short-message gateways and short-message gateways |
| CN101990003A (en) * | 2010-10-22 | 2011-03-23 | 西安交通大学 | User action monitoring system and method based on IP address attribute |
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| CN105282161A (en) * | 2015-10-23 | 2016-01-27 | 绵阳师范学院 | Point-to-point anonymous communication method based on random stateless address distributing policies in IPv6 network |
| CN106452940A (en) * | 2016-08-22 | 2017-02-22 | 中国联合网络通信有限公司重庆市分公司 | Method and device for identifying Internet business flow ownership |
| CN106534398A (en) * | 2016-11-14 | 2017-03-22 | 赛尔网络有限公司 | Device and method used for IPv6 network |
| CN106559257A (en) * | 2015-09-30 | 2017-04-05 | 丛林网络公司 | The analysis of distributed network |
| CN106649476A (en) * | 2016-09-29 | 2017-05-10 | 北京中联网盟科技股份有限公司 | IP address information query system |
| CN106656838A (en) * | 2016-10-19 | 2017-05-10 | 赛尔网络有限公司 | Data flow analyzing method and system |
| CN107517143A (en) * | 2017-10-23 | 2017-12-26 | 合肥时代智慧高新投资管理有限公司 | A kind of network traffics collection and monitoring method based on bgp protocol |
| CN108027800A (en) * | 2015-07-22 | 2018-05-11 | 动态网络服务股份有限公司 | The mthods, systems and devices for carrying out geo-location are route using tracking |
| CN109039919A (en) * | 2018-10-11 | 2018-12-18 | 平安科技(深圳)有限公司 | Forward-path determines method, apparatus, system, computer equipment and storage medium |
| CN110493085A (en) * | 2019-09-03 | 2019-11-22 | 赛尔网络有限公司 | Statistical method, system, electronic equipment and the medium of IPv6 active users |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN110830469A (en) * | 2019-11-05 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | DDoS attack protection system and method based on SDN and BGP flow specification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10225189B2 (en) * | 2016-04-26 | 2019-03-05 | Juniper Networks, Inc. | Egress peer engineering using IPv4-mapped IPv6 addresses |
-
2020
- 2020-05-29 CN CN202010479321.XA patent/CN113746654B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1399742A (en) * | 1999-06-30 | 2003-02-26 | 倾向探测公司 | Method and apparatus for monitoring traffic in network |
| CN1578947A (en) * | 2001-10-29 | 2005-02-09 | 媒体网国际公司 | Method system and data structure for multimedia communications |
| CN101043453A (en) * | 2007-03-19 | 2007-09-26 | 华为技术有限公司 | Method and apparatus for gathering and analyzing flux |
| CN101730012A (en) * | 2008-10-21 | 2010-06-09 | 中国移动通信集团公司 | Method and system for addressing short-message gateways and short-message gateways |
| CN101990003A (en) * | 2010-10-22 | 2011-03-23 | 西安交通大学 | User action monitoring system and method based on IP address attribute |
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| CN108027800A (en) * | 2015-07-22 | 2018-05-11 | 动态网络服务股份有限公司 | The mthods, systems and devices for carrying out geo-location are route using tracking |
| CN106559257A (en) * | 2015-09-30 | 2017-04-05 | 丛林网络公司 | The analysis of distributed network |
| CN105282161A (en) * | 2015-10-23 | 2016-01-27 | 绵阳师范学院 | Point-to-point anonymous communication method based on random stateless address distributing policies in IPv6 network |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN106452940A (en) * | 2016-08-22 | 2017-02-22 | 中国联合网络通信有限公司重庆市分公司 | Method and device for identifying Internet business flow ownership |
| CN106649476A (en) * | 2016-09-29 | 2017-05-10 | 北京中联网盟科技股份有限公司 | IP address information query system |
| CN106656838A (en) * | 2016-10-19 | 2017-05-10 | 赛尔网络有限公司 | Data flow analyzing method and system |
| CN106534398A (en) * | 2016-11-14 | 2017-03-22 | 赛尔网络有限公司 | Device and method used for IPv6 network |
| CN107517143A (en) * | 2017-10-23 | 2017-12-26 | 合肥时代智慧高新投资管理有限公司 | A kind of network traffics collection and monitoring method based on bgp protocol |
| CN109039919A (en) * | 2018-10-11 | 2018-12-18 | 平安科技(深圳)有限公司 | Forward-path determines method, apparatus, system, computer equipment and storage medium |
| CN110493085A (en) * | 2019-09-03 | 2019-11-22 | 赛尔网络有限公司 | Statistical method, system, electronic equipment and the medium of IPv6 active users |
| CN110830469A (en) * | 2019-11-05 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | DDoS attack protection system and method based on SDN and BGP flow specification |
Non-Patent Citations (3)
| Title |
|---|
| Design of Conformance Testing System for BGP Protocol of IPv6 Based on XML;Peng Zhai等;《 2012 International Conference on Computer Science and Service System》;全文 * |
| 互联网路由扩展性研究状况分析;陆璇;王文东;程时端;;中兴通讯技术(02);全文 * |
| 结合自治系统号扩展IP地址空间的研究;马海波;周景森;王德广;;计算机应用与软件(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113746654A (en) | 2021-12-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| USRE49126E1 (en) | Real-time adaptive processing of network data packets for analysis | |
| KR100523486B1 (en) | Traffic measurement system and traffic analysis method thereof | |
| JP6820320B2 (en) | Methods and devices for real-time traffic guidance using real-time user monitoring data | |
| US8751642B2 (en) | Method and system for management of sampled traffic data | |
| CN113746654B (en) | IPv6 address management and flow analysis method and device | |
| EP2146477B1 (en) | A method, system and device for sampling message | |
| CN112565262A (en) | Flow data processing method, system, network equipment and storage medium | |
| Iannone et al. | Implementing the locator/id separation protocol: Design and experience | |
| CN100583830C (en) | Method and apparatus for gathering and analyzing flux | |
| CN113347258B (en) | Method and system for data acquisition, monitoring and analysis under cloud flow | |
| CN102271084A (en) | Technology for locating communication paths of network host | |
| US7756128B2 (en) | System and method for network analysis | |
| US20200328964A1 (en) | Method and device for collecting traffic flow value of bgp community attribute or bgp extended community attribute | |
| US20230327983A1 (en) | Performance measurement in a segment routing network | |
| CN115695216A (en) | Big data analysis method for internet traffic flow direction | |
| KR100342107B1 (en) | Methods for deciding Internet address groups distinguished by assigned organizations or locations and for resolving the geographical information for each address group, which are intended to set up Internet address supplementary system and its applications | |
| Kang et al. | A network monitoring tool for CCN | |
| CN115174414A (en) | Method, system and electronic device for automatically identifying devices and device paths in session | |
| CN112565106B (en) | Traffic service identification method, device, equipment and computer storage medium | |
| WO2022262574A1 (en) | Method and apparatus for determining slice information, and storage medium and electronic apparatus | |
| CN116668405B (en) | Method, system, medium and equipment for implementing multi-service message notification mechanism | |
| CN114024895B (en) | TR 069-based network route optimization method and system | |
| CN117478564A (en) | Service measurement method of SRv network and SRv network | |
| Muniyappa | Performance Analysis of IPv4 Versus IPv6 in a simple campus network | |
| CN116614432A (en) | Message processing method, network element equipment, control equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |