CN102332994B - Network topology discovery method, device, system and network management server - Google Patents
Network topology discovery method, device, system and network management server Download PDFInfo
- Publication number
- CN102332994B CN102332994B CN201110288687.XA CN201110288687A CN102332994B CN 102332994 B CN102332994 B CN 102332994B CN 201110288687 A CN201110288687 A CN 201110288687A CN 102332994 B CN102332994 B CN 102332994B
- Authority
- CN
- China
- Prior art keywords
- ipsec
- vpn
- configuration information
- tunnel
- tunnel configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network topology discovery method, device, system and a network management server; the method comprises the steps that: slave network virtual private network (VPN) gateway equipment obtains IPSec-VPN configuration information, generates an IPSec-VPN equipment table and an IPSec tunnel configuration information table according to the IPSec-VPN configuration information; and generates an IPSec-VPN network topology according to the IPSec-VPN equipment table and the IPSec tunnel configuration information table. The network topology discovery device comprises an acquisition module and a topology generation module. The network management server comprises the network topology discovery device. The network topology discovery system comprises the VPN gateway equipment, VPN access equipment and the network management server. The invention solves the problem of the connection between links on both ends of an IPSec-VPN tunnel in the prior art, and realizes the network topology discovery of IPSec-VPN.
Description
Technical field
The present invention relates to the communication technology, relate in particular to a kind of method for discovering network topology, device, System and Network management server.
Background technology
Virtual private network (Virtual Private Network; Hereinafter to be referred as: be VPN) to utilize public IP/ multiprotocol label switching (Multiple-Protocol Label Switching; Hereinafter to be referred as: MPL S) net is set up dedicated data transmission passage (being vpn tunneling), by long-range branch, mobile move personnel etc. and couple together, is illustrated in figure 1 the network architecture schematic diagram of VPN net in prior art.Internet Protocol Security (Internet Protocol Security; Hereinafter to be referred as: IPSec) be a kind of frame structure of open standard, between specific communication party, at IP layer, pass through the means such as encryption and data summarization (hash), guarantee privacy, integrality and the authenticity of packet when Internet transmits on the net, be illustrated in figure 2 the schematic diagram of ipsec framework structure of the prior art.IPSec supports transmission mode and two kinds of encapsulation modes of tunnel mode in transmitting procedure, and transmission mode refers to and do not change original IP packet header, is generally used between main frame and main frame; Tunnel mode refers to increases new IP packet header, is generally used for by public network, communicating between private network and private network.The main purpose of discovering network topology is the existence information of acquiring and maintaining network node and the connection relation information between them, and draw on this basis whole network topological diagram, follow-uply by topology information, carry out rapid locating network fault, discovering network bottleneck, thus optimize whole network.
Method for discovering network topology of the prior art comprises based on Spanning-Tree Protocol (Spanning Tree Protocol; Hereinafter to be referred as: STP) analyze Topology Discovery technology, based on medium access control (Media Access Control; Hereinafter to be referred as: MAC) addresses forwarding table is analyzed Topology Discovery technology and based on address resolution protocol (Address Resolution Protocol; Hereinafter to be referred as ARP) table analysis Topology Discovery technology, adopt these methods can find to support the network topology of the equipment of above-mentioned each agreement, but cannot find the link based on two ends, IPSec-VPN tunnel.
Summary of the invention
The invention provides a kind of method for discovering network topology, device, System and Network management server, solve the connectivity problem of two ends, the IPSec-VPN tunnel link existing in prior art, realize the discovering network topology of IPSec-VPN.
The invention provides a kind of method for discovering network topology, comprising:
From virtual private network vpn gateway equipment, obtain Internet Protocol Security IPSec-VPN configuration information, according to described IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table;
According to the network topology of described IPSec-VPN equipment list and described ipsec tunnel configuration information table generation IPSec-VPN.
The invention provides a kind of discovering network topology device, comprising:
Acquisition module, for obtaining Internet Protocol Security IPSec-VPN configuration information from virtual private network vpn gateway equipment, generates IPSec-VPN equipment list and ipsec tunnel configuration information table according to described IPSec-VPN configuration information;
Topology generation module, for generating the network topology of IPSec-VPN according to described IPSec-VPN equipment list and described ipsec tunnel configuration information table.
The invention provides a kind of network management server, comprise above-mentioned discovering network topology device.
The invention provides a kind of Network Topology Discovering System, comprise virtual private network vpn gateway equipment, VPN access device and above-mentioned network management server.
Method for discovering network topology of the present invention, device, System and Network management server, by obtaining IPSec-VPN configuration information from vpn gateway equipment, according to this IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table, and according to IPSec-VPN equipment list and ipsec tunnel configuration information table, generate the network topology of IPSec-VPN; The invention solves the connectivity problem of two ends, the IPSec-VPN tunnel link existing in prior art, realized the discovering network topology of IPSec-VPN.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the network architecture schematic diagram of VPN net in prior art;
Fig. 2 is the schematic diagram of ipsec framework structure of the prior art;
Fig. 3 is the flow chart of method for discovering network topology embodiment mono-of the present invention;
Fig. 4 is the flow chart of method for discovering network topology embodiment bis-of the present invention;
Fig. 5 is the topological structure schematic diagram of IPSec-VPN in method for discovering network topology embodiment bis-of the present invention;
Fig. 6 is used existing Topology Discovery technology to carry out the result schematic diagram of the Topology Discovery of IPSec-VPN scene in method for discovering network topology embodiment bis-of the present invention;
Fig. 7 is used Topology Discovery technology of the present invention to carry out the result schematic diagram of the Topology Discovery of IPSec-VPN scene in method for discovering network topology embodiment bis-of the present invention;
Fig. 8 is the structural representation of discovering network topology device embodiment mono-of the present invention;
Fig. 9 is the structural representation of discovering network topology device embodiment bis-of the present invention.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 3 is the flow chart of method for discovering network topology embodiment mono-of the present invention, and as shown in Figure 1, the present embodiment provides a kind of method for discovering network topology, can specifically comprise the steps:
In the present embodiment, in order to solve the link connection problem based between IPSec-VPN tunnel terminal device, find the network topology of IPSec-VPN, network management server obtains IPSec-VPN configuration information from vpn gateway equipment, and network management server is by Simple Network Management Protocol (Simple Network Management Protocol; Hereinafter to be referred as: SNMP) read the IPSec-VPN configuration information of preserving on vpn gateway equipment.In the present embodiment, IPSec-VPN configuration information can comprise tunnel configuration information and tunnel communication state information, wherein, tunnel configuration information can comprise tunnel title, the other side's device name, native device interface, the other side device address, local subnet information, the other side's subnet information, tunnel communication state information can comprise local subnet information, the other side's subnet information, send and successfully wrap number, send and unsuccessfully wrap number, send successful byte number, receive successful byte number, receive and successfully wrap number, receive successful byte number, local gateway address, the other side's gateway address and weight information etc.In this step, network management server generates IPSec-VPN equipment list and ipsec tunnel configuration information table according to the IPSec-VPN configuration information reading, and IPSec-VPN equipment list and ipsec tunnel configuration information table are stored in local data base.Field in IPSec-VPN equipment list in the present embodiment can comprise index value Id, whether be vpn gateway equipment I s_vpn_gateway, public ip address Public_ip, private IP address Private_ip, equipment index value Device_id, regional number value Zone_id and whether limited Is_term, field in ipsec tunnel configuration information table can comprise index value Id, real-time streams inbound traffics Realtime_flow_in, real-time streams outflow Realtime_flow_out, total flow Total_flow_in that flows into, total flow Total_flow_out that flows out, IP address, tunnel Tunnel_ip, gateway device information Gateway_device_id and access device information Access_device_id.In the present embodiment, due to the content that comprises above each field in the IPSec-VPN configuration information reading, can be according to IPSec-VPN equipment list and ipsec tunnel configuration information tableau format, IPSec-VPN configuration information is filled out respectively to the position of each Related fields in table, to generate IPSec-VPN equipment list and ipsec tunnel configuration information table.Between IPSec-VPN equipment list in the present embodiment and ipsec tunnel configuration information table, there is incidence relation, by the field Id in IPSec-VPN equipment list, carry out associated with field Gateway_device_id, Access_device_id in ipsec tunnel configuration information table.
When generating after IPSec-VPN equipment list and ipsec tunnel configuration information table according to IPSec-VPN configuration information, network management server carrys out analyzing IP Sec-VPN configuration information according to IPSec-VPN equipment list and ipsec tunnel configuration information table, thereby generates the network topology of IPSec-VPN.Network management server specifically can obtain respectively device configuration information and tunnel configuration information according to the relevance between IPSec-VPN equipment list and ipsec tunnel configuration information table, the network topology that generates IPSec-VPN according to device configuration information and tunnel configuration information, generates the network topology based on IPSec-VPN tunnel.
Particularly, above-mentioned steps 302 in the present embodiment can specifically comprise the steps: to inquire about described IPSec-VPN equipment list according to the gateway device information recording in described ipsec tunnel configuration information table and access device information, obtains the device configuration information of each equipment according to Query Result; According to the information recording in described ipsec tunnel configuration information table, obtain the tunnel configuration information in IPSec-VPN tunnel; According to the network topology of described device configuration information and described tunnel configuration Information generation IPSec-VPN.
Further, above-mentionedly according to the gateway device information recording in described ipsec tunnel configuration information table and access device information, inquire about described IPSec-VPN equipment list, the step of obtaining the device configuration information of each equipment according to Query Result can specifically comprise the steps: the gateway device information recording according in described ipsec tunnel configuration information table, inquires about the index value first information record identical with the value of described gateway device information in described IPSec-VPN equipment list; According to described first information record, obtain the device configuration information of described vpn gateway equipment; According to the access device information recording in described ipsec tunnel configuration information table, inquire about index value second information recording identical with the value of described access device information in described IPSec-VPN equipment list; According to described the second information recording, obtain the device configuration information of described VPN access device.
Further, the above-mentioned step of obtaining the tunnel configuration information in IPSec-VPN tunnel according to the information recording in described ipsec tunnel configuration information table can be specially: according to the information recording in described ipsec tunnel configuration information table, obtain respectively the tunnel configuration information in each IPSec-VPN tunnel being comprised of described vpn gateway equipment and described VPN access device.
The present embodiment provides a kind of method for discovering network topology, by obtaining IPSec-VPN configuration information from vpn gateway equipment, according to this IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table, and according to IPSec-VPN equipment list and ipsec tunnel configuration information table, generate the network topology of IPSec-VPN; The present embodiment has solved the connectivity problem of two ends, the IPSec-VPN tunnel link existing in prior art, has realized the discovering network topology of IPSec-VPN.
Fig. 4 is the flow chart of method for discovering network topology embodiment bis-of the present invention, and as shown in Figure 4, the present embodiment provides a kind of method for discovering network topology, can specifically comprise the steps:
Fig. 5 is the topological structure schematic diagram of IPSec-VPN in method for discovering network topology embodiment bis-of the present invention, and as shown in Figure 5, it has provided a network topology of the simplest IPSec-VPN.This step is that network management server reads the IPSec-VPN configuration information of preserving on vpn gateway equipment by SNMP, according to the IPSec-VPN configuration information reading, generate IPSec-VPN equipment list and ipsec tunnel configuration information table, and IPSec-VPN equipment list and ipsec tunnel configuration information table are stored in local data base.The database table structure of IPSec-VPN equipment list and ipsec tunnel configuration information table is respectively as shown in following table 1 and table 2:
The database table structure of table 1IPSec-VPN equipment list
The database table structure of table 2IPSec tunnel configuration information table
Step 402, network management server is according to the gateway device information recording in ipsec tunnel configuration information table, the index value first information record identical with the value of described gateway device information in enquiring IPSec-VPN equipment list.
After generating IPSec-VPN equipment list and ipsec tunnel configuration information table, according to IPSec-VPN equipment list and ipsec tunnel configuration information table, IPSec-VPN configuration information is analyzed, obtain device configuration information and tunnel configuration information.This step be network management server according to the gateway device information Gateway_device_ip recording in ipsec tunnel configuration information table, enquiring IPSec-VPN equipment list.Management server can first enquiring IPSec tunnel configuration information table, while there is information recording in ipsec tunnel configuration information table, shows the network topology of the current IPSec-VPN of existence in network, otherwise does not have the network topology of IPSec-VPN.In the present embodiment, between IPSec-VPN equipment list and ipsec tunnel configuration information table, have relevance, the field Id being specially in IPSec-VPN equipment list is associated with field Gateway_device_id or Access_device_id in ipsec tunnel configuration information table.In IPSec-VPN equipment list, field Is_vpn_gateway represents whether the equipment of current information recording representative is vpn gateway equipment, when the value of this field is Y, represent that this equipment is vpn gateway equipment, when the value of this field is N, represent that this equipment is VPN access device, network management server can utilize this field to carry out information recording associated therewith in enquiring IPSec tunnel configuration information table.Network management server can first get the value of field Gateway_device_id in ipsec tunnel configuration information table, inquiry first information record corresponding to field Id identical with the value of field Gateway_device_id from IPSec-VPN equipment list.The first information is herein recorded as information recording corresponding to field Id identical with the value of Gateway_device_id in IPSec-VPN equipment list, it just represents the information recording being associated with Gateway_device_id in IPSec-VPN equipment list, in order to distinguish with the second follow-up information recording.
Step 403, network management server obtains the device configuration information of vpn gateway equipment according to first information record.
Network management server is getting first information record, get after the information recording that the field Id identical with the value of field Gateway_device_id is corresponding, according to this first information record, obtain the device configuration information of vpn gateway equipment, device configuration information herein can be for the information of other field representatives of preserving in IPSec-VPN equipment list, as the relevant informations such as IP address of vpn gateway equipment.
Step 404, network management server is according to the access device information recording in ipsec tunnel configuration information table, index value second information recording identical with the value of access device information in enquiring IPSec-VPN equipment list.
This step be network management server according to the access device information Access_device_ip recording in ipsec tunnel configuration information table, enquiring IPSec-VPN equipment list.Management server can first enquiring IPSec tunnel configuration information table, while there is information recording in ipsec tunnel configuration information table, shows the network topology of the current IPSec-VPN of existence in network, otherwise does not have the network topology of IPSec-VPN.Network management server can first get the value of field Access_device_id in ipsec tunnel configuration information table, inquiry second information recording corresponding to field Id identical with the value of field Access_device_id from IPSec-VPN equipment list.The second information recording is herein information recording corresponding to field Id identical with the value of Access_device_id in IPSec-VPN equipment list, and it just represents the information recording being associated with Access_device_id in IPSec-VPN equipment list.
Network management server is getting the second information recording, get after the information recording that the field Id identical with the value of field Access_device_id is corresponding, the device configuration information obtaining according to this second information recording, device configuration information herein can be for the information of other field representatives of preserving in IPSec-VPN equipment list, as the relevant informations such as IP address of VPN access device.
The present embodiment can repeat above-mentioned steps 402-405, until all VPN access devices in IPSec-VPN equipment list, all vpn gateway equipment are all analyzed, till getting device configuration information separately.
The respectively corresponding IPSec-VPN tunnel of every information recording of storing in ipsec tunnel configuration information table, an IPSec-VPN tunnel is herein comprised of a vpn gateway equipment and a VPN access device, while comprising many information recordings in ipsec tunnel configuration information table, show to exist in current network many IPSec-VPN tunnels.This step is that network management server is according to the information recording in ipsec tunnel configuration information table, in every information recording, the content of field represents the tunnel configuration information in every IPSec-VPN tunnel, and network management server can obtain respectively by each information recording the tunnel configuration information in each IPSec-VPN tunnel being comprised of vpn gateway equipment and VPN access device.
After the tunnel configuration information in the IPSec-VPN tunnel that gets the device configuration information of each vpn gateway equipment, each VPN access device in network by above-mentioned steps and formed by each equipment, network management server, according to the network topology of device configuration information and tunnel configuration Information generation IPSec-VPN, draws the network topology of IPSec-VPN in existing topology.Fig. 6 is used existing Topology Discovery technology to carry out the result schematic diagram of the Topology Discovery of IPSec-VPN scene in method for discovering network topology embodiment bis-of the present invention, Fig. 7 is used Topology Discovery technology of the present invention to carry out the result schematic diagram of the Topology Discovery of IPSec-VPN scene in method for discovering network topology embodiment bis-of the present invention, as shown in Figures 6 and 7, the two experiment effect figure for using existing software to obtain, existing Topology Discovery technology can be for transmitting the Topology Discovery technology of analysis based on ARP or MAC, as can be seen from the figure, the Network Topology Discovery Technique of use the present embodiment can successfully be found the network topology of IPSec-VPN.
The present embodiment provides a kind of method for discovering network topology, by obtaining IPSec-VPN configuration information from vpn gateway equipment, according to this IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table, and according to IPSec-VPN equipment list and ipsec tunnel configuration information table, generate the network topology of IPSec-VPN; The present embodiment has solved the connectivity problem of two ends, the IPSec-VPN tunnel link existing in prior art, realized the discovering network topology of IPSec-VPN, thereby be convenient to follow-up the network topology of IPSec-VPN be carried out to network management, comprise fault location, performance optimization etc.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Fig. 8 is the structural representation of discovering network topology device embodiment mono-of the present invention, and as shown in Figure 8, the present embodiment provides a kind of discovering network topology device, can specifically carry out each step in said method embodiment mono-, repeats no more herein.The discovering network topology device that the present embodiment provides can specifically comprise acquisition module 801 and topological generation module 802.Wherein, acquisition module 801, for obtaining Internet Protocol Security IPSec-VPN configuration information from virtual private network vpn gateway equipment, generates IPSec-VPN equipment list and ipsec tunnel configuration information table according to described IPSec-VPN configuration information.Topology generation module 802 is for generating the network topology of IPSec-VPN according to described IPSec-VPN equipment list and described ipsec tunnel configuration information table.
Fig. 9 is the structural representation of discovering network topology device embodiment bis-of the present invention, and as shown in Figure 9, the present embodiment provides a kind of discovering network topology device, can specifically carry out each step in said method embodiment bis-, repeats no more herein.The discovering network topology device that the present embodiment provides is on the basis shown in above-mentioned Fig. 8, and topological generation module 802 can specifically comprise query unit 812, acquiring unit 822 and generation unit 832.Wherein, query unit 812 is inquired about described IPSec-VPN equipment list for the gateway device information and the access device information that record according to described ipsec tunnel configuration information table, obtains the device configuration information of each equipment according to Query Result.Acquiring unit 822 is for obtaining the tunnel configuration information in IPSec-VPN tunnel according to the information recording of described ipsec tunnel configuration information table.Generation unit 832 is for according to the network topology of described device configuration information and described tunnel configuration Information generation IPSec-VPN.
Further, query unit 812 can specifically comprise that the first inquiry subelement 8121, first obtains subelement 8122, the second inquiry subelement 8123 and second obtains subelement 8124.Wherein, the gateway device information of the first inquiry subelement 8121 for recording according to described ipsec tunnel configuration information table, inquires about the index value first information record identical with the value of described gateway device information in described IPSec-VPN equipment list.First obtains subelement 8122 for obtain the device configuration information of described vpn gateway equipment according to described first information record.The access device information of the second inquiry subelement 8123 for recording according to described ipsec tunnel configuration information table, inquires about index value second information recording identical with the value of described access device information in described IPSec-VPN equipment list.Second obtains subelement 8124 for obtain the device configuration information of described VPN access device according to described the second information recording.
Particularly, the acquiring unit 822 in the present embodiment, specifically for according to the information recording in described ipsec tunnel configuration information table, obtains respectively the tunnel configuration information in each IPSec-VPN tunnel being comprised of described vpn gateway equipment and described VPN access device.
The present embodiment provides a kind of discovering network topology device, by obtaining IPSec-VPN configuration information from vpn gateway equipment, according to this IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table, and according to IPSec-VPN equipment list and ipsec tunnel configuration information table, generate the network topology of IPSec-VPN; The present embodiment has solved the connectivity problem of two ends, the IPSec-VPN tunnel link existing in prior art, realized the discovering network topology of IPSec-VPN, thereby be convenient to follow-up the network topology of IPSec-VPN be carried out to network management, comprise fault location, performance optimization etc.
The present embodiment provides a kind of network management server, can specifically comprise the discovering network topology device shown in above-mentioned Fig. 8 or Fig. 9.
The present embodiment provides a kind of Network Topology Discovering System, can specifically comprise virtual private network vpn gateway equipment, VPN access device and above-mentioned network management server.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (8)
1. a method for discovering network topology, is characterized in that, comprising:
From virtual private network vpn gateway equipment, obtain Internet Protocol Security IPSec-VPN configuration information, according to described IPSec-VPN configuration information, generate IPSec-VPN equipment list and ipsec tunnel configuration information table;
According to the network topology of described IPSec-VPN equipment list and described ipsec tunnel configuration information table generation IPSec-VPN; The described network topology according to described IPSec-VPN equipment list and described ipsec tunnel configuration information table generation IPSec-VPN comprises:
According to the gateway device information recording in described ipsec tunnel configuration information table and access device information, inquire about described IPSec-VPN equipment list, according to Query Result, obtain the device configuration information of each equipment;
According to the information recording in described ipsec tunnel configuration information table, obtain the tunnel configuration information in IPSec-VPN tunnel;
According to the network topology of described device configuration information and described tunnel configuration Information generation IPSec-VPN.
2. method according to claim 1, it is characterized in that, describedly according to the gateway device information recording in described ipsec tunnel configuration information table and access device information, inquire about described IPSec-VPN equipment list, the device configuration information that obtains each equipment according to Query Result comprises:
According to the gateway device information recording in described ipsec tunnel configuration information table, inquire about the index value first information record identical with the value of described gateway device information in described IPSec-VPN equipment list;
According to described first information record, obtain the device configuration information of described vpn gateway equipment;
According to the access device information recording in described ipsec tunnel configuration information table, inquire about index value second information recording identical with the value of described access device information in described IPSec-VPN equipment list;
According to described the second information recording, obtain the device configuration information of described VPN access device.
3. method according to claim 2, is characterized in that, the described tunnel configuration information of obtaining IPSec-VPN tunnel according to the information recording in described ipsec tunnel configuration information table comprises:
According to the information recording in described ipsec tunnel configuration information table, obtain respectively the tunnel configuration information in each IPSec-VPN tunnel being formed by described vpn gateway equipment and described VPN access device.
4. a discovering network topology device, is characterized in that, comprising:
Acquisition module, for obtaining Internet Protocol Security IPSec-VPN configuration information from virtual private network vpn gateway equipment, generates IPSec-VPN equipment list and ipsec tunnel configuration information table according to described IPSec-VPN configuration information;
Topology generation module, for generating the network topology of IPSec-VPN according to described IPSec-VPN equipment list and described ipsec tunnel configuration information table; Described topological generation module comprises:
Query unit, inquires about described IPSec-VPN equipment list for the gateway device information and the access device information that record according to described ipsec tunnel configuration information table, obtains the device configuration information of each equipment according to Query Result;
Acquiring unit, for obtaining the tunnel configuration information in IPSec-VPN tunnel according to the information recording of described ipsec tunnel configuration information table;
Generation unit, for according to the network topology of described device configuration information and described tunnel configuration Information generation IPSec-VPN.
5. device according to claim 4, is characterized in that, described query unit comprises:
The first inquiry subelement, for the gateway device information recording according to described ipsec tunnel configuration information table, inquires about the index value first information record identical with the value of described gateway device information in described IPSec-VPN equipment list;
First obtains subelement, for obtain the device configuration information of described vpn gateway equipment according to described first information record;
The second inquiry subelement, for the access device information recording according to described ipsec tunnel configuration information table, inquires about index value second information recording identical with the value of described access device information in described IPSec-VPN equipment list;
Second obtains subelement, for obtain the device configuration information of described VPN access device according to described the second information recording.
6. device according to claim 5, it is characterized in that, described acquiring unit, specifically for according to the information recording in described ipsec tunnel configuration information table, obtains respectively the tunnel configuration information in each IPSec-VPN tunnel being comprised of described vpn gateway equipment and described VPN access device.
7. a network management server, is characterized in that, comprises the discovering network topology device described in any one in claim 4-6.
8. a Network Topology Discovering System, is characterized in that, comprises virtual private network vpn gateway equipment, VPN access device and network management server claimed in claim 7;
Described network management server obtains Internet Protocol Security IPSec-VPN configuration information from described virtual private network vpn gateway equipment, according to described IPSec-VPN configuration information, generates IPSec-VPN equipment list and ipsec tunnel configuration information table; And according to the network topology of described IPSec-VPN equipment list and described ipsec tunnel configuration information table generation IPSec-VPN; The described network topology according to described IPSec-VPN equipment list and described ipsec tunnel configuration information table generation IPSec-VPN comprises: described network management server is inquired about described IPSec-VPN equipment list according to the gateway device information recording in described ipsec tunnel configuration information table and described VPN access device information, obtains the device configuration information of each equipment according to Query Result; Described network management server obtains the tunnel configuration information in IPSec-VPN tunnel according to the information recording in described ipsec tunnel configuration information table; Described network management server is according to the network topology of described device configuration information and described tunnel configuration Information generation IPSec-VPN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110288687.XA CN102332994B (en) | 2011-09-26 | 2011-09-26 | Network topology discovery method, device, system and network management server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110288687.XA CN102332994B (en) | 2011-09-26 | 2011-09-26 | Network topology discovery method, device, system and network management server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102332994A CN102332994A (en) | 2012-01-25 |
| CN102332994B true CN102332994B (en) | 2014-03-12 |
Family
ID=45484605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110288687.XA Expired - Fee Related CN102332994B (en) | 2011-09-26 | 2011-09-26 | Network topology discovery method, device, system and network management server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102332994B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491088B (en) * | 2013-09-22 | 2016-03-02 | 成都卫士通信息产业股份有限公司 | A kind of IPSec vpn gateway data processing method |
| US10206092B1 (en) * | 2017-09-29 | 2019-02-12 | Hewlett Packard Enterprise Development Lp | Automatic discovery |
| CN112994993B (en) * | 2019-12-13 | 2022-08-19 | 中盈优创资讯科技有限公司 | Flexibly defined metropolitan area network topology generation method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050111380A1 (en) * | 2003-11-25 | 2005-05-26 | Farid Adrangi | Method, apparatus and system for mobile nodes to dynamically discover configuration information |
| EP1575238A1 (en) * | 2004-03-08 | 2005-09-14 | Nokia Corporation | IP mobility in mobile telecommunications system |
-
2011
- 2011-09-26 CN CN201110288687.XA patent/CN102332994B/en not_active Expired - Fee Related
Non-Patent Citations (1)
| Title |
|---|
| Dancheng Li et.al.An Approach for IPSecVPN Network Topology Discovery Based on Layer 3 Topology.《Applied Information and Communication Spring-Verlag Berdia Heidelberg 2011》.2011,第223-232页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102332994A (en) | 2012-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101873230B (en) | Method and device for discovering physical network topology | |
| CN103179228B (en) | Internet Protocol address analytic method and fringe node | |
| CN101667966B (en) | Method and system for realizing far-end mirror image of router | |
| CN103685010B (en) | A kind of message forwarding method and edge device | |
| CN104272657A (en) | Method and apparatus for providing tenant information for network flows | |
| CN109995634A (en) | A kind of bearing method and equipment of multicasting virtual private network network | |
| CN105939239B (en) | Data transmission method and device of virtual network card | |
| CN110391997A (en) | A kind of message forwarding method and device | |
| CN103947172A (en) | Method, device and system for providing network traversing service | |
| CN103944867A (en) | Dynamic host configuration protocol (DHCP) message processing method, device and system | |
| TW201519621A (en) | Management server and management method thereof for managing cloud appliances in virtual local area networks | |
| CN110650076A (en) | VXLAN implementation method, network equipment and communication system | |
| CN102739809A (en) | DNS64 database, server, system and IPv4/IPv6 communication method | |
| CN109120492B (en) | Storage unit, source switch, message forwarding method and mirror image system | |
| WO2021174943A1 (en) | Data forwarding method and apparatus, and device and storage medium | |
| CN107770072A (en) | A kind of method and apparatus for sending and receiving message | |
| CN102904814B (en) | Data transmission method, source PE, object PE and data transmission system | |
| CN107659484A (en) | From the method, apparatus and system of vlan network access VXLAN networks | |
| CN102332994B (en) | Network topology discovery method, device, system and network management server | |
| CN107547340A (en) | A kind of message forwarding method and device | |
| CN103796191B (en) | Method, device and the terminal of data are sent to user terminal | |
| CN108809795B (en) | Transparent shunting method and device in local area network environment | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| CN103428044A (en) | Data packet monitoring method, device and system | |
| CN109587758A (en) | The method, apparatus and system of hotspot connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140312 Termination date: 20210926 |