WO2018121397A1 - Network traffic control method and switch device - Google Patents

Network traffic control method and switch device Download PDF

Info

Publication number
WO2018121397A1
WO2018121397A1 PCT/CN2017/117705 CN2017117705W WO2018121397A1 WO 2018121397 A1 WO2018121397 A1 WO 2018121397A1 CN 2017117705 W CN2017117705 W CN 2017117705W WO 2018121397 A1 WO2018121397 A1 WO 2018121397A1
Authority
WO
WIPO (PCT)
Prior art keywords
traffic
mirrored
encapsulated
network
routed
Prior art date
Application number
PCT/CN2017/117705
Other languages
French (fr)
Chinese (zh)
Inventor
周雍恺
陈华俊
袁航
刘国宝
严峻岭
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2018121397A1 publication Critical patent/WO2018121397A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control

Definitions

  • the present invention generally relates to the field of network operation and maintenance technologies, and in particular, to a network traffic control scheme.
  • the monitoring of network traffic has become an important part of network operation and maintenance.
  • the commonly used method is port mirroring of the switch, that is, completely copying the traffic actually transmitted in the switch link to a destination, and then managing by the network.
  • the analyst analyzes the mirror traffic to find out the cause of the network problem, including analyzing the data flow direction, throughput performance, troubleshooting, and security anomalies in the network.
  • the current port mirroring analysis involves routing the mirrored traffic to a remote location.
  • the encapsulated mirrored traffic shares the same link resources as the normal traffic, which affects the traffic normally forwarded in the network.
  • the present invention provides a network flow control scheme that can improve the above problems.
  • the present invention provides a network traffic control method, including: mirroring a packet transmitted in a network; routing and encapsulating the mirrored traffic of the packet; and locally exporting the mirrored encapsulated mirrored traffic.
  • locally routing the routed encapsulated mirrored traffic comprises reserving a port for the routed encapsulated mirrored traffic on the local device and deriving the routed encapsulated mirrored traffic from the reserved port.
  • deriving the routed encapsulated mirrored traffic from the reserved port comprises statically binding an IP address to the reserved port, and using the IP address bound to the reserved port as the The destination address of the mirrored traffic that is encapsulated.
  • the local device is a Layer 3 switch.
  • locally routing the routed encapsulated mirrored traffic includes locally transmitting the routed encapsulated mirrored traffic to the traffic aggregation device, wherein the traffic aggregation device is in communication with the network analysis device.
  • route encapsulation comprises an index of descriptive information for the message.
  • route encapsulation adopts a form of encapsulating a remote port mirroring ERSPAN message, and using a session identification field in the ERSPAN packet as the index.
  • the present invention further provides a switch device, including: a mirroring module, configured to mirror a message transmitted in a network; and an encapsulating module, configured to perform routing and encapsulation on the mirrored traffic of the packet;
  • the export module is used to locally export the mirrored encapsulated mirrored traffic.
  • FIG. 1 is a schematic flow chart of a network flow control method according to an example of the present invention.
  • FIG. 2 is a schematic application scenario of a network traffic control method according to another example of the present invention.
  • FIG. 3 is a schematic block diagram of a switch device in accordance with one example of the present invention.
  • FIG. 1 is a schematic flow chart of a network flow control method according to an example of the present invention.
  • the method shown in Figure 1 can be implemented, for example, in a switch device.
  • the message transmitted in the network is first mirrored in step 11.
  • this may, for example, employ a port mirroring process of the switch, ie, completely copying the traffic of the source port of the switch.
  • the main purpose of generating a mirror is to enable the network administrator to analyze the packet mirror to find out the cause of the network problem.
  • the message that generates the image can be specified, for example, by a network administrator, or automatically generated by a switch or a processing system communicatively coupled to the switch in accordance with pre-set conditions.
  • step 13 the generated mirrored traffic is route encapsulated so that the mirrored traffic can be routed to the remote network analysis device in the network.
  • various descriptions related to the original message or indexes containing the description information may be included in the headers of these route encapsulations, which is especially useful for cloud network environments.
  • a cloud network is a network that hosts cloud platform virtualization applications. Cloud network traffic is characterized by virtualization and dynamization. Virtualization refers to the existence of logical access traffic and actual physical traffic. Each physical port may carry traffic of multiple virtual hosts. Dynamicization means that virtual hosts can be dynamically migrated, so their network traffic is also migrated and is not fixed to a physical port.
  • the network administrator can analyze the network traffic situation more accurately and efficiently.
  • the description information of the packet may include, for example, one or more of message and user information, path information, virtual network group information, and the like.
  • the packet mirroring may be encapsulated in the form of an encapsulated remote port mirroring ERSPAN packet.
  • the session identifier field in the ERSPAN packet may be used as the index.
  • the session identifier (in the session_id field) in the ERSPAN header is stored together with the description information of the packet as an association table. Therefore, after receiving the ERSPAN message, the network analysis device can extract the description information according to the session identifier thereof for the network administrator to use in the analysis process.
  • step 15 includes locally routing the mirrored encapsulated mirrored traffic.
  • the port may be reserved for routed encapsulated mirrored traffic on the local switch device and the routed encapsulated mirrored traffic may be derived from the reserved port.
  • the IP address can be statically bound to the reserved port, and the IP address bound to the reserved port is used as the destination address of the mirrored encapsulated traffic.
  • the local device can be, for example, a Layer 3 switch, so routing traffic can be routed.
  • routing traffic can be routed.
  • all mirrored traffic that is to be routed to the remote network analysis device is all locally exported, thereby avoiding the impact of the mirrored traffic on the normal traffic in the switch link.
  • Mirrored traffic only occupies the reserved interface bandwidth, and the excess can be directly discarded, so that it does not overflow or encroach on other link resources.
  • the routing encapsulation can be used to enable the mirroring traffic to carry the description information related to the packet, so that it has better flexibility and relevance than the general local traffic mirroring, which is especially applicable in the cloud network scenario.
  • the routed encapsulated mirrored traffic may be locally transmitted from the locally encapsulated mirrored traffic to a traffic aggregation device (such as a TAP device), which in turn is in communication with the network analysis device.
  • a traffic aggregation device such as a TAP device
  • the deepened portion in the switch shown in Figure 2 represents a reserved port.
  • Mirror traffic from different switches can be aggregated through the TAP device and finally imported into the network analysis device for traffic analysis.
  • the network traffic control scheme provided by the present invention can improve the controllability of the impact on the mirrored traffic, especially the packets such as ERSPAN encapsulation.
  • the mirrored traffic of the route encapsulation will be restricted to the local exchange to avoid occupying the uplink bandwidth, and by preserving a fixed port channel for the mirrored traffic, the mirrored traffic can be limited to a controllable range.
  • the method of the present invention can provide administrators with more traffic for the traffic while limiting the impact of the ERSPAN mode mirrored traffic on the network link while utilizing its flexibility and relevance to the local mirrored traffic. Analyze useful information and improve the efficiency of network traffic monitoring. As mentioned above, this is especially true in cloud network scenarios.
  • the switch device 300 includes a mirroring module 31, a packaging module 33, and an exporting module 35.
  • the mirroring module is configured to mirror the packets transmitted in the network;
  • the encapsulating module 33 is configured to route the encapsulated traffic of the packet;
  • the exporting module 35 is configured to derive the routing encapsulation from the local Mirror traffic.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided is a network traffic control method. The method comprises: mirroring a message transmitted in a network; performing routing encapsulation on mirrored traffic of the message; and exporting the mirrored traffic having undergone the route encapsulation from the locality. In addition, also provided is a switch device. The switch device comprises: a mirroring module, for mirroring a message transmitted in a network; an encapsulation module, for performing routing encapsulation on mirrored traffic of the message; and an export module, for exporting the mirrored traffic having undergone the routing encapsulation from the locality.

Description

一种网络流量控制方法以及交换机设备Network flow control method and switch device 技术领域Technical field
本发明一般地涉及网络运维技术领域,并且具体地,涉及网络流量控制方案。The present invention generally relates to the field of network operation and maintenance technologies, and in particular, to a network traffic control scheme.
背景技术Background technique
随着互联网的普及,对网络流量的监控成为网络运行及维护中的重要组成部分。为了不影响网络中正常的数据发送,同时对网络流量进行分析,通常采用的方法是交换机的端口镜像,也就是把交换机链路中实际传输的流量完全复制到某个目的地,然后由网络管理员在目的地通过分析镜像流量来找出网络存在问题的原因,包括在后台针对网络中的数据流向、吞吐性能、故障排错以及安全异常等进行分析。With the popularity of the Internet, the monitoring of network traffic has become an important part of network operation and maintenance. In order not to affect the normal data transmission in the network and analyze the network traffic at the same time, the commonly used method is port mirroring of the switch, that is, completely copying the traffic actually transmitted in the switch link to a destination, and then managing by the network. At the destination, the analyst analyzes the mirror traffic to find out the cause of the network problem, including analyzing the data flow direction, throughput performance, troubleshooting, and security anomalies in the network.
然而,目前的端口镜像分析包括将镜像流量路由至远程位置,封装后的镜像流量与正常的流量共享同一链路资源,这将影响网络中正常转发的流量。However, the current port mirroring analysis involves routing the mirrored traffic to a remote location. The encapsulated mirrored traffic shares the same link resources as the normal traffic, which affects the traffic normally forwarded in the network.
因此,所期望的是设计一种简单易行且低成本的网络流量控制方案,以减轻或避免用于网络分析的镜像流量对正常流量的干扰。Therefore, it is desirable to design a simple and low-cost network flow control scheme to mitigate or avoid interference of normal traffic with mirrored traffic for network analysis.
发明内容Summary of the invention
有鉴于此,本发明提供了一种网络流量控制方案,可改善上述问题。In view of this, the present invention provides a network flow control scheme that can improve the above problems.
一方面,本发明提供了一种网络流量控制方法,其包括:对网络中传输的报文进行镜像;为所述报文的镜像流量进行路由封装;以及从本地导出经路由封装的镜像流量。In one aspect, the present invention provides a network traffic control method, including: mirroring a packet transmitted in a network; routing and encapsulating the mirrored traffic of the packet; and locally exporting the mirrored encapsulated mirrored traffic.
如上所述的方法,其中,从本地导出经路由封装的镜像流量包括在本地设备上为经路由封装的镜像流量预留端口,并且从所述预留端口导出经路由封装的镜像流量。The method as described above, wherein locally routing the routed encapsulated mirrored traffic comprises reserving a port for the routed encapsulated mirrored traffic on the local device and deriving the routed encapsulated mirrored traffic from the reserved port.
如上所述的方法,其中,从所述预留端口导出经路由封装的镜像流量包括为所述预留端口静态绑定IP地址,并且将与所述预留端口绑定的IP地址作为所述经路由封装的镜像流量的目的地址。The method as described above, wherein deriving the routed encapsulated mirrored traffic from the reserved port comprises statically binding an IP address to the reserved port, and using the IP address bound to the reserved port as the The destination address of the mirrored traffic that is encapsulated.
如上所述的方法,其中,所述本地设备为三层交换机。The method as described above, wherein the local device is a Layer 3 switch.
如上所述的方法,从本地导出经路由封装的镜像流量包括从本地将经路由封装的镜像流量传送至流量汇聚设备,其中所述流量汇聚设备与网络分析设备通信 连接。In the method described above, locally routing the routed encapsulated mirrored traffic includes locally transmitting the routed encapsulated mirrored traffic to the traffic aggregation device, wherein the traffic aggregation device is in communication with the network analysis device.
如上所述的方法,其中,所述路由封装包含所述报文的描述信息。The method as described above, wherein the route encapsulation includes description information of the message.
如上所述的方法,其中,所述路由封装包含针对所述报文的描述信息的索引。The method as described above, wherein the route encapsulation comprises an index of descriptive information for the message.
如上所述的方法,其中,所述路由封装采用封装远程端口镜像ERSPAN报文的形式,并且将所述ERSPAN报文中的会话标识字段作为所述索引。The method as described above, wherein the route encapsulation adopts a form of encapsulating a remote port mirroring ERSPAN message, and using a session identification field in the ERSPAN packet as the index.
另一方面,本发明还提供了一种交换机设备,其包括:镜像模块,用于对网络中传输的报义进行镜像;封装模块,用于为所述报文的镜像流量进行路由封装;以及导出模块,用于从本地导出经路由封装的镜像流量。In another aspect, the present invention further provides a switch device, including: a mirroring module, configured to mirror a message transmitted in a network; and an encapsulating module, configured to perform routing and encapsulation on the mirrored traffic of the packet; The export module is used to locally export the mirrored encapsulated mirrored traffic.
附图说明DRAWINGS
本发明的前述和其他目标、特征和优点根据下面对本发明的实施例的更具体的说明将是显而易见的,这些实施例在附图中被示意。The foregoing and other objects, features, and advantages of the invention will be apparent from
图1是根据本发明一个示例的网络流量控制方法的示意流程图。1 is a schematic flow chart of a network flow control method according to an example of the present invention.
图2是根据本发明的另一示例的网络流量控制方法的示意应用场景。2 is a schematic application scenario of a network traffic control method according to another example of the present invention.
图3是根据本发明一个示例的交换机设备的示意框图。3 is a schematic block diagram of a switch device in accordance with one example of the present invention.
具体实施方式detailed description
现在参照附图描述本发明的示意性示例,相同的附图标号表示相同的元件。下文描述的各示例有助于本领域技术人员透彻理解本发明,且各示例意在示例而非限制。图中各元件、部件、模块、装置及设备本体的图示仅示意性表明存在这些元件、部件、模块、装置及设备本体同时亦表明它们之间的相对关系,但并不用以限定它们的具体形状;流程图中各步骤的关系也不以所给出的顺序为限,可根据实际应用进行调整但不脱离本申请的保护范围。BRIEF DESCRIPTION OF THE DRAWINGS Exemplary embodiments of the present invention will now be described with reference to the drawings, wherein like reference numerals refer to the like. The examples described below are provided to enable those skilled in the art to understand the invention, and the examples are intended to be illustrative and not limiting. The illustrations of the various elements, components, modules, devices and device bodies in the figures are only illustrative of the existence of such elements, components, modules, devices, and device bodies, and also indicate the relative relationship between them, but are not intended to limit their specificity. Shape; the relationship of the steps in the flowchart is not limited to the order given, and can be adjusted according to the actual application without departing from the scope of protection of the present application.
图1是根据本发明一个示例的网络流量控制方法的示意流程图。图1所示的方法可以例如在交换机设备中实施。如图1所示,首先在步骤11中对网络中传输的报文进行镜像。在一些示例中,这可以例如采用交换机的端口镜像过程,即把交换机的源端口的流量完全复制一份。生成镜像的主要目的是为了供网络管理员通过对报文镜像进行分析来找出网络存在问题的原因。生成镜像的报文可以例如由网络管理员指定,或者由交换机或者与交换机通信连接的处理系统按照预先设定的条件 来自动生成。1 is a schematic flow chart of a network flow control method according to an example of the present invention. The method shown in Figure 1 can be implemented, for example, in a switch device. As shown in FIG. 1, the message transmitted in the network is first mirrored in step 11. In some examples, this may, for example, employ a port mirroring process of the switch, ie, completely copying the traffic of the source port of the switch. The main purpose of generating a mirror is to enable the network administrator to analyze the packet mirror to find out the cause of the network problem. The message that generates the image can be specified, for example, by a network administrator, or automatically generated by a switch or a processing system communicatively coupled to the switch in accordance with pre-set conditions.
接着,在步骤13中,为所生成的镜像流量进行路由封装,使得这些镜像流量能够在网络中被路由到远端的网络分析设备。另一方面,在这些路由封装的报头中还可以包含或与原始报文相关的各种描述信息或者包含针对这些描述信息的索引,这对于云网络环境尤其有用。云网络是承载云平台虚拟化应用的网络。云网络流量具有虚拟化、动态化等特点。虚拟化是指存在逻辑的访问流量与实际的物理流量,每个物理端口可能承载多个虚拟主机的流量。动态化指的是虚拟主机是可以动态迁移的,因此其网络流量也会随之进行迁移,不固定于某一物理端口。通过在路由封装中包含被镜像的报义的描述信息或者包含针对这些描述信息的索引,能够使得网络管理员更准确和高效地对网络流量情况进行分析。具体地,报文的描述信息可以例如包括报文的和户信息、路径信息、虚拟网络组信息等中的一个或多个。Next, in step 13, the generated mirrored traffic is route encapsulated so that the mirrored traffic can be routed to the remote network analysis device in the network. On the other hand, various descriptions related to the original message or indexes containing the description information may be included in the headers of these route encapsulations, which is especially useful for cloud network environments. A cloud network is a network that hosts cloud platform virtualization applications. Cloud network traffic is characterized by virtualization and dynamization. Virtualization refers to the existence of logical access traffic and actual physical traffic. Each physical port may carry traffic of multiple virtual hosts. Dynamicization means that virtual hosts can be dynamically migrated, so their network traffic is also migrated and is not fixed to a physical port. By including the description information of the mirrored message in the route encapsulation or including an index for the description information, the network administrator can analyze the network traffic situation more accurately and efficiently. Specifically, the description information of the packet may include, for example, one or more of message and user information, path information, virtual network group information, and the like.
在一个示例中,可以采用封装远程端口镜像ERSPAN报文的形式对报文镜像进行路由封装。在采用ERSPAN报文的情况下,可以将所述ERSPAN报文中的会话标识字段作为所述索引。例如,可以在对报文镜像进行ERSPAN报文封装的过程中,将ERSPAN报头中的会话标识(在session_id字段中)与报文的描述信息一起存储成关联表。由此,网络分析设备在收到ERSPAN报文之后可以根据其中的会话标识来提取描述信息,以供网络管理员在分析过程中使用。In an example, the packet mirroring may be encapsulated in the form of an encapsulated remote port mirroring ERSPAN packet. In the case of adopting an ERSPAN packet, the session identifier field in the ERSPAN packet may be used as the index. For example, in the process of encapsulating the ERSPAN packet, the session identifier (in the session_id field) in the ERSPAN header is stored together with the description information of the packet as an association table. Therefore, after receiving the ERSPAN message, the network analysis device can extract the description information according to the session identifier thereof for the network administrator to use in the analysis process.
在常规的系统中,这些经路由封装的镜像流量将与正常流量一起在网络中进行传输,从而可能造成网络拥塞。相比之下,在图1的示例中,步骤15包括从本地导出经路由封装的镜像流量。In conventional systems, these routed encapsulated mirrored traffic will be transmitted along with normal traffic in the network, potentially causing network congestion. In contrast, in the example of FIG. 1, step 15 includes locally routing the mirrored encapsulated mirrored traffic.
在一些示例中,可以在本地的交换机设备上为经路由封装的镜像流量预留端口,并且从预留端口导出经路由封装的镜像流量。例如,可以为预留端口静态绑定IP地址,并且将与预留端口绑定的IP地址作为经路由封装的镜像流量的目的地址。In some examples, the port may be reserved for routed encapsulated mirrored traffic on the local switch device and the routed encapsulated mirrored traffic may be derived from the reserved port. For example, the IP address can be statically bound to the reserved port, and the IP address bound to the reserved port is used as the destination address of the mirrored encapsulated traffic.
本地设备可以例如是三层交换机,因此可以对镜像流量提供路由。然而,在本发明中,规定将所有原本要路由到远端网络分析设备的镜像流量全部从本地导出,从而避免了镜像流量在交换机链路中对正常流量造成的影响。镜像流量只会占用预留的接口带宽,而超出部分可以被直接丢弃,从而不会溢出或侵占其他的链路资源。同时,又可以利用路由封装使得镜像流量携带与报文相关的描述信息,从而相对于一般的本地流量镜像具有更好的灵活性与可关联性,这在云网络场景下尤其适用。The local device can be, for example, a Layer 3 switch, so routing traffic can be routed. However, in the present invention, it is specified that all mirrored traffic that is to be routed to the remote network analysis device is all locally exported, thereby avoiding the impact of the mirrored traffic on the normal traffic in the switch link. Mirrored traffic only occupies the reserved interface bandwidth, and the excess can be directly discarded, so that it does not overflow or encroach on other link resources. At the same time, the routing encapsulation can be used to enable the mirroring traffic to carry the description information related to the packet, so that it has better flexibility and relevance than the general local traffic mirroring, which is especially applicable in the cloud network scenario.
图2是根据本发明的另一示例的网络流量控制方法的示意应用场景。如图1所示,从本地导出经路由封装的镜像流量可以是从本地将经路由封装的镜像流量传送至流量汇聚设备(诸如TAP设备),而该流量汇聚设备又与网络分析设备通信连接。图2所示的交换机中的加深部分表示预留端口。来自不同交换机的镜像流量可以通过TAP设备进行流量汇聚,最终导入到网络分析设备中进行流量分析。2 is a schematic application scenario of a network traffic control method according to another example of the present invention. As shown in FIG. 1, the routed encapsulated mirrored traffic may be locally transmitted from the locally encapsulated mirrored traffic to a traffic aggregation device (such as a TAP device), which in turn is in communication with the network analysis device. The deepened portion in the switch shown in Figure 2 represents a reserved port. Mirror traffic from different switches can be aggregated through the TAP device and finally imported into the network analysis device for traffic analysis.
本发明所提供的网路流量控制方案能够提升对镜像流量影响的可控程度,尤其是例如ERSPAN封装的报文。通过利用本发明的方法,经路由封装的镜像流量将被限制在本地交换机,避免其占用上行链路带宽,并且通过为镜像流量预留固定的端口信道,可以将镜像流量限定在可控范围内,从而防止溢出,大大增加网络及相关设备的稳定性。此外,通过本发明的方法可以在限制ERSPAN方式的镜像流量对网络链路的影响的同时,利用其相对于本地镜像流量更优的灵活性与可关联性,从而为管理员提供更多对于流量分析有用的信息,提高网络流量监控的效率。如上所述,这在云网络场景下尤其适用。The network traffic control scheme provided by the present invention can improve the controllability of the impact on the mirrored traffic, especially the packets such as ERSPAN encapsulation. By utilizing the method of the present invention, the mirrored traffic of the route encapsulation will be restricted to the local exchange to avoid occupying the uplink bandwidth, and by preserving a fixed port channel for the mirrored traffic, the mirrored traffic can be limited to a controllable range. To prevent overflow, greatly increasing the stability of the network and related equipment. In addition, the method of the present invention can provide administrators with more traffic for the traffic while limiting the impact of the ERSPAN mode mirrored traffic on the network link while utilizing its flexibility and relevance to the local mirrored traffic. Analyze useful information and improve the efficiency of network traffic monitoring. As mentioned above, this is especially true in cloud network scenarios.
图3是根据本发明一个示例的交换机设备的示意框图。如图3所示,交换机设备300包括镜像模块31、封装模块33以及导出模块35。具体地,镜像模块被配置用于对网络中传输的报文进行镜像;封装模块33被配置用于为该报文的镜像流量进行路由封装;导出模块35被配置用于从本地导出经路由封装的镜像流量。3 is a schematic block diagram of a switch device in accordance with one example of the present invention. As shown in FIG. 3, the switch device 300 includes a mirroring module 31, a packaging module 33, and an exporting module 35. Specifically, the mirroring module is configured to mirror the packets transmitted in the network; the encapsulating module 33 is configured to route the encapsulated traffic of the packet; and the exporting module 35 is configured to derive the routing encapsulation from the local Mirror traffic.
在本说明书中省去了对一般的交换机设备的其他构造的描述,以避免不必要的冗余。但本领域技术人员能够理解图3所示的结构能够被集成在任何已有或待开发的交换机设备中。图3所示的交换机设备能够被配置为实现上文所描述的任何与本发明所提供的、在交换机设备处实现的相关操作。本领域技术人员能够理解,图3所示的模块划分仅是示意性的,这些模块能够按照具体实现来集成或进一步划分,并且以任何软件或硬件的形式来实现。Descriptions of other configurations of general switch devices are omitted in this specification to avoid unnecessary redundancy. However, those skilled in the art will appreciate that the structure shown in Figure 3 can be integrated into any switch device that is or is being developed. The switch device shown in Figure 3 can be configured to implement any of the operations described above that are implemented at the switch device as provided by the present invention. Those skilled in the art can understand that the module division shown in FIG. 3 is only schematic, and these modules can be integrated or further divided according to a specific implementation, and implemented in any software or hardware form.
应当说明的是,以上具体实施方式仅用以说明本发明的技术方案而非对其进行限制。尽管参照上述具体实施方式对本发明进行了详细的说明,本领域的普通技术人员应当理解,依然可以对本发明的具体实施方式进行修改或对部分技术特征进行等同替换而不脱离本发明的实质,其均涵盖在本发明请求保护的范围中。It should be noted that the above specific embodiments are merely illustrative of the technical solutions of the present invention and are not limited thereto. While the invention has been described in detail herein with reference to the preferred embodiments of the embodiments of the invention All are covered by the scope of the claimed invention.

Claims (16)

  1. 一种网络流量控制方法,其包括:A network flow control method includes:
    对网络中传输的报文进行镜像;Mirroring packets transmitted on the network;
    为所述报文的镜像流量进行路由封装;以及Routing encapsulation of the mirrored traffic of the packet;
    从本地导出经路由封装的镜像流量。The mirrored encapsulated mirror traffic is exported locally.
  2. 如权利要求1所述的方法,其中,从本地导出经路由封装的镜像流量包括在本地设备上为经路由封装的镜像流量预留端口,并且从所述预留端口导出经路由封装的镜像流量。The method of claim 1 wherein locally routing the routed encapsulated mirrored traffic comprises reserving a port for the routed encapsulated mirrored traffic on the local device and deriving the routed encapsulated mirrored traffic from the reserved port .
  3. 如权利要求2所述的方法,其中,从所述预留端口导出经路由封装的镜像流量包括为所述预留端口静态绑定IP地址,并且将与所述预留端口绑定的IP地址作为所述经路由封装的镜像流量的目的地址。The method of claim 2, wherein deriving the routed encapsulated mirrored traffic from the reserved port comprises statically binding an IP address to the reserved port and an IP address bound to the reserved port As the destination address of the mirrored encapsulated mirrored traffic.
  4. 如权利要求2所述的方法,其中,所述本地设备为三层交换机。The method of claim 2 wherein said local device is a Layer 3 switch.
  5. 如权利要求1所述的方法,从本地导出经路由封装的镜像流量包括从本地将经路由封装的镜像流量传送至流量汇聚设备,其中所述流量汇聚设备与网络分析设备通信连接。The method of claim 1 wherein locally routing the routed encapsulated mirrored traffic comprises locally routing the encapsulated encapsulated mirrored traffic to a traffic aggregation device, wherein the traffic aggregation device is in communication with the network analysis device.
  6. 如权利要求1所述的方法,其中,所述路由封装包含所述报文的描述信息。The method of claim 1 wherein said routing encapsulation comprises descriptive information of said message.
  7. 如权利要求1所述的方法,其中,所述路由封装包含针对所述报文的描述信息的索引。The method of claim 1 wherein said routing encapsulation comprises an index of descriptive information for said message.
  8. 如权利要求7所述的方法,其中,所述路由封装采用封装远程端口镜像ERSPAN报文的形式,并且将所述ERSPAN报文中的会话标识字段作为所述索引。The method of claim 7, wherein the routing encapsulation takes the form of encapsulating a remote port mirroring ERSPAN message and using the session identification field in the ERSPAN message as the index.
  9. 一种交换机设备,其包括:A switch device includes:
    镜像模块,用于对网络中传输的报文进行镜像;The mirroring module is configured to mirror the packets transmitted on the network.
    封装模块,用于为所述报文的镜像流量进行路由封装;以及An encapsulating module, configured to perform routing and encapsulation on the mirrored traffic of the packet;
    导出模块,用于从本地导出经路由封装的镜像流量。The export module is used to locally export the mirrored encapsulated mirrored traffic.
  10. 如权利要求9所述的交换机设备,其中,从本地导出经路由封装的镜像流量包括为经路由封装的镜像流量预留端口,并且从所述预留端口导出经路由封装的镜像流量。The switch device of claim 9, wherein locally routing the routed encapsulated mirrored traffic comprises reserving a port for the routed encapsulated mirrored traffic and deriving the routed encapsulated mirrored traffic from the reserved port.
  11. 如权利要求10所述的交换机设备,其中,从所述预留端口导出经路由封装的镜像流量包括为所述预留端口静态绑定IP地址,并且将与所述预留端口绑定的IP地 址作为所述经路由封装的镜像流量的目的地址。The switch device of claim 10, wherein deriving the routed encapsulated mirrored traffic from the reserved port comprises statically binding an IP address to the reserved port and binding the IP with the reserved port The address is used as the destination address of the mirrored encapsulated traffic.
  12. 如权利要求9所述的交换机设备,其中,从本地导出经路由封装的镜像流量包括将经路由封装的镜像流量传送至流量汇聚设备,其中所述流量汇聚设备与网络分析设备通信连接。The switch device of claim 9, wherein locally routing the routed encapsulated mirrored traffic comprises transmitting the routed encapsulated mirrored traffic to a traffic aggregation device, wherein the traffic aggregation device is in communication with the network analysis device.
  13. 如权利要求9所述的交换机设备,其中,所述路由封装包含所述报文的描述信息。The switch device of claim 9, wherein the routing encapsulation comprises descriptive information of the message.
  14. 如权利要求9所述的交换机设备,其中,所述路由封装包含针对所述报文的描述信息的索引。The switch device of claim 9, wherein the routing encapsulation comprises an index to descriptive information of the message.
  15. 如权利要求14所述的交换机设备,其中,所述路由封装采用封装远程端口镜像ERSPAN报文的形式,并且将所述ERSPAN报文中的会话标识字段作为所述索引。The switch device of claim 14, wherein the route encapsulation takes the form of encapsulating a remote port mirroring ERSPAN message and using the session identification field in the ERSPAN message as the index.
  16. 如权利要求9所述的交换机设备,其中,所述交换机设备是三层交换机。The switch device of claim 9, wherein the switch device is a Layer 3 switch.
PCT/CN2017/117705 2016-12-30 2017-12-21 Network traffic control method and switch device WO2018121397A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611257763.XA CN106982179A (en) 2016-12-30 2016-12-30 A kind of method for controlling network flow and switch device
CN201611257763.X 2016-12-30

Publications (1)

Publication Number Publication Date
WO2018121397A1 true WO2018121397A1 (en) 2018-07-05

Family

ID=59340949

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117705 WO2018121397A1 (en) 2016-12-30 2017-12-21 Network traffic control method and switch device

Country Status (2)

Country Link
CN (1) CN106982179A (en)
WO (1) WO2018121397A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110891047A (en) * 2019-10-08 2020-03-17 中国信息通信研究院 Intelligent sound box data stream processing method and system
CN112202646A (en) * 2020-12-03 2021-01-08 观脉科技(北京)有限公司 Flow analysis method and system
CN112653628A (en) * 2020-12-23 2021-04-13 新华三技术有限公司 ERSPAN method and network equipment

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106982179A (en) * 2016-12-30 2017-07-25 中国银联股份有限公司 A kind of method for controlling network flow and switch device
CN107770098A (en) * 2017-09-05 2018-03-06 全球能源互联网研究院有限公司 A kind of transformer station's station communication drainage method and system based on SDN
CN108092845A (en) * 2017-11-06 2018-05-29 中国银联股份有限公司 The differentiation and positioning of mirror image flow
CN108270699B (en) * 2017-12-14 2020-11-24 中国银联股份有限公司 Message processing method, shunt switch and aggregation network
CN109120554B (en) * 2018-09-25 2021-08-24 杭州迪普科技股份有限公司 Stream mirroring method and exchange equipment based on true mirror
US10999366B2 (en) * 2019-03-10 2021-05-04 Mellanox Technologies Tlv Ltd. Mirroring dropped packets
CN111478862B (en) * 2020-03-09 2022-02-22 邦彦技术股份有限公司 Remote data mirroring system and method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155081A (en) * 2006-09-29 2008-04-02 中兴通讯股份有限公司 IP DSLAM business fault diagnosing method based on network processor
CN101193002A (en) * 2006-11-20 2008-06-04 中兴通讯股份有限公司 A fault diagnosis and alarming method for broadband access service
CN105357075A (en) * 2015-11-20 2016-02-24 武汉邮电科学研究院 Flow monitoring system based on software definition network and flow monitoring method
US20160182336A1 (en) * 2014-12-22 2016-06-23 Vmware, Inc. Hybrid cloud network monitoring system for tenant use
CN105978852A (en) * 2016-04-14 2016-09-28 北京北信源软件股份有限公司 Network equipment access history information determination method, equipment and switch
US20160294647A1 (en) * 2013-09-24 2016-10-06 International Business Machines Corporation Determining Sampling Rate from Randomly Sampled Events
CN106982179A (en) * 2016-12-30 2017-07-25 中国银联股份有限公司 A kind of method for controlling network flow and switch device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155081A (en) * 2006-09-29 2008-04-02 中兴通讯股份有限公司 IP DSLAM business fault diagnosing method based on network processor
CN101193002A (en) * 2006-11-20 2008-06-04 中兴通讯股份有限公司 A fault diagnosis and alarming method for broadband access service
US20160294647A1 (en) * 2013-09-24 2016-10-06 International Business Machines Corporation Determining Sampling Rate from Randomly Sampled Events
US20160182336A1 (en) * 2014-12-22 2016-06-23 Vmware, Inc. Hybrid cloud network monitoring system for tenant use
CN105357075A (en) * 2015-11-20 2016-02-24 武汉邮电科学研究院 Flow monitoring system based on software definition network and flow monitoring method
CN105978852A (en) * 2016-04-14 2016-09-28 北京北信源软件股份有限公司 Network equipment access history information determination method, equipment and switch
CN106982179A (en) * 2016-12-30 2017-07-25 中国银联股份有限公司 A kind of method for controlling network flow and switch device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110891047A (en) * 2019-10-08 2020-03-17 中国信息通信研究院 Intelligent sound box data stream processing method and system
CN112202646A (en) * 2020-12-03 2021-01-08 观脉科技(北京)有限公司 Flow analysis method and system
CN112202646B (en) * 2020-12-03 2021-02-26 观脉科技(北京)有限公司 Flow analysis method and system
CN112653628A (en) * 2020-12-23 2021-04-13 新华三技术有限公司 ERSPAN method and network equipment
CN112653628B (en) * 2020-12-23 2022-07-12 新华三技术有限公司 ERSPAN method and network equipment

Also Published As

Publication number Publication date
CN106982179A (en) 2017-07-25

Similar Documents

Publication Publication Date Title
WO2018121397A1 (en) Network traffic control method and switch device
US11792046B2 (en) Method for generating forwarding information, controller, and service forwarding entity
US11411770B2 (en) Virtual port channel bounce in overlay network
US10237230B2 (en) Method and system for inspecting network traffic between end points of a zone
US7738457B2 (en) Method and system for virtual routing using containers
RU2651143C1 (en) Method, device and system of steam recording configuration
EP3044914B1 (en) Enhanced network virtualization using metadata in encapsulation header
US10992709B2 (en) Efficient use of IPsec tunnels in multi-path environment
US9225656B2 (en) Quality of service in a heterogeneous network
US20220078114A1 (en) Method and Apparatus for Providing Service for Traffic Flow
US7835285B2 (en) Quality of service, policy enhanced hierarchical disruption tolerant networking system and method
JP6162337B2 (en) Application-aware network management
US9356844B2 (en) Efficient application recognition in network traffic
US9712649B2 (en) CCN fragmentation gateway
WO2012106869A1 (en) Message processing method and related device thereof
US9800551B2 (en) AVC Bi-directional correlation using an overlay fabric header
EP3574617B1 (en) Method and apparatus for managing routing disruptions in a computer network
WO2015070755A1 (en) Network security method and device
CN113395212A (en) Network device, method of operating the same, and non-transitory computer-readable medium
CN112637237B (en) Service encryption method, system, equipment and storage medium based on SRoU
US20170244622A1 (en) In-band, health-based assessments of service function paths
US9749236B2 (en) Increased network scalability by router aware switches
US11956160B2 (en) End-to-end flow control with intermediate media access control security devices
US11722525B2 (en) IPsec processing of packets in SoCs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17889473

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17889473

Country of ref document: EP

Kind code of ref document: A1