CN101022367A - Network management method and system - Google Patents
Network management method and system Download PDFInfo
- Publication number
- CN101022367A CN101022367A CN 200710090915 CN200710090915A CN101022367A CN 101022367 A CN101022367 A CN 101022367A CN 200710090915 CN200710090915 CN 200710090915 CN 200710090915 A CN200710090915 A CN 200710090915A CN 101022367 A CN101022367 A CN 101022367A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- configuration information
- equipment
- information
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method for managing network includes carrying out audit and analysis on abnormal warning journal information reported from low-level network device by up-level network device and then coordinating configuration of low-level network device based on result of said audit and analysis. The network management system used for realizing said method is also disclosed.
Description
Technical field
The present invention relates to network communications technology field, especially refer to a kind of method and system of multi-stage distributed network management.
Background technology
Along with computer network popularizing and deeply in the whole world, computer networking technology is constantly popularized in all trades and professions, yet, along with the complexity of expansion of network scales and network configuration constantly increases, traditional centralized network ma nagement system has run into unprecedented severe challenge.Traditional centralized management mode is a central system of setting up a whole network of management, the management of management, network device management and the network application of the host computer system of responsible the whole network.Be distributed in the network equipment of various places if fault is all unified to transfer to the keeper of network management center and handled, all information all are stored in the same database that is arranged in network center.Because any management information is all sent to network management center and is handled, and might facilitate network congestion, makes network management center become bottleneck.Simultaneously, the operation conditions of whole network is responsible in centralized management, be difficult to the running status of multistage topological network is effectively monitored, abnormality alarming information in the subordinate equipment running can't report step by step, finally audit and analyze, lack undernet management implementation supervision, instruct, the means of cooperation by network management center.
Now, the management of a large scale network no longer has been to adopt traditional centralized management structure to finish, the one, because management work can't be finished by a people or an automatic management entity; The 2nd, because adopt centralized management meeting to cause unnecessary burden, for example: from a node a large amount of managed objects is managed the transmission burden that information extraction can cause network, be easy to generate the transmission bottleneck problem to network.Therefore, be necessary management work is distributed to and carry out distribution process in the whole system, so the appearance based on the distributed management system of hierarchical mode has just been arranged.
Prior art is based on the distributed management system of hierarchical mode, as shown in Figure 1, according to network topology structure or hierarchical management relation, the role of allocation manager system finishes the deployment of management system, with the three layer model is example, with MS (Management Station, management station) is divided into HMS (Higher-LevelManagement Station, the tension management station), MMS (Middle-Level Management Station, the middle management station) and LMS (Lower-Level Management Station, management station of lower floor).Management station is actually a finger daemon in the network equipment, and this process is stored in the network equipment of each layer, and HMS manages MMS, and MMS manages LMS.HMS will transfer to each MMS to the administration authority of LMS, carry out direct management to LMS by MMS, thereby alleviate the administrative burden of HMS.But because HMS will be distributed to each MMS to the administrative power of LMS, HMS can't recognize the operating state of LMS, make HMS effectively not collect to the abnormal information of LMS, also just can't effectively audit and analyze, thereby cause HMS effectively to instruct and cooperate the configuration of LMS.
Summary of the invention
The problem to be solved in the present invention provides a kind of method and system of network device management, can't effectively instruct and cooperate the configuration of undernet equipment to solve in the prior art higher level's network equipment, and higher level's network equipment can't carry out the problem of effective audit and analysis to the abnormal information of undernet equipment.
For reaching above-mentioned purpose, the invention provides a kind of method of network management, be used for the management of multi-stage distributed network, may further comprise the steps:
Undernet equipment sends reporting information by mid-level network equipment to higher level's network equipment;
Described higher level's network equipment is provided with configuration information according to described reporting information, and utilizes described configuration information that undernet equipment is managed.
Described undernet equipment sends reporting information by mid-level network equipment to higher level's network equipment, specifically comprises:
Described undernet equipment sends to described mid-level network equipment with described reporting information;
Described mid-level network equipment is forwarded to described higher level's network equipment with described reporting information.
After described undernet equipment sends to mid-level network equipment with reporting information, also comprise: described mid-level network equipment judges whether described reporting information needs to continue to report, if need continue to report, then described mid-level network equipment is forwarded to described higher level's network equipment with described reporting information; If do not need to continue to report, then described mid-level network equipment is provided with configuration information according to described reporting information, and utilizes described configuration information that undernet equipment is managed.
The destination address of the described reporting information of described mid-level network device parses, and described destination address compared with the sign of higher level's network equipment, if described destination address is consistent with the sign of described higher level's network equipment, then need described reporting information is continued to report; If the sign of described destination address and described higher level's network equipment is inconsistent, then do not need described reporting information is continued to report.
Described higher level's network equipment is provided with configuration information according to described reporting information, specifically comprises:
Described higher level's network equipment is forwarded to log analysis and audit server with the reporting information that receives;
Described log analysis and audit server are audited to described reporting information and are analyzed;
Described higher level's network equipment is provided with the configuration information that described undernet equipment is managed according to audit and analysis result.
Described higher level's network equipment utilizes configuration information that described undernet equipment is managed, and comprising:
Described higher level's network equipment issues configuration information by mid-level network equipment to described undernet equipment;
Described undernet equipment receives configuration information, and carries out relevant configuration according to described configuration information.
Described higher level's network equipment issues configuration information by mid-level network equipment to subordinate's network equipment, specifically comprises:
Described higher level's network equipment sends to described mid-level network equipment with described configuration information;
Described mid-level network equipment is forwarded to described undernet equipment with described configuration information.
Described higher level's network equipment sends to described configuration information after the described mid-level network equipment, also comprise: described mid-level network equipment judges whether and need proceed to issue to described configuration information, if need continue to issue, then described mid-level network equipment is forwarded to described undernet equipment with described configuration information; If do not need to continue to issue, then described mid-level network equipment carries out relevant configuration according to described configuration information.
The destination address of the described configuration information of described mid-level network device parses, and described destination address compared with the undernet equipment mark, if described destination address is consistent with described undernet equipment mark, then need described configuration information is continued to issue; If described destination address and described undernet equipment mark are inconsistent, then do not need described configuration information is continued to issue.
Described higher level's network equipment issues configuration information by mid-level network equipment to subordinate's network equipment, also comprises: the mid-level network equipment that be positioned at the identical network level, has identical configuration information and a management strategy is set to a management group.
Described management group is stored the IP address information of the network equipment in the described management group with the form of chained list.
Described higher level's network equipment issues configuration information by described management group to subordinate's network equipment, specifically comprises:
The network equipment of described higher level's network equipment in described management group sends described configuration information;
The network equipment in the described management group is forwarded to described undernet equipment with described configuration information.
The network equipment of described higher level's network equipment in the management group sends after the configuration information, also comprise: the network equipment in the described management group judges whether and need proceed to issue to described configuration information, if need continue to issue, the network equipment in the then described management group sends to described undernet equipment with described configuration information; If do not need to continue to issue, the network equipment in the then described management group carries out relevant configuration according to described configuration information.
The network equipment in the described management group passes through to resolve the destination address of described configuration information, and compares with the undernet equipment mark, if described destination address is consistent with described undernet equipment mark, then needs described configuration information is continued to issue; If described destination address and described undernet equipment mark are inconsistent, then do not need described configuration information is continued to issue.
Before the network equipment of described higher level's network equipment in the management group sends configuration information, also comprise:
Described higher level's network equipment carries out legitimacy to described management group and judges;
Carry out authentication between the network equipment in described higher level's network equipment and the described management group.
Described mid-level network equipment is multilayer.
Described reporting information is an abnormality alarming information.
The present invention also provides a kind of higher level's network equipment, comprising: the unit is set for reporting information receiving element, configuration information and configuration information issues the unit,
Described reporting information receiving element is used to receive described reporting information;
Described configuration information is provided with the unit, connects described reporting information receiving element, is used for according to described reporting information configuration information being set;
Described configuration information issues the unit, connects described configuration information the unit is set, and is used for described configuration information is issued.
Described higher level's network equipment comprises that also the management group is provided with the unit, connects described configuration information and issues the unit, is used for being provided with according to described configuration information the management group of mid-level network equipment.
Described higher level's network equipment also comprises management group judging unit, connects that described management group is provided with the unit and described configuration information issues the unit, is used for configuration information judging the legitimacy of described management group before the management group issues; And/or the authentication unit, connect described configuration information and issue the unit, before being used for configuration information issued, the network equipment that receives described configuration information is carried out authentication.
The present invention also provides a kind of mid-level network equipment, comprising: information receiving unit and information retransmission unit,
Described information receiving unit is used to receive the configuration information of higher level's network equipment and/or the reporting information of undernet equipment;
Described information retransmission unit connects described information receiving unit, is used for configuration information with described higher level's network equipment and is forwarded to described undernet equipment and/or the reporting information of undernet equipment is forwarded to described higher level's network equipment.
Described mid-level network equipment also comprises the information judging unit, connects described information retransmission unit, is used to judge whether and need transmits described configuration information and/or reporting information; And/or authentication unit, connect described information receiving unit and described information retransmission unit, be used for before receiving described configuration information higher level's network equipment carried out authentication and/or before transmitting described configuration information, undernet equipment carried out authentication.
The present invention also provides a kind of undernet equipment, comprising: reporting information transmitting element and configuration information receiving element,
Described reporting information transmitting element is used to send described reporting information;
Described configuration information receiving element is used to receive described configuration information.
Described undernet equipment also comprises the authentication unit, connects described configuration information receiving element, is used to receive before the described configuration information, and the network equipment that sends described configuration information is carried out authentication.
The present invention also provides a kind of system of network management, comprising: higher level's network equipment, mid-level network equipment and undernet equipment,
Described higher level's network equipment is used to receive reporting information, according to described reporting information configuration information is set, and utilizes described configuration information that undernet equipment is managed;
Described mid-level network equipment connects described higher level's network equipment, is used for the reporting information of described undernet equipment is forwarded to described higher level's network equipment, and the configuration information of described higher level's network equipment is forwarded to described undernet equipment;
Described undernet equipment connects described mid-level network equipment, is used to send described reporting information, and receives described configuration information, carries out relevant configuration according to described configuration information.
The present invention can be according to the variation of networking operational environment, and the undernet equipment disposition is effectively instructed and cooperates, and guarantees that network normally moves with optimal performance; And, make higher level equipment effectively to audit and to analyze to all undernet unit exception log informations by reporting the abnormality alarming daily record step by step.
Description of drawings
Fig. 1 is the structural representation of hierarchical mode in the prior art;
Fig. 2 is the flow chart of a kind of network management of the embodiment of the invention;
Fig. 3 is the flow chart of state information report in the embodiment of the invention one;
Fig. 4 is the flow chart that configuration information issues in the embodiment of the invention two;
Fig. 5 is the flow chart that configuration information issues in the embodiment of the invention three;
Fig. 6 is the flow chart that abnormality alarming information reports in the embodiment of the invention four;
Fig. 7 is the flow chart that configuration information issues in the embodiment of the invention five;
Fig. 8 is the schematic diagram that the management group is set in the embodiment of the invention six;
Fig. 9 is the schematic diagram of a kind of network management system of the embodiment of the invention.
Embodiment
Embodiments of the invention are based on the hierarchical mode framework, undernet equipment sends to higher level's network equipment with reporting information, higher level's network equipment is according to carrying out exchanges data between the reporting information that receives and daily record audit and the Analysis server, the configuration information that undernet equipment is managed is set, and this configuration information is issued to undernet equipment in order to carry out.The hierarchical mode framework of the embodiment of the invention can expand to multilayer, be that mid-level network equipment can carry out cascade again, divide different network layers, concrete condition will be decided on concrete network environment, but the method for sending and receiving of configuration information is constant between the superior and the subordinate's network equipment.
As shown in Figure 2, the flow chart for a kind of network device management method of the embodiment of the invention may further comprise the steps:
Step S201, undernet equipment sends reporting information by mid-level network equipment to higher level's network equipment.
Step S202, higher level's network equipment is provided with configuration information according to reporting information, and utilizes this configuration information that undernet equipment is managed.Log analysis and audit server are analyzed reporting information and are audited, and higher level's network equipment is provided with the configuration information that undernet equipment is managed according to the result who analyzes and audit; Higher level's network equipment receives configuration information by this configuration information is issued to undernet equipment by undernet equipment, and carries out relevant configuration according to this configuration information, realizes the management to undernet equipment.
Among the embodiment shown in Figure 2, the detailed process that undernet equipment sends reporting information to higher level's network equipment by mid-level network equipment may further comprise the steps as shown in Figure 3:
Step S301, undernet equipment sends to mid-level network equipment with reporting information.Undernet equipment can produce some reporting informations in the course of the work and need report to higher level's network equipment, and then undernet equipment sends to mid-level network equipment with this reporting information earlier.
Step S302, mid-level network equipment judge whether this reporting information needs to continue to report.After mid-level network equipment receives the reporting information of undernet equipment transmission, by resolving the destination address of this reporting information, and compare with the sign of higher level's network equipment, judging whether needs this reporting information is continued to report, if the destination address of the reporting information of resolving is consistent with the sign of higher level's network equipment, then mid-level network equipment needs this reporting information is continued to send to higher level's network equipment; If the sign of the destination address of the reporting information of resolving and higher level's network equipment is inconsistent, illustrate that then this reporting information does not report higher level's network equipment, by mid-level network equipment this reporting information is analyzed, and mid-level network equipment is set to the configuration information that undernet equipment manages according to this reporting information, utilize this configuration information to realize of the management of mid-level network equipment to undernet equipment.
Step S303, if need continue to report, then mid-level network equipment sends to higher level's network equipment with this reporting information.Mid-level network equipment directly sends to higher level's network equipment with this reporting information, also can encapsulate again this reporting information earlier, re-sends to higher level's network equipment, to inform the definite source of this reporting information of higher level's network equipment.
Step S304, higher level's network equipment is forwarded to log analysis and audit server with the reporting information that receives, and log analysis and audit server are audited to this reporting information and are analyzed.This log analysis can be the independently server that links to each other with higher level's network equipment with audit server, be used for collecting and reporting information, and collected reporting information analyzed and audit, for higher level's network equipment suitable configuration information is set undernet equipment is managed; Certainly, also can be to be integrated in the functional module that is used for realizing log analysis and audit function in higher level's network equipment, be used for realizing and log analysis and the same function of audit server.
Among the embodiment shown in Figure 2, higher level's network equipment is forwarded to the process of undernet equipment by mid-level network equipment with configuration information, as shown in Figure 4, specifically may further comprise the steps:
Step S401, higher level's network equipment sends to mid-level network equipment with configuration information.Higher level's network equipment is provided with the configuration information that undernet equipment is managed, and this configuration information is sent to mid-level network equipment.Consideration for fail safe, higher level's network equipment is before sending to mid-level network equipment with configuration information, at first want and mid-level network equipment between carry out the card of recognizing each other of identity, higher level's network equipment authenticates the identity of the intermediate network equipment, equally, mid-level network equipment also will authenticate the identity of higher level's network equipment.
Step S402, mid-level network equipment judge whether and need proceed to issue to this configuration information.Comprise the destination address that this configuration information issues in the configuration information, after mid-level network equipment receives configuration information, by resolving the destination address of this configuration information, and compare with the undernet equipment mark, judging whether needs this configuration information is issued to undernet equipment, if the destination address of configuration information is consistent with the undernet equipment mark, then need configuration information is continued to issue; If the destination address and the undernet equipment mark of configuration information are inconsistent, then explanation does not need this configuration information is continued to issue, and mid-level network equipment carries out relevant configuration according to this configuration information.
Step S403, if need continue to issue, then mid-level network equipment sends to undernet equipment with this configuration information.
Step S404, undernet equipment receives this configuration information, and carries out relevant configuration according to this configuration information, in order to realize the management of higher level's network equipment to undernet equipment.
Among the embodiment shown in Figure 4, higher level's network equipment issues configuration information by mid-level network equipment to subordinate's network equipment, during many undernet equipment in needs are issued to identical configuration information many mid-level network equipment control scopes, division by the management group realizes, then can simplify the process that configuration information issues greatly, reduce the burden of higher level's network equipment, the specific implementation process may further comprise the steps as shown in Figure 5:
Step S501, higher level's network equipment is provided with the management group according to configuration information.The mid-level network equipment that higher level's network equipment is positioned at the identical network level, have identical configuration information and a management strategy is set to a management group, and the IP address information of the network equipment is stored in this management group with the form of chained list in should the management group.
Step S502, the higher level's network equipment network equipment in the management group sends configuration information.Higher level's network equipment sends configuration information according to the network equipment of IP address information in this management group of the network equipment in the management group.Consideration for fail safe, higher level's network equipment is before the network equipment in the management group sends configuration information, at first to carry out legitimacy and judge, judge whether whether this management group disposes, promptly should the management group exist in higher level's network equipment the management group of appointment; If exist, then higher level's network equipment continues the IP address link list of this management group correspondence is checked, whether the IP address link list of judging this management group is empty, if the IP address link list is empty, then illustrate in this management group and do not have the network equipment, then can directly finish issuing of configuration information, if the IP address link list is not empty, then higher level's network equipment is judged successfully the legitimacy of management group.
Step S503, the network equipment in the management group judge whether and need proceed to issue to this configuration information.Comprise the destination address that this configuration information issues in the configuration information, after the network equipment in the management group receives configuration information, by resolving the destination address of this configuration information, and compare with the undernet equipment mark, judging whether needs this configuration information is issued to undernet equipment, if the destination address of configuration information is consistent with the undernet equipment mark, then need configuration information is continued to issue; If the destination address and the undernet equipment mark of configuration information are inconsistent, then explanation does not need configuration information is continued to issue, and the network equipment in this management group carries out relevant configuration according to this configuration information.
Step S504, if need continue to issue, the network equipment in the then management group sends to undernet equipment with this configuration information.
Step S505, undernet equipment receives this configuration information, and carries out relevant configuration according to this configuration information.
Send among the embodiment of reporting information to higher level's network equipment by mid-level network equipment at undernet equipment shown in Figure 3, reporting abnormality alarming information with undernet equipment in the three layer model by mid-level network equipment is example, as shown in Figure 6, specifically may further comprise the steps:
Step S601, when the network equipment started, the log pattern in each equipment carried out the initialization of parameter.The all-network equipment that participates in multilevel distributed management all has the log pattern of oneself, be used for the abnormality alarming information that produces is handled accordingly, this processing comprises: according to abnormality alarming information structuring abnormality alarming daily record message, and this daily record message sent to mid-level network equipment.Log pattern initialization in each equipment receives the relevant abnormalities warning information to wait for.
Step S602, the network equipment of each grade specify the log server of corresponding higher level's network equipment for oneself.Comprise: undernet equipment is specified the log server of mid-level network equipment for oneself, the address of log server is the IP address of corresponding mid-level network equipment, it is the log server of oneself that mid-level network equipment is specified higher level's network equipment, the address of log server is the IP address of corresponding higher level's network equipment, higher level's network equipment connects a log analysis and audit server, and it is the log server of oneself that higher level's network equipment is specified this log analysis and audit server.
Step S603, undernet equipment can produce the abnormality alarming log information in the course of the work, and undernet equipment obtains this abnormality alarming log information, and according to this abnormality alarming log information, structural anomaly alarm log message.
Step S604, undernet equipment sends to corresponding log server with this abnormality alarming log information message, and this log server also is and the pairing mid-level network equipment of this undernet equipment.
Step S605, mid-level network equipment heavily encapsulate this message after receiving this abnormality alarming log information message, are forwarded to higher level's network equipment, and heavily Feng Zhuan purpose is in order to tell the definite source of this abnormality alarming log information message of higher level's network equipment.
After step S606, higher level's network equipment received this abnormality alarming daily record message, E-Packet log analysis and audit server were analyzed the abnormality alarming log information and are audited for log analysis and audit server.
The above process that the abnormality alarming log information is reported for undernet equipment, equally, when the intermediate network equipment produces the abnormality alarming log information in running after, mid-level network equipment obtains this abnormality alarming log information, according to this abnormality alarming log information, structural anomaly alarm log message, and this abnormality alarming log information message sent to higher level's network equipment, be forwarded to log analysis and audit server by higher level's network equipment again, confession log analysis and audit server are analyzed and are audited; When higher level's network equipment produces the abnormality alarming log information in running after, higher level's network equipment obtains this abnormality alarming log information, according to this abnormality alarming log information, structural anomaly alarm log message, and this abnormality alarming daily record message directly sent to log analysis and audit server, analyze and audit for log analysis and audit server.
Higher level's network equipment is according to receiving the abnormality alarming information setting configuration information of undernet equipment in the three layer model, and by mid-level network equipment with the process that the form of management group issues to subordinate's network equipment, as shown in Figure 7, specifically may further comprise the steps:
Step S701, mid-level network equipment is opened listening port by command configuration, and waits for that higher level equipment issues the connection request of configuration information.
Step S702, the management group of higher level's network equipments configuration mid-level network equipment is set up the corresponding relation between higher level's network equipment and the mid-level network equipment, is used to specify the range of management of higher level's network equipment to the intermediate network equipment.
Step S703, higher level's network equipment obtains configuration information content to be issued, and appointment waits to receive the management group of configuration information content, higher level's network equipment carries out legal row to the management group of appointment and judges, if the management group does not dispose in this higher level's network equipment as yet, i.e. management group does not exist, then direct process ends; Otherwise forward step S704 to.
Step S704, higher level's network equipment obtain the IP address link list of management group correspondence, and whether differentiate this IP address link list be empty, if the IP address link list is empty, illustrating in this management group does not have configure network devices, and member that promptly should the management group is empty, then direct process ends; Otherwise forward step S705 to.
Step S705, the higher level's network equipment mid-level network equipment in the management group sends configuration data and issues connection request, comprises the identify label of higher level's network equipment in this solicited message.
Step S706, the mid-level network equipment in the management group receive after configuration data issues connection request message, parse the identify label of higher level's network equipment from this message packet, and validity checking is carried out in this identify label, judge whether this identify label is legal; If identity is illegal, i.e. the identify label of this higher level's network equipment does not conform to higher level's network equipment sign of mid-level network equipment appointment, then directly refuses connection request, abandons message packet; If identity is legal, i.e. the identify label of this higher level's network equipment is consistent with higher level's network equipment sign of mid-level network equipment appointment, then forwards step S707 to.
Step S707, mid-level network equipment are to higher level's network equipment echo reply message, and promptly configuration data receives connection request message, comprises the identify label of mid-level network equipment in this message packet.
After step S708, higher level's network equipment receive the response message that mid-level network equipment returns, parse the identify label of mid-level network equipment, validity checking is carried out in this identify label, judge whether this identify label is legal; If identity is illegal, promptly this mid-level network equipment mark does not conform to the mid-level network device identification that higher level's network equipment is managed, and then directly refuses connection request, abandons message packet; If identity is legal, promptly this mid-level network equipment mark is consistent with the mid-level network device identification that higher level's network equipment is managed, then agree the request of connecting, and between higher level's network equipment and mid-level network equipment, set up the passage of transfer of data, prepare to carry out transfer of data.
Step S709, the higher level's network equipment mid-level network equipment in the management group issues configuration information; The data of the mid-level network device transmission configuration information of data transmission channel in the management group of setting up before higher level's network equipment passes through.
Step S710, mid-level network equipment receives configuration information, and carries out relevant configuration according to this configuration information, and after having disposed, mid-level network equipment turns back to step S701, continues to open listening port, and waits for that higher level's network equipment issues the connection request of configuration information.
If mid-level network equipment receives the configuration information of higher level's network equipment, need to continue this configuration information is sent to subordinate's network equipment, then according to the destination network device address of appointment in the configuration information, undernet device forwards to appointment, receive this configuration information by undernet equipment, and carry out relevant configuration according to this configuration information.
In the above-mentioned method, the configuration structure of management group, as shown in Figure 8, higher level's network device management mid-level network equipment 1, mid-level network equipment 2 and mid-level network equipment 3, mid-level network equipment 2 management undernet equipment 1 and undernet equipment 2, mid-level network equipment 3 management undernet equipment 3 and undernet equipment 4.For example: higher level's network equipment is learnt from the reporting information of undernet equipment 2, undernet equipment 2 has the record of visit heresy website, then higher level's network equipment is provided with a configuration information that shields all undernet device access heresy websites according to this reporting information, and then higher level's network equipment need issue the configuration information of all undernet device access heresy websites of identical shielding to subordinate's network equipment 1, undernet equipment 2, undernet equipment 3, undernet equipment 4.According to the corresponding relation between the superior and the subordinate's network equipment, learn that those undernet equipment are respectively by mid-level network equipment 2 and 3 management of mid-level network equipment; Then higher level's network equipment is arranged on mid-level network equipment 2 and mid-level network equipment 3 in the management group 1, and higher level's network equipment is issued to mid-level network equipment 2 and mid-level network equipment 3 in the management group 1 with configuration information; Mid-level network equipment 2 is forwarded to undernet equipment 1 and undernet equipment 2 with this configuration information then, and mid-level network equipment 3 is forwarded to undernet equipment 3 and undernet equipment 4 with this configuration information.It is to be noted, the management group is dynamic a division, same mid-level network equipment can be present in a plurality of different management groups simultaneously, this management group is to divide according to the reception object of configuration information, if a mid-level network equipment need receive a plurality of different configuration informations, this mid-level network equipment will be divided in a plurality of different management groups so, realize the forwarding of different configuration informations.
Embodiments of the invention also provide a kind of system of network management, as shown in Figure 9, comprising: higher level's network equipment 100, mid-level network equipment 200 and undernet equipment 300.Wherein, higher level's network equipment 100 is used to receive the reporting information of undernet equipment, and according to reporting information configuration information is set and is issued to undernet equipment, and utilizes this configuration information that undernet equipment is managed; Mid-level network equipment 200 connects higher level's network equipment 100, is used for the reporting information of undernet equipment is forwarded to higher level's network equipment, and the configuration information that higher level's network equipment manages undernet equipment is forwarded to undernet equipment; Undernet equipment 300, connect mid-level network equipment 200, be used for sending reporting information to higher level's network equipment, and receive the configuration information that higher level's network equipment manages undernet equipment, carry out relevant configuration according to this configuration information by mid-level network equipment.
Higher level's network equipment 100 comprises: unit 102 is set for reporting information receiving element 101, configuration information and configuration information issues unit 103, the management group is provided with unit 104, management group judging unit 105 and authentication unit 106.Reporting information receiving element 101 is used to receive the reporting information of undernet equipment, and this reporting information is that undernet equipment reports higher level's network equipment by mid-level network equipment; Configuration information is provided with unit 102, connect reporting information receiving element 101, be used for configuration information being set according to reporting information, for example: higher level's network equipment receives the reporting information that undernet equipment has visit heresy website records, then according to this reporting information a firewall rule to undernet equipment being set is configuration information, is used to stop undernet device access heresy website; Configuration information issues unit 103, connects configuration information unit 102 is set, and is used for higher level's network equipment is issued the configuration information that undernet equipment manages, and this configuration information is that higher level's network equipment arrives undernet equipment by the mid-level network device forwards; The management group is provided with unit 104, connect configuration information and issue unit 103, be used for being provided with the management group of mid-level network equipment according to configuration information, the mid-level network equipment that higher level's network equipment is positioned at the identical network level, have identical configuration information and a management strategy is set to a management group, and the IP address information of the network equipment is stored in this management group with the form of chained list in should the management group; Management group judging unit 105, unit 104 is set the connection management group and configuration information issues unit 103, be used for configuration information before the management group issues, judge the legitimacy of management group, comprising: judge whether the management group exists and judge whether the IP address link list in the management group is empty; Authentication unit 106 connects configuration information and issues unit 103, before being used for configuration information issued, the mid-level network equipment that receives this configuration information is carried out authentication, has only the authentication success just configuration information can be issued.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (25)
1, a kind of method of network management is used for the management of multi-stage distributed network, it is characterized in that, may further comprise the steps:
Undernet equipment sends reporting information by mid-level network equipment to higher level's network equipment;
Described higher level's network equipment is provided with configuration information according to described reporting information, and utilizes described configuration information that undernet equipment is managed.
2, the method for network management according to claim 1 is characterized in that, described undernet equipment sends reporting information by mid-level network equipment to higher level's network equipment, specifically comprises:
Described undernet equipment sends to described mid-level network equipment with described reporting information;
Described mid-level network equipment is forwarded to described higher level's network equipment with described reporting information.
3, as the method for network management as described in the claim 2, it is characterized in that, after described undernet equipment sends to mid-level network equipment with reporting information, also comprise: described mid-level network equipment judges whether described reporting information needs to continue to report, if need continue to report, then described mid-level network equipment is forwarded to described higher level's network equipment with described reporting information; If do not need to continue to report, then described mid-level network equipment is provided with configuration information according to described reporting information, and utilizes described configuration information that undernet equipment is managed.
4, as the method for network management as described in the claim 3, it is characterized in that, the destination address of the described reporting information of described mid-level network device parses, and described destination address compared with the sign of higher level's network equipment, if described destination address is consistent with the sign of described higher level's network equipment, then need described reporting information is continued to report; If the sign of described destination address and described higher level's network equipment is inconsistent, then do not need described reporting information is continued to report.
5, the method for network management according to claim 1 is characterized in that described higher level's network equipment is provided with configuration information according to described reporting information, specifically comprises:
Described higher level's network equipment is forwarded to log analysis and audit server with the reporting information that receives;
Described log analysis and audit server are audited to described reporting information and are analyzed;
Described higher level's network equipment is provided with the configuration information that described undernet equipment is managed according to audit and analysis result.
6, the method for network management according to claim 1 is characterized in that described higher level's network equipment utilizes configuration information that described undernet equipment is managed, and comprising:
Described higher level's network equipment issues configuration information by mid-level network equipment to described undernet equipment;
Described undernet equipment receives configuration information, and carries out relevant configuration according to described configuration information.
7, as the method for network management as described in the claim 6, it is characterized in that described higher level's network equipment issues configuration information by mid-level network equipment to subordinate's network equipment, specifically comprises:
Described higher level's network equipment sends to described mid-level network equipment with described configuration information;
Described mid-level network equipment is forwarded to described undernet equipment with described configuration information.
8, as the method for network management as described in the claim 7, it is characterized in that, described higher level's network equipment sends to described configuration information after the described mid-level network equipment, also comprise: described mid-level network equipment judges whether and need proceed to issue to described configuration information, if need continue to issue, then described mid-level network equipment is forwarded to described undernet equipment with described configuration information; If do not need to continue to issue, then described mid-level network equipment carries out relevant configuration according to described configuration information.
9, as the method for network management as described in the claim 8, it is characterized in that, the destination address of the described configuration information of described mid-level network device parses, and described destination address compared with the undernet equipment mark, if described destination address is consistent with described undernet equipment mark, then need described configuration information is continued to issue; If described destination address and described undernet equipment mark are inconsistent, then do not need described configuration information is continued to issue.
10, as the method for network management as described in the claim 6, it is characterized in that, described higher level's network equipment issues configuration information by mid-level network equipment to subordinate's network equipment, also comprises: the mid-level network equipment that be positioned at the identical network level, has identical configuration information and a management strategy is set to a management group.
11, as the method for network management as described in the claim 10, it is characterized in that described management group is stored the IP address information of the network equipment in the described management group with the form of chained list.
12, as the method for network management as described in the claim 10, it is characterized in that described higher level's network equipment issues configuration information by described management group to subordinate's network equipment, specifically comprises:
The network equipment of described higher level's network equipment in described management group sends described configuration information;
The network equipment in the described management group is forwarded to described undernet equipment with described configuration information.
13, as the method for network management as described in the claim 12, it is characterized in that, the network equipment of described higher level's network equipment in the management group sends after the configuration information, also comprise: the network equipment in the described management group judges whether and need proceed to issue to described configuration information, if need continue to issue, the network equipment in the then described management group sends to described undernet equipment with described configuration information; If do not need to continue to issue, the network equipment in the then described management group carries out relevant configuration according to described configuration information.
14, as the method for network management as described in the claim 13, it is characterized in that, the network equipment in the described management group is by resolving the destination address of described configuration information, and compare with the undernet equipment mark, if described destination address is consistent with described undernet equipment mark, then need described configuration information is continued to issue; If described destination address and described undernet equipment mark are inconsistent, then do not need described configuration information is continued to issue.
15, as the method for network management as described in the claim 12, it is characterized in that, before the network equipment of described higher level's network equipment in the management group sends configuration information, also comprise:
Described higher level's network equipment carries out legitimacy to described management group and judges;
Carry out authentication between the network equipment in described higher level's network equipment and the described management group.
16, the method for network management according to claim 1 is characterized in that described mid-level network equipment is sandwich construction.
17, as the method for network management as described in each in the claim 1 to 16, it is characterized in that described reporting information is an abnormality alarming information.
18, a kind of higher level's network equipment is characterized in that, comprising: the unit is set for reporting information receiving element, configuration information and configuration information issues the unit,
Described reporting information receiving element is used to receive described reporting information;
Described configuration information is provided with the unit, connects described reporting information receiving element, is used for according to described reporting information configuration information being set;
Described configuration information issues the unit, connects described configuration information the unit is set, and is used for described configuration information is issued.
19, as higher level's network equipment as described in the claim 18, it is characterized in that described higher level's network equipment comprises that also the management group is provided with the unit, connects described configuration information and issues the unit, is used for being provided with according to described configuration information the management group of mid-level network equipment.
20, as higher level's network equipment as described in the claim 19, it is characterized in that, described higher level's network equipment also comprises management group judging unit, connect that described management group is provided with the unit and described configuration information issues the unit, be used for configuration information before the management group issues, judging the legitimacy of described management group; And/or the authentication unit, connect described configuration information and issue the unit, before being used for configuration information issued, the network equipment that receives described configuration information is carried out authentication.
21, a kind of mid-level network equipment is characterized in that, comprising: information receiving unit and information retransmission unit,
Described information receiving unit is used to receive the configuration information of higher level's network equipment and/or the reporting information of undernet equipment;
Described information retransmission unit connects described information receiving unit, is used for configuration information with described higher level's network equipment and is forwarded to described undernet equipment and/or the reporting information of undernet equipment is forwarded to described higher level's network equipment.
22, as mid-level network equipment as described in the claim 21, it is characterized in that described mid-level network equipment also comprises the information judging unit, connect described information retransmission unit, be used to judge whether and transmit described configuration information and/or reporting information; And/or authentication unit, connect described information receiving unit and described information retransmission unit, be used for before receiving described configuration information higher level's network equipment carried out authentication and/or before transmitting described configuration information, undernet equipment carried out authentication.
23, a kind of undernet equipment is characterized in that, comprising: reporting information transmitting element and configuration information receiving element,
Described reporting information transmitting element is used to send described reporting information;
Described configuration information receiving element is used to receive described configuration information.
24, as undernet equipment as described in the claim 23, it is characterized in that described undernet equipment also comprises the authentication unit, connect described configuration information receiving element, be used to receive before the described configuration information, the network equipment that sends described configuration information is carried out authentication.
25, a kind of system of network management is characterized in that, comprising: higher level's network equipment, mid-level network equipment and undernet equipment,
Described higher level's network equipment is used to receive reporting information, according to described reporting information configuration information is set, and utilizes described configuration information that undernet equipment is managed;
Described mid-level network equipment connects described higher level's network equipment, is used for the reporting information of described undernet equipment is forwarded to described higher level's network equipment, and the configuration information of described higher level's network equipment is forwarded to described undernet equipment;
Described undernet equipment connects described mid-level network equipment, is used to send described reporting information, and receives described configuration information, carries out relevant configuration according to described configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710090915 CN101022367A (en) | 2007-03-27 | 2007-03-27 | Network management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710090915 CN101022367A (en) | 2007-03-27 | 2007-03-27 | Network management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101022367A true CN101022367A (en) | 2007-08-22 |
Family
ID=38710025
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710090915 Pending CN101022367A (en) | 2007-03-27 | 2007-03-27 | Network management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101022367A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340309B (en) * | 2008-08-14 | 2011-02-16 | 杭州立地信息技术有限公司 | Pass-through channel type full-process network management system |
| CN102307111A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | Log distribution acquisition analysis method and system thereof |
| CN102497280A (en) * | 2011-11-14 | 2012-06-13 | 浪潮(北京)电子信息产业有限公司 | Distributed system and method thereof for realizing management |
| CN102843255A (en) * | 2011-06-24 | 2012-12-26 | 中国移动通信集团公司 | Peer-to-peer based network management method and proxy selection server |
| CN102984220A (en) * | 2012-11-13 | 2013-03-20 | 北京空间飞行器总体设计部 | Burst data downloading communication method for spacecraft multilevel subnets |
| CN105162835A (en) * | 2015-07-29 | 2015-12-16 | 国电南瑞科技股份有限公司 | Service registration framework and method of power grid dispatching automation system |
| CN106301956A (en) * | 2016-09-27 | 2017-01-04 | 北京交通大学 | A kind of network equipments configuration management method based on NETCONF |
| CN108600004A (en) * | 2018-04-23 | 2018-09-28 | 北京奇艺世纪科技有限公司 | A kind of video server configuring management method and system |
| CN109150664A (en) * | 2018-09-21 | 2019-01-04 | 华迪计算机集团有限公司 | The method and system that the facility information of a kind of pair of support business private network is handled |
| CN111162929A (en) * | 2019-12-04 | 2020-05-15 | 杭州迪普科技股份有限公司 | Hierarchical management method and system |
| CN114070623A (en) * | 2021-11-16 | 2022-02-18 | 杭州智航云安全技术有限公司 | Method for distribution control and result synchronization of multi-stage linkage analysis model |
-
2007
- 2007-03-27 CN CN 200710090915 patent/CN101022367A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340309B (en) * | 2008-08-14 | 2011-02-16 | 杭州立地信息技术有限公司 | Pass-through channel type full-process network management system |
| CN102843255B (en) * | 2011-06-24 | 2015-03-11 | 中国移动通信集团公司 | Peer-to-peer based network management method and proxy selection server |
| CN102843255A (en) * | 2011-06-24 | 2012-12-26 | 中国移动通信集团公司 | Peer-to-peer based network management method and proxy selection server |
| WO2012175006A1 (en) * | 2011-06-24 | 2012-12-27 | 中国移动通信集团公司 | Network management method and proxy selection server based on peer to peer |
| CN102307111A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | Log distribution acquisition analysis method and system thereof |
| CN102497280A (en) * | 2011-11-14 | 2012-06-13 | 浪潮(北京)电子信息产业有限公司 | Distributed system and method thereof for realizing management |
| CN102497280B (en) * | 2011-11-14 | 2014-07-30 | 浪潮(北京)电子信息产业有限公司 | Distributed system and method thereof for realizing management |
| CN102984220B (en) * | 2012-11-13 | 2015-04-15 | 北京空间飞行器总体设计部 | Burst data downloading communication method for spacecraft multilevel subnets |
| CN102984220A (en) * | 2012-11-13 | 2013-03-20 | 北京空间飞行器总体设计部 | Burst data downloading communication method for spacecraft multilevel subnets |
| CN105162835A (en) * | 2015-07-29 | 2015-12-16 | 国电南瑞科技股份有限公司 | Service registration framework and method of power grid dispatching automation system |
| CN105162835B (en) * | 2015-07-29 | 2018-10-09 | 国电南瑞科技股份有限公司 | The service registration framework and method of automation system for the power network dispatching |
| CN106301956A (en) * | 2016-09-27 | 2017-01-04 | 北京交通大学 | A kind of network equipments configuration management method based on NETCONF |
| CN106301956B (en) * | 2016-09-27 | 2019-05-07 | 北京交通大学 | A kind of network equipments configuration management method based on NETCONF |
| CN108600004A (en) * | 2018-04-23 | 2018-09-28 | 北京奇艺世纪科技有限公司 | A kind of video server configuring management method and system |
| CN109150664A (en) * | 2018-09-21 | 2019-01-04 | 华迪计算机集团有限公司 | The method and system that the facility information of a kind of pair of support business private network is handled |
| CN111162929A (en) * | 2019-12-04 | 2020-05-15 | 杭州迪普科技股份有限公司 | Hierarchical management method and system |
| CN111162929B (en) * | 2019-12-04 | 2022-11-01 | 杭州迪普科技股份有限公司 | Hierarchical management method and system |
| CN114070623A (en) * | 2021-11-16 | 2022-02-18 | 杭州智航云安全技术有限公司 | Method for distribution control and result synchronization of multi-stage linkage analysis model |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101022367A (en) | Network management method and system | |
| US10230588B2 (en) | Dynamically deployable self configuring distributed network management system using a trust domain specification to authorize execution of network collection software on hardware components | |
| CN102420765B (en) | Method and device for determining physical link between switchboard and terminal | |
| US8848522B2 (en) | Telecommunications system and server apparatus | |
| WO2019228400A1 (en) | Data processing system and method | |
| CN110366276A (en) | Serviceization framework base station | |
| CN104135378A (en) | Method of management control of Internet of Things gateways and management control entity for Internet of Things gateways | |
| CN109936480A (en) | Method for discovering network topology and device, storage medium and electronic equipment | |
| CN103796343B (en) | M2M gateway devices and its application process | |
| CN103312532A (en) | Method and system for automatically removing fault of IOT (Internet of Things) gateway | |
| CN112468592A (en) | Terminal online state detection method and system based on electric power information acquisition | |
| US10554497B2 (en) | Method for the exchange of data between nodes of a server cluster, and server cluster implementing said method | |
| CN102006202A (en) | Router identification collision detection method and router | |
| WO2010131482A1 (en) | Database device, database matching system, and database matching method | |
| Wang et al. | Topology poisoning attacks and countermeasures in SDN-enabled vehicular networks | |
| CN103401791A (en) | Method and equipment for identifying boundary port | |
| CN101399673B (en) | Micro TCA system, Micro TCA system management method | |
| CN116228195A (en) | Data processing method, device, equipment and storage medium suitable for worksheets | |
| CN106332142A (en) | Network access configuration method and control side | |
| CN106878378A (en) | Scatterplot processing method in network service management | |
| CN113328996A (en) | Intelligent security policy configuration method based on target perception | |
| CN109560962A (en) | A kind of multinode collecting method of monocycle net type SCADA system | |
| CN109412862A (en) | A kind of multinode collecting method of looped network type SCADA system | |
| CN111817889A (en) | Method for positioning connection error of process layer port of intelligent substation | |
| CN114978855B (en) | Cross-domain data exchange method based on multi-level organization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20070822 |