CN103731316A - Flow monitoring device and method - Google Patents
Flow monitoring device and method Download PDFInfo
- Publication number
- CN103731316A CN103731316A CN201310330681.3A CN201310330681A CN103731316A CN 103731316 A CN103731316 A CN 103731316A CN 201310330681 A CN201310330681 A CN 201310330681A CN 103731316 A CN103731316 A CN 103731316A
- Authority
- CN
- China
- Prior art keywords
- flow
- network
- data
- processing module
- bag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a flow monitoring method. The flow monitoring method comprises the steps that collected ceaseless network flow is received, a data package preprocessing module lines up data packages of the network flow according to received time sequence and sends the lined-up data packages of the network flow to a data processing module, and the data processing module compares the received data packages of the network flow according to preset rules and sends the data packages of the network flow to specific monitoring ports according to comparison results. In the technical scheme, the network flow is collected ceaselessly, comparison is carried out according to the preset rules, then, the network flow is forwarded to corresponding monitoring modules according to the comparison results, ceaseless monitoring on the network flow is achieved, and thus monitoring accuracy is improved greatly. The invention further correspondingly discloses a flow monitoring device.
Description
Technical field
The invention belongs to network flow monitoring technical field, relate in particular to a kind of flow-monitoring device and method.
Background technology
Along with building developing rapidly and the raising of user to performance index requirements of network foundation technology and network application, make network economic governance become problem in the urgent need to address, effectively network flow monitoring can guarantee stable operation and the sustainable development of network, the more important thing is, along with the expansion of network size and the development of hacking technique, invasion and the case of attacking are increasing, stable network service, information security, the Internet order have all been proposed to serious challenge, and network flow monitoring has been played the part of even more important role in whole network economic governance system.
Current, the mode of network flow monitoring is mainly network management system and periodically gathers the service traffics in institute's monitor network according to scheduled duration, according to predefined rule, carries out traffic monitoring.
Periodically gather the service traffics in institute's monitor network, the performance that can save equipment, still, cannot meet the needs of some business, cannot realize the uninterrupted monitoring of network traffics.
Summary of the invention
The object of this invention is to provide a kind of flow-monitoring device and method, to solve the above-mentioned defect existing in prior art.
For realizing object of the present invention, the invention provides a kind of flux monitoring method, comprising:
Receive the uninterrupted network traffics of collection, packet pretreatment module by the packet of network traffics according to the time order and function the receiving row of sequentially ranking, and by the Packet Generation of the described network traffics of drained queue to data processing module; Data processing module is compared to the described networking data on flows bag receiving according to pre-defined rule, and according to comparison result, described network flow data bag is mail to specific policing port.
In technique scheme, the flow of network is gathered incessantly, and compare according to pre-defined rule, then, according to comparison result, be forwarded to corresponding monitoring module, realized the uninterrupted monitoring to network traffics, greatly improved the accuracy of monitoring.
Preferably, also comprise:
Described uninterrupted network traffics gather by flow shunt grabber, and send to described packet pretreatment module, and the described flow shunt grabber of access network also forwards for realizing the free of discontinuities of access network.
In above-mentioned optimal technical scheme, utilize dedicated network flow collection equipment, flow shunt grabber uninterruptedly gathers network traffics, has realized the specialization of collecting device, has improved the performance of collecting device; Meanwhile, above-mentioned flow shunt grabber is linked in the physical layer of network, its on the collection of data on network traffics without any interference and impact, guaranteed the reliability of flow collection; Above-mentioned flow shunt grabber, has the function that free of discontinuities forwards, and failure protection function is set in equipment, and in the time of device fails, equipment is equivalent to by " short circuit ", and network traffics forward without interruption.
Preferably, described flow shunt grabber is one or more, monitors respectively different networkings.
In above-mentioned optimal technical scheme, the network traffics that the flow shunt grabber at the different networkings of a plurality of monitoring can gather are transferred in same packet pretreatment module, realized a mode of analyzing corresponding many collecting devices, compare a specific acquisition and processing equipment corresponding to traditional a certain networking, save hardware resource, reduced the cost of network design.
Preferably, described the pre-defined rule collecting is referred to, according to the comparison rules of monitoring object required setting, described comparison rules is stored in flow mapping table designed in three-state content addressing memory (TCAM) array.
In above-mentioned optimal technical scheme, according to the object of monitoring, generate special key words, and store in the flow mapping table in TCAM.
Preferably, after the step of according to pre-defined rule, the described networking data on flows bag receiving being compared at described data processing module, and before described network flow data bag being mail to specific policing port step according to comparison result, also comprise the step that depth data bag detects, for the information of the application layer of network flow data bag is recombinated, and according to the information of the described application layer of obtaining, described network flow data bag is carried out to statistical analysis.
Above-mentioned data processing module based on physical layer, and in the design of flow-monitoring device, also must be considered another situation to the processing of network flow data bag, if that is exactly occurred very fuzzy or be difficult to determine in the setting of monitoring rules.The most typical this situation for this system must be by the flow shunt without any standard definition and the so-called keyword that there will be in the application load of packet out.Thus, in the design of flow-monitoring device, after flow processing module, added the function based on the dark detection technique of packet (DPI), to meet the further demand of monitoring business.
The present invention also provides a kind of flow-monitoring device, comprising:
Packet pretreatment module, be connected with described network data input channel, for by the packet of the network traffics that receive according to the time order and function order receiving at the described network data input channel row of ranking, and by the Packet Generation of the described network traffics of drained queue to data processing module;
Network data input channel, is connected with described data preprocessing module, described data processing module, for described data preprocessing module by the described network flow data bag row of ranking;
Data processing module, is connected with described network data input channel, policing port, for according to pre-defined rule, the described networking data on flows bag receiving being compared, and according to comparison result, described network flow data bag is mail to specific policing port;
Policing port, is connected with described data processing module, external data treatment facility, for described flow-monitoring device, described network flow data bag is sent to external data treatment facility.
Preferably, also comprise flow shunt grabber, with access network, packet pretreatment module is connected, for uninterrupted network traffics collection, and send to described packet pretreatment module, the described flow shunt grabber of access network also forwards for realizing the free of discontinuities of access network flow.
Preferably, described flow shunt grabber is one or more, monitors respectively different networkings.
Preferably, described pre-defined rule refers to that described flow-monitoring device also comprises TCAM according to the comparison rules of the required setting of monitoring object, is designed with the flow mapping table of the described comparison rules of storage in described TCAM.
Preferably, also comprise depth data bag detection module, be connected with described data processing module, policing port, for the information of the application layer of network flow data bag is recombinated, and according to the information of the described application layer of obtaining, described network flow data bag carried out to statistical analysis.
A kind of flow-monitoring device provided by the invention, corresponding and above-mentioned a kind of flux monitoring method, has same technique effect.
Accompanying drawing explanation
Fig. 1 is the external structure schematic diagram of flow-monitoring device of the present invention;
Fig. 2 is the internal structure schematic diagram of flow-monitoring device of the present invention;
Fig. 3 is the method flow diagram of flux monitoring method of the present invention;
Fig. 4 is the structural representation of flow shunt grabber of the present invention;
Fig. 5 is used state diagram while being flow shunt grabber normal power supply of the present invention;
Fig. 6 is used state diagram while being flow shunt grabber power-off of the present invention;
In figure: 201-the first policing port, 202-the second policing port, 203-first network data decoder, 204-second network data decoder, 205-the first electric capacity, 206-the second electric capacity, 207-the first relay, 208-the second relay, 209-power supply, 210-the second data network interface, 211-the first data network interface.
Embodiment
In order to make object of the present invention, technical scheme and beneficial effect clearer, below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated.Should be understood to specific embodiment described herein only in order to explain the present invention, be not limited to protection scope of the present invention.
As shown in Figure 1, in the present invention, flow-monitoring device is connected with a plurality of network traffics collecting devices, and an equipment can be processed the network data that many network traffics collecting devices gather simultaneously, compared with prior art, can save hardware cost.
As shown in Figure 2, packet preliminary treatment control module is above-mentioned so-called packet pretreatment module namely, because the flow-monitoring device in the present invention is processed the data on flows that many network traffics collecting devices gather, how a plurality of network traffics are merged and to be processed, also be a difficult point, in the present invention, packet pretreatment module by the network flow data bag receiving according to the time order and function receiving sequentially, in network data input channel, arrange, complete after a queue of predetermined condition, this queue is mail to data processing module.
As shown in Figure 3, the present invention also provides a kind of flux monitoring method, comprise the steps,
Fig. 4 is the structural representation that the present invention shunts grabber embodiment.
The embodiment of the present invention comprises the first policing port, the second policing port, first network data decoder, second network data decoder, the first electric capacity, the second electric capacity, the first relay, the second relay, power supply, the first data network interface, the second data network interface.Power supply is used to the power supply of flow shunt grabber.Between above-mentioned electronic component, by netting twine, connect, between power supply and electronic component to be powered, by power line, be connected.
Fig. 5 is used state diagram when inventive embodiments normal power supply in Fig. 4.
When flow shunt grabber is in running order, the network traffic data of the first data network interface one side is from the first data network interface input flow rate shunting grabber, network traffic data is inputted first network data decoder after the first data network interface, first network data decoder is by after described network data decoding, send to the first policing port, through the first policing port, issue external equipment, described external equipment can be for flow analysis equipment or traffic statistics equipment or other be for equipment that flow is managed etc.; First network data decoder on the other hand by flow without any processing be transferred to the second data network interface, through the second data network interface by the network data transmission of the first data network interface one side to netting twine; Similarly, from the network traffic data of the second data network interface one side, from the second data network interface, flow into flow shunt grabber, network traffic data is inputted second network data decoder after the second data network interface, second network data decoder is by after network data decoding, send to the second policing port, through the second policing port, send to external equipment, the external equipment here can comprise that flow analysis equipment or statistics equipment or other are for equipment that flow is managed etc. equally; Second network data decoder on the other hand by flow without any processing be transferred to the first data network interface, through the first data network interface by the network data transmission of the second data network interface one side to netting twine.
It should be noted that, in the time of in above-mentioned flow shunt grabber series connection access network, two data network interface is connected into respectively certain side of network, imports in flow shunt grabber like this with regard to two-way network traffic data.In flow shunt grabber, for the data traffic receiving, after data network interface, enter network data decoder, then will separate the device of the transfer of data of code to lower one deck, the namely above-mentioned equipment that data traffic is processed; On the other hand, the data traffic for output, will be transferred to the network port and send.Because the requirement of flow shunt grabber is " must guarantee how not affect to legacy data flow ", so we make full use of " teledata the is straight-through " function on network data decoder, how the data traffic of namely inputting processes if can adding, and the output port that directly leads, it is equivalent to data traffic is passing of " through train " in flow shunt grabber, thereby reach " without postponing, without interrupting, without substitute ".Meanwhile, utilize the flow decoding function on network data decoder, the flow passing is formed to " mirror image " and outputs to monitoring output port.
As shown in Figure 6, in normal operation, two relay-sets can be in " opening circuit " state, but when powering-off state occurs, these two relays, due to without electricity, will be converted to the state at " path ", thereby network both sides network traffic data can be cut into pass-through state automatically, as shown in the dotted line in Fig. 4, the dotted line that dot spacing is larger represents, from the second data network interface input, from the network traffic data of the first data network interface output, to flow to; The dotted line that dot spacing is less represents, from the first data network interface input, from the network data of the second data network interface output, to flow to.Utilize relay-set network traffic data can not interrupt because of power-off.When system restores electricity, the relay of both direction will automatically revert to " opening circuit " state, from and supervised path that user data traffic is returned to.
Preferably, consider that relay is when state is changed, have certain delay, in circuit, access electric capacity, each network data decoder accesses an electric capacity, before making to complete " path " state at relay, network data decoder still can maintenance work state, thereby can guarantee that user data traffic is from supervised path cuts off, direct circuit is connected, and reaches flow without the target of interrupting.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a flux monitoring method, is characterized in that, comprising:
Receive the uninterrupted network traffics of collection, packet pretreatment module by the packet of network traffics according to the time order and function the receiving row of sequentially ranking, and by the Packet Generation of the described network traffics of drained queue to data processing module; Data processing module is compared to the described networking data on flows bag receiving according to pre-defined rule, and according to comparison result, described network flow data bag is mail to specific policing port.
2. flux monitoring method according to claim 1, is characterized in that, also comprises:
Described uninterrupted network traffics gather by flow shunt grabber, and send to described packet pretreatment module, and the described flow shunt grabber of access network also forwards for realizing the free of discontinuities of access network.
3. flux monitoring method according to claim 2, is characterized in that, described flow shunt grabber is one or more, monitors respectively different networkings.
4. flux monitoring method according to claim 3, it is characterized in that, described pre-defined rule refers to that, according to the comparison rules of the required setting of monitoring object, described comparison rules is stored in flow mapping table designed in three-state content addressing memory (TCAM) array.
5. flux monitoring method according to claim 4, it is characterized in that, after the step of according to pre-defined rule, the described networking data on flows bag receiving being compared at described data processing module, and before described network flow data bag being mail to specific policing port step according to comparison result, also comprise the step that depth data bag detects, for the information of the application layer of network flow data bag is recombinated, and according to the information of the described application layer of obtaining, described network flow data bag is carried out to statistical analysis.
6. a flow-monitoring device, is characterized in that, comprising:
Packet pretreatment module, be connected with described network data input channel, for by the packet of the network traffics that receive according to the time order and function order receiving at the described network data input channel row of ranking, and by the Packet Generation of the described network traffics of drained queue to data processing module;
Network data input channel, is connected with described data preprocessing module, described data processing module, for described data preprocessing module by the described network flow data bag row of ranking;
Data processing module, is connected with described network data input channel, policing port, for according to pre-defined rule, the described networking data on flows bag receiving being compared, and according to comparison result, described network flow data bag is mail to specific policing port;
Policing port, is connected with described data processing module, external data treatment facility, for described flow-monitoring device, described network flow data bag is sent to external data treatment facility.
7. flow-monitoring device according to claim 6, it is characterized in that, also comprise flow shunt grabber, with access network, packet pretreatment module is connected, for uninterrupted network traffics collection, and send to described packet pretreatment module, the described flow shunt grabber of access network also forwards for realizing the free of discontinuities of access network flow.
8. flow-monitoring device according to claim 7, is characterized in that, described flow shunt grabber is one or more, monitors respectively different networkings.
9. flow-monitoring device according to claim 8, it is characterized in that, described pre-defined rule refers to that described flow-monitoring device also comprises TCAM according to the comparison rules of the required setting of monitoring object, is designed with the flow mapping table of the described comparison rules of storage in described TCAM.。
10. flow-monitoring device according to claim 9, it is characterized in that, also comprise depth data bag detection module, be connected with described data processing module, policing port, for the information of the application layer of network flow data bag is recombinated, and according to the information of the described application layer of obtaining, described network flow data bag is carried out to statistical analysis.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310330681.3A CN103731316B (en) | 2013-07-30 | 2013-07-30 | A kind of flow-monitoring device and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310330681.3A CN103731316B (en) | 2013-07-30 | 2013-07-30 | A kind of flow-monitoring device and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103731316A true CN103731316A (en) | 2014-04-16 |
CN103731316B CN103731316B (en) | 2017-08-04 |
Family
ID=50455251
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310330681.3A Expired - Fee Related CN103731316B (en) | 2013-07-30 | 2013-07-30 | A kind of flow-monitoring device and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103731316B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989289A (en) * | 2018-06-21 | 2018-12-11 | 北京亚鸿世纪科技发展有限公司 | A kind of method and device ensureing flow collection integrality |
CN110224891A (en) * | 2019-06-12 | 2019-09-10 | 武汉绿色网络信息服务有限责任公司 | A kind of intelligent flow dispatching method and system based on DPI and current divider |
CN111367751A (en) * | 2018-12-26 | 2020-07-03 | 北京神州泰岳软件股份有限公司 | End-to-end data monitoring method and device |
CN113194045A (en) * | 2020-01-14 | 2021-07-30 | 阿里巴巴集团控股有限公司 | Data flow analysis method and device, storage medium and processor |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040071152A1 (en) * | 1999-12-29 | 2004-04-15 | Intel Corporation, A Delaware Corporation | Method and apparatus for gigabit packet assignment for multithreaded packet processing |
CN1881899A (en) * | 2006-04-30 | 2006-12-20 | 国家数字交换系统工程技术研究中心 | Network flow monitoring system and method |
CN101174993A (en) * | 2006-11-02 | 2008-05-07 | 北京中创信测科技股份有限公司 | Network data monitoring and processing method and equipment |
CN101640666A (en) * | 2008-08-01 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Device and method for controlling flow quantity facing to target network |
CN102055620A (en) * | 2009-10-27 | 2011-05-11 | 中国移动通信集团浙江有限公司 | Method and system for monitoring user experience |
-
2013
- 2013-07-30 CN CN201310330681.3A patent/CN103731316B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040071152A1 (en) * | 1999-12-29 | 2004-04-15 | Intel Corporation, A Delaware Corporation | Method and apparatus for gigabit packet assignment for multithreaded packet processing |
CN1881899A (en) * | 2006-04-30 | 2006-12-20 | 国家数字交换系统工程技术研究中心 | Network flow monitoring system and method |
CN101174993A (en) * | 2006-11-02 | 2008-05-07 | 北京中创信测科技股份有限公司 | Network data monitoring and processing method and equipment |
CN101640666A (en) * | 2008-08-01 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Device and method for controlling flow quantity facing to target network |
CN102055620A (en) * | 2009-10-27 | 2011-05-11 | 中国移动通信集团浙江有限公司 | Method and system for monitoring user experience |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989289A (en) * | 2018-06-21 | 2018-12-11 | 北京亚鸿世纪科技发展有限公司 | A kind of method and device ensureing flow collection integrality |
CN108989289B (en) * | 2018-06-21 | 2020-10-13 | 北京亚鸿世纪科技发展有限公司 | Method and device for guaranteeing integrity of flow collection |
CN111367751A (en) * | 2018-12-26 | 2020-07-03 | 北京神州泰岳软件股份有限公司 | End-to-end data monitoring method and device |
CN111367751B (en) * | 2018-12-26 | 2023-05-05 | 北京神州泰岳软件股份有限公司 | End-to-end data monitoring method and device |
CN110224891A (en) * | 2019-06-12 | 2019-09-10 | 武汉绿色网络信息服务有限责任公司 | A kind of intelligent flow dispatching method and system based on DPI and current divider |
CN113194045A (en) * | 2020-01-14 | 2021-07-30 | 阿里巴巴集团控股有限公司 | Data flow analysis method and device, storage medium and processor |
CN113194045B (en) * | 2020-01-14 | 2023-11-17 | 阿里巴巴集团控股有限公司 | Data traffic analysis method, device, storage medium and processor |
Also Published As
Publication number | Publication date |
---|---|
CN103731316B (en) | 2017-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105868075A (en) | System and method for monitoring and analyzing great deal of logs in real time | |
CN111131379B (en) | Distributed flow acquisition system and edge calculation method | |
CN105159964B (en) | A kind of log monitoring method and system | |
CN206060359U (en) | A kind of Centralized Monitoring operational system of photovoltaic power station | |
CN103036893A (en) | One-layer network data processing method suitable for intelligent substation | |
CN105430091A (en) | Cloud storage based remote equipment health management method and system using same | |
CN105573239A (en) | High speed backboard bus communication control device and method | |
CN112118174B (en) | Software defined data gateway | |
CN103684916A (en) | Method and system for intelligent monitoring and analyzing under cloud computing | |
CN103353893B (en) | Dispatch automated system distributed data acquisition intelligent fault diagnosis method | |
CN103730951B (en) | A kind of power-supply management system and method thereof | |
CN103731316A (en) | Flow monitoring device and method | |
CN103686345A (en) | Video content comparing method based on digital signal processor | |
CN105224888A (en) | A kind of data of magnetic disk array protection system based on safe early warning technology | |
CN103905219A (en) | System and method for monitoring and storing communication information in service platform | |
CN107221919B (en) | A method of improving the power distribution network reliability of relay protection containing distributed generation resource | |
CN103297298B (en) | For the network storm detection method real-time of intelligent substation | |
CN103558819A (en) | Slicing machine fault diagnosis system | |
CN105703952A (en) | Network fault monitoring method and apparatus | |
CN107271804A (en) | The failure wave-recording method and apparatus of power system | |
CN202748417U (en) | Parameter monitoring system of frequency converter in wind generating set | |
CN204631168U (en) | A kind of industrial current transformer remote diagnosis and maintenance system | |
CN101895729B (en) | Streaming media server of embedded Linux shearing system | |
CN104201784A (en) | Online power transmission line monitoring system and running state monitoring method and device thereof | |
CN109103855B (en) | A kind of isolated island micro-capacitance sensor line protection method, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190311 Address after: 710000 No. 304, Gate 2, 9 Building, North Village, No. 127 Youyi West Road, Beilin District, Xi'an City, Shaanxi Province Patentee after: Yin Jianlin Address before: 300456 Tianjin Binhai New Area Tianjin Development Zone Service Outsourcing Park 5701-2 Patentee before: Tianjin Jinzha Technology Co.,Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170804 Termination date: 20210730 |