Summary of the invention
In order to solve, consistency audit efficiency is low, the inaccurate problem of auditing result, embodiments provides a kind of policy consistency auditing method, device and equipment.Described technical scheme is as follows:
On the one hand, provide a kind of policy consistency auditing method, described method comprises:
Calculate the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.
The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result, comprising:
First CRC value of the policy data of NM server and equipment is compared, determines the first policy data;
When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
First CRC value of the policy data of NM server and equipment is compared, determines the first policy data, comprising:
Respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
Determine First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
More described First ray and the second sequence, be defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Calculate the characteristic value of the policy data of NM server and equipment respectively, comprising:
Obtain the policy data of NM server and equipment respectively;
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment.
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment, comprising:
When described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment, comprising:
According to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.
On the other hand, provide a kind of policy consistency audit device, described device comprises:
Computing module, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Comparison module, the characteristic value for the policy data to NM server and equipment compares, and obtains auditing result.
Described comparison module comprises:
First comparing unit, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data;
Second comparing unit, when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described first comparing unit comprises:
Sequencing unit, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Sequence determination unit, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
First policy determining unit, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described computing module comprises:
Acquiring unit, for obtaining the policy data of NM server and equipment respectively;
Computing unit, for the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
Another aspect, provide a kind of policy consistency audit device, described equipment comprises: processor,
Described processor, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Described processor, the characteristic value also for the policy data to NM server and equipment compares, and obtains auditing result.
Described processor, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data; When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described processor, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Described processor, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
Described processor, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described processor, also for obtaining the policy data of NM server and equipment respectively;
Described processor, the common object also for quoting according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described processor, for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described processor, for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
A kind of policy consistency auditing method, device and equipment that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Fig. 1 a is a kind of policy consistency auditing method flow chart that the embodiment of the present invention provides, and the executive agent in the present embodiment is NM server, and see Fig. 1 a, the method flow process comprises:
101: the characteristic value calculating the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Wherein, each CRC value calculates according to data itself and Cyclic Redundancy Algorithms.
102: the characteristic value of the policy data of NM server and equipment is compared, obtain auditing result.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Optionally, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, this step 102 " compares the characteristic value of the policy data of NM server and equipment, obtains auditing result ", comprises the following steps:
102A: the first CRC value of the policy data of NM server and equipment is compared, determines the first policy data;
Wherein, first CRC value calculates according to the business tine of the policy data of NM server, therefore the first CRC value and tactful physical meaning one_to_one corresponding, and include the content of the object quoted of strategy and common object due to this business tine, therefore, by comparing the first CRC value of the policy data of NM server and equipment, just can determine that whether NM server is consistent with the business tine of the policy data of equipment, when NM server is identical with the first CRC value of the policy data of equipment, then think that NM server is consistent with the policy data of equipment, first policy data is then for the first CRC between NM server and the policy data of equipment is worth identical policy data.
102B: when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
When comprising the All Policies data in NM server and equipment when the first policy data, do not need to compare the second policy data, now, there is not the second policy data, namely NM server is consistent with the policy data in equipment, does not need to compare further; When not comprising the All Policies data in NM server and equipment when the first policy data, policy data in NM server and equipment is inconsistent, using the data in the All Policies data in NM server and equipment except the first policy data as the second policy data, need the second CRC value compared further in the NM server in the second policy data and the policy data in equipment.
Second CRC value contains the CRC value of the content of multiple common object quoted, by comparing the second CRC value, concrete difference between the common object that the policy data can finding out NM server and equipment is quoted, also just have found the concrete difference of the policy data of NM server and equipment.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, this step 102A " compares the characteristic value of the policy data of NM server and equipment, obtains auditing result ", comprises step:
(1) respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
According to the order that the policy data of NM server and equipment configures, respectively the characteristic value of the policy data of NM server and equipment is sorted, the policy data comparison procedure of NM server and equipment can be carried out in order.
(2) First ray and the second sequence is determined, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment.
When with the policy data of NM server for benchmark time, according to the order of the policy data of NM server, the first CRC value in the policy data of NM server is compared with the first CRC value of the policy data of equipment one by one, particularly, first find out in a device and be worth identical policy data with the first CRC of the policy data of first in the policy data of NM server, if have found the policy data with the first identical CRC value in a device, record the order of this policy data in the policy data of NM server and the policy data of equipment and position, then, search under the position of the policy data of record in a device and be worth identical policy data with the first CRC of the policy data of second in the policy data of NM server, there is the first identical CRC be worth identical policy data if do not found in a device, search at the policy data of equipment and be worth identical policy data with the first CRC of the policy data of second in the policy data of NM server.In the policy data of equipment, the policy data with the first identical CRC value is searched according to the mode of searching of first policy data, until all policy data traversals in NM server have been searched, all policy data one_to_one corresponding with the first identical CRC value.
When with the policy data of equipment for benchmark time, according to the order of the policy data of equipment, the first CRC value in the policy data of equipment is compared with the first CRC value of the policy data of NM server one by one, particularly, first find out in NM server and be worth identical policy data with the first CRC of the policy data of first in the policy data of equipment, if have found the policy data with the first identical CRC value in NM server, record the order of this policy data in the policy data of equipment and the policy data of NM server and position, then, search under the position of the policy data of the record in NM server and be worth identical policy data with the first CRC of the policy data of second in the policy data of equipment, there is the first identical CRC be worth identical policy data if do not found in NM server, search at the policy data of NM server and be worth identical policy data with the first CRC of the policy data of second in the policy data of equipment.In the policy data of NM server, the policy data with the first identical CRC value is searched according to the mode of searching of first policy data, until all policy data traversals in equipment have been searched, all policy data one_to_one corresponding with the first identical CRC value.
(3) more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Due in the process obtaining First ray and the second sequence, have employed NM server and equipment respectively as benchmark, so the quantity with the policy data of the first identical CRC value in the First ray obtained and the second sequence is likely different, the policy data in sequences many for the policy data with the first identical CRC value is defined as the first policy data.When not comprising the All Policies data in NM server and equipment when the first policy data, using the policy data beyond the first policy data as the second policy data.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.Further, by obtaining the first policy data, the consistent policy data in NM server and equipment can be known.
Alternatively, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, step 101 " calculate the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data ", comprising:
101A: the policy data obtaining NM server and equipment respectively;
Wherein, policy data comprises strategy and the tactful common object quoted.Wherein, common object includes but not limited to: address set, time period, services set etc.After NM server receives the audit request that equipment sends, send a request message to NM server according to the device id number in audit request, NM server returns according to the ID in request message the policy data that this equipment configures on NM server; Meanwhile, NM server sends a request message to this equipment, makes this equipment after receiving request message, and the order line echo data that strategy configures are returned to NM server, and wherein, the order line echo data of this strategy configuration comprise the policy data of equipment.
101B: the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Policy data both can comprise various reference object, also the common object quoted can be comprised, for the object quoted, as address ip, service http etc. directly can calculate its CRC value, for the common object quoted, then need to calculate the CRC value of common object name and the CRC value of common object content.For a strategy, the superiors are this strategy, lower floor can be the substrategy of this strategy, the common object that can quote for this substrategy of lower floor again, if this common object refer to other object, so can also have lower data, each strategy can be divided into different levels according to the adduction relationship of self.When calculating the characteristic value of policy data of NM server and equipment, need calculating two category feature value, the first kind is the first CRC value, and Equations of The Second Kind is the second CRC value.Wherein, the characteristic value of a policy data comprises the first CRC value that has multiple CRC value, and this characteristic value can also comprise at least one second CRC value, the number of the common object that the number of the second CRC value that the characteristic value of policy data comprises is quoted by each policy data determines, at least one second CRC value may be had in a characteristic value, the second CRC value may do not had yet, but, a first CRC value is only comprised in the characteristic value of policy data, first cyclic check code is the CRC value of the strategy of these policy data the superiors.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.By the calculating to the first cyclic check code and the second cyclic check code, the time that comparison of coherence is used can be shortened.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, in this step 101B " according to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment ", comprise: when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
NM server is in consistency audit process, and what get from equipment is the order line echo data of strategy configuration, and wherein, the order line echo data that this strategy configures comprise the policy data of equipment.When described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.Particularly, after NM server receives the policy data of equipment transmission, judge that whether NM server is identical with the form of the policy data of equipment, if so, directly calculate the characteristic value of the policy data of NM server and equipment; If not, according to the order line echo data of the policy data configuration that equipment sends, policy data is carried out to the parsing of order line, change into the form of the policy data of NM server, then calculate the characteristic value of the policy data of NM server and equipment.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, " according to the common object that policy data and each policy data of described NM server and equipment are quoted; calculate the characteristic value of the policy data of described NM server and equipment " in this step 101B, comprise: according to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.
Particularly, according to the adduction relationship level of each policy data described and common object, the CRC value of the common object that each policy data that first calculating is in lower floor is quoted is as the second CRC value, again according to hierarchical logic relation, the object quote upper strata and business datum calculate, using the second CRC value and the CRC value of upper layer policy data that calculates as the first CRC value, first CRC value comprises at least one second CRC value, the business implication of the first CRC value got and the actual representative of policy data is one to one.When calculating first CRC value, as long as calculate according to configuration sequence, for the object directly quoted, calculate the CRC value of its correspondence, for the common object quoted, then need to calculate the CRC value of common object name and the CRC value of common object content.Such as, strategy only refer to common object, then the form of the first CRC value of strategy is:
The CRC value of the content of the common object 1 that the CRC value+policy data of the name of the common object 1 that policy data is quoted is quoted+... the CRC value of the content of the common object N that the CRC value+policy data of the name of the common object N that+policy data is quoted is quoted.
Wherein, the CRC value of CRC value and the common object of the name of each common object in the first CRC value of strategy is adjacent, and the CRC value of the name of each common object and the CRC value of common object calculate by the sequencing of their configurations in strategy.
Such as, strategy both refer to common object, directly refer to again object as IP and service, then the form of the first CRC value of strategy is:
The CRC value of the content of the common object 1 that the CRC value+policy data of the name of the common object 1 that policy data is quoted is quoted+... the CRC value of the CRC value+service of the CRC value+IP of the content of the common object N that the CRC value+policy data of the name of the common object N that+policy data is quoted is quoted.
The CRC value of CRC value and the common object of the name of each common object in the second CRC value of strategy is adjacent, and the CRC value of the name of each common object and the CRC value of common object, the CRC value of IP, the CRC value of service calculate by the sequencing of their configurations in strategy.
Fig. 1 b is a kind of policy consistency audit configuration diagram provided in the embodiment of the present invention, see Fig. 1 b, in Fig. 1 b, in the audit preparatory stage, after getting the policy data of NM server and equipment, the policy data of equipment is resolved, convert the data consistent with the form of the policy data of NM server to, then the CRC value of common object is calculated, i.e. the second CRC value, services set as illustrated in the drawing, address set and other collection, then according to adduction relationship, calculate the CRC value of the strategy on upper strata, i.e. the first CRC value.In audit process, first carry out the comparison of the first CRC value, obtain the first policy data, when the first CRC value, relatively the second CRC value of common object, first compares the second CRC value of the name of services set, address set and other collection, finds out the set that the second CRC value is different, and then the second CRC value of the content of this set, obtain concrete inconsistent data.
Fig. 2 a is a kind of policy consistency auditing method flow chart that the embodiment of the present invention provides, and the executive agent in the present embodiment is NM server, and see Fig. 2 a, method flow comprises:
201: NM server obtains the policy data of NM server and equipment respectively;
202: the form by the formal transformation of the policy data of described equipment being the policy data of described NM server;
The embodiment of the present invention is not only all example with the form of the policy data of the policy data of NM server and equipment and is described.
203: the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment;
According to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.The characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data.
In order to make the characteristic value computational process of those skilled in the art's comprehension strategy data better, illustrate below.As, the form of a policy data is:
Policy100sourceaddress-setaddrset002destinationaddrset_serverservicehttpftp
addrset002
item12.2.2.0/24
item23.3.3.0/24
addrset_server
item15.5.5.0/24
item25.5.6.0/24
Wherein, 100 is sequence numbers of this strategy, addrset002 is the source address services set that this strategy is quoted, addrset_server is the destination address services set that this strategy is quoted, httpftp is the service that this agreement uses, 2.2.2.0/24 be the address contents in the source address services set quoted of this strategy with 3.3.3.0/24,5.5.5.0/24 and 5.5.6.0/24 is the address contents in the destination address services set quoted of this strategy.
Because this strategy refer to two common objects, i.e. addrset002 and addrset_server, so two the second CRC values can be obtained.When calculating the second CRC value of this strategy, need the CRC value first calculating 2.2.2.0/24 and 3.3.3.0/24 respectively, then the value of the two is added, as the second CRC value of the content of addrset002, in like manner, need the CRC value first calculating 5.5.5.0/24 and 5.5.6.0/24 respectively, then the value of the two is added, as the second CRC value of the content of addrset_server.After having calculated the second CRC value, then calculate the first CRC value of this strategy, consisting of of the first CRC value of this strategy:
The CRC value of the CRC value+httpftp of the content of the CRC value+addrset_server of the name of the CRC value+addrset_server of the content of the CRC value+addrset002 of the name of addrset002.
204: respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
According to the order that the policy data of NM server and equipment configures, respectively the characteristic value of the policy data of NM server and equipment is sorted, the policy data comparison procedure of NM server and equipment can be carried out in order.
205: determine First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
In the process determining First ray and the second sequence, need respectively with the policy data of NM server and equipment for benchmark, by comparing one by one the policy data of NM server and equipment, until all policy data one_to_one corresponding with the first identical CRC value, obtain the first CRC and be worth identical policy data sequence.
Such as, policy data in NM server is EABC, policy data in equipment is CABD, then with the policy data of NM server for benchmark, from the policy data NM server, take out tactful E, obtain the first CRC value of E, and the first CRC value in policy data in equipment compares, by more known, the E in the policy data of network does not have corresponding strategy in the policy data of equipment.After the E of completeer NM server, obtain the first CRC value of the next one strategy A of NM server, compare with the first CRC value in each policy data in equipment, when comparing the A in equipment, have found the strategy with identical first CRC value, the order of the tactful A that record has an identical first CRC value in NM server and equipment and position.Obtain the first CRC value of the B in NM server, compare with the policy data of below the A in equipment, can the tactful B with identical first CRC value in acquisition equipment, the order of the tactful B that record has an identical first CRC value in NM server and equipment and position.Finally, obtain the first CRC value of the C in NM server, and the policy data of below B in equipment compares, by more known, the C in the policy data of network does not have corresponding strategy in the policy data of equipment.Relatively, will have the tactful one_to_one corresponding of the first identical CRC value, the data obtained are as shown in table 1:
Table 1
NM server |
Equipment |
E |
C |
A |
A |
B |
B |
C |
D |
As can be seen from Table 1, First ray is made up of the A of NM server and the B of the A of equipment, the B of NM server and equipment.
With the policy data of equipment for benchmark, policy data in compare facilities and the policy data in NM server one by one, mode and the aforesaid way of comparison are similar, here repeat no more, relatively, to have the tactful one_to_one corresponding of the first identical CRC value, the data obtained are as shown in table 2:
Table 2
Equipment |
NM server |
N/A |
E |
N/A |
A |
N/A |
B |
C |
C |
A |
N/A |
B |
N/A |
D |
N/A |
As can be seen from Table 2, the second sequence is made up of the C of equipment and the C of NM server, and wherein, N/A represents empty.
206: more described First ray and the second sequence, the policy data comprised in the many sequences of the policy data with the first identical CRC value is defined as the first policy data;
In example in step 205, as can be seen from Table 1, the quantity with the policy data of the first identical CRC value in First ray is 2, and namely the A in NM server and the A in equipment is corresponding, and the B in NM server and the B in equipment is corresponding.As can be seen from Table 2, the quantity with the policy data of the first identical CRC value in second sequence is 1, namely the C in equipment and the C in NM server is corresponding, by comparing, the quantity in First ray with the policy data of the first identical CRC value is more, so, using each policy data in First ray all as the first policy data.
Step 204-206 compares the first CRC value of the policy data of NM server and equipment, determines the process of the first policy data.
207: when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
When comprising the All Policies data in NM server and equipment when the first policy data, do not need to compare the second policy data, now, there is not the second policy data, namely NM server is consistent with the policy data in equipment, does not need to compare further; When not comprising the All Policies data in NM server and equipment when the first policy data, policy data in NM server and equipment is inconsistent, using the data beyond the first policy data in the All Policies data in NM server and equipment as the second policy data, need the second CRC value compared further in the NM server in the second policy data and the policy data in equipment.
On the basis of step 206 example, the All Policies data in NM server and equipment are not comprised due to the first policy data, then need to compare the second policy data, so using the data in the All Policies data in NM server and equipment except the first policy data as the second policy data.As can be seen from Table 1, the second policy data is made up of the E of NM server and the D of the C of equipment, the C of NM server and equipment.After acquisition second policy data, for the policy data of the NM server and equipment that there is corresponding relation, also need the second CRC value comparing the E of NM server and the C of equipment further, and the second CRC value of the C of NM server and the D of equipment, find out the difference in the policy data in NM server and equipment, for the policy data of the NM server and equipment that there is not corresponding relation, as the 2nd in table 2, 3, 4, 6, 7, 8 provisional capitals are that a policy data is to the situation of sky, so without the need to comparing, directly using this policy data as variance data.
Step 203-207 compares the characteristic value of the policy data of NM server and equipment, obtains the process of auditing result.
Fig. 2 b is a kind of policy consistency audit schematic diagram that the embodiment of the present invention provides, see Fig. 2 b, in figure, tactful adduction relationship is divided into three levels, ground floor is strategy, the second layer is substrategy (service substrategy (fwpolicy) as shown in figure 2b, procotol substrategy (ipspolicy) and resolution level strategy (dpipolicy)), and third layer is common object (source address as shown in Figure 2 b, destination address, service, time period, exception signature, signature collection, application protocol collection etc.).The common object of this third layer can also have the common object (self-defined signature as shown in Figure 2 b) quoted, relatively time, first compare the first cyclic redundancy check (CRC) code value of the ground floor strategy of NM server and equipment, when the first cyclic redundancy check (CRC) code value is different, compare the second CRC value of the substrategy of the second layer of NM server and equipment again, if the second CRC value of the substrategy of the second layer is identical, then do not compare further, if the second CRC value of the substrategy of the second layer is different, find out the substrategy that the second CRC value is different, relatively the second CRC value of the common object of the third layer that this substrategy of NM server and equipment is corresponding, find out the common object that the second CRC value is different.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Fig. 3 is a kind of policy consistency audit device provided in the embodiment of the present invention, and see Fig. 3, this device comprises:
Computing module 301, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Comparison module 302, the characteristic value for the policy data to NM server and equipment compares, and obtains auditing result.
Described comparison module 302 comprises:
First comparing unit, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data;
Second comparing unit, when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described first comparing unit comprises:
Sequencing unit, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Sequence determination unit, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
First policy determining unit, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described computing module 301 comprises:
Acquiring unit, for obtaining the policy data of NM server and equipment respectively;
Computing unit, for the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
The device that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Fig. 4 is a kind of policy consistency audit device provided in the embodiment of the present invention, and see Fig. 4, this equipment comprises: processor,
Described processor 401, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Described processor 401, the characteristic value also for the policy data to NM server and equipment compares, and obtains auditing result.
Described processor 401, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data; When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described processor 401, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Described processor 401, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
Described processor 401, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described processor 401, also for obtaining the policy data of NM server and equipment respectively;
Described processor 401, the common object also for quoting according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described processor 401, for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described processor 401, for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
The equipment that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
It should be noted that: the policy consistency audit device that above-described embodiment provides is when policy consistency is audited, only be illustrated with the division of above-mentioned each functional module, in practical application, can distribute as required and by above-mentioned functions and be completed by different functional modules, internal structure by equipment is divided into different functional modules, to complete all or part of function described above.In addition, the policy consistency audit device that above-described embodiment provides and policy consistency auditing method embodiment belong to same design, and its specific implementation process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.