CN106452811A - Fault inspection method and system - Google Patents

Fault inspection method and system Download PDF

Info

Publication number
CN106452811A
CN106452811A CN201510484578.3A CN201510484578A CN106452811A CN 106452811 A CN106452811 A CN 106452811A CN 201510484578 A CN201510484578 A CN 201510484578A CN 106452811 A CN106452811 A CN 106452811A
Authority
CN
China
Prior art keywords
message
functional module
information
node
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510484578.3A
Other languages
Chinese (zh)
Other versions
CN106452811B (en
Inventor
朱志伟
刘立杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING LEADSEC TECHNOLOGY CO LTD
Venustech Group Inc
Original Assignee
BEIJING LEADSEC TECHNOLOGY CO LTD
Venustech Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING LEADSEC TECHNOLOGY CO LTD, Venustech Group Inc filed Critical BEIJING LEADSEC TECHNOLOGY CO LTD
Priority to CN201510484578.3A priority Critical patent/CN106452811B/en
Publication of CN106452811A publication Critical patent/CN106452811A/en
Application granted granted Critical
Publication of CN106452811B publication Critical patent/CN106452811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0659Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities
    • H04L41/0661Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities by reconfiguring faulty entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0852Delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • H04L43/106Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring

Abstract

The invention discloses a fault inspection method and system, and the method comprises the steps: monitoring the processing flow of a message flowing through each function module at a network fault node, wherein the message is constructed in advance according to the node information of the network fault node, or is grabbed from a network flow in advance; indicating the function module which has at least one type of following predetermined problems in the processing flow to carry out self-inspection, wherein the predetermined problems comprise a problem that a message is discarded and a problem that the time delay of message processing is greater than or equal to a preset time delay threshold value; determining a fault cause according to the self-inspection result, and determining a restoration method corresponding to the fault cause. According to the scheme of the invention, the method can inspect a fault through simple configuration, gives a detailed fault cause, provides a restoration scheme corresponding to the fault cause, and enables the inspection and restoration of the fault to be simpler and more reliable.

Description

A kind of malfunction elimination method and system
Technical field
The present invention relates to network safety filed is and in particular to a kind of malfunction elimination method and system.
Background technology
Currently become increasingly complex it is desirable to the adaptability of Network Security Device is more and more stronger with network environment, Tackle therewith be Network Security Device function set more and more huger, configuration management logic is more and more multiple Miscellaneous, thereupon equipment reach the standard grade with maintenance process in substantial amounts of network failure is occurred in that due to a variety of causes, How quickly to investigate and repair fault becomes the primary thing of network management personnel.
Network failure is frequently necessary to process be certain network node user cannot access another section Certain business of point, this can be by network fault diagnosis equipment come positioning failure equipment, but this can only determine There is fault to this equipment in position, and cannot know this equipment problem that specifically which functional module causes, Therefore also need to investigate problem further by the method and system of equipment itself.Current firewall and peace The investigation method that full gateway equipment provides has two kinds:
A kind of is to search the daily record with regard to specifying network node by the log system of equipment, analyzing day Will positioning failure reason, but daily record amount is very huge under normal circumstances, and time-consuming and easily loses for analysis Leakage.
A kind of is debugging system by opening equipment, collects Debugging message and carrys out positioning failure reason, but this Plant the too professional difficulty of means greatly it is not easy to grasp.
Content of the invention
In order to solve the above problems, the present invention proposes a kind of malfunction elimination method and system, can pass through Simply configure to investigate fault, provide detailed failure cause, and corresponding recovery scenario is provided, Make investigation and the simpler reliability of reparation of fault.
In order to achieve the above object, the present invention proposes a kind of malfunction elimination method, and the method includes:
Monitoring flows through the handling process of the message of each functional module in network failure node;Wherein, this report Literary composition is to be constructed in advance according to the nodal information of network failure node, or grabs in advance from network traffics Take.
The functional module that following at least one predetermined problem in instruction handling process carries out self-inspection;This makes a reservation for Problem includes:Message is dropped, and the time delay processing message is more than or equal to default delay threshold.
Failure cause is determined according to self-detection result, and determines the corresponding restorative procedure of failure cause.
Preferably, the message information of message includes:Source IP address, purpose IP address, node incoming interface, Node outgoing interface, agreement and service.
Preferably, monitoring flows through the handling process of the message of each functional module in network failure node and includes:
Inlet porting control point at the Message processing main entrance of each functional module of network failure node; And the order according to each functional module process message, respectively in each functional module and next functional module Between arrange a control point, last control point is set after last functional module.
The message information flowing through the message of entrance control point is mated with the match information pre-setting, If message information is mismatched with match information, ignore this message;If message information and match information Match, then this message of labelling needs to monitor, the labeled message information of message of record by this message Presentation of information is out;Wherein, match information is the nodal information generation previously according to network failure node, Including following information one or more:Source IP address, purpose IP address, node incoming interface, node Outgoing interface, agreement and service.
Check respectively for flowing through the message monitored mark whether in need of each functional module control point below Note, if this message does not need monitored labelling, ignores this message;If this message is in need Monitored labelling, then record the message information and this message of labelling of this message place in this functional module The timestamp of reason time span, and this message information and timestamp are shown;And check that this message is The no functional module being flowed through by this message be set to abandon, or by the timestamp of this message with upper one The timestamp of message is compared, and checks whether the time delay of this message is more than or equal to default delay threshold.
Preferably, the functional module of following at least one predetermined problem and carries out self-inspection in instruction handling process Including:
The functional module that following at least one predetermined problem in instruction handling process proceeds as follows:
In an identical manner the running configuration parameter of user configuring parameter and functional module is configured.
Calculate the message digest algorithm MD5 value of user configuring parameter and the MD5 of running configuration parameter respectively Value.
Calculate two MD5 values are compared, when comparative result is that two MD5 values are inconsistent, Judge that user configuring parameter is asynchronous with running configuration parameter.
Backup user configuring parameter simultaneously removes current user configuring parameter.
Add default one or more test case, the fortune based on running configuration parameter testing functional module Whether row state is normal.
Self-detection result based on testing result systematic function module.
Preferably, failure cause is determined according to self-detection result, and determine the corresponding restorative procedure of failure cause Including:
Obtain the failure cause of functional module according to self-detection result, according to this failure cause and default mapping Table obtains the restorative procedure corresponding with this failure cause.
