WO2023207202A1 - Method and apparatus for creating network configuration template, method and apparatus for network configuration, and device - Google Patents

Abstract

The present application discloses a method and apparatus for creating a network configuration template, a method and apparatus for network configuration, and a device, applied to a network configuration system. The method for network configuration comprises: in response to a trigger behavior of a second user, obtaining a previously configured template list of a station where the second user is located, and displaying the template list; determining a target network configuration template selected by the second user from the template list; generating a network configuration page on the basis of the target network configuration template, and displaying the network configuration page; in response to an operation of the second user in the network configuration page, determining network configuration information; and generating a network configuration scheme according to the target network configuration template and the network configuration information. Therefore, unified configuration of network configuration information of a plurality of intranet devices is achieved by using a template, manpower consumption is reduced, and the efficiency of batched network device configuration is improved.

Description

Methods, devices and equipment for creating network configuration templates and network configuration

This application claims priority to the Chinese patent application with application number 202210455222.7, which was submitted to the China Patent Office on April 28, 2022. The entire content of this application is incorporated into this application by reference.

Technical field

The present application relates to the technical field of data processing of power systems, and in particular to a method of creating a network configuration template, a method of network configuration, a device for creating a network configuration template, a device for network configuration, an electronic device and a device. A computer-readable storage medium.

Background technique

In order to cope with the growing demand for electricity from residents, the power supply bureau needs to build new substations. During this process, on-site implementation personnel need to perform network configuration on the network equipment deployed in the newly built substation. Due to the special requirements of the power industry, network equipment is deployed in the intranet. In addition, the power supply bureau has high security requirements for the network environment, so the configuration content is extensive, including: network segment division of intranet equipment, IP allocation, switches, firewalls, encryption device routing tables, firewall NAT, firewalls, encryption machine policies, Encryptor tunnel configuration, device information connected to each network port of the switch, etc. Each site relies on manual configuration methods, which is time-consuming and labor-intensive. Moreover, due to the uneven levels of implementation personnel, configurations are often simple to save trouble, and there are problems with irregular and inaccurate information.

Contents of the invention

This application provides a method, device and equipment for creating a network configuration template and network configuration to solve the problems of time-consuming, labor-intensive, non-standard and inaccurate information caused by manually configuring network equipment in a substation.

According to a first aspect of the present application, a method for creating a network configuration template is provided. The method is applied in a network configuration system, and the method includes:

In response to the new template operation initiated by the first user, display the new template page;

Receive basic template information associated with the network configuration template to be created input by the first user on the new template page;

Determine a template frame corresponding to the template basic information, and display the template frame. The template frame includes configuration items related to the template basic information, and the configuration items are used to perform at least on the network equipment in the power site. The following configurations: business configuration and IP address configuration;

Obtain the template configuration information input by the first user for each configuration item, the template configuration information at least includes: business network segment information corresponding to the business configuration, and the IP address number of each business system corresponding to the IP address configuration;

Generate a network configuration template according to the template configuration information and the template framework.

According to a second aspect of the present application, a network configuration method is provided. The method is applied in a network configuration system. The method includes:

In response to the second user's triggering behavior, obtain a previously configured template list of the site where the second user is located, and display the template list;

Determine the target network configuration template selected by the second user from the template list;

Generate a network configuration page based on the target network configuration template, and display the network configuration page;

In response to the operation of the second user in the network configuration page, network configuration information is determined. The network configuration information at least includes a starting IP address, and the starting IP address is used to determine the IP address when generating a network configuration plan. Address set, each IP address in the IP address set is used to replace the corresponding IP address number;

Generate a network configuration plan according to the target network configuration template and the network configuration information.

According to a third aspect of the present application, a device for creating a network configuration template is provided. The device is used in a network configuration system. The device includes:

The new template page display module is used to display the new template page in response to the new template operation initiated by the first user;

A template basic information receiving module, configured to receive template basic information associated with the network configuration template to be created input by the first user in the new template page;

A template frame display module is used to determine the template frame corresponding to the template basic information and display the template frame. The template frame includes configuration items related to the template basic information, and the configuration items are used for power The network equipment in the site must be configured as follows at least: business configuration and IP address configuration;

A template configuration information acquisition module is used to acquire the template configuration information input by the first user for each configuration item. The template configuration information at least includes: business network segment information corresponding to the service configuration, and network segment information corresponding to the IP address configuration. The IP address number of each business system;

A network configuration template generating module is configured to generate a network configuration template according to the template configuration information and the template framework.

According to a fourth aspect of the present application, a network configuration device is provided. The device is used in a network configuration system. The device includes:

A template list acquisition module, configured to respond to the second user's triggering behavior, acquire a previously configured template list of the site where the second user is located, and display the template list;

A target network configuration template determination module, configured to determine the target network configuration template selected by the second user from the template list;

A network configuration page display module, configured to generate a network configuration page based on the target network configuration template and display the network configuration page;

A network configuration information determination module, configured to determine network configuration information in response to the second user's operation on the network configuration page, where the network configuration information at least includes a starting IP address, and the starting IP address is used for Determine a set of IP addresses when generating a network configuration plan, and each IP address in the set of IP addresses is used to replace the corresponding IP address number;

A network configuration plan generation module is configured to generate a network configuration plan according to the target network configuration template and the network configuration information.

According to a fifth aspect of the present application, an electronic device is provided, and the electronic device includes:

at least one processor; and

a memory communicatively connected to the at least one processor; wherein,

The memory stores a computer program that can be executed by the at least one processor, and the computer program is executed by the at least one processor, so that the at least one processor can execute the method described in any embodiment of the present application. Methods.

According to a sixth aspect of the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores computer instructions, and the computer instructions are used to implement any of the embodiments of the present application when executed by a processor. Methods.

In this embodiment, when the first user needs to create a network configuration template, the first user can first enter basic template information in the displayed new template page, and then the system determines the corresponding template frame based on the basic template information and displays the template. The template frame contains a variety of configuration items related to the basic information of the template. The configuration items are used to configure at least the business configuration and IP address of the network equipment in the power site, so that the first user can enter the corresponding configuration items according to the configuration items. Template configuration information includes business network segment information corresponding to the business configuration, IP address numbers of each business system corresponding to the IP address configuration, etc. The system can generate network configuration based on the template configuration information filled in by the first user and the above template framework. template. The entire process of generating network configuration templates is based on the specifications set by managers and combined with the logical relationship between the configuration information of each network device in the intranet environment to analyze the equipment configuration network configuration templates for substations with different voltage levels. On the one hand, through the configuration information The logical relationship determines the accuracy of the configuration, and on the other hand, the compliance of the configuration is determined based on management specifications.

In addition, through the pre-configured template list, users can select the required target network configuration template, and then determine the basic network configuration information through the network configuration page. Then the system will combine the network configuration information with the target network configuration template to generate a set of A standard-compliant network configuration solution for multiple intranet devices, which enables unified configuration of network configuration information for multiple intranet devices and improves the efficiency of batch configuration of network devices. At the same time, since the network configuration template already integrates data in advance based on the logical relationship between fields, it is equivalent to completing 60 to 70% of the work in advance to reduce manpower consumption and information deviation caused by manual intervention. At the same time, in order to cope with actual situations requirements, supporting restrictive deletions and modifications based on the compliance plan.

Description of the drawings

Figure 1 is a flow chart of a method for creating a template for network configuration provided in Embodiment 1 of the present application;

Figure 2 is a schematic diagram of a new template page provided in Embodiment 1 of the present application;

Figure 3 is a flow chart of a network configuration method provided in Embodiment 2 of the present application;

Figure 4 is a schematic diagram of a network configuration page provided in Embodiment 2 of the present application;

Figure 5 is a schematic structural diagram of a device for creating a network configuration template provided in Embodiment 3 of the present application;

Figure 6 is a schematic structural diagram of a network configuration device provided in Embodiment 4 of the present application;

FIG. 7 is a schematic structural diagram of an electronic device provided in Embodiment 5 of the present application.

Detailed ways

In order to enable those in the technical field to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. The described embodiments are only for the purpose of this application. Apply for some of the embodiments, not all of them.

It should be noted that the terms "first", "second", etc. in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.

Embodiment 1

Figure 1 is a flow chart of a method for creating a network configuration template provided in Embodiment 1 of the present application. It can be applied to a network configuration system, and this embodiment can be applied to a scenario of customizing a network configuration template. As shown in Figure 1, the method may include the following steps:

Step 110: In response to the new template operation initiated by the first user, display the new template page.

In one implementation, the network configuration system (hereinafter referred to as "system") has the function of adding a template, and this function can be reflected through the "new template" entrance. When the first user clicks on the "new template" entry, it means that the first user initiates a new template operation. When the system detects the new template operation, the new template page can be displayed to the first user.

The first user may be a user with template creation authority. During implementation, when a user logs in to the system, the system can first verify whether the user has the permission to create a new template. If the current user has the permission to create a new template, the "New Template" entry can be set to a clickable state. Otherwise, the "New Template" entry can be set to a non-clickable state, for example, the entry can be set to a grayscale state.

It should be noted that this embodiment does not limit the method for the system to verify whether the user has the permission to create a new template. For example, the matching verification can be performed through a whitelist mechanism, a conditional matching mechanism, etc.

Step 120: Receive basic template information associated with the network configuration template to be created input by the first user on the new template page.

Specifically, the new template page may include basic information filling items associated with the template configuration and used to fill in the basic information of the template. For example, as shown in Figure 2, the basic information items included in the new template page may include but are not limited to: new template name, voltage level, switch deployment method, etc. Among them, in the "New Template Name" filling item, the first user can fill in the desired template name according to the filling specifications. For example, the template name can include the site name of the power supply station, template creation time and other information; in the "Voltage Level" filling item A voltage level list can be provided for the first user to choose. When the first user clicks the drop-down button, a voltage level list will pop up. The voltage level list contains commonly used voltage levels in power supply stations. For example, it can include 35kV, 110kV, 220kV, 500Kv, etc.; "Switch A list of switch deployment methods can be provided in the field "Deployment Method" for the first user to choose. When the first user clicks the drop-down button, a list of switch deployment methods will pop up. The deployment methods in the switch deployment method list can be set by relevant personnel based on experience. For example, they can include Deployment methods such as "area I and area II share interconnection switches", "deploy real-time switches in area I and deploy non-real-time switches in area II". The first user can choose the appropriate voltage level and switch deployment method according to the actual situation of the site. Among them, Area I is also called the real-time area and is a controlled production area; Area II is called a non-real-time area and is a non-controlled production area.

After the first user fills in the new template name, voltage level, switch deployment method and other basic template information on the new template page, and triggers the "Create Template" function button, the basic template information can be submitted to the network configuration system.

Step 130: Determine the template frame corresponding to the template basic information, and display the template frame. The template frame includes configuration items related to the template basic information. The configuration items are used to configure the network in the power site. The device must be configured with at least the following: service configuration and IP address configuration.

In practice, the template frames presented to the first user may be different according to different basic template information. For example, the system can present different template frames to the first user according to different voltage levels or switch deployment modes. The system analyzes the basic template information input by the first user to generate a template frame that matches the voltage level and switch deployment mode selected by the first user, and displays the template frame to the first user. Among them, in the displayed template frame page, basic template information such as the template name, voltage level, and switch deployment method filled in by the first user can be displayed.

Among them, the template framework can include a variety of configuration items. The function of the configuration items is to configure at least the following for network equipment in the power site: business configuration, IP address configuration, interconnection interface planning, switch configuration, firewall configuration, encryption machine Configuration, etc., among which, IP address configuration can further include real-time IP address configuration and non-real-time IP address configuration. Real-time IP address configuration is used to configure IP addresses for real-time business network segments, and non-real-time IP address configuration is used for non-real-time services. Configure the IP address for the network segment.

In a further example, each configuration item may further include multiple configuration fields, and each configuration field has a related configuration list to choose from. In this way, the first user only needs to make a selection or fill in a small amount of content to complete the template creation.

Step 140: Obtain the template configuration information input by the first user for each configuration item. The template configuration information at least includes: business network segment information corresponding to the service configuration, and the IP of each business system corresponding to the IP address configuration. Address number.

When creating a network configuration template, for each configuration field in each configuration item, the first user can select an appropriate field value from the configuration list in the drop-down list or fill in an appropriate field value.

In one embodiment, step 140 may include the following steps:

In response to the first user's operation in the displayed service configuration page, the service network segment information of the service configuration page is determined, and the service network segment information includes the real-time service segment mask input by the first user and non- Real-time business segment mask.

Among them, the configuration item of business configuration is used to determine the set of intranet IP addresses. The configuration fields it contains include real-time business segment configuration and non-real-time business segment configuration. During configuration, the first user can select multiple masks given by the field drop-down list. In the code address, select the real-time business segment mask corresponding to the real-time business segment, and the non-real-time business segment mask corresponding to the non-real-time business segment.

In an embodiment, step 140 may also include the following steps:

In response to the first user's operation on the displayed real-time IP address configuration page, determine the real-time IP address number set corresponding to the real-time service segment mask, and determine the first user's selected from the preset service list. A real-time business system, and allocates real-time IP address numbers to each real-time business system according to the real-time IP address number set.

In response to the first user's operation on the displayed non-real-time IP address configuration page, determine the non-real-time IP address number set corresponding to the non-real-time service segment mask, and determine that the first user selects the non-real-time IP address from the default service list non-real-time business systems selected from among the non-real-time business systems, and allocate non-real-time IP address numbers to each non-real-time business system according to the non-real-time IP address number set.

Specifically, the configuration methods of the two configuration items, real-time IP address configuration and non-real-time IP address configuration, are similar. The difference is that the former allocates addresses to the real-time business segment, while the latter allocates addresses to the non-real-time business segment. The purpose IP address numbers are assigned to the business systems associated with each network device. Both configuration methods include VLAN division and IP allocation. In the project of real-time service distribution address configuration or non-real-time service distribution address configuration, the first user can add VLAN information or IP information by clicking the "Add" button on the project page. In the VLAN division function, the configuration fields included may include, for example, VLAN ID (VLAN identification), starting address, mask, ending address, gateway, remarks, etc. Among them, the VLAN ID is determined according to the substation specifications, such as 199, 100, etc. The mask entered in the mask field is the real-time service segment mask or non-real-time service segment mask configured in the service segment address configuration (that is, service configuration). According to the mask in the mask field, the system can calculate the IP address number set, that is, which IP address numbers are in the IP address number set. For example, if the mask is "255.255.255.240/28", it can be calculated that there are 32 IP address numbers. In this embodiment, the IP address in the template is replaced by an IP address number instead of a specific IP address. Assume that the 32 IP address numbers calculated above are divided into two VLANs, and each VLAN has 16 IP address numbers. In this way, the starting and ending address numbers of the first VLAN can be expressed as IP-1 and the ending address number is expressed as IP -16, the start and end address numbers of the second VLAN can be expressed as IP-17 and the end address number as IP-32. In other embodiments, according to whether the service segment corresponding to the current mask is a real-time service segment or a non-real-time service segment, the service segment information can be indicated in the start address number and the end address number, for example, the real-time service segment IP-1, Real-time business segment IP-16, etc. The gateway may be one of the IP address numbers selected by the first user from the IP address numbers corresponding to the current VLAN ID.

In the IP allocation function, IP is allocated to the business system based on the set of IP address numbers contained in each VLAN ID in the above VLAN division. The configuration fields included in this function can include, for example, VLAN ID, business system/interconnection equipment, communication Host & port, device type, IP address, subnet mask, gateway, remarks, etc. Among them, the options in the VLAN ID field are derived from the VLAN ID in the VLAN division; the options in the business system/interconnected device field are derived from the business list and the interconnected device list. The first user can select the business system from the business list, or select the interconnected device from the service list. Select the network device from the list; the options in the IP address field are derived from the IP address number corresponding to the current VLAN ID in the VLAN division; the options in the subnet mask field are derived from the mask value in the VLAN division; the options in the gateway field are also sourced The gateway value in VLAN division; the device type is determined according to the value of the business system/interconnected device field; the field value of communication host & port can be the value filled in by the first user.

The business list may include business system names commonly used in the power industry and business types corresponding to each business system name. For example, business system names may include fault oscilloscopes, communication power supply systems, traveling wave ranging systems, dispatching and command devices, power collection systems, online monitoring systems, remote operation and maintenance systems, substation IoT systems, sensing systems, alarm systems, etc. Business system names commonly used in the industry; business types can include real-time business types, non-real-time business types, etc.

The interconnected device list includes interconnected device information commonly used in the power industry. The interconnected device information may include device names, device types, etc., for example. Device types may be, for example, firewalls, routers, encryption machines, switches, etc. In an embodiment, step 140 may also include the following steps:

In response to the first user's operation on the displayed interconnection interface planning page, determine the switch network port numbers to which the two interconnected network devices are respectively connected.

Specifically, this embodiment is used for interconnection interface planning and configuration. This configuration item is used for interconnection interface planning and switch interface planning. In the interconnection interface planning, the first user can use the "Add" button on the corresponding page to create a new switch network port number connected to the two interconnected network devices that needs to be configured, which can include but is not limited to the following fields: local device name, Local interface (i.e. local network port number), peer device name, peer interface (i.e. peer network port number), interconnecting VLAN, remarks, etc. Among them, the options of the local device name and the peer device name are derived from the options of the business system/interconnected device field in the real-time IP address configuration and non-real-time IP address configuration. The first user can select from the options; the option of the interconnected VLAN It is also derived from the VLAN ID in real-time IP address configuration and non-real-time IP address configuration; the local interface and the peer interface can be filled in after the first user selects the local device or the peer device. The switch network port number corresponding to the peer device.

In the switch interface planning, the first user can use the "New" button on the corresponding page to create a new interface for the interconnection switch that needs to be configured, which can include but is not limited to the following fields: interconnection VLAN, current switch interface, peer device name, Description etc. Among them, the option of interconnecting VLAN is also derived from the VLAN ID in the real-time IP address configuration and non-real-time IP address configuration; the interface of the current switch can be the network port number of the current switch filled in by the user; the option of the peer device name is derived from the real-time Options for the business system/interconnected device fields in IP address configuration and non-real-time IP address configuration.

In one embodiment, in the above IP address configuration, the corresponding device type for each real-time business system or non-real-time business system can also be determined from the preset device list. The device type includes a switch, a firewall, and an encryption machine. Then determine the switch list, firewall list, and encryption machine list based on the device type. Then step 140 may further include the following steps:

Generate a corresponding switch configuration page for each switch in the switch list, and perform routing configuration on the current switch in response to the first user's operation on the displayed switch configuration page. The routing configuration includes a preset address list. , determine the routing address name and routing address network segment of the current switch, and determine the device name and IP address number of its next-hop device.

Specifically, the switch configuration configuration item is used to configure static routing for interconnected switches. The system will automatically identify the two configuration items, real-time IP address configuration and non-real-time IP address configuration, where the device type is a switch, and generate a corresponding switch configuration page for each switch. The first user can click the "Add" button on the switch configuration page to add a new routing configuration. The associated configuration fields can include but are not limited to: target address name, target address network segment, next hop device name, and next hop address. , remarks, etc. Specifically, the target address name (also known as the routing address name) is usually a commonly used address in the management master station, so it has been defined in the address list. Then the first user can select within the address list range. The destination address network segment can be obtained in the same way. After the routing address name is determined, the address network segment corresponding to the address name can be obtained from the address list as the routing address network segment (ie, the destination address network segment). For the backhaul route, the first user can set the target address as the business backhaul route. At this time, the business backhaul route refers to the network segment range divided by the system based on the business segment address configuration item. The next-hop device name refers to the device name of the next-hop device of the route. The first user can select from the devices allocated in the two items of real-time IP address configuration and non-real-time IP address configuration to determine the next-hop device. Afterwards, the system will automatically backfill the next hop address based on the IP address numbers assigned to each device in the two projects of real-time IP address configuration and non-real-time IP address configuration.

The address list may include IP address information commonly used in the power industry, and the IP address information may include IP address names and address network segments corresponding to each IP address name. Among them, the IP address name can be the address name of the power equipment of the master station, such as the non-real-time encryption device of the xxx master station, the non-real-time traveling wave ranging master station, the online monitoring route of the xxx master station, the non-real-time situational awareness master station of the xxx master station, etc.; The address network segment may include the A-plane address network segment and the B-plane address network segment.

In one embodiment, step 140 may further include the following steps:

A corresponding firewall configuration page is generated for each firewall in the firewall list, and in response to the first user's operation in the displayed firewall configuration page, routing configuration, network address translation NAT configuration and policy configuration are performed on the current firewall, so The routing configuration includes determining the routing address name and routing address network segment of the current firewall according to the preset routing list, and determining the device name and IP address number of its next-hop device; the NAT configuration includes determining the business system corresponding to the current firewall The real-time IP address number and the non-real-time IP address number; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP address number of the business system corresponding to the current firewall, where the port alias is derived from the preset port Select from the list.

Specifically, the firewall configuration project is used to configure static routing, NAT (Network Address Translation, Network Address Translation) configuration and policy configuration for the interconnection firewall. The system will automatically identify the two items, real-time IP address configuration and non-real-time IP address configuration, where the device type is firewall, and generate corresponding firewall configuration pages for each firewall. The first user can perform static routing configuration, NAT configuration, and policy configuration on the firewall configuration page. Similar to the static routing configuration of the switch mentioned above, the configuration fields for static routing configuration of the firewall also include at least: target address name, target address network segment, next-hop device name, next-hop address, remarks, etc. The configuration of each field For the method, please refer to the configuration method of the switch.

The associated configuration fields of the NAT configuration may include but are not limited to: the real-time IP address number and non-real-time IP address, remarks, etc. of the business system to which the current firewall belongs. Since the IP address configuration item divides the business segment addresses, the first user needs to manually select the IP address number of the same service in different business segments (real-time business segment and non-real-time business segment).

The associated configuration fields of the policy configuration may include but are not limited to: system name, source address, protocol, port, destination address, etc. Since most of the services in the substation scenario are similar, a large number of common services have been predefined in the business list. The first user can manually select the business system name corresponding to each policy based on the business list. For the source IP address of the policy Number and destination IP address number. Since the source address and destination address of the firewall policy are often more commonly used addresses in the management master station, they have been defined in the address list. At this time, you can directly select them within the address list range.

The port list includes port information commonly used in the power industry. The port information may include, for example, port aliases, port numbers, port protocols (such as tcp, udp, any, etc.), associated services, etc. Among them, the associated service refers to the service system name associated with the current port alias.

In one embodiment, step 140 may further include the following steps:

Generate a corresponding encryption machine configuration page for each encryption machine in the encryption machine list, and perform routing configuration, tunnel configuration and policy configuration on the current encryption machine in response to the first user's operation on the displayed encryption machine configuration page. , the routing configuration includes determining the routing address name and routing address network segment of the current encryption machine according to the preset routing list, and determining the device name and IP address number of its next-hop device; the tunnel configuration includes determining the current encryption machine The tunnel local IP address number, tunnel peer IP address number, tunnel period and tunnel capacity of each tunnel; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP of the business system corresponding to the current encryption machine Address number, wherein the port alias is selected from a preset port list.

Specifically, the encryption machine configuration project is used to perform static routing configuration, tunnel configuration, and policy configuration for the interconnection encryption machine configuration. The system will automatically identify the two items, real-time IP address configuration and non-real-time IP address configuration, where the device type is an encryption machine, and generate the corresponding encryption machine configuration page for each encryption machine. The first user can perform static routing configuration, tunnel configuration, and policy configuration on the encryption machine configuration page. Similar to the static routing configuration of the switch mentioned above, the configuration fields for static routing configuration of the encryption machine also include at least: target address name, target address network segment, next-hop device name, next-hop address, remarks, etc. The fields of each field For the configuration method, please refer to the switch configuration method.

The associated configuration fields of the tunnel configuration may include but are not limited to: tunnel number, tunnel mode, tunnel local address, tunnel peer address, tunnel period, tunnel capacity, etc. Among them, the tunnel period and tunnel capacity are usually default and do not need to be filled in. They can be modified. The tunnel number is filled in manually by the first user. According to the needs of actual scenarios, there are two built-in tunnel modes: encryption and plaintext. In terms of the local address and the opposite end address of the tunnel, since in the actual scenario the local end address and the opposite end address of the tunnel may be the device IP address assigned by the business, or they may be some general master station addresses, the template is provided here. There are two input sources, one is the IP address number of each device defined in the service allocation address configuration project, and the other is the fixed IP address or address network segment in the address list. First, the user needs to manually select the local IP address corresponding to each tunnel. end address and peer address.

The associated configuration fields of the policy configuration may include but are not limited to: system name, source address, protocol, port, destination address, etc. For how to configure the policy for the encryption machine, please refer to the above-mentioned policy configuration for the firewall, which will not be described again here.

Since most of the services in the substation scenario are similar, a large number of common services have been predefined in the business list. The first user can manually select the business system name corresponding to each policy based on the business list. For the source address and source address of the policy, The destination address, because the source address and destination address of the encryption machine policy are often more commonly used addresses in the management master station, they have been defined in the address list. At this time, you can directly select it within the address list range.

Step 150: Generate a network configuration template according to the template configuration information and the template framework.

During implementation, when the first user completes configuration of each configuration item, the generation of the network configuration template may be triggered. Specifically, in one embodiment, a preview function can also be set in the template frame page. When the first user triggers the preview function, the system can centrally display the template configuration information filled in by the first user for each configuration item, so as to For the first user to check, the first user can modify the template configuration information during the checking process. After the check is correct, the first user clicks the "Save" button to save the template frame filled with template configuration information as a network configuration template. In addition, the first user can also modify the template name of the network configuration template.

After generating a network configuration template through the above method, you can know which host IPs are in a network configuration template, which routes are in the switch, which policies are in the firewall and encryption machine, which services the NAT configuration belongs to, etc. In this way, since most of the data has been configured in the template, only a small amount of processing is required when using the template to generate a plan to quickly generate the plan.

In this embodiment, when the first user needs to create a network configuration template, the first user can first enter basic template information in the displayed new template page, and then the system determines the corresponding template frame based on the basic template information and displays the template. The template frame contains a variety of configuration items related to the basic information of the template. The configuration items are used to configure at least the business configuration and IP address of the network equipment in the power site, so that the first user can enter the corresponding configuration items according to the configuration items. Template configuration information includes business network segment information corresponding to the business configuration, IP address numbers of each business system corresponding to the IP address configuration, etc. The system can generate network configuration based on the template configuration information filled in by the first user and the above template framework. template. The entire process of generating network configuration templates is based on the specifications set by managers and combined with the logical relationship between the configuration information of each network device in the intranet environment to analyze the equipment configuration network configuration templates for substations with different voltage levels. On the one hand, through the configuration information The logical relationship determines the accuracy of the configuration, and on the other hand, the compliance of the configuration is determined based on management specifications.

Embodiment 2

Figure 3 is a flow chart of a network configuration method provided in Embodiment 2 of the present application. It can be used in network configuration systems and in scenarios where configuration plans are uniformly generated for multiple network devices on a site. As shown in Figure 3, the method may include the following steps:

Step 210: In response to the second user's triggering behavior, obtain a previously configured template list of the site where the second user is located, and display the template list.

The second user in this embodiment and the first user in Embodiment 1 may be the same user, or they may be different users, which is not limited in this embodiment.

In one implementation, the second user can view a template list previously created by the site where the second user is located in the network configuration system (hereinafter referred to as the "system"), and the template list contains one or more network configuration templates. For example, there may be a "template list" entry in the network configuration system. When the second user clicks on the "template list" entry, the site where the second user is located can first be determined, and then the pre-configured site for the site can be obtained from the template library. A list of templates and displaying the list of templates to the second user.

When displaying the template list, the key information of each network configuration template can be displayed. The key information can include, for example, the template name, voltage level, switch deployment method, associated services (such as trust system, sensing system, telecontrol system, online monitoring system, etc.) etc. Of course, this embodiment is not limited to the above-mentioned key information, and those skilled in the art can set other key information according to actual needs.

In practice, in order to facilitate the second user to quickly find the desired network configuration template, a search bar can also be set on the template list display page. The second user can search for the template name, voltage level, switch deployment method, Related business and other keywords.

Step 220: Determine the target network configuration template selected by the second user from the template list.

During implementation, the template list display page may also provide selection buttons for each network configuration template. When it is detected that the second user triggers the selection button of a certain network configuration template, it means that the second user selects the network configuration. Template, the selected network configuration template may be called a target network configuration template.

Step 230: Generate a network configuration page based on the target network configuration template, and display the network configuration page.

During implementation, after the second user selects the target network configuration template, the system may generate a network configuration page based on the template name of the target network configuration template. The network configuration page is then displayed to the second user.

Step 240: Determine network configuration information in response to the second user's operation on the network configuration page.

Wherein, the network configuration information at least includes a starting IP address, the starting IP address is used to determine a set of IP addresses when generating a network configuration plan, and each IP address in the set of IP addresses is used to replace the corresponding IP address. serial number.

In one embodiment, the starting IP address includes a real-time starting IP address and a non-real-time starting IP address. Step 230 may further include the following steps:

According to the real-time starting IP address, determine the real-time IP address set corresponding to the real-time IP address number set;

According to the non-real-time starting IP address, determine the non-real-time IP address set corresponding to the non-real-time IP address number set; determine the business system involved in the target network configuration template, form a business list, and display the business list ; Detect the target business system selected by the second user from the business list; receive the compilation date input by the second user.

For example, an exemplary network configuration page is shown in Figure 4. The network configuration page includes three configuration processes: "fill in the starting IP", "confirm the business involved", and "confirm the compilation date". In the configuration page of "Fill in the starting IP", the second user can enter the starting IP address of the real-time service segment (i.e., the real-time starting IP address) and the starting IP address of the non-real-time service segment (i.e., the non-real-time starting IP address). Address), click "Next" to enter the "Confirm Business Involved" configuration process. Among them, the starting IP address filled in on the "Fill in starting IP" configuration page is a specific IP address rather than an IP address number.

In addition, the second user can also fill in the template type in the "fill in the starting IP" configuration page. The template type is the plane type corresponding to the template. The plane type can include single plane and dual plane. The difference between the two is that a single plane will generate a set of IP allocation plans, while a dual plane will generate two sets of IP allocation plans. The logical relationship of the new IP allocation plans in the dual plane is the same as that of the single plane IP allocation plan, but the starting IP The address is different.

On the "Confirm Business Involved" configuration page, the business systems involved in the target network configuration template of the template are displayed to the second user, from which the second user can select a business with network access conditions as the target business system. Click "Next" to enter the "Confirm compilation date" configuration process. The second user fills in the compilation date in the "Confirm compilation date" configuration page and clicks the "OK" button to complete the input of network configuration information.

During implementation, the system will use the real-time starting IP address of the real-time service segment input by the second user as the first IP address of the real-time service segment, and the non-real-time starting IP address of the non-real-time service segment input by the second user as the first IP address of the real-time service segment. The first IP address of the non-real-time business segment. Then according to the rules of IP addresses (according to the observation of actual solutions, it can be obtained that the IP addresses of field devices often have logical relationships, such as extending backward based on the starting IP), and the real-time IP configured in the current target network configuration template The number of IP addresses in the address number set is used to calculate the real-time IP address set of the real-time business segment. And, calculate the non-real-time IP address set of the non-real-time business segment based on the pattern of IP addresses and the number of IP addresses in the non-real-time IP address number set configured in the current target network configuration template.

Step 250: Generate a network configuration plan according to the target network configuration template and the network configuration information.

After the second user inputs the network configuration information, the system can generate a network configuration plan based on the network configuration information and the selected target network configuration template.

In one embodiment, step 250 may further include the following steps:

Modify the target network configuration template as follows according to the network configuration information, and use the modified target network configuration template as the network configuration plan:

1) Replace each real-time IP address number in the target network configuration template with a corresponding real-time IP address; replace each non-real-time IP address number in the target network configuration template with a corresponding non-real-time IP address.

Since the IP addresses in the target network configuration template are IP address numbers, after determining all the specific IP addresses in the intranet IP set, the system can assign the intranet IP addresses in the template according to the logical mapping relationship in the target network configuration template. The numbers are replaced one by one with actual specific IP addresses.

It should be noted that if the target network configuration template also includes a port alias, you can also replace the port alias with the actual port number. If the target network configuration template also includes an IP address alias, you can also replace the IP address alias with the actual IP address.

2) Delete configuration information related to other business systems other than the target business system from the target network configuration template.

In terms of business, when the user selects the target business system, the system can compare the existing business systems involved in the target network configuration template with the target business system, and then eliminate the configuration information corresponding to the unselected business systems.

3) Update the cover date in the target network configuration template to the compilation date.

The target network configuration template also includes a cover date, and when it is used to generate the network configuration plan, the cover date is modified to the compilation date input by the second user.

The generated network configuration plan can be displayed to the second user, and the second user can export the network configuration plan through the export function on the page. This network configuration solution can be provided to relevant personnel for network configuration reference, and can also be provided to auditors for auditing. This embodiment does not limit this.

In this embodiment, through the pre-configured template list, the user can select the required target network configuration template, and then determine the basic network configuration information through the network configuration page. Then the system will compare the network configuration information with the target network configuration template. Combined with the generation of a standard-compliant network configuration solution for multiple intranet devices, the network configuration information of multiple intranet devices can be configured in a unified manner, which improves the efficiency of batch configuration of network devices. At the same time, since the network configuration template already integrates data in advance based on the logical relationship between fields, it is equivalent to completing 60 to 70% of the work in advance to reduce manpower consumption and information deviation caused by manual intervention. At the same time, in order to cope with actual situations requirements, supporting restrictive deletions and modifications based on the compliance plan.

Embodiment 3

Figure 5 is a schematic structural diagram of a device for creating a network configuration template provided in Embodiment 3 of the present application. The device can be applied in a network configuration system and can include the following modules:

The new template page display module 310 is configured to display the new template page in response to the new template operation initiated by the first user;

The template basic information receiving module 320 is configured to receive the basic template information entered by the first user in the new template page and associated with the network configuration template to be created;

The template frame display module 330 is used to determine the template frame corresponding to the basic template information and display the template frame. The template frame includes configuration items related to the basic template information. The configuration items are used to The network equipment in the power site must be configured as follows at least: business configuration and IP address configuration;

The template configuration information obtaining module 340 is used to obtain the template configuration information input by the first user for each configuration item. The template configuration information at least includes: business network segment information corresponding to the service configuration, and corresponding IP address configuration. The IP address number of each business system;

The network configuration template generating module 350 is configured to generate a network configuration template according to the template configuration information and the template framework.

In one embodiment, the IP address configuration includes real-time IP address configuration and non-real-time IP address configuration; the template configuration information acquisition module 340 is specifically used to:

In response to the first user's operation in the displayed service configuration page, the service network segment information of the service configuration page is determined, and the service network segment information includes the real-time service segment mask input by the first user and non- Real-time business segment mask;

In response to the first user's operation on the displayed real-time IP address configuration page, determine the real-time IP address number set corresponding to the real-time service segment mask, and determine the first user's selected from the preset service list. A real-time business system, and allocates real-time IP address numbers to each real-time business system according to the real-time IP address number set;

In response to the first user's operation on the displayed non-real-time IP address configuration page, determine the non-real-time IP address number set corresponding to the non-real-time service segment mask, and determine that the first user selects the non-real-time IP address from the default service list non-real-time business systems selected from among the non-real-time business systems, and allocate non-real-time IP address numbers to each non-real-time business system according to the non-real-time IP address number set.

In one embodiment, the configuration items are also used to configure the network device as follows: switch configuration, firewall configuration, and encryption machine configuration;

The template configuration information acquisition module 340 is also used to::

In the IP address configuration, the corresponding device type is determined from the preset device list for each real-time business system or non-real-time business system. The device types include switches, firewalls and encryption machines;

Determine the switch list, firewall list and encryption machine list according to the device type;

Generate a corresponding switch configuration page for each switch in the switch list, and perform routing configuration on the current switch in response to the first user's operation on the displayed switch configuration page. The routing configuration includes a preset address list. , determine the routing address name and routing address network segment of the current switch, and determine the device name and IP address number of its next-hop device;

A corresponding firewall configuration page is generated for each firewall in the firewall list, and in response to the first user's operation in the displayed firewall configuration page, routing configuration, network address translation NAT configuration and policy configuration are performed on the current firewall, so The routing configuration includes determining the routing address name and routing address network segment of the current firewall according to the preset routing list, and determining the device name and IP address number of its next-hop device; the NAT configuration includes determining the business system corresponding to the current firewall The real-time IP address number and the non-real-time IP address number; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP address number of the business system corresponding to the current firewall, where the port alias is derived from the preset port Select from list;

Generate a corresponding encryption machine configuration page for each encryption machine in the encryption machine list, and perform routing configuration, tunnel configuration and policy configuration on the current encryption machine in response to the first user's operation on the displayed encryption machine configuration page. , the routing configuration includes determining the routing address name and routing address network segment of the current encryption machine according to the preset routing list, and determining the device name and IP address number of its next-hop device; the tunnel configuration includes determining the current encryption machine The tunnel local IP address number, tunnel peer IP address number, tunnel period and tunnel capacity of each tunnel; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP of the business system corresponding to the current encryption machine Address number, wherein the port alias is selected from a preset port list.

A device for creating a network configuration template provided by an embodiment of the present application can execute a method of creating a network configuration template provided by any embodiment of the present application, and has functional modules and beneficial effects corresponding to the execution method.

Embodiment 4

Figure 6 is a schematic structural diagram of a network configuration device provided in Embodiment 4 of the present application. The device can be applied in a network configuration system and can include the following modules:

The template list acquisition module 410 is configured to, in response to the second user's triggering behavior, acquire a previously configured template list of the site where the second user is located, and display the template list;

The target network configuration template determination module 420 is used to determine the target network configuration template selected by the second user from the template list;

The network configuration page display module 430 is used to generate a network configuration page based on the target network configuration template and display the network configuration page;

The network configuration information determining module 440 is configured to determine network configuration information in response to the second user's operation on the network configuration page. The network configuration information at least includes a starting IP address, and the starting IP address is Determining a set of IP addresses when generating a network configuration plan, and each IP address in the set of IP addresses is used to replace the corresponding IP address number;

The network configuration plan generation module 450 is configured to generate a network configuration plan according to the target network configuration template and the network configuration information.

In one embodiment, the starting IP address includes a real-time starting IP address and a non-real-time starting IP address; the target network configuration template includes a real-time IP address number set and a non-real-time IP address number set;

The network configuration information determination module 440 is specifically used to:

According to the real-time starting IP address, determine the real-time IP address set corresponding to the real-time IP address number set;

Determine a non-real-time IP address set corresponding to the non-real-time IP address number set according to the non-real-time starting IP address;

Determine the business systems involved in the target network configuration template, form a business list, and display the business list;

Detecting the target service system selected by the second user from the service list;

A compilation date input by the second user is received.

In one embodiment, the network configuration scheme generation module 450 is specifically used to:

Modify the target network configuration template as follows according to the network configuration information, and use the modified target network configuration template as the network configuration plan:

Replace each real-time IP address number in the target network configuration template with the corresponding real-time IP address;

Replace each non-real-time IP address number in the target network configuration template with the corresponding non-real-time IP address;

Delete configuration information related to other business systems other than the target business system from the target network configuration template;

The cover date in the target network configuration template is updated to be the compilation date.

A network configuration device provided by an embodiment of the present application can execute a network configuration method provided by any embodiment of the present application, and has functional modules and beneficial effects corresponding to the execution method.

Embodiment 5

FIG. 7 shows a schematic structural diagram of an electronic device 10 that can be used to implement method embodiments of the present application. Electronic devices are intended to refer to various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (eg, helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions are examples only and are not intended to limit the implementation of the present application as described and/or claimed herein.

As shown in Figure 7, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a read-only memory (ROM) 12, a random access memory (RAM) 13, etc., wherein the memory stores There is a computer program that can be executed by at least one processor. The processor 11 can perform the operation according to the computer program stored in the read-only memory (ROM) 12 or loaded from the storage unit 18 into the random access memory (RAM) 13. Perform various appropriate actions and processing. In the RAM 13, various programs and data required for the operation of the electronic device 10 can also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via the bus 14. An input/output (I/O) interface 15 is also connected to bus 14 .

Multiple components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16, such as a keyboard, a mouse, etc.; an output unit 17, such as various types of displays, speakers, etc.; a storage unit 18, such as a magnetic disk, an optical disk, etc. etc.; and communication unit 19, such as network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices through computer networks such as the Internet and/or various telecommunications networks.

Processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the processor 11 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various dedicated artificial intelligence (AI) computing chips, various processors running machine learning model algorithms, digital signal processing processor (DSP), and any appropriate processor, controller, microcontroller, etc. The processor 11 executes each method and process described above, such as the method described in Embodiment 1 or Embodiment 2.

In some embodiments, the method described in Embodiment 1 or Embodiment 2 can be implemented as a computer program, which is tangibly included in a computer-readable storage medium, such as the storage unit 18 . In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into the RAM 13 and executed by the processor 11, one or more steps of the method described in Embodiment 1 or Embodiment 2 described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the method described in Embodiment 1 or Embodiment 2 in any other appropriate manner (for example, by means of firmware).

Various implementations of the systems and techniques described above may be implemented in digital electronic circuit systems, integrated circuit systems, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on a chip implemented in a system (SOC), load programmable logic device (CPLD), computer hardware, firmware, software, and/or a combination thereof. These various embodiments may include implementation in one or more computer programs executable and/or interpreted on a programmable system including at least one programmable processor, the programmable processor The processor, which may be a special purpose or general purpose programmable processor, may receive data and instructions from a storage system, at least one input device, and at least one output device, and transmit data and instructions to the storage system, the at least one input device, and the at least one output device. An output device.

Computer programs for implementing the methods of the present application may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that the computer program, when executed by the processor, causes the functions/operations specified in the flowcharts and/or block diagrams to be implemented. A computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this application, a computer-readable storage medium may be a tangible medium that may contain or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. Computer-readable storage media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any suitable combination of the foregoing. Alternatively, the computer-readable storage medium may be a machine-readable signal medium. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, laptop disks, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.

To provide interaction with a user, the systems and techniques described herein may be implemented on an electronic device having a display device (eg, a CRT (cathode ray tube) or LCD (liquid crystal display)) for displaying information to the user monitor); and a keyboard and pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide interaction with the user; for example, the feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and may be provided in any form, including Acoustic input, voice input or tactile input) to receive input from the user.

The systems and techniques described herein may be implemented in a computing system that includes back-end components (e.g., as a data server), or a computing system that includes middleware components (e.g., an application server), or a computing system that includes front-end components (e.g., A user's computer having a graphical user interface or web browser through which the user can interact with implementations of the systems and technologies described herein), or including such backend components, middleware components, or any combination of front-end components in a computing system. The components of the system may be interconnected by any form or medium of digital data communication (eg, a communications network). Examples of communication networks include: local area network (LAN), wide area network (WAN), blockchain network, and the Internet.

Computing systems may include clients and servers. Clients and servers are generally remote from each other and typically interact over a communications network. The relationship of client and server is created by computer programs running on corresponding computers and having a client-server relationship with each other. The server can be a cloud server, also known as cloud computing server or cloud host. It is a host product in the cloud computing service system to solve the problems of difficult management and weak business scalability in traditional physical hosts and VPS services. defect.

It should be understood that various forms of the process shown above may be used, with steps reordered, added or deleted. For example, each step described in this application can be executed in parallel, sequentially, or in a different order. As long as the desired results of the technical solution of this application can be achieved, there is no limitation here.

Claims (10)

1. A method of creating a network configuration template, applied in a network configuration system, the method includes:

   In response to the new template operation initiated by the first user, display the new template page;

   Receive basic template information associated with the network configuration template to be created input by the first user on the new template page;

   Determine a template frame corresponding to the template basic information, and display the template frame. The template frame includes configuration items related to the template basic information, and the configuration items are used to perform at least on the network equipment in the power site. The following configurations: business configuration and IP address configuration;

   Obtain the template configuration information input by the first user for each configuration item, the template configuration information at least includes: business network segment information corresponding to the service configuration, and the IP address number of each business system corresponding to the IP address configuration;

   Generate a network configuration template according to the template configuration information and the template framework.
2. The method according to claim 1, wherein the IP address configuration includes real-time IP address configuration and non-real-time IP address configuration; and obtaining the template configuration information input by the first user for each configuration includes:

   In response to the first user's operation in the displayed service configuration page, the service network segment information of the service configuration page is determined, and the service network segment information includes the real-time service segment mask input by the first user and non- Real-time business segment mask;

   In response to the first user's operation on the displayed real-time IP address configuration page, determine the real-time IP address number set corresponding to the real-time service segment mask, and determine the first user's selected from the preset service list. A real-time business system, and allocates real-time IP address numbers to each real-time business system according to the real-time IP address number set;

   In response to the first user's operation on the displayed non-real-time IP address configuration page, determine the non-real-time IP address number set corresponding to the non-real-time service segment mask, and determine that the first user selects the non-real-time IP address from the default service list non-real-time business systems selected from among the non-real-time business systems, and allocate non-real-time IP address numbers to each non-real-time business system according to the non-real-time IP address number set.
3. The method according to claim 2, wherein the configuration item is also used to configure the network device as follows: switch configuration, firewall configuration, and encryption machine configuration;

   The obtaining the template configuration information input by the first user for each configuration also includes:

   In the IP address configuration, the corresponding device type is determined from the preset device list for each real-time business system or non-real-time business system. The device types include switches, firewalls and encryption machines;

   Determine the switch list, firewall list and encryption machine list according to the device type;

   Generate a corresponding switch configuration page for each switch in the switch list, and perform routing configuration on the current switch in response to the first user's operation on the displayed switch configuration page. The routing configuration includes a preset address list. , determine the routing address name and routing address network segment of the current switch, and determine the device name and IP address number of its next-hop device;

   A corresponding firewall configuration page is generated for each firewall in the firewall list, and in response to the first user's operation in the displayed firewall configuration page, routing configuration, network address translation NAT configuration and policy configuration are performed on the current firewall, so The routing configuration includes determining the routing address name and routing address network segment of the current firewall according to the preset routing list, and determining the device name and IP address number of its next-hop device; the NAT configuration includes determining the business system corresponding to the current firewall The real-time IP address number and the non-real-time IP address number; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP address number of the business system corresponding to the current firewall, where the port alias is derived from the preset port Select from list;

   Generate a corresponding encryption machine configuration page for each encryption machine in the encryption machine list, and perform routing configuration, tunnel configuration and policy configuration on the current encryption machine in response to the first user's operation on the displayed encryption machine configuration page. , the routing configuration includes determining the routing address name and routing address network segment of the current encryption machine according to the preset routing list, and determining the device name and IP address number of its next-hop device; the tunnel configuration includes determining the current encryption machine The tunnel local IP address number, tunnel peer IP address number, tunnel period and tunnel capacity of each tunnel; the policy configuration includes determining the source IP address number, protocol, port alias and destination IP of the business system corresponding to the current encryption machine Address number, wherein the port alias is selected from a preset port list.
4. A method of network configuration, applied in a network configuration system, the method includes:

   In response to the second user's triggering behavior, obtain a previously configured template list of the site where the second user is located, and display the template list;

   Determine the target network configuration template selected by the second user from the template list;

   Generate a network configuration page based on the target network configuration template, and display the network configuration page;

   In response to the operation of the second user in the network configuration page, network configuration information is determined. The network configuration information at least includes a starting IP address, and the starting IP address is used to determine the IP address when generating a network configuration plan. Address set, each IP address in the IP address set is used to replace the corresponding IP address number;

   Generate a network configuration plan according to the target network configuration template and the network configuration information.
5. The method according to claim 4, wherein the starting IP address includes a real-time starting IP address and a non-real-time starting IP address; the target network configuration template includes a real-time IP address number set and a non-real-time IP address number set. ;

   Determining network configuration information in response to the second user's operation on the network configuration page includes:

   According to the real-time starting IP address, determine the real-time IP address set corresponding to the real-time IP address number set;

   Determine a non-real-time IP address set corresponding to the non-real-time IP address number set according to the non-real-time starting IP address;

   Determine the business systems involved in the target network configuration template, form a business list, and display the business list;

   Detecting the target service system selected by the second user from the service list;

   A compilation date input by the second user is received.
6. The method according to claim 5, wherein generating a network configuration scheme according to the target network configuration template and the network configuration information includes:

   Modify the target network configuration template as follows according to the network configuration information, and use the modified target network configuration template as the network configuration plan:

   Replace each real-time IP address number in the target network configuration template with the corresponding real-time IP address;

   Replace each non-real-time IP address number in the target network configuration template with the corresponding non-real-time IP address;

   Delete configuration information related to other business systems other than the target business system from the target network configuration template;

   The cover date in the target network configuration template is updated to be the compilation date.
7. A device for creating a network configuration template, used in a network configuration system, the device includes:

   The new template page display module is used to display the new template page in response to the new template operation initiated by the first user;

   A template basic information receiving module, configured to receive template basic information associated with the network configuration template to be created input by the first user in the new template page;

   A template frame display module, configured to determine a template frame corresponding to the template basic information and display the template frame, where the template frame includes configuration items related to the template basic information, and the configuration items are used for power The network equipment in the site must be configured as follows at least: business configuration and IP address configuration;

   A template configuration information acquisition module is used to acquire the template configuration information input by the first user for each configuration item. The template configuration information at least includes: business network segment information corresponding to the service configuration, and network segment information corresponding to the IP address configuration. The IP address number of each business system;

   A network configuration template generating module is configured to generate a network configuration template according to the template configuration information and the template framework.
8. A network configuration device, used in a network configuration system, the device includes:

   A template list acquisition module, configured to respond to the second user's triggering behavior, acquire a previously configured template list of the site where the second user is located, and display the template list;

   A target network configuration template determination module, configured to determine the target network configuration template selected by the second user from the template list;

   A network configuration page display module, configured to generate a network configuration page based on the target network configuration template and display the network configuration page;

   A network configuration information determination module, configured to determine network configuration information in response to the second user's operation on the network configuration page, where the network configuration information at least includes a starting IP address, and the starting IP address is used for Determine a set of IP addresses when generating a network configuration plan, and each IP address in the set of IP addresses is used to replace the corresponding IP address number;

   A network configuration plan generation module is configured to generate a network configuration plan according to the target network configuration template and the network configuration information.
9. An electronic device including:

   at least one processor; and

   a memory communicatively connected to the at least one processor; wherein,

   The memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor, so that the at least one processor can execute any one of claims 1-6 the method described.
10. A computer-readable storage medium stores computer instructions, and the computer instructions are used to implement the method of any one of claims 1-6 when executed by a processor.

Images