CN101068248A - Long-distance mirror image method, image source equipment and image destination equipment - Google Patents
Long-distance mirror image method, image source equipment and image destination equipment Download PDFInfo
- Publication number
- CN101068248A CN101068248A CNA2007101002911A CN200710100291A CN101068248A CN 101068248 A CN101068248 A CN 101068248A CN A2007101002911 A CNA2007101002911 A CN A2007101002911A CN 200710100291 A CN200710100291 A CN 200710100291A CN 101068248 A CN101068248 A CN 101068248A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- address
- flow
- new
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A remote mirror imaging method includes copying flow rate monitored by port of mirror image source device, packaging new Ethernet frame head at external of copied-monitored flow rate Ethernet data frame to form mirror image data frame, retransmitting mirror image flow rate formed by said mirror image data frame to mirror image destination device according to new destination MAC address and restoring monitored flow rate by removing off new Ethernet frame head in said mirror image flow rate.
Description
Technical field
The present invention relates to mirror image technology, especially a kind of Remote Switched Port Analyzer method, image source equipment and mirror image destination device.
Background technology
In recent years, along with the metropolitan area network userbase constantly enlarges, the flow of metropolitan area network also constantly increased, and was at aspects such as controlled, traffic differentiation, service quality, network security, new business tenability, extensibilities, more and more higher to the requirement of metropolitan area network.The Remote Switched Port Analyzer technology can be monitored whole net flow, with intruding detection system (Intrusion Detection System, hereinafter to be referred as: IDS) technology combination, can also carry out customer flow filters, subscriber's main station is carried out attack protection and anti-virus, can also provide different service quality (quality of service to different business, hereinafter to be referred as: QOS), and, the most Support Port Mirroring function of exchange chip in the existing switch, for this reason, the Remote Switched Port Analyzer technology has become the conventional means of present monitor network flow process.
Mirror image technology is exactly monitored flow to be duplicated and with the flow that duplicates, also promptly: the mirror image flow, be forwarded to the technology of watch-dog, and watch-dog wherein is for being equipped with traffic monitoring software, with server or the work station that the mirror image flow is monitored.The Remote Switched Port Analyzer technology is used VLAN (Virtual LocalArea Network, hereinafter to be referred as: VLAN) technology, with monitored port (Port, hereinafter to be referred as: P), that is: monitored flow flows into or the image source equipment at the port place of flowing out, all intermediate equipments that constitute mirror image flow path between mirror image destination device that is connected with watch-dog and two equipment are formed a VLAN, this VLAN is called mirror image VLAN, image source equipment is to the mirror image VLAN label (Tag) of a 802.1Q agreement regulation of encapsulation on the original monitored stream packet basis, mirror image flow after the encapsulation is forwarded to the mirror image destination device in mirror image VLAN, after the mirror image destination device receives the mirror image flow that carries mirror image VLAN Tag, peel off the mirror image VLAN Tag that wherein carries, it is reduced to original monitored flow sends to watch-dog and monitor.
As shown in Figure 1, structural representation for existing Remote Switched Port Analyzer technology mirror image VLAN, this mirror image VLAN comprises image source equipment, first intermediate equipment and second intermediate equipment, mirror image destination device and watch-dog, wherein, first main frame and second main frame insert image source equipment by input PA and PA ' respectively, and the flow that this mirror image VLAN imports PA and PA ' by monitoring image source equipment respectively can be monitored first main frame that is connected to image source equipment input port and the flow on second main frame.Image source equipment is provided with output PB and PB ', first intermediate equipment is provided with input PC and PC ', output PD and PD ', second intermediate equipment is provided with input PE and output PF, the mirror image destination device is provided with input PG and PG ', output PH, the mirror path of first main frame and second main frame can be PA-PB-PC-PD-PG-PH, perhaps PA-PB-PC-PD '-PG '-PH, perhaps PA-PB '-PE-PF-PC-PD-PG-PH, perhaps PA-PB '-PE-PF-PC '-PD '-PG-PH, can by above-mentioned any mirror path with the traffic mirroring on the PA to watch-dog.Equally, can pass through PA '-PB-PC-PD-PG-PH, perhaps PA '-PB-PC-PD '-PG '-PH, perhaps PA '-PB '-PE-PF-PC-PD-PG-PH, perhaps PA '-PB '-PE-PF-PC '-PD '-PG-PH mirror path with the traffic mirroring on the PA ' to watch-dog.
With mirror path PB-PC-PD-PG shown in Figure 1 is example, there is following technical problem in existing Remote Switched Port Analyzer technology: monitor the flow that sends and receive on first main frame and second main frame if desired simultaneously, then the medium access of first main frame and second main frame is controlled (Media Access Controller, hereinafter to be referred as: MAC) address can be learnt on the PG of the PC of first intermediate equipment and mirror image destination device, but, because may cause the circulation of flow when the outlet of flow target MAC (Media Access Control) address indication enters the mouth for this flow transmits, exchange chip in first intermediate equipment and the mirror image destination device usually all can active port test function, that is: abandon target MAC (Media Access Control) address study that port receives message at this port, this will make the flow of visit first main frame and second main frame, comprise the flow that two main frames are exchanged visits, can't the mirror image success.
At present, available technology adopting following two kinds of methods avoid the problems referred to above of existing in the existing Remote Switched Port Analyzer technology:
First method is the mac learning function of closing all devices among the mirror image VLAN, comprises image source equipment, intermediate equipment and mirror image destination device.But, need carry out manual configuration at the relevant all devices of mirror image when closing the mac learning function, this has just improved the cost of network management and maintenance; Need mirroring device all among the mirror image VLAN all to support to close the characteristic of mac learning function, and existing switching equipment major part as intermediate equipment is not supported this characteristic based on mirror image VLAN.
Second method is that the employing reorientation method is avoided the exchange chip forwarding logic in the intermediate equipment, configuration is redirected strategy on first intermediate equipment, no longer, directly ethernet data frame " is drawn " to exporting PD by input PC according to the inquiry of the target MAC (Media Access Control) address in the frame head of the ethernet data frame of mirror image flow two-layer retransmitting table.But there are the following problems at least for this method: can only be on intermediate equipment the static configuration forwarding strategy, configuration mode is dumb; Must dispose forwarding strategy respectively on all intermediate equipments in VLAN, network management and maintenance workload are big; Owing to define the one-to-one relationship of input port and output port on intermediate equipment, this has determined mirror path with regard to unique, like this, when this mirror path link occurs fault, can't use backup link, has reduced the reliability of image feature.
Summary of the invention
Embodiment of the invention technical problem to be solved is: be not related to the mac learning function of picture equipment and not being redirected under the situation of strategy in configuration on the intermediate equipment of covering the lens, realizing the successful mirror image of monitored flow that monitored flow target MAC (Media Access Control) address indication outlet is entered the mouth for this flow.
According to an aspect of the present invention, a kind of Remote Switched Port Analyzer method that provides may further comprise the steps:
Monitored flow to the image source device port duplicates, and becoming the mirror image data frame at the new ethernet frame capitiform of monitored flow ethernet data frame outer package that duplicates, described new Ethernet frame head comprises mirror image VLAN Tag, new source MAC and new target MAC (Media Access Control) address; Transmit the mirror image flow that constitutes by described mirror image data frame to the mirror image destination device according to described new target MAC (Media Access Control) address; Peel off the described new Ethernet frame head in the described new mirror image flow, reduce described monitored flow.
According to another aspect of the present invention, a kind of image source equipment that provides comprises:
The first input end mouth is used to receive monitored flow;
The mirror image module is connected with described first input end mouth, is used for described monitored flow is duplicated;
Package module, be connected with described mirror image module, be used for becoming the mirror image data frame at the new ethernet frame capitiform of described monitored flow ethernet data frame outer package that duplicates, described new Ethernet frame head comprises mirror image VLAN Tag, new source MAC and new target MAC (Media Access Control) address;
First forwarding module is connected with described package module, is used for according to described new target MAC (Media Access Control) address, will be transmitted to corresponding output port by the mirror image flow that described mirror image data frame constitutes;
First output port is connected with described first forwarding module, is used to send described mirror image flow.
According to a further aspect of the invention, a kind of mirror image destination device that provides comprises:
Second input port is used to receive the mirror image data frame that skin is packaged with new Ethernet frame head;
Second forwarding module is connected with described second input port, is used for the new target MAC (Media Access Control) address according to new Ethernet frame head, will be transmitted toward corresponding output port by the mirror image flow that described mirror image data frame constitutes;
Strip module is connected with described second forwarding module, is used for peeling off the described new Ethernet frame head of described mirror image data frame, reduces monitored flow;
Second output port is connected with described strip module, is used to send described monitored flow.
Embodiments of the invention are at the new Ethernet frame head of original monitored flow ethernet data frame outer package of the monitored port of image source device replication, transmit monitored flow according to the new target MAC (Media Access Control) address that carries in the new Ethernet frame head, and shield MAC Address in the original monitored flow ethernet data frame frame head, in the mirror image destination device, peel off new Ethernet frame head again and reduce monitored flow, thereby realize the successful mirror image of monitored flow that monitored flow target MAC (Media Access Control) address indication outlet is entered the mouth for this flow.Compare with above-mentioned two kinds of methods of available technology adopting, the embodiment of the invention need not to close based on mirror image VLAN the mac learning function of mirroring device, need not increases any configuration to middle equipment, also need not to be redirected strategy in the intermediate equipment configuration, realize simple, and can save and improve the required cost of intermediate equipment, reduce the workload of network management and maintenance; And can in mirror image VLAN, adopt backup link, effectively improve the reliability of image feature.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is the structural representation of existing Remote Switched Port Analyzer technology mirror image VLAN.
Fig. 2 is the structural representation of image source apparatus embodiments of the present invention.
Fig. 3 is the structural representation of mirror image destination device embodiment of the present invention.
Fig. 4 is the structural representation of the Remote Switched Port Analyzer system embodiment that is made of image source equipment of the present invention and mirror image destination device.
Fig. 5 is the structural representation of another embodiment of Remote Switched Port Analyzer system of being made of image source equipment of the present invention and mirror image destination device.
Fig. 6 is the flow chart of Remote Switched Port Analyzer method embodiment of the present invention.
Embodiment
Embodiments of the invention become the mirror image data frame by image source equipment at the new ethernet frame capitiform of monitored flow ethernet data frame outer package that duplicates, transmit the mirror image data frame according to the new target MAC (Media Access Control) address in the new Ethernet frame head, and shield MAC Address in the original monitored flow ethernet data frame frame head, in the mirror image destination device, peel off new Ethernet frame head again and reduce monitored flow, thereby realize simpler, more effective, more economical and more reliable Remote Switched Port Analyzer function.
As shown in Figure 2, be the structural representation of image source apparatus embodiments of the present invention, the image source equipment of this embodiment comprises first input end mouth 11, mirror image module 12, package module 13, first forwarding module 14 and first output port 15 that connects successively.Wherein, first input end mouth 11 can have a plurality of, is respectively applied for to receive the flow that flows into or flow out on these first input end mouth 11 main frames that connected, flow to be monitored; Mirror image module 12 is used for the monitored flow that flows through on the first input end mouth 11 is duplicated; Package module 13 is used for becoming new mirror image flow at the new ethernet frame capitiform of monitored flow ethernet data frame outer package that duplicates, this new Ethernet frame head comprises mirror image VLAN Tag, new image source MAC Address and new mirror image target MAC (Media Access Control) address, according to the agreement regulation of ethernet data frame encapsulation, new image source MAC Address is different with new mirror image target MAC (Media Access Control) address; In addition, can also further will look for novelty image source MAC Address and new mirror image target MAC (Media Access Control) address all is different from source MAC and target MAC (Media Access Control) address in the monitored flow ethernet data frame frame head.Wherein, new image source MAC Address can be the bridge MAC Address, that is: the MAC Address of this image source equipment, and new mirror image target MAC (Media Access Control) address can be broadcasting MAC Address FFFF-FFFF-FFFF, also can be the MAC Address of watch-dog that the mirror image flow is monitored; First forwarding module 14 is used for according to new target MAC (Media Access Control) address, inquiry is used for transmitting and the new corresponding output port of target MAC (Media Access Control) address of corresponding relation between storaging mark MAC Address and the output port, to be transmitted to corresponding output port by the mirror image flow that the mirror image data frame constitutes, the output port here be first transfer the outlet 15; First output port 15 is used to send the mirror image flow that receives, and this mirror image flow is sent to the intermediate equipment of connection or the input port of mirror image destination device, this first transfer the outlet 15 also can have a plurality of.The situation that a first input end mouth 11 and first output port 15 are only arranged has been shown among the embodiment shown in Figure 2, if a plurality of first input end mouths 11 and first output port 15 are arranged, each first input end mouth 11 is identical with the annexation of mirror image module 12, and each first output port 15 is also identical with the annexation of first forwarding module 14.
In the above-mentioned image source equipment shown in Figure 2, can also comprise first memory module 16, second memory module 17 and the 3rd memory module 18 that are connected with package module 13 respectively.Wherein, first memory module 16 is used for memory image VLAN Tag; Second memory module 17 is used to store new source MAC, and this new source MAC can be the bridge MAC Address, that is: the MAC Address of image source equipment 1; The 3rd memory module 18 is used to store new target MAC (Media Access Control) address, and this new target MAC (Media Access Control) address can be broadcasting MAC Address FFFF-FFFF-FFFF, can also be the MAC Address of watch-dog.Package module 13 is selected mirror image VLANTag, new source MAC and new target MAC (Media Access Control) address respectively from first memory module 16, second memory module 17 and the 3rd memory module 18, generate new Ethernet frame head thus and be encapsulated in outside the original monitored flow that duplicates.
In addition, in the image source equipment shown in Figure 2, can further include the 4th memory module 19, be connected, be used for transmitting of corresponding relation between storaging mark MAC Address and the output port with first forwarding module 14.When new mirror image target MAC (Media Access Control) address is the MAC Address of watch-dog, during transmitting, 14 inquiries of first forwarding module, and the mirror image flow is transmitted to corresponding first output port 15 with the new corresponding output port of target MAC (Media Access Control) address.
As shown in Figure 3, be the structural representation of mirror image destination device embodiment of the present invention, the mirror image destination device of this embodiment comprises second input port 21, second forwarding module 22, strip module 23 and second output port 24 that connects successively.Wherein, second input port 21 can be connected with the output port of image source equipment or intermediate equipment for a plurality of, is used to receive the mirror image flow that is made of the mirror image data frame that is packaged with new Ethernet frame head; Second transmits port 22 is used for according to the new target MAC (Media Access Control) address of new Ethernet frame head and the corresponding relation between the output port, and the mirror image flow is transmitted toward corresponding output port, and the output port here is second output port 24; Strip module 23 is used for sending at the mirror image flow way of second output port 24, peel off the new Ethernet frame head in the mirror image data frame, the monitored flow of reduction copying, because the monitored flow that duplicates is identical with former monitored flow, herein, the monitored flow that duplicates also can be described as monitored flow; Second output port 24 is used for monitored flow is sent to watch-dog.The situation that one second input port 21 and second input port 21 are only arranged has been shown among the embodiment shown in Figure 2, if a plurality of second input ports 21 and second input port 21 are arranged, each second input port 21 is identical with the annexation of second forwarding module 22, and each second input port 21 is also identical with the annexation of strip module 23.
Referring to Fig. 3, the mirror image destination device of the embodiment of the invention also may further include the 4th memory module 19 again, is connected with second forwarding module 22, is used for transmitting of corresponding relation between storaging mark MAC Address and the output port.During the inquiry of second forwarding module 22 is transmitted with the new corresponding output port of target MAC (Media Access Control) address, and with past corresponding second output port 24 of mirror image flow forwarding, send to second output port 24 again after peeling off wherein new Ethernet frame head by strip module 23, finally this mirror image data is sent to watch-dog by second output port 24.
As shown in Figure 4, be the structural representation of Remote Switched Port Analyzer system embodiment of the present invention, the Remote Switched Port Analyzer system of this embodiment comprises image source equipment 1 and mirror image destination device 2.Wherein, image source equipment 1 can be the image source equipment of arbitrary embodiment shown in Figure 2, mirror image destination device 2 can be the mirror image destination device of arbitrary embodiment shown in Figure 3, the first input end mouth 11 of image source equipment 1 is connected with the main frame of flow to be monitored, receive on this main frame the flow that flows into or flow out, first output port 15 of image source equipment 1 is connected with second input port 21 on the mirror image destination device 2.The monitored flow that flows through on 1 pair of first input end mouth 11 of image source equipment duplicates, and behind the new Ethernet frame head of monitored flow outer package that duplicates the mirror image data frame, according to the new target MAC (Media Access Control) address in the new Ethernet frame head this mirror image data frame is sent to this mirror image destination device 2 via second input port 21 on the mirror image destination device 2, corresponding second output port 24 during mirror image destination device 2 is transmitted according to new target MAC (Media Access Control) address inquiry, and peel off the new Ethernet frame head of mirror image data frame outer package, obtain monitored flow, then this monitored flow is sent to and the new second corresponding output port 24 of target MAC (Media Access Control) address, should send to watch-dog by monitored flow by second output port 24.
Owing to transmit the mirror image data frame according to the new target MAC (Media Access Control) address in the new Ethernet frame head of monitored flow outer package, and shield MAC Address in the original monitored flow ethernet data frame, thereby in same mirror image VLAN, can be to the successful mirror image of monitored flow destination address indication outlet for the monitored flow of this flow inlet, and need not to close the mac learning function of mirroring device, realize simple, can reduce the workload of network management and maintenance, and can in mirror image VLAN, adopt backup link, thereby effectively improve the reliability of image feature.
Remote Switched Port Analyzer system embodiment illustrated in fig. 4 can also comprise the watch-dog 4 that the monitored flow on the first input end mouth 11 of image source equipment 1 is monitored, the mirror image flow is mirrored onto on the watch-dog 4 by mirror path 11-15-21-24, is monitored by 4 pairs of monitored flows of watch-dog.
In the Remote Switched Port Analyzer of the present invention system, can between image source equipment 1 and mirror image destination device 2, a plurality of intermediate equipments be set according to the actual requirements, transmit new mirror image flow is carried out two layers of exchange.As shown in Figure 5, for the embodiment of an intermediate equipment 3 is set between image source equipment 1 and mirror image destination device 2, have the 3rd input port 31 and the 3rd output port 32 on this intermediate equipment 3, the 3rd input port 31 can be for a plurality of, one of them with first output port 15 in one be connected, the 3rd output port 32 also can be for a plurality of, and one of them is connected with one second input port 21.Among this embodiment, the mirror path of mirror image flow is 11-15-31-32-21-24.
Owing to transmit the mirror image data frame according to the new target MAC (Media Access Control) address in the new Ethernet frame head of monitored flow outer package, and shield MAC Address in the original monitored flow ethernet data frame, thereby in same mirror image VLAN, can be to the successful mirror image of monitored flow destination address indication outlet for the monitored flow of this flow inlet, and need not the redirected strategy of configuration on intermediate equipment, realize simple, and can save and improve the required cost of intermediate equipment, can also in mirror image VLAN, adopt backup link, thereby effectively improve the reliability of image feature.As shown in Figure 5, structural representation for Remote Switched Port Analyzer another embodiment of system of the present invention, this embodiment provides backup image link 11-15-41-42-31-32-21-24 by increase by second intermediate equipment 5 in mirror-image system, 51 and 52 input port and output ports that are respectively second intermediate equipment 5 wherein, when the couple very much in love between 15 and 31 break down like this, can adopt the backup link between 15 and 51 to transmit the mirror image flow.In addition, also can between intermediate equipment and mirror image destination device, backup link be set.
As shown in Figure 6, be the flow chart of Remote Switched Port Analyzer method embodiment of the present invention, it can be realized based on Remote Switched Port Analyzer system embodiment illustrated in fig. 5, specifically may further comprise the steps:
Particularly, if new target MAC (Media Access Control) address is broadcasting MAC Address FFFF-FFFF-FFFF, then first forwarding module 14 is broadcast to the first all output ports 15 with the mirror image flow; If the MAC Address that this new target MAC (Media Access Control) address is a watch-dog 4, the transmitting of corresponding relation between the sign MAC Address of first forwarding module 14 inquiry the 4th memory module, 19 storages and the output port then, obtain the concrete port numbers of first output port 15 corresponding, and the mirror image flow is transmitted to corresponding first output port 15 with new target MAC (Media Access Control) address.
Particularly, can adopt the forwarding strategy identical,, the mirror image flow is transmitted to corresponding the 3rd output port 32 according to the situation of new target MAC (Media Access Control) address for the MAC Address of broadcasting MAC Address FFFF-FFFF-FFFF or watch-dog 4 with first forwarding module 14.
Particularly, can adopt the forwarding strategy identical,, select to send second output port 24 that mirror is counted flow according to the situation of new target MAC (Media Access Control) address for the MAC Address of broadcasting MAC Address FFFF-FFFF-FFFF or watch-dog 4 with first forwarding module 14.
In addition, after the step 608, can also comprise: step 609,4 pairs of monitored flows of watch-dog are monitored.
If employing Remote Switched Port Analyzer embodiment illustrated in fig. 4 comes the mirror image to monitored flow, then first output port 15 can directly send to the mirror image flow second input port 21 on the mirror image destination device 2.
The realization that the embodiment of the invention provides is in the mirror method of monitored flow target MAC (Media Access Control) address indication outlet for the monitored flow of this flow inlet, become the mirror image data frame by image source equipment at the new ethernet frame capitiform of monitored flow ethernet data frame outer package, transmit the mirror image data frame according to the new target MAC (Media Access Control) address that carries in the new Ethernet frame head afterwards, and shield MAC Address in the original monitored flow ethernet data frame frame head, in the mirror image destination device, peel off new Ethernet frame head again and reduce monitored flow, need not to close the mac learning function of mirroring device based on mirror image VLAN, need not increases any configuration to middle equipment, also need not to be redirected strategy in the intermediate equipment configuration, realize simple, and can save and improve the required cost of intermediate equipment, reduce the workload of network management and maintenance; And can in mirror image VLAN, adopt backup link, effectively improve the reliability of image feature.
It should be noted last that: above embodiment is only in order to illustrating technical scheme of the present invention, but not the present invention is made restrictive sense.Although the present invention is had been described in detail with reference to above-mentioned preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and this modification or be equal to the spirit and scope that replacement does not break away from technical solution of the present invention.
Claims (10)
1, a kind of Remote Switched Port Analyzer method is characterized in that, may further comprise the steps:
Monitored flow to the image source device port duplicates, and becoming the mirror image data frame at the new ethernet frame capitiform of monitored flow ethernet data frame outer package that duplicates, described new Ethernet frame head comprises mirror image VLAN Tag, new source MAC and new target MAC (Media Access Control) address; Transmit the mirror image flow that constitutes by described mirror image data frame to the mirror image destination device according to described new target MAC (Media Access Control) address; Peel off the described new Ethernet frame head in the described new mirror image flow, reduce described monitored flow.
2, Remote Switched Port Analyzer method according to claim 1 is characterized in that, described new target MAC (Media Access Control) address is the MAC Address of broadcasting MAC Address or watch-dog that described monitored flow is monitored.
3, Remote Switched Port Analyzer method according to claim 2, it is characterized in that, when described new target MAC (Media Access Control) address is the MAC Address of watch-dog, transmitting the mirror image flow that is made of described mirror image data frame according to described new target MAC (Media Access Control) address is specially: corresponding relation transmits between the sign MAC Address of the original storage of inquiry and the output port, obtain the forwarding port of described new target MAC (Media Access Control) address correspondence, and described mirror image flow is transmitted by described output port.
4, Remote Switched Port Analyzer method according to claim 2, it is characterized in that, when described new target MAC (Media Access Control) address is the broadcasting MAC Address, transmits the mirror image flow that constitutes by described mirror image data frame according to described new target MAC (Media Access Control) address and be specially: transmit described mirror image flow at each output port with broadcast mode.
5. Remote Switched Port Analyzer method according to claim 1 is characterized in that, described new source MAC is the bridge MAC Address.
6, a kind of image source equipment is characterized in that, comprising:
The first input end mouth is used to receive monitored flow;
The mirror image module is connected with described first input end mouth, is used for described monitored flow is duplicated;
Package module, be connected with described mirror image module, be used for becoming the mirror image data frame at the new ethernet frame capitiform of described monitored flow ethernet data frame outer package that duplicates, described new Ethernet frame head comprises mirror image VLAN Tag, new source MAC and new target MAC (Media Access Control) address;
First forwarding module is connected with described package module, is used for according to described new target MAC (Media Access Control) address, will be transmitted to corresponding output port by the mirror image flow that described mirror image data frame constitutes;
First output port is connected with described first forwarding module, is used to send described mirror image flow.
7, image source equipment according to claim 6 is characterized in that, also comprises:
First memory module is connected with described package module, is used for memory image VLAN Tag;
Second memory module is connected with described package module, is used to store new source MAC;
The 3rd memory module is connected with described package module, is used to store new target MAC (Media Access Control) address.
8, according to claim 6 or 7 described image source equipment, it is characterized in that, also comprise:
The 4th memory module is connected with described first forwarding module, is used for transmitting of corresponding relation between storaging mark MAC Address and the output port.
9, a kind of mirror image destination device is characterized in that, comprising:
Second input port is used to receive the mirror image data frame that skin is packaged with new Ethernet frame head;
Second forwarding module is connected with described second input port, is used for the new target MAC (Media Access Control) address according to new Ethernet frame head, will be transmitted toward corresponding output port by the mirror image flow that described mirror image data frame constitutes;
Strip module is connected with described second forwarding module, is used for peeling off the described new Ethernet frame head of described mirror image data frame, reduces monitored flow;
Second output port is connected with described strip module, is used to send described monitored flow.
10, mirror image destination device according to claim 9 is characterized in that, also comprises:
The 4th memory module is connected with described second forwarding module, is used for transmitting of corresponding relation between storaging mark MAC Address and the output port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101002911A CN101068248A (en) | 2007-06-07 | 2007-06-07 | Long-distance mirror image method, image source equipment and image destination equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101002911A CN101068248A (en) | 2007-06-07 | 2007-06-07 | Long-distance mirror image method, image source equipment and image destination equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101068248A true CN101068248A (en) | 2007-11-07 |
Family
ID=38880684
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101002911A Pending CN101068248A (en) | 2007-06-07 | 2007-06-07 | Long-distance mirror image method, image source equipment and image destination equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101068248A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010142088A1 (en) * | 2009-06-11 | 2010-12-16 | 中兴通讯股份有限公司 | Method and router for implementing mirroring |
| CN102377648A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Network system and remote mirroring realization method thereof |
| CN101795230B (en) * | 2010-02-23 | 2012-05-23 | 西安交通大学 | Network flow recovery method |
| CN101877671B (en) * | 2009-12-02 | 2012-06-27 | 北京星网锐捷网络技术有限公司 | Sending method of mirror image message, switch chip and Ethernet router |
| CN103152291A (en) * | 2013-02-21 | 2013-06-12 | 杭州华三通信技术有限公司 | TRILL (Transparent Interconnection of Lots of Links) network-based remote mirror image implementation method and equipment |
| CN103200110A (en) * | 2013-03-29 | 2013-07-10 | 北京东土科技股份有限公司 | Data multicasting method and device applied to intelligent substation local area network |
| CN104412252A (en) * | 2012-07-10 | 2015-03-11 | 阿沃森特亨茨维尔公司 | System and method for accessing remote disk images using a vmedia client and through a remote access appliance |
| CN104506343A (en) * | 2014-11-27 | 2015-04-08 | 汉柏科技有限公司 | Method and equipment for realizing ingress port mirroring |
| CN105939220A (en) * | 2016-04-18 | 2016-09-14 | 杭州迪普科技有限公司 | Remote port mirroring realization method and device |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| CN108092845A (en) * | 2017-11-06 | 2018-05-29 | 中国银联股份有限公司 | The differentiation and positioning of mirror image flow |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
| CN109039956A (en) * | 2018-08-09 | 2018-12-18 | 新华三云计算技术有限公司 | Port Mirroring method, apparatus, host and storage medium |
| CN110784375A (en) * | 2019-10-24 | 2020-02-11 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN113965477A (en) * | 2020-07-01 | 2022-01-21 | 慧与发展有限责任合伙企业 | System and method for monitoring ingress/egress packets at a network device |
| CN115104290A (en) * | 2020-03-16 | 2022-09-23 | 住友电气工业株式会社 | Switch device, vehicle-mounted communication system and communication method |
-
2007
- 2007-06-07 CN CNA2007101002911A patent/CN101068248A/en active Pending
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2493677C2 (en) * | 2009-06-11 | 2013-09-20 | ЗетТиИ Корпорейшн | Method and router for implementing mirroring |
| EP2442604A1 (en) * | 2009-06-11 | 2012-04-18 | ZTE Corporation | Method and router for implementing mirroring |
| US8432916B2 (en) | 2009-06-11 | 2013-04-30 | Zte Corporation | Method and router for implementing mirroring |
| EP2442604A4 (en) * | 2009-06-11 | 2013-06-05 | Zte Corp | Method and router for implementing mirroring |
| WO2010142088A1 (en) * | 2009-06-11 | 2010-12-16 | 中兴通讯股份有限公司 | Method and router for implementing mirroring |
| CN101877671B (en) * | 2009-12-02 | 2012-06-27 | 北京星网锐捷网络技术有限公司 | Sending method of mirror image message, switch chip and Ethernet router |
| CN101795230B (en) * | 2010-02-23 | 2012-05-23 | 西安交通大学 | Network flow recovery method |
| CN102377648A (en) * | 2010-08-12 | 2012-03-14 | 盛科网络(苏州)有限公司 | Network system and remote mirroring realization method thereof |
| CN104412252A (en) * | 2012-07-10 | 2015-03-11 | 阿沃森特亨茨维尔公司 | System and method for accessing remote disk images using a vmedia client and through a remote access appliance |
| CN103152291B (en) * | 2013-02-21 | 2016-03-02 | 杭州华三通信技术有限公司 | A kind of Remote Switched Port Analyzer implementation method based on TRILL network and equipment |
| CN103152291A (en) * | 2013-02-21 | 2013-06-12 | 杭州华三通信技术有限公司 | TRILL (Transparent Interconnection of Lots of Links) network-based remote mirror image implementation method and equipment |
| CN103200110B (en) * | 2013-03-29 | 2016-03-30 | 北京东土科技股份有限公司 | A kind of data multicast method and apparatus being applied to intelligent substation local area network |
| CN103200110A (en) * | 2013-03-29 | 2013-07-10 | 北京东土科技股份有限公司 | Data multicasting method and device applied to intelligent substation local area network |
| CN104506343A (en) * | 2014-11-27 | 2015-04-08 | 汉柏科技有限公司 | Method and equipment for realizing ingress port mirroring |
| CN105939220A (en) * | 2016-04-18 | 2016-09-14 | 杭州迪普科技有限公司 | Remote port mirroring realization method and device |
| CN106375384B (en) * | 2016-08-28 | 2019-06-18 | 北京瑞和云图科技有限公司 | The management system and control method of image network flow in a kind of virtual network environment |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| CN108092845A (en) * | 2017-11-06 | 2018-05-29 | 中国银联股份有限公司 | The differentiation and positioning of mirror image flow |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
| CN109039956A (en) * | 2018-08-09 | 2018-12-18 | 新华三云计算技术有限公司 | Port Mirroring method, apparatus, host and storage medium |
| CN109039956B (en) * | 2018-08-09 | 2021-05-07 | 新华三云计算技术有限公司 | Port mirroring method, device, host and storage medium |
| CN110784375A (en) * | 2019-10-24 | 2020-02-11 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
| CN110784375B (en) * | 2019-10-24 | 2021-10-12 | 新华三信息安全技术有限公司 | Network data monitoring method and device, electronic equipment and storage medium |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN115104290A (en) * | 2020-03-16 | 2022-09-23 | 住友电气工业株式会社 | Switch device, vehicle-mounted communication system and communication method |
| CN113965477A (en) * | 2020-07-01 | 2022-01-21 | 慧与发展有限责任合伙企业 | System and method for monitoring ingress/egress packets at a network device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101068248A (en) | Long-distance mirror image method, image source equipment and image destination equipment | |
| CN106375384B (en) | The management system and control method of image network flow in a kind of virtual network environment | |
| US8649379B2 (en) | Method and apparatus for configuring a link aggregation group on a stacked switch | |
| EP2086178B1 (en) | Link aggregation method and device, mac frame receiving/sending method and system | |
| US6219699B1 (en) | Multiple VLAN Architecture system | |
| US8134919B2 (en) | Method and device for protecting ethernet tree services | |
| US7940645B2 (en) | Protection switching method based on change in link status in ethernet link aggregation sublayer | |
| US20160373350A1 (en) | Load Distribution Architecture for Processing Tunnelled Internet Protocol Traffic | |
| US20080068985A1 (en) | Network redundancy method and middle switch apparatus | |
| CN101938377B (en) | link aggregation error protection method, equipment and system | |
| US20040003094A1 (en) | Method and apparatus for mirroring traffic over a network | |
| US8798061B2 (en) | Communication apparatus, communication method, and computer program | |
| EP2001172A2 (en) | Method, system and device of the ethernet technique exchanging and forwarding | |
| US20020146026A1 (en) | Data stream filtering apparatus & method | |
| CN1551572A (en) | Data mirroring in a service | |
| RU2388160C2 (en) | Ring network, communication device and on-line control method used for ring network and communication device | |
| US7924880B2 (en) | Method and system for establishing hierarchical network with provider backbone bridges | |
| JP5295273B2 (en) | Data stream filtering apparatus and method | |
| CN1411210A (en) | Method of acting address analytic protocol Ethernet Switch in application | |
| JP2008131615A (en) | Communication device for link aggregation, and program | |
| CN1946040A (en) | Protective method and device for multicast service | |
| CN111221664A (en) | Operation log processing system | |
| CN109672572B (en) | Data transmission method and device | |
| CN110233749B (en) | Fault processing method, system and device and storage medium | |
| JP4724763B2 (en) | Packet processing apparatus and interface unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20071107 |