A kind of method that realizes Network Check by the marked network integrity attribute
Technical field
The present invention relates to the network security technology field, be specifically related to a kind of method that realizes Network Check by the marked network integrity attribute.
Background technology
Existing network is being checked, or upgrading existing network, perhaps test in the New Deal project, all need reliability and the validity of network are assessed objectively, to reduce the investment risk of networking, make planned network that very high performance be arranged, perhaps make test result can truly reflect the performance of New Deal.Legacy network design and planing method are mainly by experience, and to the catenet of complexity, the incessantly main points of design are grabbed owing to predicting in a lot of places.Therefore more and more need a kind of new Network Check and audit means.
The automatic inspection of network equipments configuration is faced with again a large amount of technical barriers, automatic decision from the configuration of the equipment that automatically recognizes of equipment, check and automatically generation report of later stage, all there are more technological difficulties, especially whether automatically from the facility information of magnanimity, differentiating safety, whether close rule, whether meet technical need.In addition, how can not merely only check an equipment, but check the attribute of network integral body, check whether the every attribute between InterWorking Equipment mates, then become impact and check important technology ability accuracy and comprehensive.The present networks inspection method has created and has a kind ofly identified by the attribute of phase-split network facility information to network integral body, and then carries out the method for compliance, matching, compliance check, solves the industry difficult problem that automation checks.
The network equipment comprises the hardware unit that all consist of network principal and are used for network connection, and the non-material object of guarantee network-in-dialing, the object that exists in logic comprises: the various terminal equipments such as PC terminal, private server, printer, portable terminal; Router, switch, fire compartment wall, the independent networking isolated plants such as physical function module of pegging graft; The physical circuit that needs in the networking or logic connect, such as network cable, wireless connections; Non-entity target in logic, as " local area network (LAN) " this pseudo-entity itself of being formed by each network connection device or " cloud " (pseudo-entity " cloud " is suitable for various application occasions, as: backbone network that is provided by operator etc.).
Summary of the invention
But the purpose of this invention is to provide a kind of automation with operability and implement the method for passing through marked network integrity attribute realization Network Check that the network equipment checks, the above-mentioned shortcoming that exists to overcome present prior art.
The objective of the invention is to be achieved through the following technical solutions:
A kind of method by marked network integrity attribute realization Network Check may further comprise the steps:
1) creates the data form of network integrity attribute according to network equipment information;
2) attribute and the state of network integral body are inserted in the described network integrity attribute list;
3) check whether the association attributes of whole network meets the inspection rule of setting;
4) generate the coherence check report the test.
Further, in the step 1), described data form is for the information that gives, and analyzes the number of devices that comprises in the information, and an attribute database of the whole network correspondence establishment that forms for all devices;
Further, step 2) in, the data form of the corresponding attribute of whole network set up complete after, dissecting needle is to the relevant information of whole network; Wherein, with further corresponding one or more of this network integrity attribute or state of being converted into of described relevant information.
Further, in the step 3), according to filling complete device attribute, attribute and the state of whole network checked, and the attribute of whole network is examined one by one.
Further, in the step 4), in checking process, do not arrange out one by one meeting the clauses and subclauses that preset rule, generate report.
Beneficial effect of the present invention is: the present invention adopts brand-new network integrity attribute concept, so that the information of the confusing network equipment of the magnanimity of extracting, by neat, unified be designated measurable, can compare, can judge, discernible normalized network integrity attribute information.This method has surmounted the Network Check means that can only simply check the network unit, realizes from macroscopic perspective, and state, attribute, the matching of network integral body had a comprehensive method of inspection.This method is specially adapted to inspection and the misarrangement of big-and-middle-sized network simultaneously.
Description of drawings
The below is described in further detail the present invention with reference to the accompanying drawings.
Fig. 1 is the flow chart of realizing the method for Network Check by the marked network integrity attribute of the present invention.
Embodiment
As shown in Figure 1, the described method by marked network integrity attribute realization Network Check of present embodiment comprises the steps:
1) creates a Network Check project, and read network equipment information.Implementor name in system's automatic fitration information, it is an equipment that the implementor name that occurs is all regarded as, and prepares to be used for filling the various attributes (each equipment is a table) of this equipment for a data list corresponding to each equipment establishment.Create simultaneously an independent list and be used for the whole association attributes of marked network.
For example: comprise 8 equipment (each own different device name) in the network equipment information that gives, except 8 equipment for this reason create 8 corresponding data lists, create simultaneously a data list, for attribute and the state of the integral body that identifies the network that is formed by these 8 network equipments.And one of attribute that these 8 equipment also are this network integral body in fact to have (this network comprises the number of devices attribute: 8);
2) scanning information file again, with network whole relevant state and attribute, correspondence is filled in the attribute or state list of network integral body.Comprise some attributes and state that network integral body should have in the database of each overall network, in scanning process, in case find the sign of these attributes or state, namely in database, do corresponding mark.
For example: this network integral body has been used the OSPF Routing Protocol, and comprise 3 ospf areas, do not use MD5 effect etc., the information that these are decomposed out between the ospf router, all be can be regarded as a certain or multiple attribute of this whole network, be identified at respectively in the network integrity attribute.
3) attribute of network integral body and state all analyze complete after.Beginning is stored in the inspection rule in the rule database according to ready, checks whether the association attributes of network integral body meets rule; To verify existing network integrity attribute and state one by one the requirement of network integrity attribute or state each bar in the rule base in the checking process.
For example: the zone of the OSPF of Cisco should be continuous, and All Ranges all links to each other with area0.As individual areas occurs and do not link area0, then the OSPF Routing Area setting of this network has comprised at least one mistake.
4) all underproof projects in the previous step inspection are listed in the report.
In this patent, the network equipment refers in particular to all hardware units that consist of network principal and be used for network connection, and ensures the object non-material object, that exist in logic of network-in-dialing, comprising:
1, the various terminal equipments such as PC terminal, private server, printer, portable terminal;
2, router, switch, fire compartment wall and the independent networking isolated plants such as physical function module of pegging graft;
3, the physical circuit that needs in the networking or logic connect, such as network cable, wireless connections;
4, in logic non-entity target, as " local area network (LAN) " this pseudo-entity itself of being formed by each network connection device or " cloud " (pseudo-entity " cloud " is suitable for various application occasions, as: backbone network that is provided by operator etc.).
The present invention is not limited to above-mentioned preferred forms; anyone can draw other various forms of products under enlightenment of the present invention; no matter but do any variation in its shape or structure; every have identical with a application or akin technical scheme, all drops within protection scope of the present invention.