Wherein, mapping table includes the various faults of each functional module of network failure node collected in advance Reason and with various failure causes one-to-one restorative procedure;Various failure causes include predefining simultaneously The pre- numbering of various failure causes preserving and word description;Restorative procedure includes predefined and protects in advance The word description of the restorative procedure deposited, step setting and step parameter configuration.
In order to achieve the above object, the invention allows for a kind of malfunction elimination system, this system includes: Monitoring module, indicating module and determining module.
Monitoring module, flows through the processing stream of the message of each functional module in network failure node for monitoring Journey;Wherein, this message is to be constructed in advance according to the nodal information of network failure node, or from net Capture in advance in network flow.
Indicating module, enters for indicating that the functional module of following at least one predetermined problem in handling process Row self-inspection;This predetermined problem includes:Message is dropped, and the time delay processing this message is more than or equal to default Delay threshold.
Determining module, for determining failure cause according to self-detection result, and determines the reparation side of failure cause Method.
Preferably,
The message information of this message includes:Source IP address, purpose IP address, node incoming interface, node Outgoing interface, agreement and service.
Preferably, monitoring module monitoring flows through the process of the message of each functional module in network failure node Flow process refers to:
Inlet porting control point at the Message processing main entrance of each functional module of network failure node; And process the order of this message according to each functional module, respectively in each functional module and next function mould Between block, a control point is set, last control point is set after last functional module.
The message information flowing through the message of entrance control point is mated with the match information pre-setting, If message information is mismatched with match information, ignore this message;If message information and configuration information Match, then this message of labelling needs to monitor, the labeled message information of message of record by this message Presentation of information is out;Wherein, this match information is the nodal information generation previously according to network failure node , including one or more of following information:Source IP address, purpose IP address, node incoming interface, Node outgoing interface, agreement and service.
Check respectively for flowing through the message monitored mark whether in need of each functional module control point below Note, if this message does not need monitored labelling, ignores this message;If this message is in need Monitored labelling, then record the message information and this message of labelling of this message place in this functional module The timestamp of reason time span, and this message information and timestamp are shown;And check that this message is The no functional module being flowed through by this message be set to abandon, or by the timestamp of this message with upper one The timestamp of message is compared, and checks whether the time delay of this message is more than or equal to default delay threshold.
Preferably, indicating module indicates that the functional module of following at least one predetermined problem in handling process Carry out self-inspection to refer to:
The functional module that following at least one predetermined problem in instruction handling process proceeds as follows:
In an identical manner the running configuration parameter of user configuring parameter and functional module is configured.
Calculate the message digest algorithm MD5 value of user configuring parameter and the MD5 of running configuration parameter respectively Value.
Calculate two MD5 values are compared, when comparative result is that two MD5 values are inconsistent, Judge that user configuring parameter is asynchronous with running configuration parameter.
Backup user configuring parameter simultaneously removes current user configuring parameter.
Add default one or more test case, the fortune based on running configuration parameter testing functional module Whether row state is normal.
Self-detection result based on testing result systematic function module.
Preferably, determining module determines failure cause according to self-detection result, and determines that this failure cause corresponds to Restorative procedure refer to:
Obtain the failure cause of functional module according to self-detection result, according to failure cause and default mapping table Obtain the restorative procedure corresponding with failure cause.
Wherein, mapping table includes the various faults of each functional module of network failure node collected in advance Reason and with various failure causes one-to-one restorative procedure;Various failure causes include predefining simultaneously The pre- numbering of various failure causes preserving and word description;Restorative procedure includes predefined and protects in advance The word description of the restorative procedure deposited, step setting and step parameter configuration.
Compared with prior art, the present invention includes:Monitoring flows through each functional module in network failure node Message handling process;Wherein, this message is to be constructed in advance according to the nodal information of network failure node , or capture in advance from network traffics.Instruction handling process occurs following at least one predetermined The functional module of problem carries out self-inspection;This predetermined problem includes:Message is dropped, and processes the time delay of message More than or equal to default delay threshold.Failure cause is determined according to self-detection result, and determines failure cause Corresponding restorative procedure.By the solution of the present invention, can be given by simply configuring to investigate fault Go out detailed failure cause, and corresponding recovery scenario is provided, make the investigation of fault with reparation more Simple and reliable.
Brief description
Below the accompanying drawing in the embodiment of the present invention is illustrated, the accompanying drawing in embodiment is for this Bright further understands, and is used for explaining the present invention together with description, does not constitute and protects model to the present invention The restriction enclosed.
Fig. 1 is the malfunction elimination method flow diagram of the present invention;
Fig. 2 is that the control point of the embodiment of the present invention arranges schematic diagram;
Fig. 3 is message information and the timestamp display schematic diagram of the embodiment of the present invention;
Fig. 4 is message information, failure cause and the restorative procedure display schematic diagram of the embodiment of the present invention;
Fig. 5 is the malfunction elimination block diagram of system of the present invention.
Specific embodiment
For the ease of the understanding of those skilled in the art, below in conjunction with the accompanying drawings the present invention is further retouched State, can not be used for limiting the scope of the invention.
In order to achieve the above object, the present invention proposes a kind of malfunction elimination method, as shown in figure 1, should Method includes:
S101, monitoring flow through the handling process of the message of each functional module in network failure node;Wherein, This message is to be constructed in advance according to the nodal information of network failure node, or pre- from network traffics First capture.
Preferably, the message information of message includes:Source IP address, purpose IP address, node incoming interface, Node outgoing interface, agreement and service.
In embodiments of the present invention, user can configure previously according to the nodal information of network failure node Source IP address, purpose IP address, node incoming interface, node outgoing interface and service etc., construct difference Message, make this message flow through this network failure node, check this message network failure node which Part goes wrong, thus clear failure phenomenon.We can also be according to the actual rings of network failure node Border parameter, is not limited to the nodal information of above-mentioned network failure node, generates message, for definite network The phenomenon of the failure of malfunctioning node.In addition, for the network articles needing before reaching the standard grade through network test, We can from need test network traffics gripping portion message so as to flow through network failure node, really Recognize this segment message partly to go wrong in which of network failure node, this avoid this network item The loss that mesh is saved and brought after breaking down in network failure node after reaching the standard grade.
Preferably, monitoring flows through the handling process of the message of each functional module in network failure node and includes:
S1011, at the Message processing main entrance of each functional module of network failure node inlet porting Control point;And the order according to each functional module process message, respectively in each functional module and the next one Between functional module, a control point is set, last control point is set after last functional module.
In embodiments of the present invention, a network failure node can include the work(that one or more orders execute Can module, in order to clear and definite specifically which functional module goes wrong it would be desirable in each functional module A test monitoring point added behind, in first functional module, first control point added behind, second Individual functional module second control point added behind, the 3rd functional module the 3rd control point added behind, By that analogy, by monitoring messages specific to each functional module.For example, it is assumed that fire wall and safety net There is n functional module in pass equipment, including Dialog processing functional module, address translation function, Security strategy functional module, intrusion prevention functional module etc., first, we set in Message processing main entrance Put monitoring point J0, in Dialog processing functional module control point disposed behind J1, in address translation function Control point J2 disposed behind, in security strategy functional module control point disposed behind J3, in intrusion prevention Functional module control point disposed behind J4.Specifically as shown in Figure 2.
S1012, the message information flowing through the message of entrance control point is entered with the match information pre-setting Row coupling, if message information is mismatched with match information, ignores this message;If message information with Match information matches, then this message of labelling needs to monitor, and the message information of the labeled message of record is simultaneously This message information is shown;Wherein, match information is the node letter previously according to network failure node Breath generates, including one or more of following information:Source IP address, purpose IP address, node enter Interface, node outgoing interface, agreement and service.
In embodiments of the present invention, can believe the node previously according to network failure node in entrance control point Breath generates one group of match information, and this match information forms the filter of the message flowing through this network failure node, When message flows through this filter, if the message information of message is all mismatched with the match information pre-setting, Then explanation can ignore this message, and this message will pass through the modules of this network failure node, If the message information of message is matched with the match information pre-setting, illustrate that this message needs to pay attention to Or need to monitor, and this message is marked, and report the message information of this message with intuitively form Show, so that manager can understand the information of this message at any time, and to its tracking monitor.
S1013, check respectively for flowing through the message quilt whether in need of each functional module control point below The labelling of monitoring, if this message does not need monitored labelling, ignores this message;If this report Literary composition monitored labelling in need, then record the message information of this message and this message of labelling in this function mould The timestamp of the process time length in block, and this message information and timestamp are shown (specifically such as Shown in Fig. 3);And check that the functional module whether this message is flowed through by this message is set to abandon, or The timestamp of the timestamp of this message and a upper message is compared by person, checks that the time delay of this message is No more than or equal to default delay threshold.
In embodiments of the present invention, each message is filtered in entrance control point based in above-mentioned steps Afterwards, when this message flows through the control point of each functional module, whether these monitoring points first check for message The mark of monitoring in need, if necessary to monitor, then in current functional module detection messages whether by work( Can module be set to abandon, or by whether excessive with the timestamp comparison check time delay of a upper message.
The functional module that following at least one predetermined problem in S102, instruction handling process carries out self-inspection; This predetermined problem includes:Message is dropped, and the time delay processing message is more than or equal to default delay threshold.
In embodiments of the present invention, if current functional module detects that this message is flowing through this functional module When occur message be dropped and process this message time delay be more than or equal to (this time delay of default delay threshold Threshold value can be predefined according to specific environment) in any one situation, then this functional module is described There is fault, this functional module is automatically into self-check program.This functional module is described in detail below how Complete self-check program.
Preferably, the functional module of following at least one predetermined problem and carries out self-inspection in instruction handling process Including:
The functional module that following at least one predetermined problem in instruction handling process proceeds as follows:
S1021, in an identical manner the running configuration parameter of user configuring parameter and functional module is carried out Setting.
S1022, the message digest algorithm MD5 value calculating user configuring parameter respectively and running configuration parameter MD5 value.
S1023, calculate two MD5 values are compared, when comparative result is two MD5 values When inconsistent, judge that user configuring parameter is asynchronous with running configuration parameter.
S1024, backup user configuring parameter simultaneously remove current user configuring parameter.
S1025, the default one or more test cases of interpolation, based on running configuration parameter testing function Whether the running status of module is normal.
S1026, the self-detection result based on testing result systematic function module.
In embodiments of the present invention, be can determine by above-mentioned steps this functional module fault when due to The fault that family configuration parameter is caused with running configuration parameter mismatch, or due to running configuration parameter setting Fault of unreasonable appearance etc., here, we can be previously according to the ruuning situation setting of this functional module Multiple different test cases, each test case can test the different runnability of this functional module, Go wrong when testing results are carried out by some test case, then illustrate that this functional module is responsible for this The part of item performance breaks down, such that it is able to the concrete failure cause of clear and definite functional module.
S103, failure cause is determined according to self-detection result, and determine the corresponding restorative procedure of failure cause.
In above-mentioned steps, can be clearly determined which part of functional module by the self-inspection of functional module Occur in that fault, have found the failure cause of functional module it is possible to expection is determined according to this failure cause Corresponding restorative procedure.It is possible to further by the message information of this message, the fault of functional module is former Cause and corresponding restorative procedure show, specifically as shown in Figure 4.
Preferably, failure cause is determined according to self-detection result, and determine the corresponding restorative procedure of failure cause Including:
Obtain the failure cause of functional module according to self-detection result, according to this failure cause and default mapping Table obtains the restorative procedure corresponding with this failure cause.
Wherein, mapping table includes the various faults of each functional module of network failure node collected in advance Reason and with various failure causes one-to-one restorative procedure;Various failure causes include predefining simultaneously The pre- numbering of various failure causes preserving and word description;Restorative procedure includes predefined and protects in advance The word description of the restorative procedure deposited, step setting and step parameter configuration.
Here, the method to set up of the mapping table of default failure cause and restorative procedure can be by following step Suddenly complete:
S1031, collect in advance described network failure node each functional module various failure causes.
S1032, numbering and word description predefined and that preserve various described failure causes.
S1033, literary composition that is predefined and preserving the described restorative procedure corresponding with various described failure causes WD, step setting and step parameter configuration.
S1034, will the numbering of predefined various described failure causes and word description with various described therefore The corresponding word description of described restorative procedure of barrier reason, step setting and step parameter configuration are respectively One-to-one corresponding gets up, and constitutes the mapping table of described failure cause and described restorative procedure.
In embodiments of the present invention, after have found the restorative procedure of fault, we can manually or Automatically mode the fault of this functional module is repaired.
Specifically, according to restorative procedure, the fault of functional module being carried out with reparation can be real by following steps Existing:
Obtain after restorative procedure according to failure cause and mapping table, according to the nodal information of network failure node There is provided the step parameter configuration parameter that configuration needs for restorative procedure.
Every reparation step step parameter configuration complete after, according to restorative procedure step arrange by Step is repaired in bar execution.
In order to achieve the above object, the invention allows for a kind of malfunction elimination system 01, as shown in figure 5, This system includes:Monitoring module 02, indicating module 03 and determining module 04.
Monitoring module 02, flows through the process of the message of each functional module in network failure node for monitoring Flow process;Wherein, this message is to be constructed in advance according to the nodal information of network failure node, or from Capture in advance in network traffics.
Indicating module 03, for indicating that the functional module of following at least one predetermined problem in handling process Carry out self-inspection;This predetermined problem includes:Message is dropped, and the time delay processing this message is more than or equal in advance If delay threshold.
Determining module 04, for determining failure cause according to self-detection result, and determines the reparation of failure cause Method.
Preferably,
The message information of this message includes:Source IP address, purpose IP address, node incoming interface, node Outgoing interface, agreement and service.
Preferably, monitoring module 02 monitoring flows through the place of the message of each functional module in network failure node Reason flow process refers to:
Inlet porting control point at the Message processing main entrance of each functional module of network failure node; And process the order of this message according to each functional module, respectively in each functional module and next function mould Between block, a control point is set, last control point is set after last functional module.
The message information flowing through the message of entrance control point is mated with the match information pre-setting, If message information is mismatched with match information, ignore this message;If message information and configuration information Match, then this message of labelling needs to monitor, the labeled message information of message of record by this message Presentation of information is out;Wherein, this match information is the nodal information generation previously according to network failure node , including one or more of following information:Source IP address, purpose IP address, node incoming interface, Node outgoing interface, agreement and service.
Check respectively for flowing through the message monitored mark whether in need of each functional module control point below Note, if this message does not need monitored labelling, ignores this message;If this message is in need Monitored labelling, then record the message information and this message of labelling of this message place in this functional module The timestamp of reason time span, and this message information and timestamp are shown;And check that this message is The no functional module being flowed through by this message be set to abandon, or by the timestamp of this message with upper one The timestamp of message is compared, and checks whether the time delay of this message is more than or equal to default delay threshold.
Preferably, indicating module 03 indicates that the function mould of following at least one predetermined problem in handling process Block carries out self-inspection and refers to:
The functional module that following at least one predetermined problem in instruction handling process proceeds as follows:
In an identical manner the running configuration parameter of user configuring parameter and functional module is configured.
Calculate the message digest algorithm MD5 value of user configuring parameter and the MD5 of running configuration parameter respectively Value.
Calculate two MD5 values are compared, when comparative result is that two MD5 values are inconsistent, Judge that user configuring parameter is asynchronous with running configuration parameter.
Backup user configuring parameter simultaneously removes current user configuring parameter.
Add default one or more test case, the fortune based on running configuration parameter testing functional module Whether row state is normal.
Self-detection result based on testing result systematic function module.
Preferably, determining module 04 determines failure cause according to self-detection result, and determines this failure cause pair The restorative procedure answered refers to:
Obtain the failure cause of functional module according to self-detection result, according to failure cause and default mapping table Obtain the restorative procedure corresponding with failure cause.
Wherein, mapping table includes the various faults of each functional module of network failure node collected in advance Reason and with various failure causes one-to-one restorative procedure;Various failure causes include predefining simultaneously The pre- numbering of various failure causes preserving and word description;Restorative procedure includes predefined and protects in advance The word description of the restorative procedure deposited, step setting and step parameter configuration.
Preferably, this system also includes:Repair module 05.
Repair module 05, for repairing to the fault of functional module according to restorative procedure.
Preferably, repair module carries out reparation according to restorative procedure to the fault of functional module and refers to:
Obtain after described restorative procedure according to failure cause and mapping table, according to the node of network failure node Information provides the step parameter configuration parameter that configuration needs for restorative procedure.
Every reparation step step parameter configure field after, according to restorative procedure step arrange by Step is repaired in bar execution.
Compared with prior art, the present invention includes:Monitoring flows through each functional module in network failure node Message handling process;Wherein, this message is to be constructed in advance according to the nodal information of network failure node , or capture in advance from network traffics.Instruction handling process occurs following at least one predetermined The functional module of problem carries out self-inspection;This predetermined problem includes:Message is dropped, and processes the time delay of message More than or equal to default delay threshold.Failure cause is determined according to self-detection result, and determines failure cause Corresponding restorative procedure.By the solution of the present invention, can be given by simply configuring to investigate fault Go out detailed failure cause, and corresponding recovery scenario is provided, make the investigation of fault with reparation more Simple and reliable.
It should be noted that embodiment described above is for only for ease of those skilled in the art understanding , it is not limited to protection scope of the present invention, in the premise of the inventive concept without departing from the present invention Under, those skilled in the art the present invention is made any obvious replacement and improve etc. all Within the protection domain of invention.

Claims (10)

1. a kind of malfunction elimination method is it is characterised in that methods described includes:
Monitoring flows through the handling process of the message of each functional module in network failure node;Wherein, described Message is to be constructed in advance according to the nodal information of described network failure node, or from network traffics Capture in advance;
Indicate that described handling process the functional module of following at least one predetermined problem and carries out self-inspection;Institute State predetermined problem to include:Described message is dropped, and the time delay processing described message is more than or equal to default Delay threshold;
Failure cause is determined according to self-detection result, and determines the corresponding restorative procedure of described failure cause.
2. the method for claim 1 is it is characterised in that the message information of described message includes: Source IP address, purpose IP address, node incoming interface, node outgoing interface, agreement and service.
3. the method for claim 1 is it is characterised in that described monitoring flows through network failure node In the handling process of message of each functional module include:
Inlet porting monitoring at the Message processing main entrance of each functional module of described network failure node Point;And the order according to each described functional module described message of process, respectively in each described functional module A control point is set and next functional module between, last is set after last functional module Individual control point;
The message information flowing through the described message of described entrance control point is entered with the match information pre-setting Row coupling, if described message information is mismatched with described match information, ignores described message;If Described message information is matched with described match information, then message described in labelling needs to monitor, and record is marked Described message information is simultaneously shown by the message information of described message of note;Wherein, described match information It is the nodal information generation previously according to described network failure node, the one kind or many including following information Kind:Source IP address, purpose IP address, node incoming interface, node outgoing interface, agreement and service;
Whether the described message checking respectively for flowing through each described functional module described control point below has need Labelling to be monitored, if described message does not need monitored labelling, ignores described message; If described message monitored labelling in need, record described in message information and the labelling of described message The timestamp of process time length in this functional module for the message, and to described message information and timestamp Shown;And check that the described functional module whether described message is flowed through by this message is set to abandon, Or the timestamp of the timestamp of described message and a upper message is compared, checks described message Whether time delay is more than or equal to default delay threshold.
4. the method for claim 1 is it is characterised in that the appearance of described instruction handling process is following The functional module of at least one predetermined problem carries out self-inspection and includes:
The functional module that following at least one predetermined problem in instruction handling process proceeds as follows:
In an identical manner the running configuration parameter of user configuring parameter and described functional module is set Put;
Calculate the message digest algorithm MD5 value of described user configuring parameter and described running configuration ginseng respectively The described MD5 value of number;
Calculate two described MD5 values are compared, when comparative result is two described MD5 values When inconsistent, judge that described user configuring parameter is asynchronous with described running configuration parameter;
Back up described user configuring parameter and remove current described user configuring parameter;
Add default one or more test case, based on function described in described running configuration parameter testing Whether the running status of module is normal;
Generate the self-detection result of described functional module based on described testing result.
5. the method for claim 1 is it is characterised in that described determine fault according to self-detection result Reason, and determine that the corresponding restorative procedure of described failure cause includes:
Obtain the failure cause of described functional module according to described self-detection result, according to described failure cause and Default mapping table obtains the described restorative procedure corresponding with described failure cause;
Wherein, each functional module of described network failure node that described mapping table includes collecting in advance Various failure causes and with described various failure cause one-to-one restorative procedure;Described various fault is former Because including the numbering of various failure causes that is predefined and preserving in advance and word description;Described reparation side Method includes the word description of described restorative procedure that is predefined and preserving in advance, step setting and step ginseng Number configuration.
6. a kind of malfunction elimination system is it is characterised in that described system includes:Monitoring module, instruction mould Block and determining module;
Described monitoring module, flows through the place of the message of each functional module in network failure node for monitoring Reason flow process;Wherein, described message is to be constructed in advance according to the nodal information of described network failure node, Or capture in advance from network traffics;
Described indicating module, for indicating that the work(of following at least one predetermined problem in described handling process Module can carry out self-inspection;Described predetermined problem includes:Described message is dropped, and processes prolonging of described message When be more than or equal to default delay threshold;
Described determining module, for determining failure cause according to self-detection result, and determines described failure cause Restorative procedure.
7. system as claimed in claim 6 it is characterised in that
The message information of described message includes:Source IP address, purpose IP address, node incoming interface, section Point outgoing interface, agreement and service.
8. system as claimed in claim 6 is it is characterised in that the monitoring of described monitoring module flows through network In malfunctioning node, the handling process of the message of each functional module refers to:
Inlet porting monitoring at the Message processing main entrance of each functional module of described network failure node Point;And the order according to each described functional module described message of process, respectively in each described functional module A control point is set and next functional module between, last is set after last functional module Individual control point;
The message information flowing through the described message of described entrance control point is entered with the match information pre-setting Row coupling, if described message information is mismatched with described match information, ignores described message;If Described message information is matched with described configuration information, then message described in labelling needs to monitor, and record is marked Described message information is simultaneously shown by the message information of described message of note;Wherein, described match information It is the nodal information generation previously according to described network failure node, the one kind or many including following information Kind:Source IP address, purpose IP address, node incoming interface, node outgoing interface, agreement and service;
Whether the described message checking respectively for flowing through each described functional module described control point below has need Labelling to be monitored, if described message does not need monitored labelling, ignores described message; If described message monitored labelling in need, record described in message information and the labelling of described message The timestamp of process time length in this functional module for the message, and to described message information and timestamp Shown;And check that the described functional module whether described message is flowed through by this message is set to abandon, Or the timestamp of the timestamp of described message and a upper message is compared, checks described message Whether time delay is more than or equal to default delay threshold.
9. system as claimed in claim 6 is it is characterised in that described indicating module indicates handling process The functional module of at least one predetermined problem below occurring carries out self-inspection and refers to:
Indicate handling process occur following at least one predetermined problem functional module proceed as follows:
In an identical manner the running configuration parameter of user configuring parameter and described functional module is set Put;
Calculate the message digest algorithm MD5 value of described user configuring parameter and described running configuration ginseng respectively The described MD5 value of number;
Calculate two described MD5 values are compared, when comparative result is two described MD5 values When inconsistent, judge that described user configuring parameter is asynchronous with described running configuration parameter;
Back up described user configuring parameter and remove current described user configuring parameter;
Add default one or more test case, based on function described in described running configuration parameter testing Whether the running status of module is normal;
Generate the self-detection result of described functional module based on described testing result.
10. system as claimed in claim 6 is it is characterised in that described determining module is tied according to self-inspection Fruit determines failure cause, and determines that the corresponding restorative procedure of described failure cause refers to:
Obtain the failure cause of described functional module according to described self-detection result, according to described failure cause and Default mapping table obtains the described restorative procedure corresponding with described failure cause;
Wherein, each functional module of described network failure node that described mapping table includes collecting in advance Various failure causes and with described various failure cause one-to-one restorative procedure;Described various fault is former Because including the numbering of various failure causes that is predefined and preserving in advance and word description;Described reparation side Method includes the word description of described restorative procedure that is predefined and preserving in advance, step setting and step ginseng Number configuration.
CN201510484578.3A 2015-08-07 2015-08-07 A kind of malfunction elimination method and system Active CN106452811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510484578.3A CN106452811B (en) 2015-08-07 2015-08-07 A kind of malfunction elimination method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510484578.3A CN106452811B (en) 2015-08-07 2015-08-07 A kind of malfunction elimination method and system

Publications (2)

Publication Number Publication Date
CN106452811A true CN106452811A (en) 2017-02-22
CN106452811B CN106452811B (en) 2019-09-13

Family

ID=58092530

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510484578.3A Active CN106452811B (en) 2015-08-07 2015-08-07 A kind of malfunction elimination method and system

Country Status (1)

Country Link
CN (1) CN106452811B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107067328A (en) * 2017-04-11 2017-08-18 武汉华创欣网科技有限公司 A kind of mobile phone shoots and uploads evidence-obtaining photograph or the vehicle insurance of video Claims Resolution integrated system
CN107589732A (en) * 2016-07-06 2018-01-16 深圳市祈飞科技有限公司 The fault detection method and system of a kind of terminal machine
CN110536243A (en) * 2019-08-27 2019-12-03 全图通位置网络有限公司 A kind of ultra wide band positioning and communicating integral terminal
CN111010299A (en) * 2019-12-17 2020-04-14 杭州迪普科技股份有限公司 Method and device for recording message forwarding process
CN113890819A (en) * 2021-09-29 2022-01-04 杭州迪普科技股份有限公司 Fault processing method, device and system
CN115484142A (en) * 2021-06-15 2022-12-16 浙江宇视科技有限公司 Network fault diagnosis method, device, medium and network equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611568A (en) * 2011-12-21 2012-07-25 华为技术有限公司 Failure service path diagnosis method and device
CN102917389A (en) * 2012-10-22 2013-02-06 大唐移动通信设备有限公司 Method and device for transmission self-detection of base station in LTE (Long Term Evolution) system
CN103634832A (en) * 2012-08-27 2014-03-12 沈阳师范大学 Low-energy consumption and high efficiency self-detection system for wireless sensor network node fault
WO2014180801A1 (en) * 2013-05-06 2014-11-13 Nokia Solutions And Networks Oy Processing customer experience events from a plurality of source systems
CN104301169A (en) * 2013-08-07 2015-01-21 长春轨道客车股份有限公司 In-depot examination device for center node equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611568A (en) * 2011-12-21 2012-07-25 华为技术有限公司 Failure service path diagnosis method and device
CN103634832A (en) * 2012-08-27 2014-03-12 沈阳师范大学 Low-energy consumption and high efficiency self-detection system for wireless sensor network node fault
CN102917389A (en) * 2012-10-22 2013-02-06 大唐移动通信设备有限公司 Method and device for transmission self-detection of base station in LTE (Long Term Evolution) system
WO2014180801A1 (en) * 2013-05-06 2014-11-13 Nokia Solutions And Networks Oy Processing customer experience events from a plurality of source systems
CN104301169A (en) * 2013-08-07 2015-01-21 长春轨道客车股份有限公司 In-depot examination device for center node equipment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107589732A (en) * 2016-07-06 2018-01-16 深圳市祈飞科技有限公司 The fault detection method and system of a kind of terminal machine
CN107067328A (en) * 2017-04-11 2017-08-18 武汉华创欣网科技有限公司 A kind of mobile phone shoots and uploads evidence-obtaining photograph or the vehicle insurance of video Claims Resolution integrated system
CN110536243A (en) * 2019-08-27 2019-12-03 全图通位置网络有限公司 A kind of ultra wide band positioning and communicating integral terminal
CN111010299A (en) * 2019-12-17 2020-04-14 杭州迪普科技股份有限公司 Method and device for recording message forwarding process
CN115484142A (en) * 2021-06-15 2022-12-16 浙江宇视科技有限公司 Network fault diagnosis method, device, medium and network equipment
CN113890819A (en) * 2021-09-29 2022-01-04 杭州迪普科技股份有限公司 Fault processing method, device and system

Also Published As

Publication number Publication date
CN106452811B (en) 2019-09-13

Similar Documents

Publication Publication Date Title
CN106452811A (en) Fault inspection method and system
WO2017185945A1 (en) Method and device for locating fault
CN107807877B (en) Code performance testing method and device
CN106789323A (en) A kind of communication network management method and its device
CN105337765A (en) Distributed hadoop cluster fault automatic diagnosis and restoration system
US20080183406A1 (en) Online IED Fault Diagnosis Device and Method for Substation Automation System Based on IEC61850
CN106407030A (en) Failure processing method and system for storage cluster system
CN113055375B (en) Power station industrial control system physical network oriented attack process visualization method
CN104753173B (en) A kind of method of automatic diagnosis power grid EMS system telemetry data transmission failure
CN103378982A (en) Internet business operation monitoring method and Internet business operation monitoring system
CN103581951B (en) Base station detection method and device
CN108776625A (en) A kind of restorative procedure of service fault, device and storage medium
CN108337108A (en) A kind of cloud platform failure automation localization method based on association analysis
CN103701655A (en) Fault self-diagnosis and self-recovery method and system for interchanger
CN102281103B (en) Optical network multi-fault recovering method based on fuzzy set calculation
CN105207797A (en) Fault locating method and fault locating device
CN104217291A (en) Event management method based on remote diagnosis environment
CN111082979A (en) Intelligent substation process layer secondary circuit fault diagnosis method based on switch and fault diagnosis host
CN106789158A (en) Damage identification method and system are insured in a kind of cloud service
Rafique et al. TSDN-enabled network assurance: A cognitive fault detection architecture
CN108156019B (en) SDN-based network derived alarm filtering system and method
CN107957928B (en) A kind of operation of software synchronization tests and analyzes and troubleshooting methodology
CN107682173B (en) Automatic fault positioning method and system based on transaction model
CN105929816B (en) The method of industrial control system fault diagnosis based on Boolean algorithm
CN105098984A (en) Scheduling fault recording management system communication abnormity troubleshooting method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant