CN116723128A - Method and device for detecting network transparent transmission equipment - Google Patents
Method and device for detecting network transparent transmission equipment Download PDFInfo
- Publication number
- CN116723128A CN116723128A CN202310776331.3A CN202310776331A CN116723128A CN 116723128 A CN116723128 A CN 116723128A CN 202310776331 A CN202310776331 A CN 202310776331A CN 116723128 A CN116723128 A CN 116723128A
- Authority
- CN
- China
- Prior art keywords
- transparent transmission
- network transparent
- detection message
- network
- transmission device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 178
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000001514 detection method Methods 0.000 claims abstract description 154
- 230000002159 abnormal effect Effects 0.000 claims abstract description 25
- 230000036541 health Effects 0.000 abstract description 12
- 238000012545 processing Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000003068 static effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 239000000523 sample Substances 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Abstract
The application relates to a detection method and a detection device for network transparent transmission equipment. The method comprises the following steps: generating and sending a detection message at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; and when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining that the state of the network transparent transmission equipment is abnormal. The detection method and the detection device for the network transparent transmission equipment can solve the detection problem of the health state of the network transparent transmission equipment, avoid the problem of service flow loss caused by the failure of the network transparent transmission equipment, do not need manual intervention, and are convenient to maintain.
Description
Technical Field
The application relates to the field of computer information processing, in particular to a detection method and device of network transparent transmission equipment.
Background
For the traffic flowing into the server, security service processing is sometimes required, and one implementation manner is that when the traffic passes through the load balancing device, the security device is introduced to process, and for the traffic passing through the inspection, the traffic is normally introduced back to the load balancing device to complete forwarding to the service side. And for the traffic which does not pass the inspection, carrying out packet loss, log recording and other processing according to the service requirement.
For the service detection requirement, the deployment mode of the security device can adopt a transparent mode, in the network data transmission, the transparent mode refers to a mode of data forwarding of the device in a network, the security device working in the transparent mode does not need to be configured with IP, performs data processing on two layers of a network protocol, and the security device working in the transparent mode receives data from one port fixedly based on a preconfigured interface pair and sends out data from the other port without changing data content. Security devices such as WAF (Web application firewall), IPS (intrusion prevention system), etc. can be deployed in this mode, and in general, network devices deployed in a transparent mode will be referred to as network transparent transmission devices.
When the safety equipment deployment mode adopts a transparent mode, networking configuration can be simplified. Under the condition, the network transparent transmission equipment does not perform three-layer forwarding on the received message, does not configure IP, and the flow is simply sent from the input interface to the output interface.
However, since the security device is in transparent mode, there is no IP address, and only in the manner of an interface pair, the security device can send any traffic flowing to the ingress interface as it is out of the egress interface. Therefore, the security device cannot be detected to verify the health state by the traditional ICMP request and response or TCP request and TCP response modes. Once the security device operating in the transparent mode fails or is abnormal, traffic flowing into the security device may not normally flow back into the original network, resulting in traffic interruption.
Therefore, a method and apparatus for detecting a network transparent transmission device are needed.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of the above, the present application provides a method and an apparatus for detecting a network transparent transmission device, which can solve the problem of detecting the health status of the network transparent transmission device, avoid the problem of service traffic loss caused by the failure of the network transparent transmission device, and are convenient to maintain without manual intervention.
Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application.
According to an aspect of the present application, a method for detecting a network transparent transmission device is provided, the method comprising: generating and sending a detection message at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; and when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining that the state of the network transparent transmission equipment is abnormal.
In an exemplary embodiment of the present application, further comprising: connecting the load balancing equipment and at least one network transparent transmission equipment according to standard protocol interface rules; and setting an identifier for the at least one network transparent transmission device, wherein the identifier is an IP address.
In an exemplary embodiment of the present application, further comprising: creating an address resolution protocol table entry in the load balancing device by the at least one network transparent transmission device; setting an entry IP, an entry interface and an entry exit interface in the address resolution protocol entry.
In an exemplary embodiment of the present application, the timing generation and transmission of the detection message includes: determining at least one network transparent transmission device to be detected; creating a corresponding detection message based on the at least one network transparent transmission device to be detected; and sending the detection message at fixed time.
In an exemplary embodiment of the present application, creating a corresponding detection packet based on the at least one network transparent transmission device to be detected includes: acquiring the identification of the at least one network transparent transmission device to be detected; taking the identification of the at least one network transparent transmission device to be detected as a target IP; and creating a corresponding detection message based on the target IP.
In an exemplary embodiment of the present application, the sending the detection packet to the network transparent transmission device based on the target IP of the detection packet includes: sending the detection message to load balancing equipment; and the load balancing equipment sends the detection message to the corresponding network transparent transmission equipment based on the target IP and the address resolution protocol table entry.
In an exemplary embodiment of the present application, the obtaining the detection packet flowing through the network transparent transmission device includes: acquiring all messages flowing through the network transparent transmission equipment; comparing the target IP of all the messages with the IP in the address resolution protocol table item; and taking the hit message as the detection message.
In an exemplary embodiment of the present application, determining that the network transparent transmission device state is abnormal includes: and stopping draining the network transparent transmission equipment when the state of the network transparent transmission equipment is abnormal.
In an exemplary embodiment of the present application, after updating the packet receiving time of the detection packet in a preset list, the method further includes: adding a black hole route for the detection message; and forwarding the detection message based on the black hole route.
According to an aspect of the present application, there is provided a detection apparatus for a network transparent transmission device, the apparatus comprising: the message module is used for generating and sending detection messages at fixed time; the sending module is used for sending the detection message to the network transparent transmission equipment based on the target IP of the detection message; the acquisition module is used for acquiring the detection message flowing through the network transparent transmission equipment; the updating module is used for updating the packet receiving time of the detection message in a preset list; and the judging module is used for determining that the state of the network transparent transmission equipment is abnormal when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the application, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the detection method and the detection device of the network transparent transmission equipment, the detection message is generated and sent at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining the abnormal state mode of the network transparent transmission equipment, solving the detection problem of the health state of the network transparent transmission equipment, avoiding the problem of service flow loss caused by the failure of the network transparent transmission equipment, avoiding manual intervention and facilitating maintenance.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system diagram illustrating a method and apparatus for detecting a network transparent transmission device according to an exemplary embodiment.
Fig. 2 is a connection schematic diagram of a method and an apparatus for detecting a network transparent transmission device according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating a method of detecting a network transparent transmission device according to an exemplary embodiment.
Fig. 4 is a flowchart illustrating a method of detecting a network transparent transmission device according to another exemplary embodiment.
Fig. 5 is a flowchart illustrating a method of detecting a network transparent transmission device according to another exemplary embodiment.
Fig. 6 is a block diagram illustrating a detection apparatus of a network transparent transmission device according to an exemplary embodiment.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
Fig. 8 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Accordingly, a first component discussed below could be termed a second component without departing from the teachings of the present inventive concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the application and therefore should not be taken to limit the scope of the application.
The application aims to solve the technical problems that: when the security equipment is deployed in a transparent mode, the state of the security equipment cannot be timely detected by load balancing, and the problem of traffic loss is avoided. The application achieves the technical effects that: when the safety equipment is found to be problematic, the load balancing stops the flow guiding to the safety equipment, and the normal forwarding of the service is maintained.
The present application will be described in detail with reference to specific examples.
Fig. 1 is a system block diagram illustrating a method and apparatus for detecting a network transparent transmission device according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include a server 101, a load balancing device 102, network transparent transmission devices 103, 104, 105, terminal devices 106, 107, 108, and a network 109 to provide a medium for communication links between the server 101 and the load balancing device 102. The network 109 may include various connection types such as wired, wireless communication links, or fiber optic cables, among others.
The server 101 may be a server that provides various services, such as: a server providing monitoring for the network transparent transmission devices 103, 104, 105. The server 101 may create and send the detection message to the load balancing device 102, and may be capable of feeding back the detection result of the network transparent transmission devices 103, 104, 105 to the administrator.
The terminal devices 106, 107, 108 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like. The terminal devices 106, 107, 108 may send the message data to the load balancing device 102, where the load balancing device 102 forwards the message to the network transparent transmission devices 103, 104, 105, and the security data detected by the network transparent transmission devices 103, 104, 105 may be forwarded to the destination address through the load balancing device.
The server 101 may, for example, generate and send a detection message at regular time; the load balancing device 102 may send the detection message to the network transparent transmission device 103, 104, 105, for example, based on the target IP of the detection message; the server 101 may, for example, obtain the detection message flowing through the network transparent transmission device; the server 101 may update the packet receiving time of the detection packet in a preset list, for example; server 101 may determine that the network transparent transmission device 103 and/or 104 and/or 105 is out of state, for example, when the difference between the time of receipt of the packet in the preset list and the current time is greater than a time threshold.
The server 101 may be an entity server, or may be a plurality of servers, for example, it should be noted that the method for detecting the network transparent transmission device provided in the embodiment of the present application may be executed by the server 101, and accordingly, the detecting device of the network transparent transmission device may be set in the server 101.
Fig. 2 is a connection schematic diagram of a method and an apparatus for detecting a network transparent transmission device according to an exemplary embodiment. As shown in fig. 2, in a specific application scenario, a load balancing device connects a network transparent transmission device 1 and a network transparent transmission device 2, abbreviated as transparent device 1 and transparent device 2. Wherein the ingress interface of the transparent device 1 is configured to connect with the interface 1 of the load balancing device, and the egress interface of the transparent device 1 is configured to connect with the interface 2 of the load balancing device. The ingress interface of the transparent device 2 is configured to connect with the interface 3 of the load balancing device, and the egress interface of the transparent device 2 is configured to connect with the interface 4 of the load balancing device.
According to the above connection configuration, the load balancing device sends the received message to the transparent device 1 through the interface 1, and the load balancing device obtains the message processed by the transparent device 1 through the interface 2. The load balancing device sends the received message to the transparent device 2 through the interface 3, and the load balancing device obtains the message processed by the transparent device 2 through the interface 4.
Fig. 3 is a flowchart illustrating a method of detecting a network transparent transmission device according to another exemplary embodiment. The method 30 for detecting a network transparent transmission device at least includes steps S302 to S310.
As shown in fig. 3, in S302, a detection message is periodically generated and transmitted. The at least one network transparent transmission device to be detected may be determined, for example; creating a corresponding detection message based on the at least one network transparent transmission device to be detected; and sending the detection message at fixed time.
More specifically, creating a corresponding detection message based on the at least one network transparent transmission device to be detected includes: acquiring the identification of the at least one network transparent transmission device to be detected; taking the identification of the at least one network transparent transmission device to be detected as a target IP; and creating a corresponding detection message based on the target IP.
In S304, the detection packet is sent to a network transparent transmission device based on the target IP of the detection packet. The detection message can be sent to load balancing equipment; and the load balancing equipment sends the detection message to the corresponding network transparent transmission equipment based on the target IP and the address resolution protocol table entry. After the detection message arrives at the network transparent transmission device, according to the forwarding rule of the interface pair, the network transparent transmission device sends the message to the preset interface of the load balancing device as it is, more specifically, as shown in fig. 2, the detection message may be sent by the interface 2.
In S306, the detection message flowing through the network transparent transmission device is acquired. All messages flowing through the network transparent transmission equipment can be obtained; comparing the target IP of all the messages with the IP in the address resolution protocol table item; and taking the hit message as the detection message.
The load balancing device can receive the detection message from the interface 2, and the target MAC of the detection message is the MAC of the interface 2, so the load balancing device considers the message to be sent to the load balancing device, and the message normally receives the protocol stack of the system, thereby realizing the uploading of the message.
And checking whether the target IP of the message is an ID (identity) of the network transparent transmission equipment, if so, updating the latest packet receiving time, and if the current state of the network transparent transmission equipment is abnormal, updating the health state of the network transparent transmission equipment to be normal, informing a service module and allowing the network transparent transmission equipment to flow.
In S308, the packet receiving time of the detection packet is updated in a preset list. A list capable of storing all network transparent transmission equipment ID identifiers can be preset, and each entry of the preset list records the ID of the network transparent transmission equipment and the latest packet receiving time corresponding to the ID.
The timer scans the list according to a fixed time interval, if the last updating time of a certain network transparent transmission device reaches a timeout threshold, the health state of the network transparent transmission device is considered to be abnormal, the device state is marked as abnormal, and a service module is notified to stop the flow guiding to the device.
In S310, when the difference between the packet receiving time and the current time in the preset list is greater than a time threshold, determining that the state of the network transparent transmission device is abnormal.
More specifically, when the state of the network transparent transmission device is abnormal, the drainage to the network transparent transmission device can be stopped.
In one embodiment, after updating the packet receiving time of the detection packet in the preset list, the method further includes: adding a black hole route for the detection message; and forwarding the detection message based on the black hole route. A corresponding 32-bit masked black hole route may be added for messages from the IP address of the network transparent transmission device. Through the black hole route, after the detection message is received by the load balancing device, after the first packet time is recorded, the corresponding black hole route is hit, so that after the message is sent to the black hole route according to the IP route forwarding flow, the message is equivalent to packet loss processing, and the message is prevented from being forwarded by the route.
According to the detection method of the network transparent transmission equipment, the detection message is generated and sent at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining the abnormal state mode of the network transparent transmission equipment, solving the detection problem of the health state of the network transparent transmission equipment, avoiding the problem of service flow loss caused by the failure of the network transparent transmission equipment, avoiding manual intervention and facilitating maintenance.
In the detection method of the network transparent transmission device, the network transparent transmission device is allocated with a unique identification ID, and the ID is expressed in an IP form. Therefore, the corresponding static ARP list item can be created based on the ID of the network transparent transmission equipment and the MAC of the load balancing equipment interface. The table entry is used for guiding the sending of the detection message, and comprises a selected physical output interface and a filling destination MAC.
In the detection method of the network transparent transmission equipment, the detection message is sent, and the socket binding sending out interface mode is set, so that the detection message is routed according to the designated interface. And creating a corresponding 32-bit black hole routing user packet loss based on the ID of the network transparent transmission equipment, and preventing the detection message from being forwarded.
In the detection method of the network transparent transmission equipment, whether the flow is introduced into the network transparent transmission equipment is controlled according to the health state of the network transparent transmission equipment, the flow guiding is started only when the health state is normal, and the flow is not guided to the network transparent transmission equipment when the health state is abnormal.
It should be clearly understood that the present application describes how to make and use specific examples, but the principles of the present application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 4 is a flowchart illustrating a method of detecting a network transparent transmission device according to another exemplary embodiment. The flow 40 shown in fig. 4 is a detailed description of S102"" in the flow shown in fig. 2.
As shown in fig. 4, in S402, the load balancing device and the at least one network transparent transmission device are connected according to standard protocol interface rules.
In S404, an identifier is set for the at least one network transparent transmission device, where the identifier is an IP address. More specifically, a unique ID identifier may be set for each network transparent transmission device interconnected with the load balancing device, and in the present application, an IP representation may be used, that is, an IP address is used as a unique identifier of the network transparent transmission device, and the load balancing device may uniquely identify the corresponding network transparent transmission device according to the IP.
In S406, the at least one network transparent transmission device creates an address resolution protocol table entry in the load balancing device. A static ARP (address resolution protocol) table entry may be created for each network transparent transport device based on its corresponding identity.
In S408, an entry IP, an entry interface, and an entry exit interface are set in the address resolution protocol entry. More specifically, the IP of the ARP entry may be the ID of the network transparent transmission device, as shown in fig. 2, the interface of the ARP entry is the interface 1 interconnected with the ingress interface of the network transparent transmission device, and the MAC of the ARP entry is the MAC of the interface 2 connected with the egress interface of the network transparent transmission device.
Fig. 5 is a flowchart illustrating a method of detecting a network transparent transmission device according to another exemplary embodiment. The flow 50 shown in fig. 5 is a detailed description of S302 "timing generation and transmission of a detection message" in the flow shown in fig. 3.
As shown in fig. 5, in S502, at least one network transparent transmission device to be detected is determined.
In S504, an identification of the at least one network transparent transmission device to be detected is obtained.
In S506, a corresponding detection message is created based on the identification of the at least one network transparent transmission device to be detected. The identification of the at least one network transparent transmission device to be detected can be used as a target IP; and creating a corresponding detection message based on the target IP.
The socket designation sending option in the created detection message designates an interface as an interface 1 interconnected with the network transparent transmission equipment inlet interface according to the binding interface mode. Because the target IP of the message is the same as the IP of the static ARP list item which is created in advance, the packet sending flow of the system can know how to forward the IP message, the target MAC of the message can be filled with the MAC of the static ARP list item which is created in advance, and the outgoing interface of the message is the outgoing interface corresponding to the ARP list item which is created in advance, namely the outgoing interface is sent out from the interface 1.
In S508, the detection message is sent at regular time. Creating a packet socket, and periodically sending a detection message, wherein the target IP of the detection message is the ID identification of the network transparent transmission equipment.
After the detection message arrives at the network transparent transmission equipment, the network transparent transmission equipment sends the message to the interface 2 of the load balancing equipment in the original state according to the forwarding rule of the interface pair. And sending the detection message.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above-described method provided by the present application. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiment of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.
Fig. 6 is a block diagram illustrating a detection apparatus of a network transparent transmission device according to another exemplary embodiment. As shown in fig. 6, the detection apparatus 60 of the network transparent transmission device includes: the detection apparatus 60 of the message module 602, the sending module 604, the obtaining module 606, the updating module 608, the judging module 610, and the network transparent transmission device may further include: a setting module 612.
The message module 602 is configured to generate and send a detection message at regular time; the message module 602 is further configured to determine at least one network transparent transmission device to be detected; creating a corresponding detection message based on the at least one network transparent transmission device to be detected; and sending the detection message at fixed time.
The sending module 604 is configured to send the detection packet to a network transparent transmission device based on a target IP of the detection packet; the sending module 604 is further configured to send the detection packet to a load balancing device; and the load balancing equipment sends the detection message to the corresponding network transparent transmission equipment based on the target IP and the address resolution protocol table entry.
The obtaining module 606 is configured to obtain the detection packet flowing through the network transparent transmission device; the obtaining module 606 is further configured to obtain all the messages flowing through the network transparent transmission device; comparing the target IP of all the messages with the IP in the address resolution protocol table item; and taking the hit message as the detection message.
The updating module 608 is configured to update the packet receiving time of the detection packet in a preset list;
the determining module 610 is configured to determine that the state of the network transparent transmission device is abnormal when the difference between the time of receiving the packet in the preset list and the current time is greater than a time threshold. The judging module 610 is further configured to stop draining the network transparent transmission device when the network transparent transmission device is in abnormal state.
The setting module 612 is configured to connect the load balancing device and the at least one network transparent transmission device according to standard protocol interface rules; and setting an identifier for the at least one network transparent transmission device, wherein the identifier is an IP address. Creating an address resolution protocol table entry in the load balancing device by the at least one network transparent transmission device; setting an entry IP, an entry interface and an entry exit interface in the address resolution protocol entry.
According to the detection device of the network transparent transmission equipment, the detection message is generated and sent at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining the abnormal state mode of the network transparent transmission equipment, solving the detection problem of the health state of the network transparent transmission equipment, avoiding the problem of service flow loss caused by the failure of the network transparent transmission equipment, avoiding manual intervention and facilitating maintenance.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 700 according to this embodiment of the application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 710 may perform the steps as shown in fig. 3, 4, and 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 700, and/or any devices (e.g., routers, modems, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 750. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. Network adapter 760 may communicate with other modules of electronic device 700 via bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 8, the technical solution according to the embodiment of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiment of the present application.
In general, the present disclosure includes configuring a preset, probe transmission, probe reception, and protection module. For each transparent device interconnected with the load balancing device, an ID is set, for convenience of use, the load balancing device can uniquely identify the corresponding transparent device according to the IP by adopting an IP representation form. Based on each ID, creating a static ARP table entry, wherein the IP of the ARP table entry is the ID of the transparent equipment, the interface of the ARP table entry is an interface 1 which is interconnected with the inlet interface of the transparent equipment, and the MAC of the ARP table entry is the MAC of an interface 2 which is connected with the outlet interface of the transparent equipment. Creating a packet socket, and periodically sending a check message, wherein the target IP of the check message is the ID identification of the transparent device. The socket appoints the sending option according to the mode of binding interfaces, and the appointed interface is an interface 1 which is interconnected with the transparent device inlet interface. Because the target IP of the message is the same as the IP of the static ARP list item which is created in advance, the packet sending flow of the system can know how to forward the IP message, the target MAC of the message can be filled with the MAC of the static ARP list item which is created in advance, and the outgoing interface of the message is the outgoing interface corresponding to the ARP list item which is created in advance, namely the outgoing interface is sent out from the interface 1. After the detection message reaches the transparent device, the transparent device sends the message Wen Yuanyang to the interface of the load balancing device according to the forwarding rule of the interface pair to realize the sending of the detection message. The probe module maintains a list of all transparent device ID identifications, each entry recording an ID and the latest time of receipt. The timer scans the list according to a fixed time interval, if the last updating time of a certain transparent device reaches a timeout threshold, the health state of the transparent device is considered to be abnormal, the device state is marked as abnormal, and a service module is notified to stop the flow guiding to the device. The detection message is received from the interface 2, and the target MAC of the detection message is the MAC of the interface 2, so the load balancing equipment considers the message to be sent to the load balancing equipment, and the message is normally received to the protocol stack of the system, thereby realizing the uploading of the message. The detection receiving module creates an original socket, and monitors all messages received by the equipment. And checking whether the target IP of the message is an ID (identity) of the transparent equipment, if so, updating the latest packet receiving time, and if the current state of the transparent equipment is abnormal, updating the health state of the transparent equipment to be normal, informing a service module and allowing the transparent equipment to be drained. The protection module adds a corresponding 32-bit masked black hole route for the IP of the transparent device. When the detection message is received, after the detection receiving module processes the detection message, the message goes to the IP route forwarding flow, hits the corresponding black hole route and is subjected to packet loss processing. Avoiding the message from being forwarded by the route.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: generating and sending a detection message at fixed time; transmitting the detection message to a network transparent transmission device based on the target IP of the detection message; acquiring the detection message flowing through the network transparent transmission equipment; updating the packet receiving time of the detection message in a preset list; and when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining that the state of the network transparent transmission equipment is abnormal.
The computer readable medium may also implement the following functions: connecting the load balancing equipment and at least one network transparent transmission equipment according to standard protocol interface rules; and setting an identifier for the at least one network transparent transmission device, wherein the identifier is an IP address. Creating an address resolution protocol table entry in the load balancing device by the at least one network transparent transmission device; setting an entry IP, an entry interface and an entry exit interface in the address resolution protocol entry.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
The exemplary embodiments of the present application have been particularly shown and described above. It is to be understood that this application is not limited to the precise arrangements, instrumentalities and instrumentalities described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for detecting a network transparent transmission device, comprising:
generating and sending a detection message at fixed time;
transmitting the detection message to a network transparent transmission device based on the target IP of the detection message;
acquiring the detection message flowing through the network transparent transmission equipment;
updating the packet receiving time of the detection message in a preset list;
and when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value, determining that the state of the network transparent transmission equipment is abnormal.
2. The method as recited in claim 1, further comprising:
connecting the load balancing equipment and at least one network transparent transmission equipment according to standard protocol interface rules;
and setting an identifier for the at least one network transparent transmission device, wherein the identifier is an IP address.
3. The method as recited in claim 2, further comprising:
creating an address resolution protocol table entry in the load balancing device by the at least one network transparent transmission device;
setting an entry IP, an entry interface and an entry exit interface in the address resolution protocol entry.
4. The method of claim 1, wherein the timing generating and transmitting the detection message comprises:
determining at least one network transparent transmission device to be detected;
creating a corresponding detection message based on the at least one network transparent transmission device to be detected;
and sending the detection message at fixed time.
5. The method of claim 4, wherein creating a corresponding detection message based on the at least one network transparent transmission device to be detected comprises:
acquiring the identification of the at least one network transparent transmission device to be detected;
taking the identification of the at least one network transparent transmission device to be detected as a target IP;
and creating a corresponding detection message based on the target IP.
6. The method of claim 1, wherein sending the detection message to a network transparent transmission device based on a target IP of the detection message comprises:
sending the detection message to load balancing equipment;
and the load balancing equipment sends the detection message to the corresponding network transparent transmission equipment based on the target IP and the address resolution protocol table entry.
7. The method of claim 1, wherein obtaining the detection message flowing through the network transparent transmission device comprises:
acquiring all messages flowing through the network transparent transmission equipment;
comparing the target IP of all the messages with the IP in the address resolution protocol table item;
and taking the hit message as the detection message.
8. The method of claim 1, wherein determining that the network transparent transmission device state is abnormal comprises:
and stopping draining the network transparent transmission equipment when the state of the network transparent transmission equipment is abnormal.
9. The method of claim 1, wherein after updating the packet receiving time of the detection packet in a preset list, further comprising:
adding a black hole route for the detection message;
and forwarding the detection message based on the black hole route.
10. A detection apparatus for a network transparent transmission device, comprising:
the message module is used for generating and sending detection messages at fixed time;
the sending module is used for sending the detection message to the network transparent transmission equipment based on the target IP of the detection message;
the acquisition module is used for acquiring the detection message flowing through the network transparent transmission equipment;
the updating module is used for updating the packet receiving time of the detection message in a preset list;
and the judging module is used for determining that the state of the network transparent transmission equipment is abnormal when the difference value between the packet receiving time and the current time in the preset list is larger than a time threshold value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310776331.3A CN116723128A (en) | 2023-06-28 | 2023-06-28 | Method and device for detecting network transparent transmission equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310776331.3A CN116723128A (en) | 2023-06-28 | 2023-06-28 | Method and device for detecting network transparent transmission equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116723128A true CN116723128A (en) | 2023-09-08 |
Family
ID=87864399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310776331.3A Pending CN116723128A (en) | 2023-06-28 | 2023-06-28 | Method and device for detecting network transparent transmission equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116723128A (en) |
-
2023
- 2023-06-28 CN CN202310776331.3A patent/CN116723128A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11632392B1 (en) | Distributed malware detection system and submission workflow thereof | |
| US11082436B1 (en) | System and method for offloading packet processing and static analysis operations | |
| US10484412B2 (en) | Identification of infected devices in broadband environments | |
| US9807055B2 (en) | Preventing network attacks on baseboard management controllers | |
| US8640239B2 (en) | Network intrusion detection in a network that includes a distributed virtual switch fabric | |
| US10681006B2 (en) | Application-context-aware firewall | |
| US11252183B1 (en) | System and method for ransomware lateral movement protection in on-prem and cloud data center environments | |
| CN105430011A (en) | Method and device for detecting distributed denial of service attack | |
| US9893975B2 (en) | In-line network tap | |
| US10397225B2 (en) | System and method for network access control | |
| JP5980968B2 (en) | Information processing apparatus, information processing method, and program | |
| US20030028681A1 (en) | Apparatus and method for port sharing among a plurality of server processes | |
| WO2015182873A1 (en) | Dns server selective block and dns address modification method using proxy | |
| US9203851B1 (en) | Redirection of data from an on-premise computer to a cloud scanning service | |
| CN112910742A (en) | Link state detection method and device | |
| CN116723128A (en) | Method and device for detecting network transparent transmission equipment | |
| US11936738B2 (en) | System, method, and computer program product for managing a connection between a device and a network | |
| JP2018142927A (en) | System and method for addressing malware unauthorized communication | |
| US8660143B2 (en) | Data packet interception system | |
| US20230199024A1 (en) | Systems and methods for avoiding offloading traffic flows associated with malicious data | |
| EP4203393A1 (en) | Systems and methods for avoiding offloading traffic flows associated with malicious data | |
| JP6835700B2 (en) | Communication failure section isolation device, communication failure section isolation method, and program | |
| JP2016170651A (en) | Unauthorized access detection method, device and program | |
| US10951650B2 (en) | Detection of network sniffing activity | |
| CN116318849A (en) | Asset identification method, device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |