CN115333928A

CN115333928A - Network early warning method and device, electronic equipment and storage medium

Info

Publication number: CN115333928A
Application number: CN202210814995.XA
Authority: CN
Inventors: 槐正; 郑万静; 李雅楠; 徐冬冬; 付迎鑫; 崔明; 马荻; 刘桥; 徐锐; 王健; 徐蕾
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-07-12
Filing date: 2022-07-12
Publication date: 2022-11-11

Abstract

The embodiment of the invention provides a network early warning method, a network early warning device, electronic equipment and a storage medium in a data transmission process, wherein the method comprises the following steps: acquiring node information of a target Pod node, inputting the node information into a correlation probability prediction model to predict node correlation probability, acquiring correlation probability values between the target Pod node and other Pod nodes in a k8s cluster, and taking the Pod nodes of which the correlation probability values meet preset conditions in the other Pod nodes as correlation Pod nodes corresponding to the target Pod node; determining a related Node corresponding to the related Pod Node, acquiring first equipment information corresponding to first physical equipment to which the related Pod Node belongs and second equipment information corresponding to second physical equipment to which the target Node belongs, and respectively processing the first equipment information and the second equipment information through a network abnormity early warning model issued by a Master Node to acquire a first abnormity probability aiming at the first physical equipment and a second abnormity probability aiming at the second physical equipment.

Description

Network early warning method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the technical field of IT and software development, and in particular, to a network early warning method in a data transmission process, a network early warning device in a data transmission process, an electronic device, and a computer-readable storage medium.

Background

With the rapid development of computer technology, information networks have become an important guarantee for social development. In a traditional hardware resource virtualization system and a centralized management operation and maintenance system for virtual resources, service resources and user resources, a virtualization platform is a leading server virtualization solution in the industry, and a solution of a cloud operating system is that virtualization software is deployed on a server, so that one physical server can bear the work of multiple servers. However, in the related art, it is common to collect relevant performance parameters in a cluster and compare the relevant performance parameters with a preset detection threshold, so as to implement monitoring of a cluster state, in this case, a cluster is easily discovered when a performance fault occurs, which causes unstable cluster operation.

Disclosure of Invention

The embodiment of the invention provides a network early warning method, a network early warning device, electronic equipment and a computer readable storage medium in a data transmission process, and aims to solve or partially solve the problem that the cluster performance fault cannot be early warned in time in the related technology.

The embodiment of the invention discloses a network early warning method in a data transmission process, which relates to a k8s cluster, wherein the k8s cluster comprises a Master Node, a plurality of Node nodes connected with the Master Node and at least one Pod Node connected with each Node; a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform; the method is applied to a target Node, the target Node deploys an associated probability prediction model, and the method comprises the following steps:

acquiring node information of a target Pod node, wherein the node information comprises information generated when data interaction occurs between the target Pod node and other Pod nodes;

inputting the node information into the association probability prediction model to perform node association probability prediction, obtaining association probability values between the target Pod node and other Pod nodes in the k8s cluster, and taking the Pod nodes of which the association probability values meet preset conditions in the other Pod nodes as associated Pod nodes corresponding to the target Pod node;

determining a related Node corresponding to the related Pod Node, and acquiring first device information corresponding to a first physical device to which the related Pod Node belongs and second device information corresponding to a second physical device to which the target Node belongs;

and inputting the first equipment information into a network abnormity early warning model issued by the Master node to perform abnormity probability prediction on the first physical equipment to obtain a first abnormity probability aiming at the first physical equipment, and inputting the second equipment information into a preset network abnormity early warning model to perform abnormity probability prediction on the second physical equipment to obtain a second abnormity probability aiming at the second physical equipment.

Optionally, the first abnormal probability represents a probability that the first physical device is abnormal when data transmission is performed between the first physical device and the second physical device; the second abnormal probability represents a probability that the second physical device is abnormal when data transmission is performed between the first physical device and the second physical device.

Optionally, the inputting the first device information into the network anomaly early warning model issued by the Master node to perform anomaly probability prediction on the first physical device to obtain a first anomaly probability for the first physical device, and inputting the second device information into a preset network anomaly early warning model to perform anomaly probability prediction on the second physical device to obtain a second anomaly probability for the second physical device includes:

responding to a model instruction issued by the Master node, if the fact that the network abnormity early warning model is not deployed locally is detected according to the model instruction, requesting the network abnormity early warning model from the Master node, and deploying the network abnormity early warning model issued by the Master node locally;

inputting the first equipment information into the network abnormity early warning model to predict the abnormity probability of the first physical equipment, and obtaining a first abnormity probability aiming at the first physical equipment;

and inputting the second equipment information into a preset network abnormity early warning model to predict the abnormity probability of the second physical equipment, and obtaining a second abnormity probability aiming at the second physical equipment.

Optionally, the step of inputting the first device information into a preset network anomaly early warning model to predict the anomaly probability of the first physical device to obtain a first anomaly probability for the first physical device includes:

inputting the first equipment parameter into a preset network abnormity early warning model to predict equipment abnormity probability of the first physical equipment, and obtaining first equipment abnormity probability aiming at the first physical equipment;

inputting the network port parameter into the network abnormity early warning model to predict the port abnormity probability of the first physical equipment, and obtaining the first port abnormity probability aiming at the first physical equipment;

and inputting the second equipment parameter into a preset network abnormity early warning model to predict the equipment abnormity probability of the third physical equipment, and obtaining the second equipment abnormity probability aiming at the first physical equipment.

Optionally, the second device information at least includes a third device parameter, a second network port parameter, and a fourth device parameter of a fourth physical device in a VLAN pool with the second physical device, and the inputting the second device information into a preset network anomaly early warning model to predict the anomaly probability of the second physical device to obtain a second anomaly probability for the second physical device includes:

inputting the third equipment parameter into a preset network abnormity early warning model to predict the equipment abnormity probability of the second physical equipment, and obtaining the third equipment abnormity probability aiming at the second physical equipment;

inputting the second network port parameter into the network abnormity early warning model to predict the port abnormity probability of the second physical device, and obtaining a second port abnormity probability aiming at the second physical device;

and inputting the fourth equipment parameter into a preset network abnormity early warning model to predict the equipment abnormity probability of the fourth physical equipment, so as to obtain the fourth equipment abnormity probability aiming at the second physical equipment.

Optionally, the taking a Pod node, among the other Pod nodes, whose associated probability value meets a preset condition as an associated Pod node corresponding to the target Pod node includes:

acquiring a weight coefficient corresponding to each other Pod node, and calculating a weighted probability value corresponding to the other Pod node by adopting the weight coefficient and an associated probability value;

and taking the Pod node with the weighted probability value larger than or equal to a preset threshold value in the other Pod nodes as an associated Pod node corresponding to the target Pod node.

Optionally, the method further comprises:

and synchronizing the target data sent by the associated Pod nodes.

Optionally, the k8s cluster further includes a history database connected to the Node nodes, and the obtaining Node information of the target Pod Node includes:

and acquiring Node information of the target Pod Node from a target historical database corresponding to the target Node.

The embodiment of the invention also discloses a network early warning device in the data transmission process, which relates to a k8s cluster, wherein the k8s cluster comprises a Master Node, a plurality of Node nodes connected with the Master Node and at least one Pod Node connected with each Node; a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform; the apparatus is applied to a target Node, the target Node deploys an associated probability prediction model, and the apparatus comprises:

the node information acquisition module is used for acquiring node information of a target Pod node, wherein the node information comprises information generated when data interaction occurs between the target Pod node and other Pod nodes;

the associated Pod determining module is used for inputting the node information into the associated probability prediction model to perform node associated probability prediction, obtaining associated probability values between the target Pod node and other Pod nodes in the k8s cluster, and taking the Pod nodes of which the associated probability values meet preset conditions in the other Pod nodes as associated Pod nodes corresponding to the target Pod node;

an equipment information obtaining module, configured to determine an associated Node corresponding to the associated Pod Node, and obtain first equipment information corresponding to a first physical equipment to which the associated Pod Node belongs and second equipment information corresponding to a second physical equipment to which the target Node belongs;

and the abnormal probability determining module is used for inputting the first equipment information into a network abnormal early warning model issued by the Master node to predict the abnormal probability of the first physical equipment to obtain a first abnormal probability aiming at the first physical equipment, and inputting the second equipment information into a preset network abnormal early warning model to predict the abnormal probability of the second physical equipment to obtain a second abnormal probability aiming at the second physical equipment.

Optionally, the anomaly probability determining module is specifically configured to:

Optionally, the first device information at least includes a first device parameter, a first network port parameter, and a second device parameter of a third physical device in a VLAN pool with the first physical device, and the anomaly probability determining module is specifically configured to:

Optionally, the second device information at least includes a third device parameter, a second network port parameter, and a fourth device parameter of a fourth physical device in a VLAN pool with the second physical device, and the abnormal probability determining module is specifically configured to:

Optionally, the associated Pod determining module is specifically configured to:

Optionally, the method further comprises:

and the data synchronization module is used for synchronizing the target data sent by the associated Pod node.

Optionally, the k8s cluster further includes a history database connected to the Node, and the Node information obtaining module is specifically configured to:

The embodiment of the invention also discloses electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to the embodiment of the present invention when executing the program stored in the memory.

Embodiments of the present invention also disclose a computer-readable storage medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform the method according to the embodiments of the present invention.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, a k8s cluster may include a Master Node, a plurality of Node nodes connected with the Master Node, and at least one Pod Node connected with each Node, and a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform, so that in a cloud computing scene of the k8s cluster, for a certain target Node located in the cluster, node information of the target Pod Node may be acquired, the Node information includes information generated when data interaction occurs between the target Pod Node and other Pod nodes, the Node information is input into an associated probability prediction model to perform Node associated probability prediction, association probability values between the target Pod Node and other Pod nodes in the k8s cluster are acquired, and the Pod Node of which the associated probability value meets a preset condition in the other Pod nodes is taken as the associated Pod Node corresponding to the target Pod Node, determining associated Node nodes corresponding to the associated Pod nodes, predicting the associated Pod nodes by the Node nodes, effectively reducing the load and the operation pressure of a Master Node deployed in a cluster center server, obtaining first equipment information corresponding to first physical equipment to which the associated Pod nodes belong and second equipment information corresponding to second physical equipment to which the associated Node nodes belong after determining the associated Node nodes, inputting the first equipment information into a network abnormity early warning model issued by the Master Node to predict the abnormity probability of the first physical equipment, obtaining a first abnormity probability aiming at the first physical equipment, inputting the second equipment information into a preset network abnormity early warning model to predict the abnormity probability of the second physical equipment, obtaining a second abnormity probability aiming at the second physical equipment, and predicting the physical equipment corresponding to the Node nodes in the cluster and the physical equipment corresponding to the Pod nodes by the network abnormity early warning model And predicting the abnormal probability during data transmission so as to early warn according to a prediction result in time, thereby conveniently removing obstacles in time for communication abnormity in the cluster and ensuring the running stability of the cluster.

Drawings

Fig. 1 is a flowchart illustrating steps of a network early warning method in a data transmission process according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a k8s cluster provided in an embodiment of the present invention;

FIG. 3 is a schematic illustration of model construction provided in an embodiment of the invention;

fig. 4 is a block diagram of a network early warning apparatus in a data transmission process according to an embodiment of the present invention;

fig. 5 is a block diagram of an electronic device provided in an embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention more comprehensible, the present invention is described in detail with reference to the accompanying drawings and the detailed description thereof.

As an example, in the application of the artificial intelligence Technology, centralized operation and maintenance management of virtual resources, business resources, and user resources is realized by virtualizing conventional hardware resources, so that the utilization efficiency of IT (Information Technology) infrastructure equipment can be effectively improved, the operation and maintenance efficiency can be improved, and the IT cost can be reduced. In the related art, usually, related performance parameters in a cluster are collected and compared with a preset detection threshold, so as to monitor a cluster state, and in this case, a cluster is easily discovered when a performance fault occurs, which results in unstable cluster operation.

To this end, one of the core invention points of the present invention is to deploy a Master Node, a Node and a Pod Node in a k8s cluster, wherein the Master Node may be deployed in a central server of the cluster, the Node may be deployed in a local server of the cluster, the Pod Node may be deployed on a corresponding physical device based on a distributed virtualization platform in the cluster, the Master Node may issue a network anomaly early warning model to the Node in the cluster operation process, the Node may predict Node information corresponding to its associated Pod Node in the operation process, and input the Node information into an associated probability prediction model to predict an association relationship between the Pod Node and other Pod nodes in the cluster, determine the associated Pod Node, and by predicting the associated Pod Node by the Node, the load and the operation pressure of the Master Node deployed in the cluster central server may be effectively reduced, then, first equipment information corresponding to first physical equipment to which the associated Pod Node belongs and second equipment information corresponding to second physical equipment to which the associated Node belongs in the cluster are associated can be obtained, the first equipment information and the second equipment information are respectively processed according to a network abnormity early warning model issued by a Master Node, and a first abnormity probability of abnormity of the first physical equipment and a second abnormity probability of abnormity of the second equipment are obtained when data communication is carried out between the first physical equipment and the second physical equipment, so that the abnormity probability of data transmission between the physical equipment corresponding to the Node in the cluster and the physical equipment corresponding to the Pod Node in the cluster is predicted through the network abnormity early warning model, early warning is carried out in time according to a prediction result, and therefore, communication abnormity in the cluster is conveniently and timely troubleshooting is carried out, and the stability of cluster operation is ensured.

Specifically, referring to fig. 1, a flow chart of steps of a network early warning method in a data transmission process provided in an embodiment of the present invention is shown, which relates to a k8s cluster, where the k8s cluster includes a Master Node, a plurality of Node nodes connected to the Master Node, and at least one Pod Node connected to each Node; the distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on the corresponding physical devices based on the distributed virtualization platform; the method can be applied to target Node nodes, the target Node nodes are provided with an associated probability prediction model, and the method specifically comprises the following steps:

step 101, acquiring node information of a target Pod node, wherein the node information comprises information generated when data interaction occurs between the target Pod node and other Pod nodes;

for k8s, which may be kubernets, which is an orchestration management tool for portable containers generated for container services, multiple physical devices/virtual machine components may be included in the k8s cluster. Specifically, the k8s cluster may include a Master Node, a Node, and a Pod Node, where the Master Node may be a Node deployed in a central server of the cluster and is responsible for associating other nodes, such as managing the Node; the Node is responsible for managing related containers in the running cluster, data transmitted by the containers and the like; the Pod node is an independent, isolated and minimal working unit in the cluster, and can run one or more containers/services, and by combining a plurality of containers, a corresponding application program can be run to realize a corresponding data processing service and the like.

Referring to fig. 2, a schematic structural diagram of a k8s cluster provided in the embodiment of the present invention is shown, where the k8s cluster may include a Master Node deployed in a central server (or a central cluster) and a plurality of Node nodes in communication connection with the Master Node, each Node may be deployed in a local server, and each Node may correspond to one database, and each Node may be in communication connection with a plurality of Pod nodes. For a Pod Node, it may be a virtual machine constructed based on a distributed virtualization platform, and is deployed on a corresponding physical device in a cluster, and may communicate with the physical device on which the Pod Node is deployed through a corresponding OpenAPI (Open Application Programming Interface), that is, for a Master Node, a Node, and a Pod Node, one Master Node may correspond to multiple Node nodes, and one Node may correspond to multiple Pod nodes. Alternatively, for Node nodes, it can be divided into the first class of Node nodes deployed on the local server, the second type Node consists of at least one Pod Node, and the second type Node and the second type Node are respectively deployed on different physical equipment in the cluster; for the distributed virtualization platform, it may be deployed in a central server or a local server, which is not limited in the present invention.

Optionally, a network anomaly early warning model may be deployed in the Master node, and the probability of an anomaly occurrence of the physical device in the data transmission process may be predicted through the network anomaly early warning model, so that early warning may be conveniently performed in time according to a prediction result through the corresponding anomaly probability, and thus communication anomalies in the cluster may be conveniently and timely cleared, and the stability of cluster operation is ensured; the Node nodes can be deployed with associated probability prediction models, due to the high availability characteristic of the cluster and the load pressure of the high concurrency condition on the Master Node, the associated probability between the Pod nodes and other Pod nodes in the cluster is predicted by the associated probability prediction models in combination with the Node information stored in the database, the associated Pod nodes corresponding to each Pod Node are screened out through the Node nodes, and the load and the operation pressure of the Master Node in the central server can be reduced.

In the embodiment of the present invention, in the k8s cluster operation process, a certain Node is taken as an example for an exemplary description, and for a target Node, it may acquire Node information corresponding to a target Pod Node associated with the target Node. The node information may include information generated when data interaction occurs between the target Pod node and other Pod nodes, for example, when data interaction occurs, a node identifier, an IP address, an interaction data amount, an interaction number, an interaction port, and the like of the Pod node.

In specific implementation, the Master node may manage whether a network port corresponding to a Pod node in a cluster is exposed through a configuration file, and if the port is exposed, the Pod node may perform data interaction with a Pod node in the same network or Pod nodes in other networks in the cluster, store data in a log file of a central server during the data interaction, and store node information related to the interaction process in a corresponding database. For the target Node, the Node information of the target Pod Node can be acquired from a target history database corresponding to the target Node, so that the associated Pod Node corresponding to the Pod Node can be predicted according to the Node information.

For example, assuming that the target Node is associated with the Pod Node (1), the Pod Node (2), and the Pod Node (3), the target Node may obtain Node information corresponding to the Pod Node (1), the Pod Node (2), and the Pod Node (3), respectively, so as to predict associated Pod nodes corresponding to the Pod Node (1), the Pod Node (2), and the Pod Node (3) based on the Node information. In addition, the nodes such as the Pod node (1), the Pod node (2), and the Pod node (3) may be Pod nodes belonging to the same network or Pod nodes belonging to different networks, and the Pod nodes belonging to the same network may be Pod nodes belonging to the same IP address and DNS Domain Name System (Domain Name System), which is not limited in this respect.

102, inputting the node information into the association probability prediction model to perform node association probability prediction, obtaining association probability values between the target Pod node and other Pod nodes in the k8s cluster, and taking the Pod nodes of which the association probability values meet preset conditions in the other Pod nodes as association Pod nodes corresponding to the target Pod node;

in specific implementation, after the target Node may obtain Node information corresponding to the associated target Pod Node from the corresponding database, the Node information may be input to an associated probability prediction model to predict association probabilities between the target Pod Node and other Pod nodes in the same network or other Pod nodes in other networks, and the association degree between the target Pod Node and other Pod nodes in the cluster may be determined through the association probability value. For a target Pod Node, it may be a Node that performs data interaction with the target Node, including but not limited to one or more Pod nodes within one group network or within different groups networks. For example, assuming that the Pod Node (1), the Pod Node (2), the Pod Node (3), and the like belong to the same network, for the Pod Node (1), the target Node may predict association probabilities between the Pod Node (1) and the Pod Node (2) and the Pod Node (3), respectively, according to Node information corresponding to the target Node; assuming that the Pod Node (1), the Pod Node (2) and the Pod Node (3) belong to different networks, the target Node can also predict association probabilities between the Pod Node (1) and the Pod Node (2) and the Pod Node (3) respectively according to the corresponding Node information.

In specific implementation, the target Node obtains an association probability value between the target Pod Node and other Pod nodes in the cluster according to the association probability prediction model, may obtain a weight coefficient corresponding to each other Pod Node, and calculates a weighted probability value corresponding to the other Pod nodes by using the weight coefficient and the association probability value, and then uses the Pod Node with the weighted probability value greater than or equal to a preset threshold value in the other Pod nodes as the associated Pod Node corresponding to the target Pod Node. For each Pod node, the Pod node and the target Pod node are other Pod nodes in the same network, and the corresponding weight value may be a first weight value; the target Pod nodes are other Pod nodes in different networks, the corresponding weighted values can be second weighted values, the first weighted values can be larger than the second weighted values to represent that the association degree between different Pod nodes in the same network is higher, so that after the association probability value is obtained, weighting is further carried out through the weighting coefficients to obtain more accurate weighting probability values, and then the association Pod nodes with higher association degree with the target Pod nodes can be screened out through the weighting probability values, so that the associated Pod nodes can be screened out through the Node nodes, the number of the Pod nodes needing to be detected during subsequent network abnormity early warning is reduced, and the load and the operation pressure of Master nodes deployed in a cluster center server are effectively reduced.

Step 103, determining an associated Node corresponding to the associated Pod Node, and acquiring first device information corresponding to a first physical device to which the associated Pod Node belongs and second device information corresponding to a second physical device to which the target Node belongs;

after determining the associated Pod Node with a larger degree of association with the target Pod Node, node nodes (the second type Node nodes) to which the associated Pod nodes belong may be further determined, and the Node nodes may be used as associated Node nodes corresponding to the target Node, and then first device information corresponding to a first physical device in which each associated Node is located and second device information corresponding to a second physical device in which the target Node is located may be obtained, so as to predict, according to the two information, a probability that a device is abnormal when data transmission occurs between the first physical device and the second physical device.

The device information may include device parameters of the physical device, network port parameters of the physical device, and device parameters corresponding to other physical devices in a VLAN pool, where the device parameters may include parameters associated with relevant hardware (memory, CPU, disk, and the like) of the physical device during data transmission; for the network port parameter, it may include packet loss information, delay information, etc. of the port during data transmission, which is not limited in the present invention.

And 104, inputting the first device information into a network abnormity early warning model issued by the Master node to predict abnormity probability of the first physical device, so as to obtain a first abnormity probability aiming at the first physical device, and inputting the second device information into a preset network abnormity early warning model to predict abnormity probability of the second physical device, so as to obtain a second abnormity probability aiming at the second physical device.

In the embodiment of the present invention, while synchronously associating target data sent by Pod nodes, a target Node may respectively input first device information into a network anomaly early warning model issued by a Master Node to perform anomaly probability prediction on a first physical device, to obtain a first anomaly probability for the first physical device, and input second device information into a preset network anomaly early warning model to perform anomaly probability prediction on a second physical device, to obtain a second anomaly probability for the second physical device. The first abnormal probability represents the probability of the first physical device being abnormal when data transmission is carried out between the first physical device and the second physical device; the second abnormal probability represents a probability that the second physical device is abnormal when data transmission is performed between the first physical device and the second physical device.

In a specific implementation, the target Node may respond to a model instruction issued by the Master Node, and if it is detected that a local network anomaly early warning model is not deployed according to the model instruction, request the Master Node for the network anomaly early warning model, and deploy the network anomaly early warning model issued by the Master Node locally; if the local deployment of the network abnormity early warning model is detected according to the model instruction, a first version corresponding to the network abnormity early warning model in the Master node and a second version corresponding to the local network abnormity early warning model are obtained and compared, the local network abnormity early warning model is updated with the version on the Master node as the standard and is consistent with the network abnormity early warning model in the Master node, then the first equipment information can be input into the network abnormity early warning model to carry out abnormity probability prediction on the first physical equipment, the first abnormity probability aiming at the first physical equipment is obtained, the second equipment information is input into the preset network abnormity early warning model to carry out abnormity probability prediction on the second physical equipment, and the second abnormity probability aiming at the second physical equipment is obtained.

For the first device information at least including a first device parameter, a first network port parameter, and a second device parameter of a third physical device in a same VLAN pool as the first physical device, the target Node may input the first device parameter into a preset network anomaly early warning model to perform device anomaly probability prediction on the first physical device, obtain a first device anomaly probability for the first physical device, input the network port parameter into the network anomaly early warning model to perform port anomaly probability prediction on the first physical device, obtain a first port anomaly probability for the first physical device, input the second device parameter into the preset network anomaly early warning model to perform device anomaly probability prediction on the third physical device, and obtain a second device anomaly probability for the first physical device.

For the second device information at least including a third device parameter, a second network port parameter, and a fourth device parameter of a fourth physical device in the same VLAN pool as the second physical device, the target Node may input the third device parameter into a preset network anomaly early warning model to perform device anomaly probability prediction on the second physical device, obtain a third device anomaly probability for the second physical device, input the second network port parameter into the network anomaly early warning model to perform port anomaly probability prediction on the second physical device, obtain a second port anomaly probability for the second physical device, and input the fourth device parameter into the preset network anomaly early warning model to perform device anomaly probability prediction on the fourth physical device, and obtain a fourth device anomaly probability for the second physical device.

And predicting the abnormal probability between the physical equipment corresponding to the Node in the cluster and the physical equipment corresponding to the Pod Node during data transmission through the network abnormity early warning model so as to carry out early warning in time according to a prediction result, thereby conveniently carrying out fault removal in time on communication abnormity in the cluster and ensuring the stability of cluster operation.

In the embodiment of the invention, a k8s cluster may include a Master Node, a plurality of Node nodes connected with the Master Node, and at least one Pod Node connected with each Node, and a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform, so that in a cloud computing scene of the k8s cluster, for a certain target Node located in the cluster, node information of the target Pod Node may be acquired, the Node information includes information generated when data interaction occurs between the target Pod Node and other Pod nodes, the Node information is input into an associated probability prediction model to perform Node associated probability prediction, association probability values between the target Pod Node and other Pod nodes in the k8s cluster are acquired, and the Pod Node of which the associated probability value meets a preset condition in the other Pod nodes is taken as the associated Pod Node corresponding to the target Pod Node, determining associated Node nodes corresponding to the associated Pod nodes, predicting the associated Pod nodes by the Node nodes, effectively reducing the load and the operation pressure of a Master Node deployed in a cluster center server, obtaining first equipment information corresponding to first physical equipment to which the associated Pod nodes belong and second equipment information corresponding to second physical equipment to which the associated Node nodes belong after determining the associated Node nodes, inputting the first equipment information into a network abnormity early warning model issued by the Master Node to predict the abnormity probability of the first physical equipment, obtaining a first abnormity probability aiming at the first physical equipment, inputting the second equipment information into a preset network abnormity early warning model to predict the abnormity probability of the second physical equipment, obtaining a second abnormity probability aiming at the second physical equipment, and predicting the physical equipment corresponding to the Node nodes in the cluster and the physical equipment corresponding to the Pod nodes by the network abnormity early warning model And predicting the abnormal probability during data transmission so as to give an early warning according to a prediction result in time, thereby conveniently and timely eliminating faults of communication abnormality in the cluster and ensuring the stability of cluster operation.

In order to make the technical solutions of the embodiments of the present invention better understood by those skilled in the art, the following is an exemplary description by way of an example:

s1, deploying an initial Kubernets cluster at a central server. A cluster based on Kubernetes mainly comprises three objects, master (main Node), node (Node) and Pod. The method is characterized by comprising the following steps: master (Master node): first, a Master (Master node) and a history database are deployed on a cluster management server. For the Master node, whether a network port corresponding to a Pod is exposed or not can be managed through a configuration file, and the Pod with the exposed port can perform data interaction with other cluster pods in the same network. And stores the data in a central server log file.

S2, a network anomaly early warning model is built by adopting a Markov chain algorithm, and a random forest algorithm is used for building an associated probability prediction model to predict the associated probability values of the Pod, other pods in the cluster and other cluster Pod nodes in the same group by combining historical database data operation in consideration of the high availability characteristic of multiple clusters and the load pressure of high concurrence conditions on a Master. And the Master load and the operation pressure of the central server cluster are reduced.

For the network abnormity early warning model, a flag (model issuing instruction) and the network abnormity early warning model can be sent from the central server cluster Master Node to the servers corresponding to the distributed Node nodes of each place. After receiving a flag (issuing instruction), each local server checks whether a network abnormity early warning model is deployed locally, wherein flag =1 indicates that the model is deployed, flag =0 indicates that the model is not deployed, and if the model is not deployed, the server sends an instruction to notify a central server to request the issuing of the model through a program. And after receiving the request instruction, the central server sends a network abnormity early warning model to the local server. And if the local network abnormity early warning model is deployed, updating the local network abnormity early warning model and keeping the local network abnormity early warning model synchronized with the central server.

Specifically, for the network anomaly early warning model, it may be X (k + 1) = X (k) × P. Wherein, in the formula: x (k) represents a state vector of the trend analysis and prediction object at the time t = k, P represents a one-step transition probability matrix, and X (k + 1) represents a state vector of the trend analysis and prediction object at the time t = k + 1.

Generating a data set using a two-step transfer matrix, for example: the data collected by the local server resources (network equipment, port network quality and host) in the last month accounts for 100 percent. Wherein, the failure is 30 percent and the normal is 70 percent. Of the failures, 60% may continue to fail in this month, and 40% may turn to normal in this month. The aggregation data is [ 0.6, 0.4 ]. The data collected by the local server resources (network equipment, port network quality and host) accounts for 100% in the month. Wherein, 30% of faults can still be faults, 70% of faults can be converted into faults [ 0.3 and 0.7 ] normally, and the monthly prediction probabilities [ 0.6 and 0.4 ]; the monthly transition probability (0.3 and 0.7) is calculated by a model, and the fault probability =0.3x0.6+0.3x0.7=0.39 of the data collected in the next month is obtained; data collected in the next month has normal probability =0.3x0.4+0.7x0.7=0.61.

For the associated probability prediction model, it may be constructed by a random forest algorithm, specifically, referring to fig. 3, a schematic diagram of model construction provided in the embodiment of the present invention is shown:

1. firstly, inputting a sample set | D |;

2. randomly selecting a training data set and sample characteristics to perform | Di | round training;

2-1, carrying out ith random sampling on the training set, and acquiring N times in total to obtain a sampling set containing N samples;

2-2, training the Nth decision tree model H (i) by using the sampling set | Di |:

when a node of a decision tree model is trained, selecting a part of sample features from all sample features on the node, and selecting an optimal feature from the randomly selected part of sample features in a voting mode to make a left sub-tree division result H (i) and a right sub-tree division result H (i) of the decision tree;

3. h (j) is equal to the weighted average of all probability predictions H (i) for the cluster whose occurrence Pod is associated with the probability weighted average.

And S3, firstly, the Pod sets of which the Pod associated probability weighted average value of S2 is more than 50% are combined together and are called an associated Pod set for short. And secondly, acquiring Node sets of the associated Pod sets through a Master configuration file, and combining the Node sets together for short, the associated Node sets. And then mapping the first physical equipment corresponding to the associated Node set and the second physical equipment corresponding to the distributed virtualization platform resources. And respectively collecting data of monitoring indexes (related information such as network equipment, port networks, hosts associated with the VLAN pool and the like) corresponding to the second physical equipment. And finally, acquiring server resource alarm data (related information such as network equipment, port networks, VLAN pool-associated hosts and the like) corresponding to the Node (first physical equipment) mapped by the virtualized resource of the virtualized platform in the local historical database, and combining with network anomaly early warning model operation to obtain the probability of anomaly which possibly occurs when the virtualized platform synchronizes the resource with the second physical equipment mapped by the k8s cluster Node through the open structure.

And S4, solving the problem of differentiation of the distributed networks of all parts through the distributed networks, completing synchronization of physical equipment corresponding to Node set resources through OpenAPI by the created distributed virtualization platform resources, and predicting the probability of possible faults in the synchronization process. The problem of differential shielding of resources and data of k8s clusters and virtualization and fault early warning is solved.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Referring to fig. 4, a block diagram of a structure of a network early warning apparatus in a data transmission process provided in an embodiment of the present invention is shown, and relates to a k8s cluster, where the k8s cluster includes a Master Node, a plurality of Node nodes connected to the Master Node, and at least one Pod Node connected to each of the Node nodes; a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform; the device is applied to a target Node, and the target Node deploys an associated probability prediction model, and specifically may include the following modules:

a node information obtaining module 401, configured to obtain node information of a target Pod node, where the node information includes information generated when data interaction occurs between the target Pod node and another Pod node;

an associated Pod determining module 402, configured to input the node information into the associated probability prediction model to perform node associated probability prediction, obtain an associated probability value between the target Pod node and another Pod node in the k8s cluster, and use a Pod node, of which the associated probability value satisfies a preset condition, in the other Pod node as an associated Pod node corresponding to the target Pod node;

an equipment information obtaining module 403, configured to determine an associated Node corresponding to the associated Pod Node, and obtain first equipment information corresponding to a first physical equipment to which the associated Pod Node belongs and second equipment information corresponding to a second physical equipment to which the target Node belongs;

an abnormal probability determining module 404, configured to input the first device information into a network abnormal early warning model issued by the Master node to perform abnormal probability prediction on the first physical device, to obtain a first abnormal probability for the first physical device, and input the second device information into a preset network abnormal early warning model to perform abnormal probability prediction on the second physical device, to obtain a second abnormal probability for the second physical device.

In an optional embodiment, the first abnormal probability is a probability that the first physical device is abnormal when data transmission is performed between the first physical device and the second physical device; the second abnormal probability represents a probability that the second physical device is abnormal when data transmission is performed between the first physical device and the second physical device.

In an optional embodiment, the anomaly probability determining module 404 is specifically configured to:

In an optional embodiment, the first device information at least includes a first device parameter, a first network port parameter, and a second device parameter of a third physical device in a VLAN pool with the first physical device, and the anomaly probability determining module 404 is specifically configured to:

In an optional embodiment, the second device information at least includes a third device parameter, a second network port parameter, and a fourth device parameter of a fourth physical device in a VLAN pool with the second physical device, and the anomaly probability determining module 404 is specifically configured to:

inputting the second network port parameter into the network anomaly early warning model to predict the port anomaly probability of the second physical device, and obtaining a second port anomaly probability aiming at the second physical device;

In an optional embodiment, the associated Pod determining module 402 is specifically configured to:

acquiring a weight coefficient corresponding to each of the other Pod nodes, and calculating a weighted probability value corresponding to the other Pod nodes by using the weight coefficient and an associated probability value;

In an optional embodiment, further comprising:

In an optional embodiment, the k8s cluster further includes a history database connected to the Node, and the Node information obtaining module 401 is specifically configured to:

and acquiring the Node information of the target Pod Node from a target historical database corresponding to the target Node.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

In addition, an embodiment of the present invention further provides an electronic device, including: the processor, the memory, and the computer program stored in and executable on the memory, when executed by the processor, implement each process of the network early warning method embodiment in the data transmission process, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.

The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements each process of the network early warning method embodiment in the data transmission process, and can achieve the same technical effect, and is not described herein again to avoid repetition. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

Fig. 5 is a schematic diagram of a hardware structure of an electronic device implementing various embodiments of the present invention.

The electronic device 500 includes, but is not limited to: radio frequency unit 501, network module 502, audio output unit 503, input unit 504, sensor 505, display unit 506, user input unit 507, interface unit 508, memory 509, processor 510, and power supply 511. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 5 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 501 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 510; in addition, the uplink data is transmitted to the base station. In general, radio frequency unit 501 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 501 can also communicate with a network and other devices through a wireless communication system.

The electronic device provides wireless broadband internet access to the user via the network module 502, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.

The audio output unit 503 may convert audio data received by the radio frequency unit 501 or the network module 502 or stored in the memory 509 into an audio signal and output as sound. Also, the audio output unit 503 may also provide audio output related to a specific function performed by the electronic apparatus 500 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 503 includes a speaker, a buzzer, a receiver, and the like.

The input unit 504 is used to receive audio or video signals. The input Unit 504 may include a Graphics Processing Unit (GPU) 5041 and a microphone 5042, and the Graphics processor 5041 processes image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capture mode or an image capture mode. The processed image frames may be displayed on the display unit 506. The image frames processed by the graphic processor 5041 may be stored in the memory 509 (or other storage medium) or transmitted via the radio frequency unit 501 or the network module 502. The microphone 5042 may receive sound, and may be capable of processing such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 501 in case of the phone call mode.

The electronic device 500 also includes at least one sensor 505, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 5061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 5061 and/or a backlight when the electronic device 500 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration identification related functions (such as pedometer, tapping), and the like; the sensors 505 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.

The display unit 506 is used to display information input by the user or information provided to the user. The Display unit 506 may include a Display panel 5061, and the Display panel 5061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 507 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 507 includes a touch panel 5071 and other input devices 5072. Touch panel 5071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 5071 using a finger, stylus, or any suitable object or attachment). The touch panel 5071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 510, and receives and executes commands sent by the processor 510. In addition, the touch panel 5071 may be implemented in various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 5071, the user input unit 507 may include other input devices 5072. In particular, other input devices 5072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.

Further, the touch panel 5071 may be overlaid on the display panel 5061, and when the touch panel 5071 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 510 to determine the type of the touch event, and then the processor 510 provides a corresponding visual output on the display panel 5061 according to the type of the touch event. Although in fig. 5, the touch panel 5071 and the display panel 5061 are two independent components to implement the input and output functions of the electronic device, in some embodiments, the touch panel 5071 and the display panel 5061 may be integrated to implement the input and output functions of the electronic device, and is not limited herein.

The interface unit 508 is an interface for connecting an external device to the electronic apparatus 500. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 508 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the electronic apparatus 500 or may be used to transmit data between the electronic apparatus 500 and external devices.

The memory 509 may be used to store software programs as well as various data. The memory 509 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 509 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The processor 510 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 509 and calling data stored in the memory 509, thereby performing overall monitoring of the electronic device. Processor 510 may include one or more processing units; preferably, the processor 510 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 510.

The electronic device 500 may further include a power supply 511 (e.g., a battery) for supplying power to various components, and preferably, the power supply 511 may be logically connected to the processor 510 via a power management system, so as to implement functions of managing charging, discharging, and power consumption via the power management system.

In addition, the electronic device 500 includes some functional modules that are not shown, and are not described in detail herein.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present invention, and shall cover the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A network early warning method in a data transmission process relates to a k8s cluster, wherein the k8s cluster comprises a Master Node, a plurality of Node nodes connected with the Master Node and at least one Pod Node connected with each Node; a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform; the method is applied to a target Node, the target Node deploys an associated probability prediction model, and the method comprises the following steps:

inputting the node information into the association probability prediction model to perform node association probability prediction, obtaining association probability values between the target Pod node and other Pod nodes in the k8s cluster, and taking the Pod nodes of which the association probability values meet preset conditions in the other Pod nodes as the associated Pod nodes corresponding to the target Pod node;

determining an associated Node corresponding to the associated Pod Node, and acquiring first device information corresponding to a first physical device to which the associated Pod Node belongs and second device information corresponding to a second physical device to which the target Node belongs;

inputting the first device information into a network abnormity early warning model issued by the Master node to predict abnormity probability of the first physical device, obtaining a first abnormity probability aiming at the first physical device, and inputting the second device information into a preset network abnormity early warning model to predict abnormity probability of the second physical device, obtaining a second abnormity probability aiming at the second physical device.

2. The method according to claim 1, wherein the first anomaly probability is a probability that the first physical device is anomalous when data is transmitted between the first physical device and the second physical device; the second abnormal probability represents a probability that the second physical device is abnormal when data transmission is performed between the first physical device and the second physical device.

3. The method according to claim 1, wherein the inputting the first device information into the network anomaly early warning model issued by the Master node predicts the anomaly probability of the first physical device to obtain a first anomaly probability for the first physical device, and the inputting the second device information into a preset network anomaly early warning model to predict the anomaly probability of the second physical device to obtain a second anomaly probability for the second physical device comprises:

responding to a model instruction issued by the Master node, if the network abnormity early warning model is detected not to be deployed locally according to the model instruction, requesting the network abnormity early warning model from the Master node, and deploying the network abnormity early warning model issued by the Master node locally;

4. The method of claim 3, wherein the first device information at least includes a first device parameter, a first network port parameter, and a second device parameter of a third physical device in a same VLAN pool as the first physical device, and the inputting the first device information into a preset network anomaly early warning model to predict the anomaly probability of the first physical device to obtain a first anomaly probability for the first physical device comprises:

inputting the network port parameters into the network abnormity early warning model to predict the port abnormity probability of the first physical device, and obtaining the first port abnormity probability aiming at the first physical device;

5. The method according to claim 3, wherein the second device information at least includes a third device parameter, a second network port parameter, and a fourth device parameter of a fourth physical device in a same VLAN pool as the second physical device, and the inputting the second device information into a preset network anomaly early warning model to predict the anomaly probability of the second physical device to obtain a second anomaly probability for the second physical device includes:

6. The method of claim 1, wherein the using, as the associated Pod node corresponding to the target Pod node, a Pod node of the other Pod nodes whose associated probability value meets a preset condition comprises:

7. The method of any one of claims 1-5, further comprising:

and synchronizing the target data sent by the associated Pod nodes.

8. The method of claim 1, wherein the k8s cluster further comprises a history database connected to the Node, and wherein the obtaining Node information of the target Pod Node comprises:

9. A network early warning device in a data transmission process relates to a k8s cluster, wherein the k8s cluster comprises a Master Node, a plurality of Node nodes connected with the Master Node and at least one Pod Node connected with each Node; a distributed virtualization platform is deployed in the k8s cluster, and the Pod nodes are deployed on corresponding physical devices based on the distributed virtualization platform; the apparatus is applied to a target Node, the target Node deploys an associated probability prediction model, and the apparatus comprises:

an equipment information obtaining module, configured to determine a relevant Node corresponding to the relevant Pod Node, and obtain first equipment information corresponding to a first physical equipment to which the relevant Pod Node belongs and second equipment information corresponding to a second physical equipment to which the target Node belongs;

10. An electronic device, comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

the memory is used for storing a computer program;

the processor, when executing a program stored on the memory, implementing the method of any one of claims 1-8.

11. A computer-readable storage medium having stored thereon instructions, which when executed by one or more processors, cause the processors to perform the method of any one of claims 1-8.