CN104869014B - A kind of Ethernet fault location and detection method - Google Patents
A kind of Ethernet fault location and detection method Download PDFInfo
- Publication number
- CN104869014B CN104869014B CN201510203169.1A CN201510203169A CN104869014B CN 104869014 B CN104869014 B CN 104869014B CN 201510203169 A CN201510203169 A CN 201510203169A CN 104869014 B CN104869014 B CN 104869014B
- Authority
- CN
- China
- Prior art keywords
- detection
- network
- packet loss
- interchanger
- interval
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 110
- 230000005856 abnormality Effects 0.000 claims abstract description 27
- 238000000034 method Methods 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 9
- 238000005259 measurement Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000010276 construction Methods 0.000 claims description 3
- 239000000523 sample Substances 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 10
- 230000004888 barrier function Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Abstract
The invention discloses a kind of Ethernet fault location and detection methods, for positioning and detecting network equipment failure in target network, step includes: network device state consistency detection, network apparatus jamming abnormality detection, packet loss of link abnormality detection and positioning, the detection of target network DoS attack and the detection of addresses forwarding table correctness;Compared with prior art, the SNMP and MIB-2 that Ethernet fault location of the present invention and detection method are supported by inquiry currently based on standardization interchanger, it can be detected and position again Ethernet failure by simple computation, it is simple and practical, with preferable applicability and engineer application, and efficiency with higher and accuracy rate.
Description
Technical field
The present invention relates to a kind of technical field of network system failures maintenance more particularly to a kind of events of Ethernet
Barrier positioning and detection method.
Background technique
As more and more Internet applications incorporate daily life, people require to get over to the user experience of network
Come higher.So that network is kept unimpeded in real time is the premise for guaranteeing user experience, it is therefore necessary to which detection positions and excludes net in time
Network failure, so the detection of network failure and exclusion are a part critically important in network management work.Therefore how efficiently quasi-
Really position the hot and difficult issue become in network failure research in recent years with detection network failure.
The main method of Ethernet fault detection at present has: the dependency graph or module established between network communications entity rely on
Then figure passes through dependency graph detection and locating network fault;Net is positioned using probability failure maps and Bayesian inference technology
Network failure;Model using weighting bipartite graph carrys out locating network fault;Regulation engine Drools is used for failure system exploitation;Knot
It closes expert system and inference machine carries out fault diagnosis etc..
There are also some enterprises also to develop commercial network Fault Management System simultaneously.Such as ManageEngine
OpManager system, this is a Integrated Network Management software end to end, can be to the network equipment in enterprise network, service
The IT infrastructure such as device, host, wide-area network link, application and service realize comprehensive, visualization, unified Centralized Monitoring and management.
The Netcool Network Management system of IBM is a with Topology Discovery, detection network failure, Configuration network etc.
The system of function.The OpenView system of Hewlett-Packard is a system with functions such as Topology Discovery and fault managements.
Although dependency graph to the positioning of failure and detection accuracy rate with higher, establishes a system or network
Dependency graph requires to be very familiar with the system or network that more accurately dependency graph could be established.It is pushed away using probabilistic model and Bayes
Adjustment method is more complex, and accuracy rate and efficiency are difficult to ensure that difficulty in engineering realization is larger.Fault detection based on data mining
Method, accuracy rate are difficult to ensure, and need the network equipment log of magnanimity, but the day of the network equipment of different manufacturer's production
Will content, format are different.Other Network Fault Detection technologies need to meet some specific conditions, so it is generally fitted
It is relatively difficult to guarantee with property.Above-mentioned commercial Fault Management System is based on privately owned technical solution, and accuracy, reliability are especially
Verifiability is difficult to ensure.
In summary, current network fault detecting method generally requires modification station code, control node behavior comes in fact
Existing fault detection, and the ethernet devices such as interchanger are usually and without alterability.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of Ethernet fault location and detection side
Method, it is low to solve existing network fault detecting method accuracy, need to modify station code, control node behavior realizing therefore
Barrier detection, can not adapt to the fault detection of the ethernet devices such as the common interchanger without alterability.
The present invention is achieved by the following technical solutions:
A kind of Ethernet fault location and detection method are wrapped for positioning and detecting network equipment failure in target network
Include following steps:
Step S101: network device state consistency detection: the port status inspection including interchangers all in target network
Survey, STP protocol version consistency detection, working method consistency detection and source-routed protocol version consistency detection, if detection
As a result consistent, then continue, it is inconsistent, then it alarms;
Step S102: network apparatus jamming abnormality detection: it is periodically detected each end of all interchangers in target network
Mouthful, the packet drop rate as caused by congestion is calculated, if packet drop rate is no more than threshold value, is continued, if being more than threshold value, is reported
It is alert;
Step S103: packet loss of link abnormality detection and positioning: each link being periodically detected in target network topology
(ui, vj), calculate link (ui, vj) continue in the packet loss of both direction if packet loss is no more than threshold value, if being more than threshold
Value, then alarm;
Step S104: the detection of target network DoS attack: it is periodically detected the forwarding entry of all interchangers in target network
Number is abandoned, if being no more than threshold value, is continued, if being more than threshold value, is alarmed;
Step S105: the detection of addresses forwarding table correctness: a MAC Address is randomly selected, whether detection interchanger
The forwarding entry of MAC Address is learnt, if so, continuing, if it is not, then alarming.
In the step S101, the specific steps of network device state consistency detection include:
Step S201: switch port state-detection: to all interchangers in target network, which is appeared in
All of the port in topology, inquiring its current working status value is 1, shows that port is working;Otherwise, it alarms;
Step S202: interchanger STP protocol version consistency detection: to all interchangers in target network, it is inquired
The STP version value used should be consistent;Otherwise, it alarms;
Step S203: interchanger working method consistency detection: to all interchangers in target network, its work is obtained
The information of each port is all empty under bridge mode, then jumps to step S204;Otherwise, it obtains it and works in source routing mould
The information of each port is all empty under formula, then continues;Otherwise, it alarms;
Step S204: the source-routed protocol version consistency detection of interchanger: if all interchangers work in network
Source route pattern, then inquire all interchangers operand bit value answer it is identical;Otherwise, it alarms.
In the step S102, the specific steps of network apparatus jamming abnormality detection include:
Step S301: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0;Its
In, delta indicates the warning value of packet loss;Interval indicates the time of polling interval twice, and unit is the second;K indicates continuous
The number of query interface;L indicate this K times inquiry in packet loss have L times more than delta, it is necessary to alarm;Count1 is for counting
Inquiry times;Count2 is for counting the number that packet loss is more than delta;
Step S302: in moment t, the data frame of each port of the interchanger data frame number TpPOF issued and discarding is inquired
Number BPDED;
Step S303: waiting interval seconds, inquires the data frame number TpPOF and lose that each port of interchanger issues again
The data frame number BPDED of abandoning calculates (t, t+1) in the period, and the message frame number of interchanger transmission and discarding, wherein t+1 indicates t
At the time of interval is after interval seconds, calculation formula is as follows:
Step S304: if discard(t, t+1)/transport(t, t+1)>=delta is iterated circulation to count2,
If count2 >=L, alarm, this time switch congestion abnormality detection terminates;Otherwise, continue;
Step S305: being iterated circulation to count1, if count1 >=K, this switch congestion abnormality detection knot
Beam;Otherwise, step S303 is jumped to.
In the step S103, link (ui, vj) specific steps of packet loss abnormality detection and positioning include:
Step S401: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0,
Count3=0, lossuv(t, t+1)=0.0, lossvu(t, t+1)=0.0;Wherein, delta indicates the warning value of packet loss;
Interval indicates the time of polling interval twice, and unit is the second;The number of K expression continuous-query variable;L indicates to look into for this K times
In inquiry packet loss have L times more than delta, it is necessary to alarm;Count1 is used for statistical query number;Count2 and count3 difference
Packet loss for counting same link different directions is more than the number of delta;lossuv(t, t+1)Indicate that links switch u is arrived
Packet loss on the direction interchanger v;lossvu(t, t+1)Indicate the packet loss on links switch v to interchanger u direction;
Step S402: in moment t, link port u is inquirediAnd vjThe data frame number TpPOF of sending and the data frame received
Number TpPIF;
Step S403: waiting interval second, inquire again the data frame number TpPOF of the sending of two ports of link with
The data frame number TpPIF received, calculates separately (t, the t+1) period, the packet loss of link different directions, and calculation formula is as follows:
Packet loss on the direction u → v:
Packet loss on v → u direction:
Step S404: if lossuv(t, t+1)>=delta is iterated circulation to count2, if count2 >=L, report
It is alert;Otherwise, continue;
Step S405: if lossvu(t, t+1)>=delta is iterated circulation to count3, if count3 >=L, report
It is alert;Otherwise, continue;
Step S406: circulation, count1 >=K, alarm, this time link congestion abnormality detection positioning are iterated to count1
Terminate;Otherwise, step S403 is jumped to.
In the step S104, the specific steps of target network DoS attack detection include:
Step S501: initiation parameter: interval, K, L, and K > L, count1=0, count2=0.Interval table
Show the time of polling interval twice, unit is the second;The number of K expression continuous-query variable;L indicates this K times inquiry transfer clockwork spring
Mesh abandon number have L times more than 0, it is necessary to alarm;Count1 is used for statistical query number;Count2 loses for counting forwarding entry
Abandon the number that number is more than 0;
Step S502: in moment t, the entry number that the addresses forwarding table of interchanger is lost due to insufficient memory is inquired
TpLED;
Step S503: the TpLED of the interchanger is inquired at interval interval seconds again, calculates (t, the t+1) period, is abandoned
Forwarding entry quantity, calculation formula is as follows:
discardentry(t, t+1)=TpLEDt+1-TpLEDt
Step S504: if discardentry(t, t+1)>=0, circulation is iterated to count2, if count2 >=L,
Alarm, this time target network DoS attack detection terminate;Otherwise, continue;
Step S505: being iterated circulation to count1, if count1 >=K, this time target network DoS attack detection knot
Beam;Otherwise, step S503 is jumped to.
In the step S105, the specific steps of addresses forwarding table correctness detection include:
Step S601: it randomly selects in the unbound equipment any in a network of MAC Address a s, s;
Step S602: construction is using s as source address, using measurement equipment u to be checked in network as the ethernet frame of purpose address, in net
It is transmitted in network;
Step S603: it if interchanger v is located on from source address s to the path of measurement equipment u to be checked, is arrived with s inquiry v study
Forwarding entry forwarding table variable, should have entry domain (s, vi, learned) entry, wherein viIt is that v receives probe messages
Port shows that v has learnt the forwarding entry of s;Otherwise, it alarms.
The present invention has the advantage that the present invention provides a kind of Ethernet fault location and detection side compared with prior art
Method, SNMP (the Simple Network Management that this method is supported by inquiry currently based on standardization interchanger
Protocol, Simple Network Management Protocol) and MIB-2 (Management Information Base, management information bank), so
It can be detected and position afterwards Ethernet failure by simple computation, it is simple and practical, there is preferable applicability and engineer application,
And efficiency with higher and accuracy rate.
Detailed description of the invention
Fig. 1 is the overall flow figure of Ethernet fault location and detection of the present invention;
Fig. 2 is the flow chart of network device state consistency detection;
Fig. 3 is the flow chart of network apparatus jamming abnormality detection;
Fig. 4 is the flow chart of packet loss of link abnormality detection and positioning;
Fig. 5 is the flow chart of target network DoS attack detection;
Fig. 6 is the flow chart that addresses forwarding table correctly detects.
Specific embodiment
It elaborates below to the embodiment of the present invention, the present embodiment carries out under the premise of the technical scheme of the present invention
Implement, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to following implementation
Example.
Embodiment 1
A kind of Ethernet fault location and detection method provided in this embodiment have flow chart as shown in figs. 1 to 6,
For positioning and detecting the failure of the network equipment in target network, overall flow figure is as shown in Figure 1, comprising the following steps:
Step S101: network device state consistency detection: the port status inspection including interchangers all in target network
Survey, STP protocol version consistency detection, working method consistency detection and source-routed protocol version consistency detection, if detection
As a result consistent, then continue, it is inconsistent, then it alarms;
Step S102: network apparatus jamming abnormality detection: it is periodically detected each end of all interchangers in target network
Mouthful, the packet drop rate as caused by congestion is calculated, if packet drop rate is no more than threshold value, is continued, if being more than threshold value, is reported
It is alert;
Step S103: packet loss of link abnormality detection and positioning: each link being periodically detected in target network topology
(ui, vj), calculate link (ui, vj) continue in the packet loss of both direction if packet loss is no more than threshold value, if being more than threshold
Value, then alarm;
Step S104: the detection of target network DoS attack: it is periodically detected the forwarding entry of all interchangers in target network
Number is abandoned, if being no more than threshold value, is continued, if being more than threshold value, is alarmed;
Step S105: the detection of addresses forwarding table correctness: a MAC Address is randomly selected, whether detection interchanger
The forwarding entry of MAC Address is learnt, if so, continuing, if it is not, then alarming.
As shown in Fig. 2, being the detailed process of network device state consistency detection, step includes:
Step S201: switch port state-detection: to all interchangers in target network, which is appeared in
All of the port in topology, inquiry ifOperStatus value are 1, show that port is working;Otherwise, it alarms;
Step S202: interchanger STP protocol version consistency detection: to all interchangers in target network, inquiry
Dot1dStpProtocolSpecification value should be consistent;Otherwise, it alarms;
Step S203: interchanger working method consistency detection: to all interchangers in target network, it is obtained
The information of dot1dTpPortTable is all empty, then jumps to step S204;Otherwise, the information of its dot1dSrPortTable is obtained
It is all empty, then continues;Otherwise, it alarms;
Step S204: the source-routed protocol version consistency detection of interchanger: if all interchangers work in network
Source route pattern, then inquire all interchangers dot1dSrBridgeLfMode value answer it is identical;Otherwise, it alarms.
As shown in figure 3, working in the algorithm stream of the network apparatus jamming abnormality detection under bridge mode for interchanger
Journey (algorithm for the network apparatus jamming abnormality detection that interchanger works under Source Route Bridge mode can also refer to following algorithms),
Its step includes:
Step S301: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0;Its
In, delta indicates the warning value of packet loss;Interval indicates the time of polling interval twice, and unit is the second;K indicates continuous
The number of query interface;L indicate this K times inquiry in packet loss have L times more than delta, it is necessary to alarm;Count1 is for counting
Inquiry times;Count2 is for counting the number that packet loss is more than delta;
Step S302: in moment t, the data frame of each port of the interchanger data frame number TpPOF issued and discarding is inquired
Number BPDED;
Step S303: it waits interval seconds, inquires the dot1dTpPortOutFrames of each port of interchanger again
Variable (hereinafter referred to as TpPOF) and dot1dBasePortDelayExceededDiscards variable (hereinafter referred to as BPDED), meter
Calculate (t, t+1) in the period, interchanger transmission and the message frame number that abandons, wherein t+1 indicate the interval t after interval seconds when
It carves, calculation formula is as follows:
Step S304: if discard(t, t+1)/transport(t, t+1)>=delta carries out count2=to count2
Count2+1 iterative cycles, if count2 >=L, alarm, this time switch congestion abnormality detection terminates;Otherwise, continue;
Step S305: carrying out count1=count1+1 iterative cycles to count1, if count1 >=K, this time exchanges
Machine congestion abnormality detection terminates;Otherwise, step S303 is jumped to.
As shown in figure 4, working in the link (u under bridge mode for interchangeri, vj) packet loss abnormality detection and positioning
Algorithm flow (algorithm of packet loss of link abnormality detection and positioning that interchanger works under Source Route Bridge mode can also refer to
Following algorithms), step includes:
Step S401: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0,
Count3=0, lossuv(t, t+1)=0.0, lossvu(t, t+1)=0.0;Wherein, delta indicates the warning value of packet loss;
Interval indicates the time of polling interval twice, and unit is the second;The number of K expression continuous-query variable;L indicates to look into for this K times
In inquiry packet loss have L times more than delta, it is necessary to alarm;Count1 is used for statistical query number;Count2 and count3 difference
Packet loss for counting same link different directions is more than the number of delta;lossuv(t, t+1)Indicate that links switch u is arrived
Packet loss on the direction interchanger v;lossvu(t, t+1)Indicate the packet loss on links switch v to interchanger u direction;
Step S402: in moment t, link port u is inquirediAnd vjTpPOF and dot1dTpPortOutFrames variable
(hereinafter referred to as TpPIF);
Step S403: it waits interval seconds, inquires the TpPOF and TpPIF of two ports of the link again, calculate separately
(t, t+1) period, the packet loss of link different directions, calculation formula are as follows:
Packet loss on the direction u → v:
Packet loss on v → u direction:
Step S404: if lossuv(t, t+1)>=delta carries out count2=count2+1 iterative cycles to count2,
If count2 >=L, alarm;Otherwise, continue;
Step S405: if lossvu(t, t+1)>=delta carries out count3=count3+1 iterative cycles to count3,
If count3 >=L, alarm;Otherwise, continue;
Step S406: count1=count1+1 iterative cycles, count1 >=K, alarm, this link are carried out to count1
The positioning of congestion abnormality detection terminates;Otherwise, step S403 is jumped to.
As shown in figure 5, in the step S104, the specific steps of target network DoS attack detection include:
Step S501: initiation parameter: interval, K, L, and K > L, count1=0, count2=0.Interval table
Show the time of polling interval twice, unit is the second;The number of K expression continuous-query variable;L indicates this K times inquiry transfer clockwork spring
Mesh abandon number have L times more than 0, it is necessary to alarm;Count1 is used for statistical query number;Count2 loses for counting forwarding entry
Abandon the number that number is more than 0;
Step S502: in moment t, the dot1dTpLearnedEntryDiscards variable of interchanger is inquired (hereinafter referred to as
TpLED);
Step S503: the TpLED of the interchanger is inquired at interval interval seconds again, calculates (t, the t+1) period, is abandoned
Forwarding entry quantity, calculation formula is as follows:
discardentry(t, t+1)=TpLEDt+1-TpLEDt
Step S504: if discardentry(t, t+1)>=0, count2=count2+1 iteration is carried out to count2 and is followed
Ring, if count2 >=L, alarm, this time target network DoS attack detection terminates;Otherwise, continue;
Step S505: carrying out count1=count1+1 iterative cycles to count1, if count1 >=K, this target
The detection of network DoS attack terminates;Otherwise, step S503 is jumped to.
As shown in fig. 6, in the step S105, the specific steps of addresses forwarding table correctness detection include:
Step S601: it randomly selects in the unbound equipment any in a network of MAC Address a s, s;
Step S602: construction is using s as source address, using measurement equipment u to be checked in network as the ethernet frame of purpose address, in net
It is transmitted in network;
Step S603: if interchanger v is located on from source address s to the path of measurement equipment u to be checked, with s inquiry v's
Dot1dTpFdbTable variable should have entry domain (s, vi, learned) entry, wherein viIt is the end that v receives probe messages
Mouthful, show that v has learnt the forwarding entry of s;Otherwise, it alarms.
It MIB-2 variable involved in the present embodiment and its is explained as follows shown in table 1 accordingly:
Table 1:MIB-2 variable and its meaning table of comparisons
Claims (5)
1. a kind of Ethernet fault location and detection method, special for positioning and detecting network equipment failure in target network
Sign is, comprising the following steps:
Step S101: network device state consistency detection: including interchangers all in target network port status detection,
STP protocol version consistency detection, working method consistency detection and source-routed protocol version consistency detection, if testing result
It is consistent, then continue, it is inconsistent, then it alarms;
Step S102: network apparatus jamming abnormality detection: being periodically detected each port of all interchangers in target network, meter
The packet drop rate as caused by congestion is calculated, if packet drop rate is no more than threshold value, is continued, if being more than threshold value, is alarmed;
Step S103: packet loss of link abnormality detection and positioning: each link (u being periodically detected in target network topologyi,
vj), calculate link (ui, vj) continue in the packet loss of both direction if packet loss is no more than threshold value, if being more than threshold value,
Alarm;
Step S104: the detection of target network DoS attack: the forwarding entry for being periodically detected all interchangers in target network abandons
Number continues if being no more than threshold value, if being more than threshold value, alarms;
Step S105: the detection of addresses forwarding table correctness: randomly selecting a MAC Address, and whether detection interchanger has learnt
The forwarding entry of MAC Address, if so, continuing, if it is not, then alarm;
In the step S101, the specific steps of network device state consistency detection include:
Step S201: to all interchangers in target network, topology switch port state-detection: is appeared in the interchanger
In all of the port, inquire its current working status value be 1, show that port is working;Otherwise, it alarms;
Step S202: interchanger STP protocol version consistency detection: to all interchangers in target network, its use is inquired
STP version value should be consistent;Otherwise, it alarms;
Step S203: it interchanger working method consistency detection: to all interchangers in target network, obtains it and works in
The information of each port is all empty under bright network bridge mode, then jumps to step S204;Otherwise, it is obtained to work under the route pattern of source
The information of each port is all empty, then continues;Otherwise, it alarms;
Step S204: the source-routed protocol version consistency detection of interchanger: if all interchangers work in Yuan Lu in network
By mode, then inquire all interchangers operand bit value answer it is identical;Otherwise, it alarms.
2. a kind of Ethernet fault location according to claim 1 and detection method, which is characterized in that the step S102
In, the specific steps of network apparatus jamming abnormality detection include:
Step S301: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0;Wherein,
The warning value of delta expression packet loss;Interval indicates the time of polling interval twice, and unit is the second;K indicates continuous-query
The number of variable;L indicate this K times inquiry in packet loss have L times more than delta, it is necessary to alarm;Count1 is used for statistical query
Number;Count2 is for counting the number that packet loss is more than delta;
Step S302: in moment t, the data frame number of each port of the interchanger data frame number TpPOF issued and discarding is inquired
BPDED;
Step S303: waiting interval seconds, inquires data frame number TpPOF and discarding that each port of interchanger issues again
Data frame number BPDED calculates (t, t+1) in the period, and the message frame number of interchanger transmission and discarding, wherein t+1 indicates the interval t
At the time of after interval seconds, calculation formula is as follows:
The message frame number of transmission
The message frame number of discarding
Step S304: if discard(t, t+1)/transport(t, t+1)>=delta is iterated circulation to count2, if
Count2 >=L, alarm, this time switch congestion abnormality detection terminates;Otherwise, continue;
Step S305: being iterated circulation to count1, if count1 >=K, this time switch congestion abnormality detection terminates;It is no
Then, step S303 is jumped to.
3. a kind of Ethernet fault location according to claim 1 and detection method, which is characterized in that the step S103
In, link (ui, vj) specific steps of packet loss abnormality detection and positioning include:
Step S401: initiation parameter: delta, interval, K, L, and K > L, count1=0, count2=0, count3=
0, lossuv(t, t+1)=0.0, lossvu(t, t+1)=0.0;Wherein, delta indicates the warning value of packet loss;Interval is indicated
The time of polling interval twice, unit are the seconds;The number of K expression continuous-query variable;L indicates that packet loss has L in this K times inquiry
It is secondary more than delta, it is necessary to alarm;Count1 is used for statistical query number;Count2 and count3 is respectively used to count same
The packet loss of link different directions is more than the number of delta;lossuv(t, t+1)It indicates on links switch u to the direction interchanger v
Packet loss;lossvu(t, t+1)Indicate the packet loss on links switch v to interchanger u direction;
Step S402: in moment t, link port u is inquirediAnd vjThe data frame number TpPOF of sending and the data frame number received
TpPIF;
Step S403: wait interval second, the data frame number TpPOF for the sending for inquiring two ports of link again with receive
Data frame number TpPIF, calculate separately (t, the t+1) period, the packet loss of link different directions, calculation formula is as follows:
Packet loss on the direction u → v:
Packet loss on v → u direction:
Step S404: if lossuv(t, t+1)>=delta is iterated circulation to count2, if count2 >=L, alarm;It is no
Then, continue;
Step S405: if lossvu(t, t+1)>=delta is iterated circulation to count3, if count3 >=L, alarm;It is no
Then, continue;
Step S406: circulation, count1 >=K, alarm, this time link congestion abnormality detection positioning knot are iterated to count1
Beam;Otherwise, step S403 is jumped to.
4. a kind of Ethernet fault location according to claim 1 and detection method, which is characterized in that the step S104
In, the specific steps of target network DoS attack detection include:
Step S501: initiation parameter: interval, K, L, and K > L, count1=0, count2=0, interval indicate two
The time of secondary polling interval, unit are the seconds;The number of K expression continuous-query variable;L indicates that forwarding entry is lost in this K times inquiry
Abandon number have L times more than 0, it is necessary to alarm;Count1 is used for statistical query number;Count2 abandons number for counting forwarding entry
Number more than 0;
Step S502: in moment t, the entry number TpLED that the addresses forwarding table of interchanger is lost due to insufficient memory is inquired;
Step S503: the TpLED of the interchanger is inquired at interval interval seconds again, calculates (t, the t+1) period, and discarding turns
Number of entries is sent out, calculation formula is as follows:
discardentry(t, t+1)=TpLEDt+1-TpLEDt
Step S504: if discardentry(t, t+1)>=0, circulation is iterated to count2, if count2 >=L, alarm,
This time target network DoS attack detection terminates;Otherwise, continue;
Step S505: being iterated circulation to count1, if count1 >=K, this time target network DoS attack detection terminates;
Otherwise, step S503 is jumped to.
5. a kind of Ethernet fault location according to claim 1 and detection method, which is characterized in that the step S105
In, the specific steps of addresses forwarding table correctness detection include:
Step S601: it randomly selects in the unbound equipment any in a network of MAC Address a s, s;
Step S602: construction is using s as source address, using measurement equipment u to be checked in network as the ethernet frame of purpose address, in a network
Transmission;
Step S603: if interchanger v is located on from source address s to the path of measurement equipment u to be checked, turned with what s inquiry v learnt
Clockwork spring purpose forwarding table variable, should have entry domain (s, vi, learned) and entry, wherein viIt is the port that v receives probe messages,
Show that v has learnt the forwarding entry of s;Otherwise, it alarms.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510203169.1A CN104869014B (en) | 2015-04-24 | 2015-04-24 | A kind of Ethernet fault location and detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510203169.1A CN104869014B (en) | 2015-04-24 | 2015-04-24 | A kind of Ethernet fault location and detection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104869014A CN104869014A (en) | 2015-08-26 |
CN104869014B true CN104869014B (en) | 2019-02-05 |
Family
ID=53914555
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510203169.1A Expired - Fee Related CN104869014B (en) | 2015-04-24 | 2015-04-24 | A kind of Ethernet fault location and detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104869014B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107342809B (en) * | 2016-05-03 | 2020-11-06 | 中国移动通信集团四川有限公司 | Service performance monitoring and fault positioning method and device |
CN106453113A (en) * | 2016-09-07 | 2017-02-22 | 中国人民解放军防空兵学院 | IP network congestion link positioning method |
CN106792523B (en) * | 2016-12-10 | 2019-12-03 | 武汉白虹软件科技有限公司 | A kind of anomaly detection method based on extensive WiFi activity trajectory |
CN108243053B (en) * | 2016-12-27 | 2020-12-22 | 中国移动通信集团浙江有限公司 | Packet loss fault positioning method and device |
CN107682257A (en) * | 2017-11-21 | 2018-02-09 | 凌云天博光电科技股份有限公司 | Data transmission method and system |
WO2020021713A1 (en) * | 2018-07-27 | 2020-01-30 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ | Fraud detection method and electronic control device for detecting frauds |
CN109981492A (en) * | 2019-04-04 | 2019-07-05 | 深圳市三旺通信股份有限公司 | A kind of method that can intuitively show interchanger operating status |
CN110597226A (en) * | 2019-09-17 | 2019-12-20 | 中车青岛四方机车车辆股份有限公司 | Abnormity early warning method and device for vehicle-mounted Ethernet |
CN114338568B (en) * | 2020-09-30 | 2024-03-01 | 中车株洲电力机车研究所有限公司 | Data stream statistics method and Ethernet switch |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101714939A (en) * | 2008-10-06 | 2010-05-26 | 中兴通讯股份有限公司 | Fault treatment method for Ethernet ring network host node and corresponding Ethernet ring network |
CN101877659A (en) * | 2010-06-30 | 2010-11-03 | 中兴通讯股份有限公司 | Method, device and system for monitoring packet loss |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454849C (en) * | 2005-08-05 | 2009-01-21 | 华为技术有限公司 | Fault detecting method in next generation network |
-
2015
- 2015-04-24 CN CN201510203169.1A patent/CN104869014B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101714939A (en) * | 2008-10-06 | 2010-05-26 | 中兴通讯股份有限公司 | Fault treatment method for Ethernet ring network host node and corresponding Ethernet ring network |
CN101877659A (en) * | 2010-06-30 | 2010-11-03 | 中兴通讯股份有限公司 | Method, device and system for monitoring packet loss |
Non-Patent Citations (1)
Title |
---|
以太网安全入侵的检测;俞承志,刘勇,毕娟,潘成胜;《沈阳工业学院学报》;20020331;第21卷(第1期);正文第1节 |
Also Published As
Publication number | Publication date |
---|---|
CN104869014A (en) | 2015-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104869014B (en) | A kind of Ethernet fault location and detection method | |
JP5249950B2 (en) | Method and system for utility network outage detection | |
Liu et al. | Self-diagnosis for large scale wireless sensor networks | |
US8634314B2 (en) | Reporting statistics on the health of a sensor node in a sensor network | |
US8638680B2 (en) | Applying policies to a sensor network | |
US8667084B2 (en) | Managing fate-sharing in shared-media communication networks | |
US20120026938A1 (en) | Applying Policies to a Sensor Network | |
EP1734691A1 (en) | Scalable selective alarm suppression for data communication network | |
CN112564964B (en) | Fault link detection and recovery method based on software defined network | |
CN103001879B (en) | Reduce the method and apparatus of LSA inundation number of times | |
Ma et al. | Sherlock is around: Detecting network failures with local evidence fusion | |
CN108449210B (en) | Network routing fault monitoring system | |
US11677819B2 (en) | Peer-to-peer feature exchange for edge inference of forecasting models | |
CN109219942B (en) | Method and device for controlling message mode | |
Liu et al. | Self-diagnosis for detecting system failures in large-scale wireless sensor networks | |
CN111404822B (en) | Data transmission method, device, equipment and computer readable storage medium | |
CN102684902B (en) | Based on the network failure locating method of probe prediction | |
CN102263651A (en) | Method for detecting connection state of local end equipment in SNMP (simple network management protocol) network management system (NMS) | |
Zafar et al. | A hybrid fault diagnosis architecture for wireless sensor networks | |
JP2022510687A (en) | Systems and methods for determining and reporting node malfunctions | |
Ma et al. | BOND: Exploring hidden bottleneck nodes in large-scale wireless sensor networks | |
JP2002111665A (en) | Local area network monitoring device | |
CN105141469A (en) | Performance monitoring in a multi-site environment | |
CN101895409B (en) | Method, device and system for processing operation, administration and maintenance mechanism in multipath domain | |
Radenkovic et al. | Increasing communication reliability in manufacturing environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190205 Termination date: 20200424 |