CN102332994A - Network topology discovery method, device, system and network management server - Google Patents

Network topology discovery method, device, system and network management server Download PDF

Info

Publication number
CN102332994A
CN102332994A CN 201110288687 CN201110288687A CN102332994A CN 102332994 A CN102332994 A CN 102332994A CN 201110288687 CN201110288687 CN 201110288687 CN 201110288687 A CN201110288687 A CN 201110288687A CN 102332994 A CN102332994 A CN 102332994A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
ipsec
vpn
device
configuration information
information
Prior art date
Application number
CN 201110288687
Other languages
Chinese (zh)
Other versions
CN102332994B (en )
Inventor
林滨狮
Original Assignee
北京星网锐捷网络技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides a network topology discovery method, device, system and a network management server; the method comprises the steps that: slave network virtual private network (VPN) gateway equipment obtains IPSec-VPN configuration information, generates an IPSec-VPN equipment table and an IPSec tunnel configuration information table according to the IPSec-VPN configuration information; and generates an IPSec-VPN network topology according to the IPSec-VPN equipment table and the IPSec tunnel configuration information table. The network topology discovery device comprises an acquisition module and a topology generation module. The network management server comprises the network topology discovery device. The network topology discovery system comprises the VPN gateway equipment, VPN access equipment and the network management server. The invention solves the problem of the connection between links on both ends of an IPSec-VPN tunnel in the prior art, and realizes the network topology discovery of IPSec-VPN.

Description

网络拓扑发现方法、装置、系统和网络管理服务器 Network topology discovery methods, devices, systems and network management server

技术领域 FIELD

[0001] 本发明涉及通信技术,尤其涉及一种网络拓扑发现方法、装置、系统和网络管理服务器。 [0001] The present invention relates to communication technology, particularly to a method of network topology discovery, devices, systems and network management server.

背景技术 Background technique

[0002] 虚拟私网(Virtual Private Network ;以下简称:VPN)是利用公众IP/多协议标签交换(Multiple-Protocol Label Switching ;以下简称:MPL S)网建立专用数据传输通道(即VPN隧道),将远程的分支机构、移动搬动人员等连接起来,如图1所示为现有技术中VPN网的网络架构示意图。 [0002] Virtual private network (Virtual Private Network; hereinafter referred to: VPN) using the public IP / Multi Protocol Label Switching (Multiple-Protocol Label Switching; hereinafter: MPL S) network to establish a dedicated data transmission channel (i.e., VPN tunnel), the remote branch, connected mobile moving personnel, a schematic diagram of network architecture in the prior art VPN network shown in Figure 1. 因特网协议安全性(Internet Protocol Security;以下简称:IPSec)是一种开放标准的框架结构,特定的通信方之间在IP层通过加密和数据摘要(hash)等手段,来保证数据包在Internet网上传输时的私密性、完整性和真实性,如图2所示为现有技术中的IPSec框架结构的示意图。 Internet Protocol Security (Internet Protocol Security; hereinafter: IPSec) is an open-standard framework, specific communication between the IP layer (hash) by means of encryption and data summary, the data packets of Internet switch during the transmission of privacy, integrity and authenticity, IPSec schematic configuration of a frame 2 of the prior art shown in FIG. IPSec在传输过程中支持传输模式和隧道模式两种封装模式,传输模式是指不改变原有的IP包头,通常用于主机与主机之间;隧道模式是指增加新的IP包头,通常用于私网与私网之间通过公网进行通信。 Support during transmission IPSec transport mode and tunnel mode two encapsulation mode, the transmission mode is not changing the original IP header, usually used between the host and the host; tunnel mode is to add a new IP header, generally used between the private network and the private network communicate through the public network. 网络拓扑发现的主要目的是获取和维护网络节点的存在性信息和它们之间的连接关系信息,并在此基础上绘制整个网络拓扑图,后续通过拓扑结构信息来迅速定位网络故障,发现网络瓶颈,从而优化整个网络。 The main purpose is to obtain network topology discovery and maintenance of the connection between the network node presence information thereof and information, and map the entire network topology based on this, subsequent to quickly locate the fault by the network topology information, network bottlenecks found to optimize the entire network.

[0003] 现有技术中的网络拓扑发现方法包括基于生成树协议(Spanning Tree Protocol ;以下简称:STP)分析拓扑发现技术、基于介质访问控制(Media Access Control ;以下简称:MAC)地址转发表分析拓扑发现技术和基于地址解析协议(Address Resolution Protocol ;以下简称:ARP)表分析拓扑发现技术,采用这些方法可以发现支持上述各协议的设备的网络拓扑,但是无法发现基于IPSec-VPN隧道两端的链路。 Network Topology Discovery [0003] the prior art include those based on Spanning Tree Protocol (Spanning Tree Protocol; hereinafter referred to as: STP) topology discovery analysis techniques, based on the media access control (Media Access Control; hereinafter referred to as: MAC) address forwarding Analysis topology discovery technology based on ARP (address Resolution protocol; hereinafter referred to as: ARP) table analysis topology discovery techniques, these methods can be found in the network topology to support the above protocol device, but can not be found based chain IPSec-VPN tunnel ends road.

发明内容 SUMMARY

[0004] 本发明提供一种网络拓扑发现方法、装置、系统和网络管理服务器,解决现有技术中存在的IPSec-VPN隧道两端链路的连接问题,实现IPSec-VPN的网络拓扑发现。 [0004] The present invention provides a network topology discovery method, apparatus, system and network management server, to solve the problem of connecting ends of the link IPSec-VPN tunnel in the prior art to achieve IPSec-VPN network topology discovery.

[0005] 本发明提供一种网络拓扑发现方法,包括: [0005] The present invention provides a network topology discovery method, comprising:

[0006] 从虚拟私网VPN网关设备获取因特网协议安全性IPSec-VPN配置信息,根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表; [0006] acquired from the virtual private network VPN gateway-Internet Protocol Security IPSec VPN configuration information, the configuration information generation device table and IPSec VPN-IPSec tunnel configuration information table according to the IPSec-VPN;

[0007] 根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑。 [0007] The network topology configuration information table generated according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.

[0008] 本发明提供一种网络拓扑发现装置,包括: [0008] The present invention provides a network topology discovery device, comprising:

[0009] 获取模块,用于从虚拟私网VPN网关设备获取因特网协议安全性IPSec-VPN配置信息,根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表; [0009] obtaining module, configured to acquire Internet-Protocol Security IPSec VPN virtual private network configuration information from the VPN gateway, the configuration information generation device table and IPSec VPN-IPSec tunnel configuration information table according to the IPSec-VPN;

[0010] 拓扑生成模块,用于根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑。 [0010] topology generation module configured to generate network topology configuration information table according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.

4[0011] 本发明提供一种网络管理服务器,包括上述网络拓扑发现装置。 4 [0011] The present invention provides a network management server, comprising the above-described network topology discovery apparatus.

[0012] 本发明提供一种网络拓扑发现系统,包括虚拟私网VPN网关设备、VPN接入设备和上述网络管理服务器。 [0012] The present invention provides a network topology discovery system, comprising a virtual private network VPN gateway, VPN access device and said network management server.

[0013] 本发明的网络拓扑发现方法、装置、系统和网络管理服务器,通过从VPN网关设备获取IPSec-VPN配置信息,根据该IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表,并根据IPSec-VPN设备表和IPSec隧道配置信息表来生成IPSec-VPN的网络拓扑;本发明解决了现有技术中存在的IPSec-VPN隧道两端链路的连接问题,实现了IPSec-VPN的网络拓扑发现。 [0013] Network topology discovery methods, devices, systems and network management server according to the present invention, by obtaining IPSec-VPN configuration information, configure the IPSec-VPN configuration information generation IPSec-VPN device table and IPSec tunnel according to the information table from the VPN gateway and IPSec-VPN, and IPSec tunnel device table configuration information table to generate the network topology according to IPSec-VPN; present invention solves the problem of connecting ends of the link IPSec-VPN tunnel in the prior art, to achieve the IPSec-VPN network topology discovery.

附图说明 BRIEF DESCRIPTION

[0014] 为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。 [0014] In order to more clearly illustrate the technical solutions in the embodiments or the prior art embodiment of the present invention, the accompanying drawings for illustrating the prior art described or needed to be used in an embodiment will be briefly introduced hereinafter, the description below the figures show some embodiments of the present invention, those of ordinary skill in the art is concerned, without any creative effort, and can obtain other drawings based on these drawings.

[0015] 图1为现有技术中VPN网的网络架构示意图; [0015] FIG. 1 is a prior art schematic diagram of a network architecture VPN network;

[0016] 图2为现有技术中的IPSec框架结构的示意图; [0016] FIG. 2 is a schematic IPSec frame structure of the prior art;

[0017] 图3为本发明网络拓扑发现方法实施例一的流程图; [0017] FIG. 3 is a flow chart of a network topology discovery method of the present invention;

[0018] 图4为本发明网络拓扑发现方法实施例二的流程图; [0018] The flowchart of FIG. 4 network topology discovery method according to a second embodiment of the present invention;

[0019] 图5为本发明网络拓扑发现方法实施例二中IPSec-VPN的拓扑结构示意图; [0019] FIG 5 according to the second topology in schematic IPSec-VPN network topology discovery method of the present invention;

[0020] 图6为本发明网络拓扑发现方法实施例二中使用现有拓扑发现技术进行IPSec-VPN场景的拓扑发现的结果示意图; [0020] FIG. 6 according to the second embodiment of the method of network topology discovery using conventional topology discovery results showing the topology of the scene IPSec-VPN technology of the present invention found;

[0021] 图7为本发明网络拓扑发现方法实施例二中使用本发明拓扑发现技术进行IPSec-VPN场景的拓扑发现的结果示意图; [0021] FIG. 7 according to the second embodiment of the network topology using the Topology discovery method of the present invention results showing the topology discovery scene IPSec-VPN technology of the present invention found;

[0022] 图8为本发明网络拓扑发现装置实施例一的结构示意图; [0022] FIG. 8 network topology discovery schematic diagram of a structure of an apparatus embodiment of the present invention;

[0023] 图9为本发明网络拓扑发现装置实施例二的结构示意图。 [0023] Figure 9 a schematic structural diagram network topology discovery according to the second embodiment of the apparatus of the present invention.

具体实施方式 detailed description

[0024] 为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。 [0024] In order that the invention object, technical solutions, and advantages of the embodiments more clearly, the following the present invention in the accompanying drawings, technical solutions of embodiments of the present invention are clearly and completely described, obviously, the described the embodiment is an embodiment of the present invention is a part, but not all embodiments. 基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 Based on the embodiments of the present invention, those of ordinary skill in the art to make all other embodiments without creative work obtained by, it falls within the scope of the present invention.

[0025] 图3为本发明网络拓扑发现方法实施例一的流程图,如图1所示,本实施例提供了一种网络拓扑发现方法,可以具体包括如下步骤: [0025] FIG. 3 is a flowchart of a method of network topology discovery, the present invention is shown in Figure 1, the present embodiment provides a network topology discovery method, includes the following steps:

[0026] 步骤301,从VPN网关设备获取IPSec-VPN配置信息,根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表。 [0026] Step 301, VPN gateway apparatus acquires from the IPSec-VPN configuration information, the configuration information generation device table IPSec-VPN, and IPSec tunnel configuration information table according to the IPSec-VPN.

[0027] 在本实施例中,为了解决基于IPSec-VPN隧道两端设备之间的链路连接问题,发现IPSec-VPN的网络拓扑,网络管理服务器从VPN网关设备上获取IPSec-VPN配置信息,即网络管理服务器通过简单网络管理协议(Simple Network Management Protocol;以下简称:SNMP)读取VPN网关设备上保存的IPSec-VPN配置信息。 [0027] In the present embodiment, in order to solve the problem based on the connecting link between the two devices IPSec-VPN tunnel, IPSec-VPN network topology discovery, the network management server acquires IPSec-VPN configuration information from the VPN gateway, That network management server through the SNMP (simple network management Protocol; hereinafter referred to as: SNMP) read the saved on the VPN gateway device IPSec-VPN configuration information. 在本实施例中,IPSec-VPN配置信息可以包括隧道配置信息和隧道通信状态信息,其中,隧道配置信息可以包括隧道名称、 对方设备名称、本地设备接口、对方设备地址、本地子网信息、对方子网信息,隧道通信状态信息可以包括本地子网信息、对方子网信息、发送成功包数、发送失败包数、发送成功字节数、接收成功字节数、接收成功包数、接收成功字节数、本地网关地址、对方网关地址和权重信息等。 In the present embodiment, IPSec-VPN tunnel configuration information may include configuration information and communication state information of the tunnel, wherein the tunnel configuration information may include a tunnel name, the name of the other device, the local device interface, device address each other, the local subnet information, other subnet information, the tunnel communication state information may include information on the local subnet, subnet information other, the number of packets successfully sent, failed to send the number of packets, bytes sent successfully, the number of bytes successfully received, the number of successfully received packets successfully received word number of sections, local gateway address, gateway address, and other information weight. 在本步骤中,网络管理服务器根据读取到的IPSec-VPN配置信息生成IPSec-VPN 设备表和IPSec隧道配置信息表,并将IPSec-VPN设备表和IPSec隧道配置信息表存储在本地数据库中。 In this step, the network management configuration information generation server IPSec-VPN, and IPSec tunnel table apparatus configuration information table according to the read IPSec-VPN, and IPSec-VPN, and IPSec tunnel table apparatus configuration information table stored in the local database. 本实施例中的IPSec-VPN设备表中的字段可以包括索引值Id、是否为VPN 网关设备Is_vpn_gateway、公共IP地址Public_ip、私有IP地址Private_ip、设备索引值Devicejd、区域号值Zonejd以及是否有期限Is_term,IPSec隧道配置信息表中的字段可以包括索引值IcU实时流入流量Realtime_flow_in、实时流出流量Realtime_flow_out、总流入流量Total_flow_in、总流出流量Total_flow_out、隧道IP地址Tunnel_ip、网关设备信息Gateway_device_id和接入设备信息Access_device_id。 The present embodiment IPSec-VPN device table field may include an index value Id, whether the VPN gateway Is_vpn_gateway, public IP address Public_ip, private IP address Private_ip, the device index values ​​Devicejd, area number value Zonejd and whether the duration Is_term , IPSec tunnel configuration information table may include an index field in real value IcU inflow rate Realtime_flow_in, real-time traffic flows Realtime_flow_out, the total inflow rate Total_flow_in, the total outflow rate Total_flow_out, tunneling IP address Tunnel_ip, the gateway device and the access device information Gateway_device_id information Access_device_id. 在本实施例中,由于读取到的IPSec-VPN配置信息中包含以上各字段的内容,则可以按照IPSec-VPN设备表和IPSec 隧道配置信息表的格式,将IPSec-VPN配置信息分别填到表中各字段对应的位置,以生成IPSec-VPN设备表和IPSec隧道配置信息表。 In the present embodiment, since the read IPSec-VPN configuration information includes the contents of the above fields, it may be configured in accordance with the format information table and device table IPSec-VPN IPSec tunnel, the IPSec-VPN configuration information to respectively fill field corresponds to the position of each table to generate IPSec-VPN IPSec tunnel device table and configuration information table. 本实施例中的IPSec-VPN设备表和IPSec隧道配置信息表之间存在关联关系,通过IPSec-VPN设备表中的字段Id与IPSec隧道配置信息表中的字段Gateway_device_id> Access_device_id 来进行关联。 The present embodiment IPSec-VPN IPSec tunnel device table and connection among configuration information table, the fields in the configuration information table Gateway_device_id> Access_device_id by IPSec-VPN device table field Id to be associated with the IPSec tunnel.

[0028] 步骤302,根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑。 [0028] Step 302, the network topology configuration information table generated according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.

[0029] 当根据IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表后, 网络管理服务器根据IPSec-VPN设备表和IPSec隧道配置信息表来分析IPSec-VPN配置信息,从而生成IPSec-VPN的网络拓扑。 [0029] When the configuration information generation IPSec-VPN device table and IPSec tunnel configuration information table according to the IPSec-VPN, the network management server IPSec-VPN device table and IPSec tunnel configuration information table according to the analysis IPSec-VPN configuration information, thereby generating the IPSec -VPN network topology. 网络管理服务器具体可以根据IPSec-VPN设备表和IPSec隧道配置信息表之间的关联性来分别获取设备配置信息和隧道配置信息,根据设备配置信息和隧道配置信息来生成IPSec-VPN的网络拓扑,即生成基于IPSec-VPN隧道的网络拓扑。 Specifically the network management server may be configured association between the information table according to the IPSec-VPN, and IPSec tunnel device table to the device respectively acquire the tunnel configuration information and configuration information, configuration information and device configuration information to generate a tunneling IPSec-VPN network topology, and which generates the network topology based on IPSec-VPN tunnel.

[0030] 具体地,本实施例中的上述步骤302可以具体包括如下步骤:根据所述IPSec 隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息;根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息;根据所述设备配置信息和所述隧道配置信息生成IPSec-VPN的网络拓扑。 [0030] Specifically, the present embodiment in the above embodiment step 302 may specifically include the following steps: the configuration information and the access gateway device queries the apparatus information table IPSec-VPN device information table according to the IPSec tunnel, according to the query result obtaining the device configuration information of each device; configuration information recording table acquisition tunnels IPSec-VPN tunnel configuration information according to the IPSec tunnel; configuration information generation IPSec-VPN network topology in accordance with the device configuration information and the tunnel .

[0031] 进一步地,上述根据所述IPSec隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息的步骤可以具体包括如下步骤:根据所述IPSec隧道配置信息表中记录的网关设备信息,查询所述IPSec-VPN设备表中索引值与所述网关设备信息的值相同的第一信息记录;根据所述第一信息记录获取所述VPN网关设备的设备配置信息;根据所述IPSec隧道配置信息表中记录的接入设备信息,查询所述IPSec-VPN设备表中索引值与所述接入设备信息的值相同的第二信息记录;根据所述第二信息记录获取所述VPN接入设备的设备配置信息。 Step [0031] Further, the configuration information and the access gateway device queries the apparatus information table IPSec-VPN device information table according to the IPSec tunnel, acquiring device information of each device is configured according to the query result may include a specific the steps of: the IPSec tunnel gateway configuration information recorded in the table according to the value of the index value and the device information table of the gateway device queries the first information recording IPSec-VPN same; based on the first information obtaining configuration information recording apparatus of the VPN gateway; access device configuration information recorded in the table according to the IPSec tunnel, IPSec-VPN device queries the table index value and the value of the information access device of the same a second recording information; obtaining the device configuration information to the VPN access apparatus according to the second information recording.

[0032] 进一步地,上述根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息的步骤可以具体为:根据所述IPSec隧道配置信息表中的信息记录,分别获取由所述VPN网关设备与所述VPN接入设备组成的各IPSec-VPN隧道的隧道配置信肩、ο Step tunnel configuration information [0032] Furthermore, the arrangement information recorded in the information table according to the acquired IPSec tunnel IPSec-VPN tunnel may be: configuration information recording table according to the IPSec tunnel, respectively, obtained by the configuration of each channel shoulder IPSec-VPN tunnel with the VPN gateway VPN tunnel access device consisting, ο

[0033] 本实施例提供了一种网络拓扑发现方法,通过从VPN网关设备获取IPSec-VPN配置信息,根据该IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表,并根据IPSec-VPN设备表和IPSec隧道配置信息表来生成IPSec-VPN的网络拓扑;本实施例解决了现有技术中存在的IPSec-VPN隧道两端链路的连接问题,实现了IPSec-VPN的网络拓扑发现。 [0033] The present embodiment provides a network topology discovery method, by acquiring configuration information from the VPN gateway IPSec VPN-device-generated IPSec VPN, and IPSec tunnel device table based on the configuration information table-IPSec VPN configuration information, and according to the IPSec -VPN device table IPSec tunnel configuration information table and generates the IPSec-VPN network topology; the present embodiment solves the problem of connecting ends of the link IPSec-VPN tunnel in the prior art, to achieve the IPSec-VPN network topology Find.

[0034] 图4为本发明网络拓扑发现方法实施例二的流程图,如图4所示,本实施例提供了一种网络拓扑发现方法,可以具体包括如下步骤: [0034] FIG 4 is a flowchart according to a second embodiment of the method of network topology discovery, the present invention is shown in Figure 4, the present embodiment provides a network topology discovery method, includes the following steps:

[0035] 步骤401,网络管理服务器从VPN网关设备获取IPSec-VPN配置信息,根据IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表。 [0035] Step 401, network management server acquires-IPSec VPN configuration information from the VPN gateway, according to the IPSec VPN-configuration-information generation IPSec VPN IPSec tunnel device table and configuration information table.

[0036] 图5为本发明网络拓扑发现方法实施例二中IPSec-VPN的拓扑结构示意图,如图5 所示,其给出了一个最简单的IPSec-VPN的网络拓扑。 [0036] FIG. 5 is a schematic topology Example II IPSec-VPN network topology discovery method embodiment, the present invention is shown in Figure 5, which shows a simple network topology of IPSec-VPN. 本步骤为网络管理服务器通过SNMP 读取VPN网关设备上保存的IPSec-VPN配置信息,根据读取到的IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表,并将IPSec-VPN设备表和IPSec隧道配置信息表存储在本地数据库中。 This step reads the SNMP network management server-IPSec VPN configuration information stored on the VPN gateway, according to the read-IPSec VPN-IPSec VPN configuration information generation device table and configuration information table by IPSec tunnel, and IPSec VPN- IPSec tunnel device table and configuration information table stored in the local database. IPSec-VPN设备表和IPSec隧道配置信息表的数据库表结构分别如下表1和表2所示: IPSec-VPN, and IPSec tunnel table apparatus configuration information table database table structure are shown below in Table 1 and Table 2:

[0037] 表IlPSec-VPN设备表的数据库表结构 [0037] TABLE IlPSec-VPN device table database structure

[0038] [0038]

Figure CN102332994AD00071

[0039] [0039]

[0040] 表2IPSec隧道配置信息表的数据库表结构 [0040] Table 2IPSec tunnel configuration information table database structure

[0041] [0041]

Figure CN102332994AD00081

[0042] 步骤402,网络管理服务器根据IPSec隧道配置信息表中记录的网关设备信息,查询IPSec-VPN设备表中索引值与所述网关设备信息的值相同的第一信息记录。 [0042] Step 402, network management server gateway configuration information recorded in the table according to the IPSec tunnel, IPSec-VPN device queries the same table index value and the device information of the first information recording gateway.

[0043] 当生成IPSec-VPN设备表和IPSec隧道配置信息表后,根据IPSec-VPN设备表和IPSec隧道配置信息表对IPSec-VPN配置信息进行分析,获取设备配置信息和隧道配置信息。 [0043] After generating device table IPSec-VPN tunnel configuration information table and IPSec, IPSec-VPN, and IPSec tunnel table apparatus configuration information table according to the configuration information analyzed IPSec-VPN, acquires device configuration information and configuration information of the tunnel. 本步骤为网络管理服务器根据IPSec隧道配置信息表中记录的网关设备信息GateWay_ device_ip,查询IPSec-VPN设备表。 In this step, the network management server gateway configuration information GateWay_ information table according to the IPSec tunnel device_ip, IPSec-VPN device query table. 管理服务器可以先查询IPSec隧道配置信息表,当IPSec隧道配置信息表中存在信息记录时,表明网络中当前存在IPSec-VPN的网络拓扑,否则不存在IPSec-VPN的网络拓扑。 The management server can first query IPSec tunnel configuration information table, when the information recording exists IPSec tunnel configuration information in the table, indicating that the network exists in the current network topology IPSec-VPN, and IPSec-VPN network topology or does not exist. 在本实施例中,IPSec-VPN设备表与IPSec隧道配置信息表之间具有关联性,具体为IPSec-VPN设备表中的字段Id与IPSec隧道配置信息表中的字段Gateway_device_id 或Access_device_id相关联。 In the present embodiment, IPSec-VPN IPSec tunnel with the device table having the correlation between the configuration information table, and the specific field Id IPSec tunnel IPSec-VPN apparatus configuration information table field in the table is associated Gateway_device_id or Access_device_id. 在IPSec-VPN设备表中,字段Is_vpn_ gateway代表当前的信息记录所代表的设备是否为VPN网关设备,当该字段的值为Y时,表示该设备为VPN网关设备,当该字段的值为N时,表示该设备为VPN接入设备,网络管理服务器可以利用该字段来查询IPSec隧道配置信息表中与之相关联的信息记录。 In IPSec-VPN device table, field Is_vpn_ gateway information representative of the current recording device is represented by a VPN gateway device, when this field is Y, indicating that the device is a VPN gateway, when this field is N , it indicates that the device is a VPN access device, the network management server can use this field to query the information recording IPSec tunnel configuration information table associated therewith. 网络管理服务器可以先获取到IPSec隧道配置信息表中字段Gateway_deViCe_id的值,从IPSec-VPN 设备表中查询与字段Gateway_deViCe_id的值相同的字段Id对应的第一信息记录。 The network management server may first obtain an IPSec tunnel configuration information table field values ​​Gateway_deViCe_id, the same value as the first information recording queries from the IPSec-VPN device table with fields corresponding Gateway_deViCe_id field Id. 此处的第一信息记录为IPSec-VPN设备表中与Gateway_deViCe_id的值相同的字段Id对应的信息记录,其只是代表IPSec-VPN设备表中与Gateway_deViCe_id相关联的信息记录,为了与后续的第二信息记录相区别。 Here the first information recording apparatus for IPSec-VPN table value Gateway_deViCe_id same field Id corresponding to the recording information, which only represents the information recording apparatus IPSec-VPN Gateway_deViCe_id table associated with, and subsequent to the second information recorded phase difference.

[0044] 步骤403,网络管理服务器根据第一信息记录获取VPN网关设备的设备配置信息。 [0044] Step 403, network management server acquires configuration information of the first information recording apparatus according to the VPN gateway.

[0045] 网络管理服务器在获取到第一信息记录,即获取到与字段Gateway_deViCe_id的值相同的字段Id对应的信息记录后,根据该第一信息记录获取VPN网关设备的设备配置信息,此处的设备配置信息可以为IPSec-VPN设备表中保存的其他字段所代表的信息,如VPN 网关设备的IP地址等相关信息。 [0045] The network management server after obtaining the first information recording, i.e., to obtain the same value field Gateway_deViCe_id field Id corresponding to recording information, recording the configuration information of the first information acquiring apparatus according to the VPN gateway, here other information field device configuration information can be saved for IPSec-VPN device represented in the table, such as the IP address of the VPN gateway devices and other related information.

[0046] 步骤404,网络管理服务器根据IPSec隧道配置信息表中记录的接入设备信息,查询IPSec-VPN设备表中索引值与接入设备信息的值相同的第二信息记录。 [0046] Step 404, the network access device configuration information management server information table according to the IPSec tunnel, IPSec-VPN device queries the table index value in the same equipment and the second information recording access information.

[0047] 本步骤为网络管理服务器根据IPSec隧道配置信息表中记录的接入设备信息Access_device_ip,查询IPSec-VPN设备表。 [0047] In this step, the access device information Access_device_ip configuration information table according to the network management server IPSec tunnel, IPSec-VPN device query table. 管理服务器可以先查询IPSec隧道配置信息表,当IPSec隧道配置信息表中存在信息记录时,表明网络中当前存在IPSec-VPN的网络拓扑,否则不存在IPSec-VPN的网络拓扑。 The management server can first query IPSec tunnel configuration information table, when the information recording exists IPSec tunnel configuration information in the table, indicating that the network exists in the current network topology IPSec-VPN, and IPSec-VPN network topology or does not exist. 网络管理服务器可以先获取到IPSec隧道配置信息表中字段Access_device_id的值,从IPSec-VPN设备表中查询与字段Access_device_ id的值相同的字段Id对应的第二信息记录。 The network management server may first obtain an IPSec tunnel configuration information table field values ​​Access_device_id, the same value as the second information recording field Id IPSec-VPN device queries from the table with the corresponding fields Access_device_ id. 此处的第二信息记录为IPSec-VPN设备表中与Access_device_id的值相同的字段Id对应的信息记录,其只是代表IPSec-VPN设备表中与Access_device_id相关联的信息记录。 Here the second information recording apparatus for IPSec-VPN table value Access_device_id same field Id corresponding to the recording information, which only represents the information recording apparatus IPSec-VPN table associated with Access_device_id.

[0048] 步骤405,网络管理服务器根据第二信息记录获取VPN接入设备的设备配置信息。 [0048] Step 405, the network management configuration information of the second server apparatus VPN access acquiring the information recording apparatus according.

[0049] 网络管理服务器在获取到第二信息记录,即获取到与字段ACCeSS_deViCe_id的值相同的字段Id对应的信息记录后,根据该第二信息记录获取的设备配置信息,此处的设备配置信息可以为IPSec-VPN设备表中保存的其他字段所代表的信息,如VPN接入设备的IP地址等相关信息。 [0049] After acquiring the network management server to the second information recording, i.e., to obtain the same value field ACCeSS_deViCe_id field Id corresponding to the information recording apparatus according to the configuration information of the second recording information is acquired, the device configuration information here other information may be stored as fields IPSec-VPN device represented in the table, such as the IP address of the VPN access device and other related information.

[0050] 本实施例可以重复执行上述步骤402-405,直到对IPSec-VPN设备表中的所有VPN 接入设备、所有VPN网关设备均进行分析,获取到各自的设备配置信息为止。 [0050] This embodiment can perform the above steps 402-405 is repeated until all devices IPSec-VPN VPN access devices in the table, all the VPN gateway are analyzed, obtaining up to a respective device configuration information.

[0051] 步骤406,网络管理服务器根据IPSec隧道配置信息表中的信息记录,分别获取由VPN网关设备与VPN接入设备组成的各IPSec-VPN隧道的隧道配置信息。 [0051] Step 406, network management server configuration information recording table according to the IPSec tunnel, respectively acquire each IPSec tunnel-VPN tunnel with the VPN by the VPN gateway configuration information composed of the access device.

[0052] IPSec隧道配置信息表中所存储的每条信息记录分别对应一条IPSec-VPN隧道, 此处的一条IPSec-VPN隧道由一个VPN网关设备与一个VPN接入设备组成,当IPSec隧道配置信息表中包含多条信息记录时,表明当前网络中存在多条IPSec-VPN隧道。 Each information recording [0052] IPSec tunnel configuration information stored in the table correspond one-IPSec VPN tunnels, here a VPN-IPSec VPN tunnel consists of a device and a VPN access gateway apparatus composition, when IPSec tunnel configuration information when the table contains a plurality of recording information indicating a plurality of IPSec-VPN tunnel current network presence. 本步骤为网络管理服务器根据IPSec隧道配置信息表中的信息记录,每条信息记录中字段的内容代表每条IPSec-VPN隧道的隧道配置信息,则网络管理服务器可以通过各信息记录分别获取由VPN网关设备与VPN接入设备组成的各IPSec-VPN隧道的隧道配置信息。 In this step, network management server configuration information recording table according to the IPSec tunnel, the tunnel information record represents the contents of each field in each IPSec-VPN tunnel configuration information, the network management server may acquire the information recorded by the VPN through the respective each tunnel IPSec-VPN gateway unit and the VPN tunnel access device composed of configuration information.

[0053] 步骤407,网络管理服务器根据设备配置信息和隧道配置信息生成IPSec-VPN的网络拓扑。 [0053] Step 407, network management server generates network topology configuration information according to the IPSec-VPN tunnel and device configuration information.

[0054] 当通过上述步骤获取到网络中各VPN网关设备、各VPN接入设备的设备配置信息以及由各设备组成的IPSec-VPN隧道的隧道配置信息后,网络管理服务器根据设备配置信息和隧道配置信息生成IPSec-VPN的网络拓扑,即在已有拓扑上画出IPSec-VPN的网络拓扑。 [0054] After the above steps to obtain the respective VPN gateway devices in the network, device configuration information for each VPN tunnel access device and IPSec-VPN tunnel configuration information of each device consisting, network device configuration information management server and the tunnel network topology configuration information generation IPSec-VPN, i.e., the network topology shown IPSec-VPN on an existing topology. 图6为本发明网络拓扑发现方法实施例二中使用现有拓扑发现技术进行IPSec-VPN场景的拓扑发现的结果示意图,图7为本发明网络拓扑发现方法实施例二中使用本发明拓扑发现技术进行IPSec-VPN场景的拓扑发现的结果示意图,如图6和7所示,二者为使用已有的软件得到的实验效果图,现有拓扑发现技术可以为基于ARP或MAC转发表分析的拓扑发现技术,从图中可以看出,使用本实施例的网络拓扑发现技术可以成功地发现IPSec-VPN 的网络拓扑。 7 according to the second embodiment of the method of network topology discovery topology discovery technique using the present invention, the present invention according to a second embodiment of the network topology discovery method using the prior art topology discovery IPSec-VPN topology results showing the scene will be found in FIG. 6 of the present invention, results showing IPSec-VPN topology discovery scenario, as shown in FIG. 6 and 7, the experimental results using both FIG existing software obtained prior art topology discovery can be analyzed based on ARP forwarding or MAC topology discovery technology, can be seen from the figure, the present embodiment using the network topology discovery technique can successfully find the IPSec-VPN network topology. [0055] 本实施例提供了一种网络拓扑发现方法,通过从VPN网关设备获取IPSec-VPN配置信息,根据该IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表,并根据IPSec-VPN设备表和IPSec隧道配置信息表来生成IPSec-VPN的网络拓扑;本实施例解决了现有技术中存在的IPSec-VPN隧道两端链路的连接问题,实现了IPSec-VPN的网络拓扑发现,从而便于后续对IPSec-VPN的网络拓扑进行网络管理,包括故障定位、性能优化等。 [0055] The present embodiment provides a network topology discovery method, by acquiring configuration information from the VPN gateway IPSec VPN-device-generated IPSec VPN, and IPSec tunnel device table based on the configuration information table-IPSec VPN configuration information, and according to the IPSec -VPN device table IPSec tunnel configuration information table and generates the IPSec-VPN network topology; the present embodiment solves the problem of connecting ends of the link IPSec-VPN tunnel in the prior art, to achieve the IPSec-VPN network topology We found, thereby facilitating subsequent IPSec-VPN network topology for network management, including fault location, performance optimization.

[0056] 本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:R0M、RAM、磁碟或者光盘等各种可以存储程序代码的介质。 [0056] Those of ordinary skill in the art will be understood: the hardware implementing the above method can be accomplished by a program instructing relevant to all or part of the steps embodiment, the program may be stored in a computer readable storage medium, the program execution when, comprising the step of performing the above-described embodiment of the method; and the storage medium comprising: a variety of medium may store program codes R0M, RAM, magnetic disk, or optical disk.

[0057] 图8为本发明网络拓扑发现装置实施例一的结构示意图,如图8所示,本实施例提供了一种网络拓扑发现装置,可以具体执行上述方法实施例一中的各个步骤,此处不再赘述。 [0057] FIG. 8 is a structural diagram of a network topology discovery apparatus embodiment, the present invention is shown in Figure 8, the present embodiment provides a network topology discovery means, performing the above method may be embodied respective steps of example 1 embodiment, not repeat them here. 本实施例提供的网络拓扑发现装置可以具体包括获取模块801和拓扑生成模块802。 Network topology discovery device provided in this embodiment may specifically include obtaining topology generation module 801 and module 802. 其中,获取模块801用于从虚拟私网VPN网关设备获取因特网协议安全性IPSec-VPN配置信息,根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表。 The obtaining module 801 is configured to acquire Internet-Protocol Security IPSec VPN virtual private network configuration information from the VPN gateway, the configuration information generation device table and IPSec VPN-IPSec tunnel configuration information table according to the IPSec-VPN. 拓扑生成模块802用于根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN 的网络拓扑。 Topology generation module 802 to generate network topology configuration information table according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.

[0058] 图9为本发明网络拓扑发现装置实施例二的结构示意图,如图9所示,本实施例提供了一种网络拓扑发现装置,可以具体执行上述方法实施例二中的各个步骤,此处不再赘述。 [0058] Figure 9 a schematic structural diagram network topology discovery according to the second embodiment of the apparatus, FIG. 9 of the present invention, the present embodiment provides a network topology discovery, specific arrangements can perform the respective steps of the methods described above two embodiments, not repeat them here. 本实施例提供的网络拓扑发现装置在上述图8所示的基础之上,拓扑生成模块802可以具体包括查询单元812、获取单元822和生成单元832。 Network topology discovery device provided in the present embodiment shown on the basis of the above FIG. 8, specifically topology generation module 802 may include a query unit 812, acquisition unit 822 and a generating unit 832. 其中,查询单元812用于根据所述IPSec隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息。 Wherein the query unit 812 for configuration information and the access gateway device queries the apparatus information table IPSec-VPN device information table according to the IPSec tunnel, the device acquires the configuration information of each device according to the query result. 获取单元822用于根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息。 Obtaining configuration information recording unit 822 for acquiring information table tunnel IPSec-VPN tunnel configuration information according to the IPSec tunnel. 生成单元832用于根据所述设备配置信息和所述隧道配置信息生成IPSec-VPN的网络拓扑。 Generating unit 832 to generate network topology configuration information for IPSec-VPN device based on the configuration information and the tunnel.

[0059] 进一步地,查询单元812可以具体包括第一查询子单元8121、第一获取子单元8122、第二查询子单元8123和第二获取子单元8124。 [0059] Further, the query unit 812 may specifically include a first sub-query unit 8121, a first obtaining subunit 8122, a second query sub-unit 8123 and the second obtaining subunit 8124. 其中,第一查询子单元8121用于根据所述IPSec隧道配置信息表中记录的网关设备信息,查询所述IPSec-VPN设备表中索引值与所述网关设备信息的值相同的第一信息记录。 Wherein the first query sub-unit 8121 is used to configure the gateway device information recorded in the table according to the IPSec tunnel, the same value as the query IPSec-VPN device table index value and the device information of the first information recording gateway . 第一获取子单元8122用于根据所述第一信息记录获取所述VPN网关设备的设备配置信息。 A first obtaining subunit 8122 configured to obtain the VPN gateway apparatus configuration information based on the first information recording. 第二查询子单元8123用于根据所述IPSec隧道配置信息表中记录的接入设备信息,查询所述IPSec-VPN设备表中索引值与所述接入设备信息的值相同的第二信息记录。 The second sub-unit 8123 queries the device information for configuring the access information table according to the IPSec tunnel, the same value as the query IPSec-VPN device table index value and the device information of the second information recording access . 第二获取子单元8124用于根据所述第二信息记录获取所述VPN接入设备的设备配置信息。 Second obtaining sub-unit 8124 acquires device configuration information for the VPN access apparatus according to the second information recording.

[0060] 具体地,本实施例中的获取单元822具体用于根据所述IPSec隧道配置信息表中的信息记录,分别获取由所述VPN网关设备与所述VPN接入设备组成的各IPSec-VPN隧道的隧道配置信息。 [0060] Specifically, the present embodiment of the acquisition unit 822 the configuration information for the specific embodiments record information table according to the IPSec tunnel, each IPSec- were acquired by the VPN gateway and the VPN access equipment consisting of tunnel VPN tunnel configuration information.

[0061] 本实施例提供了一种网络拓扑发现装置,通过从VPN网关设备获取IPSec-VPN配置信息,根据该IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表,并根据IPSec-VPN设备表和IPSec隧道配置信息表来生成IPSec-VPN的网络拓扑;本实施例解决了现有技术中存在的IPSec-VPN隧道两端链路的连接问题,实现了IPSec-VPN的网络拓扑发现,从而便于后续对IPSec-VPN的网络拓扑进行网络管理,包括故障定位、性能优化等。 [0061] The present embodiment provides a network topology discovery means, by obtaining the configuration information from the VPN gateway IPSec VPN-device-generated IPSec VPN, and IPSec tunnel device table based on the configuration information table-IPSec VPN configuration information, and according to the IPSec -VPN device table IPSec tunnel configuration information table and generates the IPSec-VPN network topology; the present embodiment solves the problem of connecting ends of the link IPSec-VPN tunnel in the prior art, to achieve the IPSec-VPN network topology We found, thereby facilitating subsequent IPSec-VPN network topology for network management, including fault location, performance optimization.

[0062] 本实施例提供了一种网络管理服务器,可以具体包括上述图8或图9所示的网络拓扑发现装置。 [0062] The present embodiment provides a network management server, it may specifically include the above-described network topology shown in FIG. 8 or FIG. 9 discovery means.

[0063] 本实施例提供了一种网络拓扑发现系统,可以具体包括虚拟私网VPN网关设备、 VPN接入设备和上述网络管理服务器。 [0063] The present embodiment provides a network topology discovery system may specifically include a virtual private network VPN gateway, VPN access device and said network management server.

[0064] 最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 [0064] Finally, it should be noted that: the above embodiments are intended to illustrate the present invention, rather than limiting;. Although the present invention has been described in detail embodiments, those of ordinary skill in the art should be understood: may still be made to the technical solutions described in each embodiment of the modified or part of the technical features equivalents; as such modifications or replacements do not cause the essence of corresponding technical solutions to depart from the technical solutions of the embodiments of the present invention and scope.

Claims (10)

  1. 1. 一种网络拓扑发现方法,其特征在于,包括:从虚拟私网VPN网关设备获取因特网协议安全性IPSec-VPN配置信息,根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表;根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑。 A network topology discovery method, comprising: obtaining an Internet Protocol Security IPSec-VPN virtual private network configuration information from the VPN gateway, the configuration-information generation IPSec VPN, and IPSec tunnels device table according to the IPSec VPN- configuration information table; generate network topology configuration information table according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.
  2. 2.根据权利要求1所述的方法,其特征在于,所述根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑包括:根据所述IPSec隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息;根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息; 根据所述设备配置信息和所述隧道配置信息生成IPSec-VPN的网络拓扑。 2. The method according to claim 1, wherein the configuration information table generating IPSec-VPN network topology comprises a device according to the IPSec-VPN and the IPSec tunnel table: configuration information table according to the IPSec tunnel information access device and the gateway device queries the information recorded in the device table IPSec-VPN, acquires the device configuration information of each device according to the query result; configuration information recording table IPSec-VPN tunnel acquisition tunnels according to the IPSec tunnel configuration information; configuration information generation IPSec-VPN network topology in accordance with the device configuration information and the tunnel.
  3. 3.根据权利要求2所述的方法,其特征在于,所述根据所述IPSec隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息包括:根据所述IPSec隧道配置信息表中记录的网关设备信息,查询所述IPSec-VPN设备表中索引值与所述网关设备信息的值相同的第一信息记录;根据所述第一信息记录获取所述VPN网关设备的设备配置信息; 根据所述IPSec隧道配置信息表中记录的接入设备信息,查询所述IPSec-VPN设备表中索引值与所述接入设备信息的值相同的第二信息记录;根据所述第二信息记录获取所述VPN接入设备的设备配置信息。 3. The method according to claim 2, wherein said gateway device configuration information table access information and said apparatus information query IPSec-VPN IPSec tunnel table according to the apparatus, each according to the query result acquired device configuration information device comprising: a gateway device configuration information recorded in the table according to the IPSec tunnel, IPSec-VPN device queries the same table index value and the device information of the first information recording gateway; in accordance with the recording said first information acquiring device configuration information to the VPN gateway device; access device configuration information recorded in the table according to the IPSec tunnel, IPSec-VPN device queries the table index value and the information access device the second information recording the same value; configuration information of the second information recording apparatus of the VPN access acquiring apparatus according to the.
  4. 4.根据权利要求3所述的方法,其特征在于,所述根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息包括:根据所述IPSec隧道配置信息表中的信息记录,分别获取由所述VPN网关设备与所述VPN接入设备组成的各IPSec-VPN隧道的隧道配置信息。 4. The method according to claim 3, wherein the configuration information record according to the IPSec tunnel information table acquired IPSec-VPN tunnel tunnel configuration information comprises: a configuration information table according to the IPSec tunnel recording information, respectively obtain the respective IPSec-VPN tunnel by the tunnel with the VPN gateway VPN access equipment consisting of configuration information.
  5. 5. 一种网络拓扑发现装置,其特征在于,包括:获取模块,用于从虚拟私网VPN网关设备获取因特网协议安全性IPSec-VPN配置信息, 根据所述IPSec-VPN配置信息生成IPSec-VPN设备表和IPSec隧道配置信息表;拓扑生成模块,用于根据所述IPSec-VPN设备表和所述IPSec隧道配置信息表生成IPSec-VPN的网络拓扑。 A topology discovery device, comprising: an obtaining module, configured to obtain an Internet Protocol security IPSec-VPN virtual private network configuration information from the VPN gateway, according to the configuration information generation IPSec-VPN IPSec-VPN IPSec tunnel device table and configuration information table; topology generation module configured to generate network topology configuration information table according to the IPSec-VPN IPSec-VPN device table and the IPSec tunnel.
  6. 6.根据权利要求5所述的装置,其特征在于,所述拓扑生成模块包括:查询单元,用于根据所述IPSec隧道配置信息表中记录的网关设备信息和接入设备信息查询所述IPSec-VPN设备表,根据查询结果获取各设备的设备配置信息;获取单元,用于根据所述IPSec隧道配置信息表中的信息记录获取IPSec-VPN隧道的隧道配置信息;生成单元,用于根据所述设备配置信息和所述隧道配置信息生成IPSec-VPN的网络拓扑。 6. The apparatus according to claim 5, wherein the topology generating module comprising: a query unit, and information for configuring the access gateway device queries the apparatus information of the information recorded in the table according to the IPSec IPSec tunnel -VPN device table, the query result obtaining apparatus according to the configuration information of each device; acquisition unit for recording the configuration information in the acquired information table tunnel IPSec-VPN tunnel configuration information according to the IPSec tunnel; generating unit according to the said device configuration information and the configuration information generation tunneling IPSec-VPN network topology is.
  7. 7.根据权利要求6所述的装置,其特征在于,所述查询单元包括:第一查询子单元,用于根据所述IPSec隧道配置信息表中记录的网关设备信息,查询所述IPSec-VPN设备表中索引值与所述网关设备信息的值相同的第一信息记录;第一获取子单元,用于根据所述第一信息记录获取所述VPN网关设备的设备配置信息;第二查询子单元,用于根据所述IPSec隧道配置信息表中记录的接入设备信息,查询所述IPSec-VPN设备表中索引值与所述接入设备信息的值相同的第二信息记录;第二获取子单元,用于根据所述第二信息记录获取所述VPN接入设备的设备配置信肩、ο 7. The device according to claim 6, characterized in that the query unit comprises: a first query sub-unit, for configuring the gateway device information recorded in the table according to the IPSec tunnel, the IPSec-VPN query the same device table index value and the device information of the first information recording gateway; obtaining a first sub-unit, configured to obtain information of the first information recording apparatus according to the VPN gateway; a second sub-query means for configuring the access information of the device information table according to the IPSec tunnel, the same value as the query IPSec-VPN device table index value and the device information of the access information of the second recording; obtaining a second sub-unit, configured to acquire the device configuration of the VPN access channel shoulder apparatus according to the second information recording, o
  8. 8.根据权利要求7所述的装置,其特征在于,所述获取单元具体用于根据所述IPSec隧道配置信息表中的信息记录,分别获取由所述VPN网关设备与所述VPN接入设备组成的各IPSec-VPN隧道的隧道配置信息。 8. The apparatus according to claim 7, wherein the configuration information acquisition unit is configured to record information table according to the IPSec tunnel, respectively, obtained by the VPN gateway in the VPN access device each tunnel IPSec-VPN tunnel composed of configuration information.
  9. 9. 一种网络管理服务器,其特征在于,包括权利要求5-8中任一项所述的网络拓扑发现装置。 A network management server, characterized by comprising a network topology according to any one of claims 5-8 discovers a device.
  10. 10. 一种网络拓扑发现系统,其特征在于,包括虚拟私网VPN网关设备、VPN接入设备和权利要求9所述的网络管理服务器。 10. A network topology discovery system, comprising virtual private network VPN gateway, and a VPN access apparatus as claimed in claim 9, the network management server.
CN 201110288687 2011-09-26 2011-09-26 Network topology discovery method, device, system and network management server CN102332994B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110288687 CN102332994B (en) 2011-09-26 2011-09-26 Network topology discovery method, device, system and network management server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110288687 CN102332994B (en) 2011-09-26 2011-09-26 Network topology discovery method, device, system and network management server

Publications (2)

Publication Number Publication Date
CN102332994A true true CN102332994A (en) 2012-01-25
CN102332994B CN102332994B (en) 2014-03-12

Family

ID=45484605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110288687 CN102332994B (en) 2011-09-26 2011-09-26 Network topology discovery method, device, system and network management server

Country Status (1)

Country Link
CN (1) CN102332994B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491088A (en) * 2013-09-22 2014-01-01 成都卫士通信息产业股份有限公司 Method for processing IPSec VPN gateway data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050111380A1 (en) * 2003-11-25 2005-05-26 Farid Adrangi Method, apparatus and system for mobile nodes to dynamically discover configuration information
US20050195780A1 (en) * 2004-03-08 2005-09-08 Henry Haverinen IP mobility in mobile telecommunications system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050111380A1 (en) * 2003-11-25 2005-05-26 Farid Adrangi Method, apparatus and system for mobile nodes to dynamically discover configuration information
US20050195780A1 (en) * 2004-03-08 2005-09-08 Henry Haverinen IP mobility in mobile telecommunications system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DANCHENG LI ET.AL: "《Applied Information and Communication Spring-Verlag Berdia Heidelberg 2011》", 30 June 2011, article "An Approach for IPSecVPN Network Topology Discovery Based on Layer 3 Topology", pages: 223-232 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491088A (en) * 2013-09-22 2014-01-01 成都卫士通信息产业股份有限公司 Method for processing IPSec VPN gateway data
CN103491088B (en) * 2013-09-22 2016-03-02 成都卫士通信息产业股份有限公司 One kind of data processing method IPSec VPN gateway

Also Published As

Publication number Publication date Type
CN102332994B (en) 2014-03-12 grant

Similar Documents

Publication Publication Date Title
US7385973B1 (en) Method and apparatus for VLAN ID discovery
US20060245436A1 (en) Comprehensive model for VPLS
US20090168648A1 (en) Method and System for Annotating Network Flow Information
US20070280241A1 (en) Discovering MPLS VPN services in a network
US20150030031A1 (en) Forwarding packets in an edge device
US20120179796A1 (en) Routing and service performance management in an application acceleration environment
US20070097972A1 (en) Automatic VLAN ID discovery for ethernet ports
US8711883B2 (en) Multiple carrier compression scheme
US20110122893A1 (en) Header compression scheme
US20100061378A1 (en) Method and Apparatus for Emulating Network Devices
US20120069842A1 (en) Multicasting within a distributed control plane of a switch
CN103095546A (en) Method, device and data center network for processing messages
US20110299424A1 (en) Switching apparatus and method for setting up virtual lan
CN102082690A (en) Passive finding equipment and method of network topology
CN102447618A (en) Route switching method in LISP network and apparatus thereof
CN101789904A (en) Method and equipment for controlling flow
US20110002240A1 (en) System and method for creating a transitive optimzed flow path
US20100325178A1 (en) Creating and/or managing meta-data for data storage devices using a packet switch appliance
US9264313B1 (en) System and method for performing a service discovery for virtual networks
EP2369782A1 (en) Multicasting within a distributed control plane of a switch
CN101242302A (en) Data synchronization method, device and system
US8718071B2 (en) Method to pass virtual local area network information in virtual station interface discovery and configuration protocol
CN101764752A (en) Method and system for managing remote concentrated image
US20110080829A1 (en) Method, apparatus and system for monitoring network conditions via a stacked topology of network captured traffic distribution devices
CN102158348A (en) Network topology discovery method, device and network equipment

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination