CN101043453A - Method and apparatus for gathering and analyzing flux - Google Patents
Method and apparatus for gathering and analyzing flux Download PDFInfo
- Publication number
- CN101043453A CN101043453A CNA200710087459XA CN200710087459A CN101043453A CN 101043453 A CN101043453 A CN 101043453A CN A200710087459X A CNA200710087459X A CN A200710087459XA CN 200710087459 A CN200710087459 A CN 200710087459A CN 101043453 A CN101043453 A CN 101043453A
- Authority
- CN
- China
- Prior art keywords
- stream packet
- bgp
- net stream
- analysis
- bgp routing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The provided collecting and analyzing method for network flow comprises: learning BGP route message, collecting network flow message; looking up the corresponding BGP route for current flow from learnt BGP route message, and comparing this BGP route with the network flow message; if the message contains the BGP route message, calculating the message. The relative device comprises a learning module, a collecting module, and a analyzing module. This invention simplifies the analysis, and overcomes defects in current technology.
Description
Technical field
The present invention relates to field of network communication, the method and apparatus of particularly a kind of flow collection and analysis.
Background technology
At IP (Internet Protocol, Internet Protocol)/MPLS (Multi-Protocl Label Switching, the multi protocol label exchange) in the network, when the client need check from an AS (Autonomous System, autonomous system) jumps the flow of AS to next, when perhaps needing to understand the service traffics information between the AS different in the identical group attribute, need carry out statistics and analysis to network traffics based on routing iinformation.Prior art adopts increases BGP (Border GatewayProtocol in the net stream packet, Border Gateway Protocol) the routing property field identifies, and is analyzed according to this sign and is gathered the traffic characteristic that obtains AS-PATH (path) by upper wire flow analysis system.Referring to Fig. 1, three autonomous systems are arranged, AS100, AS200 and AS300 in the network, collector is by BR (Border Router, border router) gather the flow information of AS, and pass to analyzer, analyzer draws the AS flow information through adding up, analyzing and gather.Usually BR increases the AS sample pattern information in OPTION (option) message, when the AS sampling configuration is first kind of pattern, information such as the IP address of the source end AS of AS-PATH and terminal AS and port numbers have been carried in seven tuples of OPTION message, correspondingly, upper wire flow analysis system can obtain the flow information between source end AS and the terminal AS; When the AS sampling configuration is second kind of pattern, information such as the IP address of previous dive AS of the source end AS of AP-PATH and terminal AS and port numbers have been carried in seven tuples of OPTION message, correspondingly, upper wire flow analysis system can obtain the flow information between the previous dive AS of source end AS and terminal AS.
Because upper wire flow analysis system can't know the AS-PATH information in the network in advance, if obtain the flow information between any two AS among the AS-PATH, then need the BR of each AS among the AS-PATH is gathered flow, but also to from the net stream packet that collects, obtain the information of AS-PATH, and the net stream packet is done very complicated flow collection work by AS-PATH information, therefore above-mentioned prior art is to analysis ability, the statistical power of upper wire flow analysis system with gather ability etc. and require very high, and workload is very huge, is difficult for realizing.
Summary of the invention
In order to solve flow collection and the very high problem of analyzing upper wire flow analysis system of requirement in the prior art, the embodiment of the invention provides the method and apparatus of a kind of flow collection and analysis.
Described method comprises:
The study bgp routing information is gathered the net stream packet; In described bgp routing information, find and the corresponding BGP route of present flow rate, and described BGP route and the net stream packet that collects are compared,, then calculate described net stream packet if described net stream packet comprises the information in the described BGP route.
Described device comprises:
Study module is used to learn bgp routing information;
Acquisition module is used to gather the net stream packet;
Analysis module, be used for finding and the corresponding BGP route of present flow rate at the bgp routing information that described study module is learnt, and the net stream packet that described BGP route and described acquisition module collect compared, if described net stream packet comprises the information in the described BGP route, then calculate described net stream packet.
The embodiment of the invention can count the traffic characteristic (as every on AS-PATH flow) based on the BGP route easily, upper layer software (applications) need not remove to analyze bgp routing information at each net stream packet, but learn bgp routing information in advance, in the bgp routing information of learning in advance, match and the corresponding BGP route of present flow rate according to the flow analysis demand then, and the statistic flow as a result of comparing according to this BGP route and the net stream packet that collects, thereby simplified upper layer software (applications) by from the net stream packet, obtaining the mode of routing iinformation, added up complexity based on the process of BGP routing traffic.
Description of drawings
Fig. 1 is the schematic diagram of flow collection and analysis in the prior art;
Fig. 2 is the method flow diagram of embodiment of the invention flow collection and analysis;
Fig. 3 is an embodiment of the invention flow collection schematic diagram;
Fig. 4 is the structure drawing of device of embodiment of the invention flow collection and analysis.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.
The embodiment of the invention is learnt bgp routing information in advance by using collector, after matching corresponding bgp routing information, the analyzer search carries out traffic statistics, avoided upper layer software (applications) to gather the complexity of AS-PATH flow, pressed the flow between the bgp routing information statistics AS easily according to the segment routing iinformation in the net stream packet.
Referring to Fig. 2, the embodiment of the invention provides the method for a kind of flow collection and analysis, specifically may further comprise the steps:
Step 101: adopt and support the collector of BGP route learning ability to learn bgp routing information in advance, and as required collector is disposed, allow collector can collect net stream packet between corresponding AS by Routing Protocol; During deployment according to the collector performance can one the corresponding collector of BR, also can the corresponding collector of a plurality of BR;
Be meant by Routing Protocol study bgp routing information to enable the BGP Routing Protocol simultaneously on collector and BR, collector is learnt bgp routing information alternately by the BGP Routing Protocol;
Step 102: the bgp routing information that collector will be learnt is kept in the routing table; Comprise BGP routing properties such as AS-PATH, next jumping and group attribute in the bgp routing information of learning;
With network shown in Figure 3 is example, and collector is learnt a BGP route and is kept in the routing table, and is as shown in table 1:
Network (network segment address) | NextHop (next jumping) | MED | LocPrf | PerfVal | AS-Path | Origin |
200.1.1.2/24 | 9.1.3.1 | 0 | 100 | 0 | AS200->AS100 | i |
Table 1
Step 103: collector carries out flow collection, promptly receives the net stream packet that the BR that links to each other with collector sends, and the net stream packet that collects comprises information such as seven tuples (source IP address, purpose IP address and port numbers etc.) and BGP routing property;
Step 104: analyzer is searched in above-mentioned routing table according to current flow analysis demand, matches and the corresponding BGP route of present flow rate, comprises the BGP routing property in the described BGP route;
Step 105: the net stream packet feature of determining the present flow rate correspondence according to the BGP routing property;
Step 106: compare with net stream packet feature that obtains and the net stream packet that collects, if comprise described net stream packet feature in the net stream packet, then calculate this net stream packet and carry out traffic statistics, promptly statistics meets the net stream packet of present flow rate analyze demands, for example, on the basis of the net stream packet number that present flow rate is added up, add 1, the net stream packet that collects is added up into, carry out traffic statistics thereby finish by the BGP route.
The BGP route that analyzer matches can be one or more, with the net stream packet feature of the one or more routing properties in every BGP route as this BGP route correspondence, as with the foundation of net stream packet comparison; When matching many BGP routes, correspondingly, can generate a plurality of net stream packet features, then common as with the foundation of net stream packet comparison, analyzer as long as comprise one of them net stream packet feature in the net stream packet that collects, just carries out traffic statistics when comparison net stream packet; If all net stream packet features all not in the net stream packet that collects, show that this net stream packet does not meet the present flow rate analyze demands, then do not carry out traffic statistics.
For example, referring to Fig. 3, suppose the current flow that needs statistics AS200 to AS100, because collector has been learnt bgp routing information in advance, and preserved a BGP route shown in the table 1, therefore collector can be known from this route, goes to the flow of AS100 from AS200 and need jump 9.1.3.1 by next, could arrive destination network segment address 200.1.1.2/24; After collector collects the net stream packet, at first according to AS-Path information A S200-〉AS100, the search routing table, after matching the BGP route shown in the table 1, determine the net stream packet feature of present flow rate correspondence according to the BGP routing property in this BGP route, be purpose IP address 200.1.1.2/24 promptly, and next jumping combines as net stream packet feature for 9.1.3.1, then this net stream packet feature and the net stream packet that collects are compared, if comprise identical information in the net stream packet, promptly the purpose IP address in the net stream packet also is 200.1.1.2/24, and next jumping also is 9.1.3.1, then this net stream packet is counted on AS200 in the flow of AS100; Otherwise, think that this net stream packet is not the flow message of AS200 to AS100, does not add up.
The mode of collector by Routing Protocol study BGP route can read BGP routing file or BGP MIB (Management Information Base on the BR by collector in the said process, management information bank) mode of file is replaced, consider that BGP routing file or BGP mib file on the BR may bring in constant renewal in, further, can also increase regularly synchronous step: timer is set makes collector read BGP routing file or the time of BGP mib file and the time synchronized that these files upgrade on the BR, thereby guarantee that the file content that reads all is up-to-date.
Referring to Fig. 4, the embodiment of the invention also provides the device of a kind of flow collection and analysis, specifically comprises:
(1) study module is used to learn bgp routing information;
(2) acquisition module is used to gather the net stream packet;
(3) analysis module, be used for finding and the corresponding BGP route of present flow rate at the bgp routing information that study module is learnt, and this BGP route and the net stream packet that collects compared, if the net stream packet comprises the information in this BGP route, then calculate this net stream packet.
Above-mentioned study module specifically comprises:
1) dispensing unit is used for enabling simultaneously the BGP Routing Protocol on described device and border router;
2) unit is used for learning bgp routing information alternately by the BGP Routing Protocol.
Above-mentioned study module can also be learnt bgp routing information by the BGP routing file or the BGP mib file that read border router.
Above-mentioned analysis module specifically comprises:
1) searches the unit, be used for finding and the corresponding BGP route of present flow rate at the bgp routing information that study module is learnt;
2) processing unit, be used for according to the BGP routing property of searching the BGP route that finds the unit, determine the net stream packet feature of present flow rate correspondence, the net stream packet that net stream packet feature and acquisition module collect is compared, if the net stream packet comprises net stream packet feature, then calculate this net stream packet.
Analyzer in the embodiment of the invention can be distributed on the different servers physically with collector, also can be distributed on the station server.
The embodiment of the invention can utilize software to realize, as utilizes Programming with Pascal Language such as C, C++ or JAVA to realize, corresponding software can be stored in the storage medium that can read, in hard disk, internal memory or the CD as server.
The embodiment of the invention has been simplified upper layer software (applications) and has been gathered the Analysis of Complex of flow by routed path, can count the traffic characteristic (as every on AS-PATH flow) based on the BGP route easily, thereby can carry out effectively and traffic monitoring timely; Can also develop application such as virus attack monitoring or off-line simulation state of network traffic on this basis.
Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacement all should be included in protection scope of the present invention.
Claims (9)
1. the method for flow collection and analysis is characterized in that described method comprises:
The study bgp routing information is gathered the net stream packet; In described bgp routing information, find and the corresponding BGP route of present flow rate, and described BGP route and the net stream packet that collects are compared,, then calculate described net stream packet if described net stream packet comprises the information in the described BGP route.
2. the method for flow collection according to claim 1 and analysis is characterized in that, the step of described study bgp routing information specifically comprises:
Enable the BGP Routing Protocol on collector and border router simultaneously, described collector is learnt bgp routing information alternately by the BGP Routing Protocol.
3. the method for flow collection according to claim 1 and analysis is characterized in that, described method is learnt bgp routing information by the BGP routing file or the BGP management information library file that read border router.
4. the method for flow collection according to claim 1 and analysis is characterized in that, described comparison and the step of calculating described net stream packet specifically comprise:
Determine the net stream packet feature of described present flow rate correspondence according to the BGP routing property in the described BGP route, described net stream packet feature and the net stream packet that collects are compared, if described net stream packet comprises described net stream packet feature, then calculate described net stream packet.
5. the method for flow collection according to claim 4 and analysis is characterized in that, determines that according to the BGP routing property in the described BGP route step of the net stream packet feature of described present flow rate correspondence is specially:
With one or more routing property in the described BGP route as message characteristic.
6. the device of flow collection and analysis is characterized in that described device comprises:
Study module is used to learn bgp routing information;
Acquisition module is used to gather the net stream packet;
Analysis module, be used for finding and the corresponding BGP route of present flow rate at the bgp routing information that described study module is learnt, and the net stream packet that described BGP route and described acquisition module collect compared, if described net stream packet comprises the information in the described BGP route, then calculate described net stream packet.
7. the device of flow collection according to claim 6 and analysis is characterized in that, described study module comprises:
Dispensing unit is used for enabling simultaneously the BGP Routing Protocol on described device and border router;
Unit is used for learning bgp routing information alternately by the BGP Routing Protocol.
8. the device of flow collection according to claim 6 and analysis is characterized in that, described study module is learnt bgp routing information by the BGP routing file or the BGP management information library file that read border router.
9. the device of flow collection according to claim 6 and analysis is characterized in that, described analysis module specifically comprises:
Search the unit, be used for finding and the corresponding BGP route of described present flow rate at the bgp routing information that described study module is learnt;
Processing unit, be used for the BGP routing property of searching the BGP route that finds the unit according to described, determine the net stream packet feature of described present flow rate correspondence, the net stream packet that described net stream packet feature and described acquisition module collect is compared, if described net stream packet comprises described net stream packet feature, then calculate described net stream packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710087459A CN100583830C (en) | 2007-03-19 | 2007-03-19 | Method and apparatus for gathering and analyzing flux |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710087459A CN100583830C (en) | 2007-03-19 | 2007-03-19 | Method and apparatus for gathering and analyzing flux |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101043453A true CN101043453A (en) | 2007-09-26 |
CN100583830C CN100583830C (en) | 2010-01-20 |
Family
ID=38808661
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200710087459A Active CN100583830C (en) | 2007-03-19 | 2007-03-19 | Method and apparatus for gathering and analyzing flux |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100583830C (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101197784B (en) * | 2007-12-28 | 2010-12-08 | 华为技术有限公司 | Method, device and system for providing net stream BGP attribute |
CN101605069B (en) * | 2009-06-30 | 2011-06-08 | 杭州华三通信技术有限公司 | Method and device for acquiring stream information |
US8432822B2 (en) | 2007-11-12 | 2013-04-30 | Huawei Technologies Co., Ltd. | Method, system and device of packet sampling |
WO2017167029A1 (en) * | 2016-03-29 | 2017-10-05 | 华为技术有限公司 | Control method, device and system for traffic counting |
CN109088769A (en) * | 2018-08-18 | 2018-12-25 | 国网山西省电力公司信息通信分公司 | A kind of device diagnosing MPLS-VPN data message |
CN111211979A (en) * | 2018-11-22 | 2020-05-29 | 中国移动通信集团河北有限公司 | Traffic management method, device, equipment and medium |
CN113660146A (en) * | 2021-10-20 | 2021-11-16 | 成都数默科技有限公司 | Network boundary traffic acquisition method, device and storage medium |
CN113746654A (en) * | 2020-05-29 | 2021-12-03 | 中国移动通信集团河北有限公司 | IPv6 address management and flow analysis method and device |
-
2007
- 2007-03-19 CN CN200710087459A patent/CN100583830C/en active Active
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8432822B2 (en) | 2007-11-12 | 2013-04-30 | Huawei Technologies Co., Ltd. | Method, system and device of packet sampling |
CN101197784B (en) * | 2007-12-28 | 2010-12-08 | 华为技术有限公司 | Method, device and system for providing net stream BGP attribute |
CN101605069B (en) * | 2009-06-30 | 2011-06-08 | 杭州华三通信技术有限公司 | Method and device for acquiring stream information |
US11381480B2 (en) | 2016-03-29 | 2022-07-05 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
WO2017167029A1 (en) * | 2016-03-29 | 2017-10-05 | 华为技术有限公司 | Control method, device and system for traffic counting |
CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
US11716262B2 (en) | 2016-03-29 | 2023-08-01 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
CN109088769A (en) * | 2018-08-18 | 2018-12-25 | 国网山西省电力公司信息通信分公司 | A kind of device diagnosing MPLS-VPN data message |
CN109088769B (en) * | 2018-08-18 | 2021-05-07 | 国网山西省电力公司信息通信分公司 | Device for diagnosing MPLS-VPN data message |
CN111211979A (en) * | 2018-11-22 | 2020-05-29 | 中国移动通信集团河北有限公司 | Traffic management method, device, equipment and medium |
CN111211979B (en) * | 2018-11-22 | 2022-04-01 | 中国移动通信集团河北有限公司 | Traffic management method, device, equipment and medium |
CN113746654A (en) * | 2020-05-29 | 2021-12-03 | 中国移动通信集团河北有限公司 | IPv6 address management and flow analysis method and device |
CN113746654B (en) * | 2020-05-29 | 2024-01-12 | 中国移动通信集团河北有限公司 | IPv6 address management and flow analysis method and device |
CN113660146A (en) * | 2021-10-20 | 2021-11-16 | 成都数默科技有限公司 | Network boundary traffic acquisition method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN100583830C (en) | 2010-01-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100583830C (en) | Method and apparatus for gathering and analyzing flux | |
US7894434B2 (en) | Method, apparatus, and system for capturing traffic statistics between two sites of MPLS based VPN | |
US9185014B2 (en) | Real-time adaptive processing of network data packets for analysis | |
EP2745468B1 (en) | Network-wide flow monitoring in split architecture networks | |
US7843827B2 (en) | Method and device for configuring a network device | |
US9485155B2 (en) | Traffic analysis of data flows | |
US7729240B1 (en) | Method and system for identifying duplicate packets in flow-based network monitoring system | |
CN1875585A (en) | Dynamic unknown L2 flooding control with MAC limits | |
CN1652519A (en) | Communication measuring system and its communication analyzing method | |
CN1677940A (en) | High-speed traffic measurement and analysis methodologies and protocols | |
US20140119379A1 (en) | Forwarding table optimization with flow data | |
US7420929B1 (en) | Adaptive network flow analysis | |
CN1905512A (en) | Monitoring and analyzing system for opening shortest path priority route protocol and working method | |
CN113746654B (en) | IPv6 address management and flow analysis method and device | |
CN110855493B (en) | Application topological graph drawing device for mixed environment | |
CN1893393A (en) | Method for realizing retransmission business of data communication equipment | |
US7478156B1 (en) | Network traffic monitoring and reporting using heap-ordered packet flow representation | |
CN1633111A (en) | High-speed network traffic flow classification method | |
CN101521630B (en) | Analysis method and equipment of network flow | |
CN1677982A (en) | Individually programmable most significant bits of virtual LAN ID | |
EP1906590A2 (en) | System and method for network analysis | |
CN1152516C (en) | Method for finding out IP network node | |
KR20130022506A (en) | Distribution system for analysing massive traffic in real time and method thereof | |
CN101043392A (en) | Apparatus and base station equipment for transmitting IP packet in WiMAX network | |
Bühler et al. | Enhancing global network monitoring with magnifier |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |