CN105119736B - The method and apparatus of data inspection in network function virtualization architecture - Google Patents

The method and apparatus of data inspection in network function virtualization architecture Download PDF

Info

Publication number
CN105119736B
CN105119736B CN201510418248.4A CN201510418248A CN105119736B CN 105119736 B CN105119736 B CN 105119736B CN 201510418248 A CN201510418248 A CN 201510418248A CN 105119736 B CN105119736 B CN 105119736B
Authority
CN
China
Prior art keywords
configuration information
query
inspection
data inspection
query object
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510418248.4A
Other languages
Chinese (zh)
Other versions
CN105119736A (en
Inventor
王骅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510418248.4A priority Critical patent/CN105119736B/en
Publication of CN105119736A publication Critical patent/CN105119736A/en
Priority to PCT/CN2016/083009 priority patent/WO2017008578A1/en
Application granted granted Critical
Publication of CN105119736B publication Critical patent/CN105119736B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication
    • H04L41/342Signalling channels for network management communication between virtual entities, e.g. orchestrators, SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present embodiments relate to the method and apparatus of data inspection in network function virtualization NFV framework.The device includes determining module, for determining that the data inspection of query object describes file, the data inspection describes object element, query script and the parsing script where the mark that file includes the query object, the query object, wherein, the object element belongs to the NFV framework, for the query script for checking the query object, which is used to parse the inspection result of the query object;Check module, the data inspection for determining according to the determining module describes file, determines the real-time configuration information of the query object in the object element;Processing module when real-time configuration information and initial configuration information for determining when the inspection module are inconsistent, determines that data inspection result of the query object in the object element is abnormal.The method and apparatus of data inspection, can reduce traffic lost in the NFV framework of the embodiment of the present invention.

Description

The method and apparatus of data inspection in network function virtualization architecture
Technical field
The present invention relates to the method and apparatus of data inspection in the communications field more particularly to network function virtualization architecture.
Background technique
Network function virtualization (Network Function Virtualization, referred to as " NFV ") is by using x86 Equal general purpose hardwares and virtualization technology, make network equipment function be no longer dependent on specialized hardware, and resource can sufficiently flexibly It is shared, realize the quick exploitation and deployment of new business, and automatic deployment, elastic telescopic, failure are carried out based on practical business demand Isolation and self-healing etc..
From 2012, European Telecommunication Standardization Association (ETSI) (European Telecommunications Standards Institute) set up NFV working group, specified by NFV framework and basic procedure by industry conduct Standard is carried out in each telecom cloud project.
In NFV framework, NFV infrastructure (NFVI, including hardware and virtual platform) and virtualization network function are soft It is layering decoupling between part (VNF), each layer has the configuration and maintenance interface and rights management system of oneself, can be independent Modification oneself object properties.In the Construction procedures of general virtual data center, first with hardware management software to hardware into Row initial configuration, including server host Starting mode, the network settings of network board and redundant fashion etc., then with virtualization Platform management software (VIM) configures the base power of cloud platform, setting, virtual network including virtual data center Configuration, configuration of virtual memory etc., when finally disposing VNF, the attribute of VNF virtual machine (VM) is automatically configured by VNF by template Or the mode of human configuration is arranged to virtual platform when creation VM.
But in NFV framework, configuration and maintenance interface are mutually indepedent between virtual platform, hardware in NFVI and VNF, can be with It is responsible for maintenance by the personnel of different departments, rights management is mutually indepedent, lacks relevant data correlation verification scheme, certain Engineering activity (increases new VNF, the network rebuilding, the dilatation of cloud resource pond, hardware dilatation, hardware replacement, system failure recovery etc.) In or maloperation, certain layer data be not notified that upper and lower level after being altered, there is the risk for influencing VNF service, or there are certain Because data change causes Reliability Measures to fail after a little failures occur, to influence the hidden danger of VNF service.
Summary of the invention
The present invention provides a kind of method and apparatus of network function virtualization architecture data inspection, can reduce business damage It loses.
In a first aspect, providing a kind of device of data inspection in network function virtualization architecture, which is comprised determining that Module, for determining that the data inspection of query object describes file, which describes the mark that file includes the query object Object element, query script and parsing script where knowledge, the query object, wherein the object element belongs to the NFV framework, For the query script for checking the query object, which is used to parse the inspection result of the query object;Check module, The data inspection for being determined according to the determining module describes file, determines that the real-time of the query object is matched in the object element Confidence breath;Processing module determines when real-time configuration information and initial configuration information for determining when the inspection module are inconsistent Data inspection result of the query object in the object element is abnormal.
With reference to first aspect, in a kind of implementation of first aspect, which is specifically used for:
According to the description file VNFD of the virtualization network function software in the NFV framework, the data of query object are determined Check description file.
With reference to first aspect and its above-mentioned implementation, in another implementation of first aspect, the data inspection Description file is located in the VNFD.
With reference to first aspect and its above-mentioned implementation, in another implementation of first aspect, which includes Virtual deployment unit, the virtual deployment unit include inspection parameter information, which is used to indicate the data inspection File is described.
With reference to first aspect and its above-mentioned implementation, in another implementation of first aspect, the inspection module It is specifically used for: file is described according to the data inspection, periodically determines the real-time configuration of the query object in the object element Information.
With reference to first aspect and its above-mentioned implementation, in another implementation of first aspect, the processing module It is also used to: when the real-time configuration information and the initial configuration information are inconsistent, generating audit report, the audit report is for referring to Registration is according to inspection result exception.
With reference to first aspect and its above-mentioned implementation, in another implementation of first aspect, the inspection module It is also used to: describing the query script in file according to the data inspection, determine the reality of the query object in the object element When configuration information.
Second aspect provides a kind of method of data inspection in network function virtualization architecture, this method comprises: determining The data inspection of query object describes file, which describes the mark that file includes the query object, the query object Object element, query script and the parsing script at place, wherein the object element belongs to the NFV framework, which is used for Check the query object, which is used to parse the inspection result of the query object;File is described according to the data inspection, Determine the real-time configuration information of the query object in the object element;When the real-time configuration information and initial configuration information are inconsistent When, determine that data inspection result of the query object in the object element is abnormal.
In conjunction with second aspect, in a kind of implementation of second aspect, the data inspection of the determination query object is described File, comprising: according to the description file VNFD of the virtualization network function software in the NFV framework, determine the number of query object File is described according to checking.
In conjunction with second aspect and its above-mentioned implementation, in another implementation of second aspect, the data inspection Description file is located in the VNFD.
In conjunction with second aspect and its above-mentioned implementation, in another implementation of second aspect, which includes Virtual deployment unit, the virtual deployment unit include inspection parameter information, which is used to indicate the data inspection File is described.
In conjunction with second aspect and its above-mentioned implementation, in another implementation of second aspect, this is according to the number File is described according to checking, determines the real-time configuration information of the query object in the object element, comprising: retouch according to the data inspection File is stated, periodically determines the real-time configuration information of the query object in the object element.
In conjunction with second aspect and its above-mentioned implementation, in another implementation of second aspect, deserve this in real time When configuration information and inconsistent initial configuration information, determine that data inspection result of the query object in the object element is different Often, comprising: when the real-time configuration information and the initial configuration information are inconsistent, generate audit report, which is used for Designation date inspection result is abnormal.
In conjunction with second aspect and its above-mentioned implementation, in another implementation of second aspect, this is according to the number File is described according to checking, determines the real-time configuration information of the query object in the object element, comprising: retouch according to the data inspection The query script in file is stated, determines the real-time configuration information of the query object in the object element.
Based on the above-mentioned technical proposal, in the network function virtualization architecture of the embodiment of the present invention data inspection method and dress It sets, according to the VNFD in NFV framework, determines that the data inspection of query object describes file, which describes file and include The object element in NFV framework where the mark of query object, query object, the query script for checking query object and The parsing script for parsing the inspection result of query object, describes file according to the data inspection, determines the inquiry in object element The real-time configuration information of object determines that data inspection result is abnormal when real-time configuration information and inconsistent initial configuration information, It can be to avoid because data change causes Reliability Measures to fail, so as to which in NFVI or VNF, either party changes When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention Attached drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is the schematic of the network function virtualization NFV framework of the method for data inspection according to an embodiment of the present invention Architecture diagram.
Fig. 2 is the schematic block diagram of the device of data inspection in NFV framework according to an embodiment of the present invention.
Fig. 3 is another schematic block diagram of the device of data inspection in NFV framework according to an embodiment of the present invention.
Fig. 4 is the schematic flow chart of the method for data inspection in NFV framework according to an embodiment of the present invention.
Fig. 5 is another schematic block diagram of the device of data inspection in NFV framework according to an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on this hair Embodiment in bright, those of ordinary skill in the art's every other reality obtained without making creative work Example is applied, all should belong to the scope of protection of the invention.
Technical solution of the present invention, the network function virtualization architecture can by various communication systems and user equipment it Between transmission services message, as above-mentioned communication system, can be enumerated for example to provide service for user equipment: the whole world is mobile Communication system (GSM, Global System of Mobile communication), CDMA (CDMA, Code Division Multiple Access) system, wideband code division multiple access (WCDMA, Wideband Code Division Multiple Access Wireless), General Packet Radio Service (GPRS, General Packet Radio Service), long term evolution (LTE, Long Term Evolution) etc..
User equipment (UE, User Equipment), also referred to as mobile terminal (Mobile Terminal), movement User equipment etc., can be through wireless access network (for example, RAN, Radio Access Network) and one or more core nets It is communicated, user equipment can be mobile terminal, such as mobile phone (or being " honeycomb " phone) and with mobile terminal Computer, for example, it may be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, they with Wireless access network exchanges language and/or data.
In the following, being illustrated first to the network function virtualization system of the embodiment of the present invention.
Fig. 1 shows the network function virtualization NFV framework 100 for the method for data inspection for being applicable in the embodiment of the present invention Schematic architectural diagram, the NFV framework can realize by multiple network, for example, data center network, service provider networks or Person's local area network (LAN, Local Area Network).As shown in Figure 1, the NFV framework 100 may include:
Management and workout system (MANO, Management and Orchestration System) 128,
Infrastructure (NFVI, NFV Infrastructure) 130,
Multiple virtual network functions (VNF) 108,
Multiple Element management systems (EMS, Element Management System) 122,
Service, virtual network function and infrastructure describe (Service VNF and Infrastructure Description) system 126,
One or more Operation Support System/business support system (OSS/BSS, Operation Support System/ Business Support System)124。
Wherein, MANO 128 may include formatter (Orchestrator) 102, one or more VNF manager (VNF Manager) 104, and one or more virtualized infrastructure manager (Virtualized Infrastructure Manager)106。
NFVI 130 may include computing hardware 112, storage hardware 114, the network hardware 116 form hardware resource layer, The virtual resource that virtualization layer and virtual computing 110 (for example, virtual machine), virtual memory 118 and virtual network 120 form Layer.Wherein, computing hardware 112 can be dedicated processor or general for providing the processor of processing and computing function. Storage hardware 114 for providing storage capacity, the storage capacity can be storage hardware 114 offer itself (such as one take The local memory of business device), (such as server passes through one network storage equipment of network connection) can also be provided by network.Net Network hardware 116 can be interchanger, router and/or other network equipments, and the network hardware 116 is for realizing between multiple equipment Communication, by wirelessly or non-wirelessly connecting between multiple equipment.Virtualization layer in NFVI130 is for being abstracted hardware resource layer Hardware resource decouples physical layer belonging to VNF108 and hardware resource, provides virtual resource to VNF.
As shown in Figure 1, virtual resource may include virtual computing 110, virtual memory 118 and virtual network 120.Virtual meter Virtual resource, such as one can be provided to VNF108 in the form of virtual machine or other virtual containers by calculating 110, virtual memory 118 A or multiple VNF108 can be deployed on a virtual machine.Virtualization layer forms virtual network by abstract network hardware 116 120.Virtual network 120, such as virtual switch (for example, Vswitches), for realizing between multiple virtual machines or multiple Carry the communication between the other kinds of virtual container of VNF.The virtualization of the network hardware can by virtual lan (VLAN, Vritual LAN), it is Virtual Private LAN Service (VPLS, Virtual Private LAN Service), virtual expansible Local area network (VxLAN, Virtual eXtensible Local Area Network) or generic route encapsulation network virtualization Technologies such as (NVGRE, Nerwork Virtualization using Generic Routing Encapsulation) are realized.
OSS/BSS124 is mainly directed towards telecom operators, provides comprehensive network management and service operation function, including net Network management (such as failure monitoring, Network Information Gathering etc.), accounting management and customer service management etc..Service VNF And Infrastructure Description system 126 is discussed in detail in ETSI GS NFV 002v1.1.1 standard, Details are not described herein for the embodiment of the present invention.
MANO 128 can be used to implement the monitoring and management of VNF 108 and NFVI 130.Formatter 102 can be with one Or the communication of multiple VNF managers 104 with realize request relevant to resource, send configuration information to VNF manager 104 and Collect the status information of VNF 108.In addition, formatter 102 can also be communicated with virtualized infrastructure manager 106 with It realizes resource allocation, and/or realizes the configuration information of virtualization hardware resource and the reserved of status information and exchange.VNF management Device 104 can be used for managing one or more VNF 108, execute various management functions, for example, initialization, update, inquiry and/ Or terminate VNF 108.Virtualized infrastructure manager 106 can be used for controlling and managing VNF108 and computing hardware 112, deposit Store up the interaction of hardware 114, the network hardware 116, virtual computing 110, virtual memory 118, virtual network 120.For example, virtualization base Infrastructure manager 106 can be used for executing batch operation of the resource to VNF 108.VNF manager 104 and virtualization basis are set Applying manager 106 can communicate with each other to exchange virtualization hardware resource distribution and status information.
NFVI 130 includes hardware and software, and the two establishes virtualized environment jointly to dispose, manage and execute VNF108. In other words, hardware resource layer and virtual resource layer are used to provide virtual resource, such as virtual machine and/or other shapes to VNF108 The virtual container of formula.
Fig. 2 shows showing for the device 200 of network function according to an embodiment of the present invention virtualization NFV framework data inspection Meaning property block diagram, the device 200 can be used as an independent tool and use, each section module in the device can also be integrated In the software systems of NFV framework, such as VNF manager (VNFM) 104 or NFV formatter (NFVO) 102 etc., the present invention is not It is limited to this.As shown in Fig. 2, the device 200 includes:
Determining module 210, for determining that the data inspection of query object describes file, which describes file and includes Object element, query script and parsing script where the mark of the query object, the query object, wherein the object element Belong to the NFV framework, for the query script for checking the query object, which is used to parse the inspection of the query object As a result;
Check module 220, the data inspection for determining according to the determining module describes file, determines the object element In the query object real-time configuration information;
Processing module 230, when real-time configuration information and initial configuration information for determining when the inspection module are inconsistent, Determine that data inspection result of the query object in the object element is abnormal.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection device, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
In embodiments of the present invention, the determining module 210 of the data detecting device determines that the data inspection of query object is retouched File is stated, which describes object element, inquiry foot where the mark that file includes the query object, the query object Sheet and parsing script.Specifically, it is determined that module 210 can be in the description file of the virtualization network function software in NFV framework Determine that part or all of attribute, can also be by determining module 210 by adopting as query object in VNF attribute described in VNFD Collection data determine query object, and the present invention is not limited thereto.Which looked into it is alternatively possible to be used as by the specific attribute of user setting Object is ask, such as can be using cpu type or type of memory as query object, the present invention is not limited thereto.For each Or every a kind of query object, determine object element, i.e. data inspection is inquired for the query object in the object element;Really Determine query script, which is the script used for checking the query object;Determine that parsing script, the parsing script are For being parsed to the result of data inspection.
In embodiments of the present invention, according to the VNFD of the NFV framework, the query object determined by determining module 210, target Unit, query script and parsing script, the data inspection for generating query object describe file (Data Checking Descriptor, referred to as " DCD "), which includes the mark for being used to indicate the query object of the query object, object element, looks into Ask script and parsing script.For example, it is assumed that query object is set as central processing unit (CPU) type, virtualization CPU (Virtualization CPU, abbreviation VCPU) frequency, type of memory and HA conversion, query object is VIM, and query script makes Be referred to as parameter with virtual machine (VM) name, then as shown in table 1 for the DCD difference of each query object:
Table 1
Optionally, in embodiments of the present invention, the VNFD index DCD can be passed through.It specifically, can be in the void in VNFD Quasi- deployment unit (Virtual Deployment Unit, referred to as " VDU ") increases inspection parameter, which is used to indicate The DCD indexes the relevant parameter of the mark and needs in DCD according to inspection parameter.For example, as shown in table 2, according in DCD The query object of definition, for example, check object shown in table 1 be cpu type and type of memory, i.e. Check_CPU_Type and Check_Memroy_Type checks that the parameter of script input is all for vc_id, i.e. VNFC (VNF Component, VNF component) ID, that is, the title of VM, inspection parameter can indicate as shown in table 2, but the present invention is not limited thereto.
Table 2
In embodiments of the present invention, file is described according to the data inspection that determining module 210 determines, by inspection module 220 determine the real-time configuration information of the query object in the object element.Optionally, the real-time configuration that module 220 determines is checked Information also includes determining initial configuration information, or is referred to as baseline configuration information, for example, some be considered as NFV At the time of framework configures correct completely, first time data query can star, obtain the real-time configuration information checked for the first time, and Can be using the result that the inquiry obtains as the initial configuration information of query object, the present invention is not limited thereto.Optionally, some At the time of being considered as that NFV framework configures correct completely, business can be normally provided sometime for system, or test After receipts sometime, the present invention is not limited thereto.
Optionally, check that module 220 determines that real-time configuration information can determine the real-time configuration of single query object every time Information can also determine real-time configuration information to multiple check objects simultaneously, and the present invention is not limited thereto.
Optionally, in embodiments of the present invention, if it is necessary, just that initial configuration information, which is modified and is considered change, True, real-time query and storage again, the knot inquired can be carried out for by several query objects of modification configuration New initial configuration information of the fruit as query object, i.e. initial configuration information can be updated, but the present invention is not limited to This.Specifically, the initial configuration information can be periodically updated, for example, will check that module 220 determines real-time every half a day Configuration information is determined as initial configuration information, and updates original initial configuration information;Or initial configuration can be updated at any time Certain specific real-time configuration information determined is determined as initial configuration information by information, and the present invention is not limited thereto.
In embodiments of the present invention, check that module 220 determines real-time configuration information, which can be initial Configuration information can send the specific query script of construction to object element according to the DCD of query object, be rung according to object element The query result answered determines initial configuration information and real-time configuration information.For example, for query object in table 1 be cpu type and Two examples of type of memory are inquired VIM using Get CPU type and Get memory type, it is assumed that VM title For " vm1 ", then the query script constructed can be with are as follows: Get CPU type:VM=" vm1 " and Get memory type:VM =" vm1 ".It include CPU type and Memory type field in the result that VIM is returned according to the query script, such as can be with For CPU type=" CPU_type_A " and Memory type=" DDR_4 ", then " CPU_type_A " and " DDR_4 " makees respectively For vm1 real-time configuration information and store the real-time configuration information, such as be possibly stored to database module.If the secondary inspection It, then can be using inspection result as initial configuration information to check for the first time.
It optionally, can be by it for the real-time configuration information that above-mentioned inspection module 220 determines as one embodiment It, optionally, can as initial configuration information, and using inspection later as the implementation configuration information compared with initial configuration information Periodically to determine real-time configuration information, it can also be triggered at any time by user and determine real-time configuration information, for example, similarly, Get CPU type and Get memory type can be used to inquire VIM, it is assumed that VM entitled " vm1 " is then constructed Query script are as follows: Get CPU type:VM=" vm1 " and Get memory type:VM=" vm1 ".The result that VIM is returned In include CPU type and Memory type field, such as CPU type=" CPU_type_B " and Memory type=" DDR_4 ", then " CPU_type_B " and " DDR_4 " is real-time configuration information.
In embodiments of the present invention, when checking the real-time configuration information that module 220 is obtained according to inspection result and initially When configuration information is inconsistent, processing module 230 determines that data inspection result of the query object in the object element is abnormal.It will Determining real-time configuration information and initial configuration information compare, and when the two is not identical, determine that inspection result, can be abnormal To think that the related data of object element changes, the audit report that inspection result exception can be used to indicate by transmission is logical Know system manager, for example, can be notified by way of warning information or audit report system manager's exception information or Person's inspection result.For example, according to above example, determining initial configuration information be " CPU_type_A " and " DDR_4 ", in real time Configuration information is " CPU_type_B " and " DDR_4 ", initial configuration information and real time information are compared, find cpu type Difference can then determine that data inspection result is abnormal, and can be notified by way of warning information or audit report be Uniting, there are exception informations by administrator.In another example check the real-time configuration information and initial configuration information comparison that module 220 determines, Check in VIM due to the VCPU dominant frequency for directly modifying the VM that some is currently running, if this modification will lead to the VM can not Enough CPU processing capacities are obtained, and then cause VNF that can not normally provide business service, then checking that module 220 determines at this time Real-time configuration information and initial configuration information can show inconsistent, processing module 230 feeds back the inspection result to system pipes Reason person place, administrator has found in time, then can be modified accordingly in time, avoid VNF that from can not normally providing business service.
It optionally, can be periodic test or casual inspection to data inspection.Periodic test can be examined also for timing It looks into, such as can be set one hour or several hours and once checked, can be with the real-time configuration information of timing determination, it will be periodical Determine that real-time configuration information is compared with initial configuration information, to realize periodic data inspection.Periodic test can be with For finding temporarily without result in the interlayer configuration of system is inconsistent, prevention configuration is inconsistent and causes VNF service abnormal.
Optionally, inspection can be triggered at random by user, can be started at any time with casual inspection, obtain match in real time at any time Confidence breath, and inspection is compared with initial configuration information.Casual inspection can be used for when VNF services appearance exception, immediately It checks whether the problem by real-time configuration information and configuration data information caused by inconsistent, can be improved the speed of positioning problems Degree reduces traffic lost.
It should be understood that the device 100 of data inspection can correspond in network function virtualization architecture according to an embodiment of the present invention Method 300 in the execution embodiment of the present invention, and it is each in the device 100 of data inspection in network function virtualization architecture Above and other operation and/or function of a module is respectively in order to realize the corresponding process of each method in Fig. 4, for letter Clean, details are not described herein.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection device, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
Optionally, as one embodiment, Fig. 3 shows the dress of NFV framework data inspection according to an embodiment of the present invention Another schematic block diagram set, the device 300 can be used as an independent tool and use.As shown in figure 3, the device 300 wraps It includes: description file read module 310, script module 320, database module 330, configuration contrast module 340 and interface module 350, wherein interface module 350 can refer to multiple interface modules, such as may include three interface modules, and respectively first connects Mouth mold block 351, second interface module 352 and third interface module 353.
In embodiments of the present invention, the description file read module 310 of the device of the NFV framework data inspection can be used for VNF attribute described in the VNFD in NFV framework is read, and is determined part of or whole attributes by script module 320 As query object, i.e., the script module 320 can correspond to the device 200 with the NFV framework data inspection of the embodiment of the present invention In determining module 210.Specifically, can be by which specific attribute of user setting as query object, such as it can be by CPU Type or type of memory are determined as query object, also, for each or every a kind of query object, script module 320 Object element, i.e. data inspection are inquired for the query object in the object element;Determine query script, the query script For the script used for checking the query object;Determine that parsing script, the parsing script are for the result to data inspection It is parsed.
In embodiments of the present invention, the VNFD of the NFV framework read according to description file read module 310, by script Query object, object element, query script and the parsing script that module 320 determines, generate the DCD of query object, which includes It is used to indicate mark, object element, query script and the parsing script of the query object of the query object.For example, it is assumed that inquiry Object is set as central processing unit (CPU) type, virtualization cpu frequency, type of memory and HA conversion, and query object is VIM, Query script is referred to as parameter using virtual machine (VM) name, then as shown in table 1 for the DCD difference of each query object.
Optionally, in embodiments of the present invention, the VNFD index DCD can be passed through.It specifically, can be in VNFD VDU increases inspection parameter, which is used to indicate the DCD, indexes mark in DCD and needs according to inspection parameter Relevant parameter.For example, as shown in table 2, according to query object defined in DCD, such as check object shown in table 1 is CPU class Type and type of memory, i.e. Check_CPU_Type and Check_Memroy_Type check that the parameter of script input is all for vc_ Id, the i.e. ID of VNFC, that is, the title of VM, inspection parameter can indicate as shown in table 2, but the present invention is not limited thereto.
Optionally, the data inspection that script module 320 determines, which describes file, can store in database module 330.
In embodiments of the present invention, according to determining query object, real-time configuration information is determined by script module 320, this When, which can correspond to the inspection module in the device 200 of the NFV framework data inspection of the embodiment of the present invention 220.Specifically, at the time of some is considered as that NFV framework configures correct completely, it can star first time data query, obtain The real-time configuration information checked for the first time is obtained, and can be believed using the result that the inquiry obtains as the initial configuration of query object Breath.Script module 320 is by information such as the query scripts read in database module 330, by interface module 350 to inquiry pair As sending, for example, this inquires VIM using Get CPU type and Get memory type, it is assumed that VM is entitled " vm1 ", the then query script constructed are as follows: Get CPU type:VM=" vm1 " and Get memory type:VM=" vm1 ". First interface module 351 in interface module 350 is connected with VIM, and second interface module 352 is connected with hardware management software, the Three interface modules 352 are connected with VNFM, due to ask object be VIM when, can by first interface module 351 to VIM transmission look into Ask script.It include CPU type and Memory type field, such as CPU type=" CPU_type_ in the result that VIM is returned A " and Memory type=" DDR_4 " is returned by first interface module 351, then " CPU_type_A " and " DDR_4 " difference Initial configuration as vm1 is stored into database module 330.
In embodiments of the present invention, similarly, real-time configuration information can be determined periodically and be stored to database mould Block 330, or set out at any time data query when, real-time configuration information can also be sent in database module 330.For example, certain One moment also inquired VIM using Get CPU type and Get memory type, it is assumed that VM entitled " vm1 ", then The query script constructed are as follows: Get CPU type:VM=" vm1 " and Get memory type:VM=" vm1 ".Due to inquiry pair As query script can be sent to VIM by first interface module 351, script module 330 for VIM.In the result that VIM is returned Include CPU type and Memory type field, such as CPU type=" CPU_type_B " and Memory type=" DDR_ 4 ", then " CPU_type_B " and " DDR_4 " is real-time configuration information, which can be saved in database module 330。
In embodiments of the present invention, for the initial configuration information and real-time configuration information that are saved in database module 330, It can be compared by configuration contrast module 340, at this point, the configuration contrast module 340 can correspond to the embodiment of the present invention Processing module 230 in the device 200 of NFV framework data inspection.When configuration contrast module 340 is somebody's turn to do according to what inspection result obtained When real-time configuration information and inconsistent initial configuration information, data inspection result of the query object in the object element is determined It is abnormal.Configuration contrast module 340 compares determining real-time configuration information and initial configuration information, when the two is not identical When, determine that inspection result is abnormal, it is believed that the related data of object element changes, and can be used to indicate by sending The audit report of inspection result exception notifies system manager, for example, can be by way of warning information or audit report Notify system manager's exception information or inspection result.For example, according to above example, determining initial configuration information is " CPU_type_A " and " DDR_4 ", real-time configuration information is " CPU_type_B " and " DDR_4 ", by initial configuration information and reality When information be compared, discovery cpu type is different, then can determine that data inspection result to be abnormal, and can pass through alarm letter The mode of breath or audit report notifies system manager that there are exception informations.
It should be understood that the device 200 of data inspection can correspond in network function virtualization architecture according to an embodiment of the present invention Method 300 in the execution embodiment of the present invention, and it is each in the device 300 of data inspection in network function virtualization architecture Above and other operation and/or function of a module is respectively in order to realize the corresponding process of each method in Fig. 4, for letter Clean, details are not described herein.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection device, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
Fig. 4 shows showing for the method 400 of network function virtualization NFV framework data inspection according to an embodiment of the present invention Meaning property flow chart, this method can be executed by NFV framework data detecting device, which can independently be used as a tool, Also it can integrate in the software systems of NFV framework, such as VNF manager (VNFM) 104 or NFV formatter (NFVO) 102 etc., The present invention is not limited thereto.As shown in figure 4, this method 400 includes:
S410 determines that the data inspection of query object describes file, and it includes the query object which, which describes file, Mark, the object element where the query object, query script and parsing script, wherein the object element belongs to the NFV frame Structure, for the query script for checking the query object, which is used to parse the inspection result of the query object;
S420 describes file according to the data inspection, determines the real-time configuration information of the query object in the object element;
S430 determines the query object in the target list when the real-time configuration information and inconsistent initial configuration information Data inspection result in member is abnormal.
It should be understood that in embodiments of the present invention, object element belongs to the NFV framework, such as can be in the NFV framework VIM 106, or the VNF 108 in the NFV framework, the present invention is not limited thereto.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection method, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
In S410, determine that the data inspection of query object describes file, it includes the inquiry which, which describes file, Object element, query script and parsing script where the mark of object, the query object.It specifically, can be in NFV framework Determine that part or all of attribute, can also be by determining module 210 by adopting as query object in VNF attribute described in VNFD Collection data determine query object, and the present invention is not limited thereto.Which looked into it is alternatively possible to be used as by the specific attribute of user setting Object is ask, such as can be using cpu type or type of memory as query object, the present invention is not limited thereto.For each Or every a kind of query object, determine object element, i.e. data inspection is inquired for the query object in the object element;Really Determine query script, which is the script used for checking the query object;Determine that parsing script, the parsing script are For being parsed to the result of data inspection.
In embodiments of the present invention, query object, the object element, query script determined according to the VNFD of the NFV framework With parsing script, the DCD of query object is generated, which includes the mark for being used to indicate the query object of the query object, target Unit, query script and parsing script.For example, it is assumed that query object be set as cpu type, virtualization cpu frequency, HA conversion and Type of memory, query object are VIM, and query script is referred to as parameter using virtual machine (VM) name, then for each inquiry pair The DCD difference of elephant is as shown in table 1.
Optionally, in embodiments of the present invention, the VNFD index DCD can be passed through.It specifically, can be in the void in VNFD Quasi- deployment unit (Virtual Deployment Unit, referred to as " VDU ") increases inspection parameter, which is used to indicate The DCD indexes the relevant parameter of the mark and needs in DCD according to inspection parameter.For example, as shown in table 2, according in DCD The query object of definition, for example, check object shown in table 1 be cpu type and type of memory, i.e. Check_CPU_Type and Check_Memroy_Type checks that the parameter of script input is all for vc_id (ID of VNFC, that is, the title of VM), inspection Parameter can indicate as shown in table 2, but the present invention is not limited thereto.
In S420, file is described according to the data inspection, determines the real-time configuration of the query object in the object element Information, optionally, which may include initial configuration information, the initial configuration information or be referred to as base Line configuration information.Specifically, at the time of some is considered as that NFV framework configures correct completely, first time data be can star Inquiry obtains the real-time configuration information checked for the first time, and the result that inquiry can be obtained is as the initial of query object Configuration information.Optionally, at the time of some is considered as that NFV framework configures correct completely, business can normally be provided for system Sometime, or after examination sometime, the present invention is not limited thereto.
It, can also be with optionally it is determined that configuration information can determine the real-time configuration information of single query object every time in real time Real-time configuration information is determined to multiple check objects simultaneously, the present invention is not limited thereto.
Optionally, in embodiments of the present invention, if it is necessary, just that initial configuration information, which is modified and is considered change, True, real-time query and storage again, the knot inquired can be carried out for by several query objects of modification configuration New initial configuration information of the fruit as query object, i.e. initial configuration information can be updated, but the present invention is not limited to This.Specifically, the initial configuration information can be periodically updated, for example, determining determining real-time configuration information every half a day For initial configuration information, and update original initial configuration information;Or initial configuration information can be updated at any time, it will be specific Certain real-time configuration information determined is determined as initial configuration information, and the present invention is not limited thereto.
In embodiments of the present invention, real-time configuration information is determined, which may include initial configuration information, The specific query script of construction, the inquiry responded according to object element can be sent to object element according to the DCD of query object As a result, determining initial configuration information and real-time configuration information.For example, being cpu type and type of memory for query object in table 1 Example, VIM is inquired using Get CPU type and Get memory type, it is assumed that VM entitled " vm1 ", then structure The query script produced can be with are as follows: Get CPU type:VM=" vm1 " and Get memory type:VM=" vm1 ".VIM root Include CPU type and Memory type field in the result returned according to the query script, such as can be CPU type=" CPU_type_A " and Memory type=" DDR_4 ", then " CPU_type_A " and " DDR_4 " matches in real time respectively as vm1's Confidence ceases and stores the real-time configuration information.It, can be using inspection result as initial if this time checks to check for the first time Configuration information.
It optionally, can be as initial configuration for the real-time configuration information of above-mentioned determination as one embodiment Information, and using inspection later as the implementation configuration information compared with initial configuration information, it can periodically determine in real time Configuration information can also be triggered at any time by user and determine real-time configuration information, for example, similarly, using Get CPU type and Get memory type inquires VIM, it is assumed that VM entitled " vm1 ", the then query script constructed are as follows: Get CPU Type:VM=" vm1 " and Get memory type:VM=" vm1 ".It include CPU type and Memory in the result that VIM is returned Type field, such as CPU type=" CPU_type_B " and Memory type=" DDR_4 ", then " CPU_type_B " and " DDR_4 " is real-time configuration information.
In S430, when the real-time configuration information and inconsistent initial configuration information, determine the query object in the mesh The data inspection result marked in unit is abnormal.Specifically, determining real-time configuration information and initial configuration information are compared, When the two is not identical, determine that inspection result is abnormal, it is believed that the related data of object element changes, and can pass through The audit report that transmission is used to indicate inspection result exception notifies system manager, for example, can pass through warning information or inspection The mode for looking into report notifies system manager's exception information or inspection result.For example, what is determined is initial according to above example Configuration information be " CPU_type_A " and " DDR_4 ", real-time configuration information is " CPU_type_B " with " DDR_4 ", will initially match Confidence breath and real time information are compared, and discovery cpu type is different, then can determine that data inspection result, and can be with to be abnormal Notify system manager that there are exception informations by way of warning information or audit report.
It optionally, can be periodic test or casual inspection to data inspection.Periodic test can be examined also for timing It looks into, such as can be set one hour or several hours and once checked, can be with the real-time configuration information of timing determination, it will be periodical Determine that real-time configuration information is compared with initial configuration information, to realize periodic data inspection.Periodic test can be with For finding temporarily without result in the interlayer configuration of system is inconsistent, prevention configuration is inconsistent and causes VNF service abnormal.
Optionally, inspection can be triggered at random by user, can be started at any time with casual inspection, obtain match in real time at any time Confidence breath, and inspection is compared with initial configuration information.Casual inspection can be used for when VNF services appearance exception, immediately It checks whether the problem by real-time configuration information and configuration data information caused by inconsistent, can be improved the speed of positioning problems Degree reduces traffic lost.
It should be understood that in various embodiments of the present invention, magnitude of the sequence numbers of the above procedures are not meant to execute suitable Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention Process constitutes any restriction.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection method, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
As shown in figure 5, the embodiment of the invention also provides a kind of device 500 of NFV framework data inspection, including processor 510, memory 520 and bus system 530.Wherein, processor 510 is connected with memory 520 by bus system 530, this is deposited For storing instruction, which is used to execute the instruction of the memory 520 storage to reservoir 520.The memory 520 storage Program code, and processor 510 can call the program code stored in memory 520 to execute following operation: determine inquiry pair The data inspection of elephant describes file, which describes where the mark that file includes the query object, the query object Object element, query script and parsing script, wherein the object element belongs to the NFV framework, and the query script is for checking this Query object, the parsing script are used to parse the inspection result of the query object;File is described according to the data inspection, determining should The real-time configuration information of the query object in object element;When the real-time configuration information and inconsistent initial configuration information, really Data inspection result of the fixed query object in the object element is abnormal.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection device, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
It should be understood that in embodiments of the present invention, which can be central processing unit (Central Processing Unit, referred to as " CPU "), which can also be other general processors, digital signal processor (DSP), specific integrated circuit (ASIC), ready-made programmable gate array (FPGA) or other programmable logic device, discrete gate Or transistor logic, discrete hardware components etc..General processor can be microprocessor or the processor can also be with It is any conventional processor etc..
The memory 520 may include read-only memory and random access memory, and to processor 510 provide instruction and Data.The a part of of memory 520 can also include nonvolatile RAM.For example, memory 520 can also be deposited Store up the information of device type.
The bus system 530 can also include power bus, control bus and status signal in addition to including data/address bus Bus etc..But for the sake of clear explanation, various buses are all designated as bus system 530 in figure.
During realization, each step of the above method can pass through the integrated logic circuit of the hardware in processor 510 Or the instruction of software form is completed.The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly at hardware Reason device executes completion, or in processor hardware and software module combine and execute completion.Software module can be located at random Memory, flash memory, read-only memory, the abilities such as programmable read only memory or electrically erasable programmable memory, register In the storage medium of domain maturation.The storage medium is located at memory 520, and processor 510 reads the information in memory 520, knot Close the step of its hardware completes the above method.To avoid repeating, it is not detailed herein.
Optionally, as one embodiment, processor 510 can call the program code stored in memory 520 to execute It operates below: according to the description file VNFD of the virtualization network function software in the NFV framework, determining the data of query object Check description file.
Optionally, as one embodiment, which describes file and is located in the VNFD.
Optionally, as one embodiment, which includes virtual deployment unit, which includes checking ginseng Number information, the inspection parameter information are used to indicate the data inspection and describe file.
Optionally, as one embodiment, processor 510 can call the program code stored in memory 520 to execute It operates below: file being described according to the data inspection, periodically determines the real-time configuration of the query object in the object element Information.
Optionally, as one embodiment, processor 510 can call the program code stored in memory 520 to execute It operates below: when the real-time configuration information and the initial configuration information are inconsistent, generating audit report, which is used for Designation date inspection result is abnormal.
It should be understood that the device 500 of data inspection can correspond in network function virtualization architecture according to an embodiment of the present invention The device 200 of data inspection in network function virtualization architecture in the embodiment of the present invention, and can correspond to execute basis Corresponding main body in the method 400 of the embodiment of the present invention, and in network function virtualization architecture in the device 500 of data inspection Modules above and other operation and/or function respectively in order to realize the corresponding process of each method in Fig. 4, in order to Succinctly, details are not described herein.
Therefore, in the network function virtualization architecture of the embodiment of the present invention data inspection device, determine query object Data inspection describes file, and it includes in NFV framework where the mark of query object, query object which, which describes file, Object element, the query script for checking query object and parse query object inspection result parsing script, according to The data inspection describes file, determines the real-time configuration information of the query object in object element, when real-time configuration information and just When beginning configuration information is inconsistent, determine that data inspection result is abnormal, so as to which either party changes in NFVI or VNF When, alarm and report are provided to system manager in time, system hidden trouble is found in advance, or in the event of a failure, with the function Investigation whether the virtual resource ability of NFVI and virtual resource demand mismatch the problem of causing of VNF, improve positioning problems effect Rate reduces traffic lost.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (14)

1. the device of data inspection in a kind of network function virtualization NFV framework, which is characterized in that described device includes:
Determining module, for determining that the data inspection of query object describes file, it includes described that the data inspection, which describes file, Object element, query script and parsing script where the mark of query object, the query object, wherein the target list Member belongs to the NFV framework, and the query script is for checking the query object, and the parsing script is for parsing described look into Ask the inspection result of object;
Check module, the data inspection for determining according to the determining module describes file, determines the object element Described in query object real-time configuration information;
Processing module determines when the real-time configuration information for determining when the inspection module is inconsistent with initial configuration information Data inspection result of the query object in the object element is abnormal.
2. the apparatus according to claim 1, which is characterized in that the determining module is specifically used for:
According to the description file VNFD of the virtualization network function software in the NFV framework, the data inspection of query object is determined Look into description file.
3. the apparatus of claim 2, which is characterized in that the data inspection describes file and is located in the VNFD.
4. device according to claim 3, which is characterized in that the VNFD includes virtual deployment unit, the dummy section Affixing one's name to unit includes inspection parameter information, and the inspection parameter information is used to indicate the data inspection and describes file.
5. device according to any one of claim 1 to 4, which is characterized in that the inspection module is specifically used for:
File is described according to the data inspection, periodically determines that the described of query object described in the object element is matched in real time Confidence breath.
6. device according to any one of claim 1 to 4, which is characterized in that the processing module is also used to:
When the real-time configuration information and the inconsistent initial configuration information, audit report is generated, the audit report is used It is abnormal in designation date inspection result.
7. device according to any one of claim 1 to 4, which is characterized in that the inspection module is also used to:
The query script in file is described according to the data inspection, determines query object described in the object element The real-time configuration information.
8. a kind of method of data inspection in network function virtualization NFV framework, which is characterized in that the described method includes:
Determine that the data inspection of query object describes file, the data inspection describes the mark that file includes the query object Object element, query script and parsing script where knowledge, the query object, wherein the object element belongs to the NFV Framework, the query script is for checking that the query object, the parsing script are used to parse the inspection of the query object As a result;
File is described according to the data inspection, determines the real-time configuration information of query object described in the object element;
When the real-time configuration information and inconsistent initial configuration information, determine the query object in the object element Data inspection results it is abnormal.
9. according to the method described in claim 8, it is characterized in that, the data inspection of the determining query object describes file, Include:
According to the description file VNFD of the virtualization network function software in the NFV framework, the data inspection of query object is determined Look into description file.
10. according to the method described in claim 9, it is characterized in that, the data inspection describes file is located in the VNFD.
11. described virtual according to the method described in claim 10, it is characterized in that, the VNFD includes virtual deployment unit Deployment unit includes inspection parameter information, and the inspection parameter information is used to indicate the data inspection and describes file.
12. the method according to any one of claim 8 to 11, which is characterized in that described to be retouched according to the data inspection File is stated, determines the real-time configuration information of query object described in the object element, comprising:
File is described according to the data inspection, periodically determines that the described of query object described in the object element is matched in real time Confidence breath.
13. the method according to any one of claim 8 to 11, which is characterized in that described to work as the real-time configuration information When inconsistent with initial configuration information, determine that data inspection result of the query object in the object element is abnormal, packet It includes:
When the real-time configuration information and the inconsistent initial configuration information, audit report is generated, the audit report is used It is abnormal in designation date inspection result.
14. the method according to any one of claim 8 to 11, which is characterized in that described to be retouched according to the data inspection File is stated, determines the real-time configuration information of query object described in the object element, comprising:
The query script in file is described according to the data inspection, determines query object described in the object element The real-time configuration information.
CN201510418248.4A 2015-07-15 2015-07-15 The method and apparatus of data inspection in network function virtualization architecture Active CN105119736B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510418248.4A CN105119736B (en) 2015-07-15 2015-07-15 The method and apparatus of data inspection in network function virtualization architecture
PCT/CN2016/083009 WO2017008578A1 (en) 2015-07-15 2016-05-23 Data check method and device in network function virtualization framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510418248.4A CN105119736B (en) 2015-07-15 2015-07-15 The method and apparatus of data inspection in network function virtualization architecture

Publications (2)

Publication Number Publication Date
CN105119736A CN105119736A (en) 2015-12-02
CN105119736B true CN105119736B (en) 2019-01-18

Family

ID=54667634

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510418248.4A Active CN105119736B (en) 2015-07-15 2015-07-15 The method and apparatus of data inspection in network function virtualization architecture

Country Status (2)

Country Link
CN (1) CN105119736B (en)
WO (1) WO2017008578A1 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105119736B (en) * 2015-07-15 2019-01-18 华为技术有限公司 The method and apparatus of data inspection in network function virtualization architecture
CN105700961B (en) * 2016-02-29 2019-03-08 华为技术有限公司 Business container creation method and device
CN105847142B (en) * 2016-03-22 2019-03-01 华为技术有限公司 A kind of message transmitting method and device
CN108702316B (en) * 2016-03-30 2020-06-26 华为技术有限公司 VNF resource allocation method and device
CN105760214B (en) * 2016-04-19 2019-02-26 华为技术有限公司 A kind of equipment state and resource information monitoring method, relevant device and system
CN107872339B (en) * 2016-09-27 2022-11-18 中兴通讯股份有限公司 Operation and maintenance implementation method and device in virtual network and virtual network system
CN109150572B (en) * 2017-06-28 2020-07-24 华为技术有限公司 Method, device and computer readable storage medium for realizing alarm association
CN110008114B (en) * 2019-02-25 2022-08-05 口碑(上海)信息技术有限公司 Configuration information maintenance method, device, equipment and readable storage medium
CN112559113B (en) * 2019-09-10 2023-11-10 中国移动通信集团浙江有限公司 CMDB-based NFV configuration management method, system, server and storage medium
CN112288282A (en) * 2020-10-30 2021-01-29 锐创软件技术(启东)有限公司 Safety production supervision and management system and management method thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050045A (en) * 2014-06-27 2014-09-17 华为技术有限公司 Method and device for distributing virtual resources based on disk IO
CN104115447A (en) * 2014-04-14 2014-10-22 华为技术有限公司 Allowing destroy scheme configuration method and device under cloud computing architecture
CN104461683A (en) * 2014-11-07 2015-03-25 华为技术有限公司 Verification method, device and system for virtual machine illegal configuration

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9167501B2 (en) * 2011-08-29 2015-10-20 Telefonaktiebolaget L M Ericsson (Publ) Implementing a 3G packet core in a cloud computer with openflow data and control planes
US9319324B2 (en) * 2013-12-06 2016-04-19 Telefonaktiebolaget L M Ericsson (Publ) Method and system of service placement for service chaining
CN104363159B (en) * 2014-07-02 2018-04-06 北京邮电大学 A kind of opening virtual network constructing system and method based on software defined network
CN104410672B (en) * 2014-11-12 2017-11-24 华为技术有限公司 Method, the method and device of forwarding service of network function virtualization applications upgrading
CN105119736B (en) * 2015-07-15 2019-01-18 华为技术有限公司 The method and apparatus of data inspection in network function virtualization architecture

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104115447A (en) * 2014-04-14 2014-10-22 华为技术有限公司 Allowing destroy scheme configuration method and device under cloud computing architecture
CN104050045A (en) * 2014-06-27 2014-09-17 华为技术有限公司 Method and device for distributing virtual resources based on disk IO
CN104461683A (en) * 2014-11-07 2015-03-25 华为技术有限公司 Verification method, device and system for virtual machine illegal configuration

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络功能虚拟化及其标准化;薛海强;《中兴通讯技术》;20150430;全文

Also Published As

Publication number Publication date
CN105119736A (en) 2015-12-02
WO2017008578A1 (en) 2017-01-19

Similar Documents

Publication Publication Date Title
CN105119736B (en) The method and apparatus of data inspection in network function virtualization architecture
US11611487B2 (en) Model driven process for automated deployment of domain 2.0 virtualized services and applications on cloud infrastructure
CN105760214B (en) A kind of equipment state and resource information monitoring method, relevant device and system
CN110178398B (en) Guarantee framework for CP and DP slices
CN103516802B (en) Method and device for achieving seamless transference of across heterogeneous virtual switch
CN108632067A (en) Disaster tolerance dispositions method, apparatus and system
CN108881489A (en) A kind of coordination system and method for Distributed Services
JP2015056182A5 (en)
CN107222318A (en) The performance data processing method and device and NMS of a kind of network element
CN110311798B (en) Method and device for managing virtual resources
CN106936619B (en) Method and device for deploying network service
CN110719209A (en) Cluster network configuration method, system, equipment and readable storage medium
WO2019174000A1 (en) Method and apparatus for service management
CN107749807B (en) Network function verification method and verification system for NFV
CN107222324A (en) The business collocation method and device of network service
CN109150572A (en) Realize the method, apparatus and computer readable storage medium of alarm association
CN108733698B (en) Log message processing method and background service system
CN107634863A (en) Distributed monitoring device and method for domain name mapping disaster tolerance service
CN108199860A (en) A kind of alert processing method and the network equipment
CN108934013A (en) A kind of radio network functions virtual method and device
Chithaluru et al. Simulation on SDN and NFV models through mininet
CN106411575B (en) Cloud environment lower network configures method of calibration and relevant device
CN110912731A (en) NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology
CN108809680B (en) Equipment management method and equipment
CN109379268A (en) Creation method, device and the server of Virtual Private Network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant