CN106533722B - Network monitoring method and device - Google Patents

Network monitoring method and device Download PDF

Info

Publication number
CN106533722B
CN106533722B CN201510580034.7A CN201510580034A CN106533722B CN 106533722 B CN106533722 B CN 106533722B CN 201510580034 A CN201510580034 A CN 201510580034A CN 106533722 B CN106533722 B CN 106533722B
Authority
CN
China
Prior art keywords
address
network node
packet loss
api
abnormal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510580034.7A
Other languages
Chinese (zh)
Other versions
CN106533722A (en
Inventor
高阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201510580034.7A priority Critical patent/CN106533722B/en
Publication of CN106533722A publication Critical patent/CN106533722A/en
Application granted granted Critical
Publication of CN106533722B publication Critical patent/CN106533722B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters

Abstract

This application discloses a kind of network monitoring method and devices.Wherein, this method comprises: obtaining the address API for inquiring the IP address of network node;Multiple IP address are obtained using the address API, obtain IP address collection;Whether detection IP address concentrates the service performance of the corresponding network node of each IP address abnormal;And when the service performance for detecting the corresponding network node of IP address occurs abnormal, abnormal IP address will occur and its corresponding exception information is sent to monitor terminal, so that abnormal IP address and its corresponding exception information occurs in monitor terminal display.The technical issues of present application addresses the abnormal conditions for being unable to learn in time network node in the prior art.

Description

Network monitoring method and device
Technical field
This application involves internet areas, in particular to a kind of network monitoring method and device.
Background technique
Content distributing network (Content Delivery Network, referred to as CDN) node is usually one dynamic Node group, after the flow of website is switched to CDN, the monitoring of network flow and maintenance work are all that CDN manufacturer completes.However, net The service monitoring of network node is not open to website operator, and it is different that this makes website operator that can not understand in time CDN node Reason condition, this, which will lead to website operator, to carry out trouble shooting to website in time, and website traffic is caused to lose.
For above-mentioned problem, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the present application provides a kind of network monitoring method and device, at least solve in the prior art can not be timely The technical issues of knowing the abnormal conditions of network node.
According to the one aspect of the embodiment of the present application, a kind of network monitoring method is provided, comprising: obtain for inquiring net The address API of the IP address of network node;Multiple IP address are obtained using the address API, obtain IP address collection;Detect the IP Whether the service performance of the corresponding network node of each IP address is abnormal in address set;And detecting that IP address is corresponding When the service performance of network node occurs abnormal, abnormal IP address will occurs and its corresponding exception information is sent to monitoring eventually End, so that the monitor terminal shows the IP address and its corresponding exception information for exception occur.
According to the another aspect of the embodiment of the present application, a kind of network monitor device is additionally provided, comprising: first obtains list Member, for obtaining the address API of the IP address for inquiring network node;Second acquisition unit, for utilizing the address API Multiple IP address are obtained, IP address collection is obtained;Detection unit concentrates each IP address corresponding for detecting the IP address Whether the service performance of network node is abnormal;And first transmission unit, for detecting the corresponding network node of IP address Service performance when occurring abnormal, abnormal IP address will occur and its corresponding exception information is sent to monitor terminal so that The monitor terminal shows the IP address and its corresponding exception information for exception occur.
According to the embodiment of the present application, by obtaining the address API for inquiring the IP address of network node, using API Location obtains multiple IP address, obtains IP address collection, and detection IP address concentrates the service of the corresponding network node of each IP address Whether performance is abnormal, when the service performance for detecting the corresponding network node of IP address occurs abnormal, abnormal IP will occurs Address and its corresponding exception information are sent to monitor terminal, so that abnormal IP address and its correspondence occurs in monitor terminal display Exception information, website staff can check fault point in time, and checked and handled, compared with the existing technology and Speech, without carrying out secondary data inquiry, the technology for solving the abnormal conditions for being unable to learn in time network node in the prior art is asked Topic has achieved the effect that the fault point of timely prompt staff's network node.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the flow chart according to the network monitoring method of the embodiment of the present application;
Fig. 2 is the schematic diagram according to the network monitor device of the embodiment of the present application.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection It encloses.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
According to the embodiment of the present application, a kind of embodiment of the method for network monitoring method is provided, it should be noted that attached The step of process of figure illustrates can execute in a computer system such as a set of computer executable instructions, though also, So logical order is shown in flow charts, but in some cases, it can be to be different from shown by sequence execution herein Or the step of description.
Fig. 1 is according to the flow chart of the network monitoring method of the embodiment of the present application, as shown in Figure 1, this method includes as follows Step:
Step S102 obtains the address API for inquiring the IP address of network node.
In CDN, an each network node corresponding server, the IP address of network node is the IP of the server Location.The address application programming interface (Application Programming Interface, referred to as API) can be by What CDN service quotient provided, it that is to say IP address collection for inquiring the dynamic CDN parsing pond IP.
Step S104 obtains multiple IP address using the address API, obtains IP address collection.
After getting the address API, multiple IP address are obtained using the address API, to obtain parsing in pond at present Server IP address, formed IP address collection.Specifically, obtaining IP address using the address API can be to send request, connect It receives and returns to message, then extract the form of IP address from return message to obtain.
Whether step S106, detection IP address concentrate the service performance of the corresponding network node of each IP address abnormal.
Step S108 will occur abnormal when the service performance for detecting the corresponding network node of IP address occurs abnormal IP address and its corresponding exception information be sent to monitor terminal so that monitor terminal display occur abnormal IP address and its Corresponding exception information.
After getting IP address collection, to IP address concentrate the service performance of the corresponding network node of each IP address into Row detection judges whether the corresponding network node of each IP address exception, and recording exceptional information occurs in parsing pond at present. When detecting abnormal network node, the IP address of the network node and its corresponding exception information are sent to monitoring eventually End, can be and sent in a manner of short message or mail.Monitor terminal by the information received show over the display, in order to Website staff carries out checking fault point in time, is checked and is handled in time.
According to the embodiment of the present application, by obtaining the address API for inquiring the IP address of network node, using API Location obtains multiple IP address, obtains IP address collection, and detection IP address concentrates the service of the corresponding network node of each IP address Whether performance is abnormal, when the service performance for detecting the corresponding network node of IP address occurs abnormal, abnormal IP will occurs Address and its corresponding exception information are sent to monitor terminal, so that abnormal IP address and its correspondence occurs in monitor terminal display Exception information, website staff can check fault point in time, and checked and handled, compared with the existing technology and Speech, without carrying out secondary data inquiry, solves the technology for the abnormal conditions for being unable to learn in time network node in the prior art Problem has achieved the effect that the fault point of timely prompt staff's network node.
Preferably, detection IP address concentrates whether the service performance of the corresponding network node of each IP address wraps extremely It includes: sending probe requests thereby to the corresponding network node of each IP address, record the total duration of probe requests thereby, judge that total duration is No is more than preset time;And/or the network test of preset times is sent to the corresponding network node of each IP address, record The packet loss number of network test calculates the network of the corresponding network node of each IP address using preset times and packet loss number The packet loss of test judges whether packet loss is more than preset threshold;Judging that total duration is more than preset time or packet loss When more than preset threshold, determine that total duration is more than preset time or packet loss is more than the corresponding network of IP address of preset threshold The service performance of node occurs abnormal.
Network test among the above can be such as ping test, below the application in order to facilitate understanding, use ping test Citing.
To the detection of the service performance of network node can there are many mode, the preferred probe requests thereby of the embodiment of the present application and/ Or the mode of ping test is detected, and in the present embodiment, can be detected, can also be tied in two ways using one of which The form of conjunction is detected.Now both modes are described respectively:
For the mode of probe requests thereby, when being detected to each IP address, first to the corresponding network section of IP address Point sends probe requests thereby, records the total duration of probe requests thereby, which is since sending probe requests thereby until the detection is asked The time for asking response to terminate may include domain name system (Domain Name System, referred to as DNS) parsing time, build connection Time, download time etc..In the total duration for obtaining probe requests thereby, judge whether the total duration is more than preset duration, if It is, it is determined that the corresponding network node of IP address occurs abnormal accordingly.Wherein, the exception information of record can be probe requests thereby The duration and total duration of links.
Further, this sub thread: python is called by one sub thread of the multithreading module creation of python first Pycurl module (pycurl is that a python language is write, and detects the python module of web services quality, advantage is HTTP request can be finely customized, and detects detailed http response performance information, the method for operation is the order line in python Middle calling module, or module is quoted in writing python program.In the present embodiment, which visits for HTTP request Survey, can collect the links response time in detection process, such as DNS time, TCP build the connection time, download time), Main thread is recycled first with for, and concentrating in IP address is that one detection IP, pycurl sending detection of each sub thread taking-up is asked It asks, the corresponding temporal information of each link that detection process obtains is stored in predefined variable.It is taken from predefined variable again The total duration of probe requests thereby out, is judged, determines whether the corresponding network node of each IP address is abnormal.
For ping test, probe command can be write in advance, to send the ping test of preset times, note to IP address The packet loss number for recording ping test calculates packet loss further according to packet loss number and preset times, and specifically, packet loss number is divided by pre- If number obtains packet loss.Judge packet loss whether be more than and preset threshold, if it is, determining that corresponding IP address is corresponding Network node occurs abnormal.
Further, ping test is carried out to the IP address of network node, probe command ping-f-c1000 can be preset, 1000 ping tests are quickly issued, obtain packet loss with packet loss number/1000.Packet loss is judged again, determination is No appearance is abnormal.
According in the embodiment of the present application, network node is carried out by using probe requests thereby and/or the mode of ping test Detection, detection process is quickly succinct, improves the efficiency of detection.
Optionally, detection IP address concentrates whether the service performance of the corresponding network node of each IP address wraps extremely It includes: step A: obtaining the IP address that IP address is concentrated;Step B: detection is sent to the corresponding network node of IP address of acquisition and is asked It asks, records the total duration of probe requests thereby, judge whether total duration is more than preset time;And/or it is corresponding to the IP address of acquisition Network node sends the ping test of preset times, records the packet loss number of ping test, utilizes preset times and packet loss number The packet loss for calculating the ping test of the corresponding network node of each IP address judges whether packet loss is more than preset threshold; Step C: when judging that total duration is more than preset threshold more than preset time or packet loss, frequency of abnormity adds 1;Step D: sentence Whether disconnected frequency of abnormity reaches preset times;When frequency of abnormity is not up to preset times, B is returned to step;Abnormal secondary When number reaches preset times, it is abnormal to determine that the service performance of the corresponding network node of IP address obtained occurs.
In order to reduce rate of false alarm, in the embodiment of the present application, increase frequency of abnormity carry out uncertain network node whether be It is abnormal.Wherein, the mode mode as the aforementioned of network node abnormality detection corresponding for each IP address is identical, that is, each Secondary detection is all made of probe requests thereby, ping test or its mode combined, and which is not described herein again.
During being detected, if it is abnormal to detect that network node occurs, but frequency of abnormity not up to default time Number, then can be with suspend mode preset time after, the network node is detected again, is judged further according to testing result.Such as There is exception in fruit testing number network node, and frequency of abnormity reaches preset times, then it is abnormal to show that the network node occurs.The reality It applies in example, if it is determined that exception occurs in network node, then the exception information by last time detection is sent to monitor terminal.
According to the embodiment of the present application, by increasing the judgement of frequency of abnormity, to avoid the network section of accidental sexual abnormality Point is reported as abnormal nodes, reduces rate of false alarm.
Preferably, before the address API for obtaining the IP address for inquiring network node, method further include: to domain name System sends the inquiry request to target domain name;The query result that domain name system returns is received, target is extracted from query result The corresponding canonical name of domain name;Using canonical name preset referring to the corresponding CDN service quotient of inquiry canonical name in table The address API of information and the IP address for inquiring network node, wherein abnormal IP address and its corresponding different will occurring While normal information is sent to monitor terminal, the information of CDN service quotient is sent to monitor terminal.
During the application is implemented, the information of CDN service quotient, website canonical name (CNAME) and CDN service quotient are provided in advance The address API corresponding be stored in referring in table, wherein the information of CDN service quotient may include CDN referred to as, CDN service quotient Service calls etc..When needing to detect the corresponding network node of target domain name, target domain name will can be first carried Inquiry request be sent to domain name system, domain name system parses target domain name, and using parsing result as query result It returns, in this way, the canonical name of target domain name can be extracted from the query result of return, then using canonical name as inquiry Keyword inquires the information of the corresponding CDN service quotient of canonical name and the IP address for inquiring network node from referring to table The address API, in order to which when detecting network node abnormality, the information of CDN service quotient is sent to monitor terminal together.
For using www.gridsum.com as aiming field name, inquiry request is issued to DNS first, the return of DNS is believed The CNAME field of breath is taken out, such as DNS query result:
www.gridsum.com CNAME gridsum.com.ccgslb.com.cn
Obtain CNAME:gridsum.com.ccgslb.com.cn;With the CNAME, in reference table, (program is customized good in advance CDN abbreviation, CNAME, parsing inquiry API, service calls the table of comparisons) in take out CDN referred to as, as CDN service quotient Title;Continued to take out the parsing inquiry address API in referring to table with the CNAME, which is that CDN service quotient provides, and is used to The dynamic CDN parsing pond IP is inquired, which is stored away;Continued to take out " service calls " in referring to table with the CNAME Deng.
Preferably, multiple IP address are obtained using the address API, obtaining IP address collection includes: service corresponding to the address API Device sends HTTP connection request, so that the corresponding server return in the address API includes the HTML text of the IP address of network node Part;The html file that the corresponding server in the address API returns is received, the net for including in html file is obtained using regular expression The IP address of network node obtains IP address collection.
Acquisition for IP address collection, in the present embodiment, by sending HTTP connection request, the address API to the address API After corresponding server receives the request, a html file is returned, includes the net in current parsing pond in this document The IP address of network node.Since html file has its own a text formatting, in the present embodiment, using regular expression to this Data are matched in html file, to extract IP address wherein included, form IP address collection.
Specifically, the text style for returning to a html file may is that
<td>10.1.1.1</td>
<td>10.1.1.2</td>
<td>10.1.1.3</td>
Matching treatment is carried out with regular expression, each IP is taken out and is appended in list, list is finally obtained [‘10.1.1.1’,’10.1.1.2’,’10.1.1.3’…..]
IP in list is the IP address of the network node in current parsing pond.
According to the embodiment of the present application, IP address is rapidly extracted from html file by using regular expression, is improved The extraction efficiency of IP address.
The embodiment of the present application additionally provides a kind of network monitor device, which can be used for executing the embodiment of the present application Network monitoring method, as shown in Fig. 2, the device includes: first acquisition unit 10, second acquisition unit 20, detection unit 30 With the first transmission unit 40.
First acquisition unit 10 is used to obtain the address API of the IP address for inquiring network node.
In CDN, an each network node corresponding server, the IP address of network node is the IP of the server Location.The address application programming interface (Application Programming Interface, referred to as API) can be What CDN service quotient provided, it that is to say IP address collection for inquiring the dynamic CDN parsing pond IP.
Second acquisition unit 20 is used to obtain multiple IP address using the address API, obtains IP address collection.
After getting the address API, multiple IP address are obtained using the address API, to obtain parsing in pond at present Server IP address, formed IP address collection.Specifically, obtaining IP address using the address API can be to send request, connect It receives and returns to message, then extract the form of IP address from return message to obtain.
Detection unit 30 be used for detect IP address concentrate the corresponding network node of each IP address service performance whether It is abnormal.
First transmission unit 40 is used for when the service performance for detecting the corresponding network node of IP address occurs abnormal, will There is abnormal IP address and its corresponding exception information is sent to monitor terminal, so that abnormal IP occurs in monitor terminal display Address and its corresponding exception information.
After getting IP address collection, to IP address concentrate the service performance of the corresponding network node of each IP address into Row detection judges whether the corresponding network node of each IP address exception, and recording exceptional information occurs in parsing pond at present. When detecting abnormal network node, the IP address of the network node and its corresponding exception information are sent to monitoring eventually End, can be and sent in a manner of short message or mail.Monitor terminal by the information received show over the display, in order to Website staff carries out checking fault point in time, is checked and is handled in time.
According to the embodiment of the present application, by obtaining the address API for inquiring the IP address of network node, using API Location obtains multiple IP address, obtains IP address collection, and detection IP address concentrates the service of the corresponding network node of each IP address Whether performance is abnormal, when the service performance for detecting the corresponding network node of IP address occurs abnormal, abnormal IP will occurs Address and its corresponding exception information are sent to monitor terminal, so that abnormal IP address and its correspondence occurs in monitor terminal display Exception information, website staff can check fault point in time, and checked and handled, compared with the existing technology and Speech, without carrying out secondary data inquiry, the technology for solving the abnormal conditions for being unable to learn in time network node in the prior art is asked Topic has achieved the effect that the fault point of timely prompt staff's network node.
Preferably, detection unit includes: first judgment module, for sending to the corresponding network node of each IP address Probe requests thereby records the total duration of probe requests thereby, judges whether total duration is more than preset time;And/or to each IP address Corresponding network node sends the ping test of preset times, records the packet loss number of ping test, using preset times and loses Packet number calculates the packet loss of the ping test of the corresponding network node of each IP address, judges whether packet loss is more than default Threshold value;First determining module, for determining when judging that total duration is more than preset threshold more than preset time or packet loss Total duration is more than that preset time or packet loss occur more than the service performance of the corresponding network node of IP address of preset threshold It is abnormal.
To the detection of the service performance of network node can there are many mode, the preferred probe requests thereby of the embodiment of the present application and/ Or the mode of ping test is detected, and in the present embodiment, can be detected, can also be tied in two ways using one of which The form of conjunction is detected.Now both modes are described respectively:
For the mode of probe requests thereby, when being detected to each IP address, first to the corresponding network section of IP address Point sends probe requests thereby, records the total duration of probe requests thereby, which is since sending probe requests thereby until the detection is asked The time for asking response to terminate may include domain name system (Domain Name System, referred to as DNS) parsing time, build connection Time, download time etc..In the total duration for obtaining probe requests thereby, judge whether the total duration is more than preset duration, if It is, it is determined that the corresponding network node of IP address occurs abnormal accordingly.Wherein, the exception information of record can be probe requests thereby The duration and total duration of links.
Further, this sub thread: python is called by one sub thread of the multithreading module creation of python first Pycurl module (Pycurl is that a python language is write, and detects the python module of web services quality, advantage is HTTP request can be finely customized, and detects detailed http response performance information, the method for operation is the order line in python Middle calling module, or module is quoted in writing python program.In the present embodiment, which visits for HTTP request Survey, can collect the links response time in detection process, such as DNS time, TCP build the connection time, download time), Main thread is recycled first with for, and concentrating in IP address is that one detection IP, pycurl sending detection of each sub thread taking-up is asked It asks, the corresponding temporal information of each link that detection process obtains is stored in predefined variable.It is taken from predefined variable again The total duration of probe requests thereby out, is judged, determines whether the corresponding network node of each IP address is abnormal.
For ping test, probe command can be write in advance, to send the ping test of preset times, note to IP address The packet loss number for recording ping test calculates packet loss further according to packet loss number and preset times, and specifically, packet loss number is divided by pre- If number obtains packet loss.Judge packet loss whether be more than and preset threshold, if it is, determining that corresponding IP address is corresponding Network node occurs abnormal.
Further, ping test is carried out to the IP address of network node, probe command ping-f-c1000 can be preset, 1000 ping tests are quickly issued, obtain packet loss with packet loss number/1000.Packet loss is judged again, determination is No appearance is abnormal.
According in the embodiment of the present application, network node is carried out by using probe requests thereby and/or the mode of ping test Detection, detection process is quickly succinct, improves the efficiency of detection.
Optionally, detection unit includes: acquisition module, for obtaining the IP address of IP address concentration;Second judgment module, Probe requests thereby is sent for the corresponding network node of IP address to acquisition, the total duration of probe requests thereby is recorded, judges total duration It whether is more than preset time;And/or the network test of preset times is sent to the corresponding network node of the IP address of acquisition, note The packet loss number for recording network test, the net of the corresponding network node of each IP address is calculated using preset times and packet loss number The packet loss of network test, judges whether packet loss is more than preset threshold;Accumulator module, for judging that total duration is more than default When time or packet loss are more than preset threshold, frequency of abnormity adds 1;Third judgment module, for judging whether frequency of abnormity reaches To preset times;Second determining module, for determining the corresponding net of IP address obtained when frequency of abnormity reaches preset times The service performance of network node occurs abnormal, wherein the second judgment module is when frequency of abnormity is not up to preset times, again to obtaining The IP address taken is detected.
Network test among the above can be such as ping test, below the application in order to facilitate understanding, use ping test It enumerates.
In order to reduce rate of false alarm, in the embodiment of the present application, increase frequency of abnormity carry out uncertain network node whether be It is abnormal.Wherein, the mode mode as the aforementioned of network node abnormality detection corresponding for each IP address is identical, that is, each Secondary detection is all made of probe requests thereby, ping test or its mode combined, and which is not described herein again.
During being detected, if it is abnormal to detect that network node occurs, but frequency of abnormity not up to default time Number, then can be with suspend mode preset time after, the network node is detected again, is judged further according to testing result.Such as There is exception in fruit testing number network node, and frequency of abnormity reaches preset times, then it is abnormal to show that the network node occurs.The reality It applies in example, if it is determined that exception occurs in network node, then the exception information by last time detection is sent to monitor terminal.
According to the embodiment of the present application, by increasing the judgement of frequency of abnormity, to avoid the network section of accidental sexual abnormality Point is reported as abnormal nodes, reduces rate of false alarm.
Preferably, device further include: the second transmission unit, for obtaining the IP address for inquiring network node Before the address API, the inquiry request to target domain name is sent to domain name system;Extraction unit is returned for receiving domain name system Query result, the corresponding canonical name of target domain name is extracted from query result;Query unit, for being existed using canonical name The preset IP address referring to the information for inquiring the corresponding CDN service quotient of canonical name in table and for inquiring network node The address API, wherein the first transmission unit is also used to abnormal IP address occurring and its corresponding exception information is sent to prison While control terminal, the information of CDN service quotient is sent to monitor terminal.
During the application is implemented, the information of CDN service quotient, website canonical name (CNAME) and CDN service quotient are provided in advance The address API corresponding be stored in referring in table, wherein the information of CDN service quotient may include CDN referred to as, CDN service quotient Service calls etc..When needing to detect the corresponding network node of target domain name, target domain name will can be first carried Inquiry request be sent to domain name system, domain name system parses target domain name, and using parsing result as query result It returns, in this way, the canonical name of target domain name can be extracted from the query result of return, then using canonical name as inquiry Keyword inquires the information of the corresponding CDN service quotient of canonical name and the IP address for inquiring network node from referring to table The address API, in order to which when detecting network node abnormality, the information of CDN service quotient is sent to monitor terminal together.
For using www.gridsum.com as aiming field name, inquiry request is issued to DNS first, the return of DNS is believed The CNAME field of breath is taken out, such as DNS query result:
www.gridsum.com CNAME gridsum.com.ccgslb.com.cn
Obtain CNAME:gridsum.com.ccgslb.com.cn;With the CNAME, in reference table, (program is customized good in advance CDN abbreviation, CNAME, parsing inquiry API, service calls the table of comparisons) in take out CDN referred to as, as CDN service quotient Title;Continued to take out the parsing inquiry address API in referring to table with the CNAME, which is that CDN service quotient provides, and is used to The dynamic CDN parsing pond IP is inquired, which is stored away;Continued to take out " service calls " in referring to table with the CNAME Deng.
Preferably, second acquisition unit includes: sending module, is connected for sending HTTP to the corresponding server in the address API Request is connect, so that the corresponding server return in the address API includes the html file of the IP address of network node;Receiving module, The html file returned for receiving the corresponding server in the address API, is obtained in html file using regular expression and includes The IP address of network node obtains IP address collection.
Acquisition for IP address collection, in the present embodiment, by sending HTTP connection request, the address API to the address API After corresponding server receives the request, a html file is returned, includes the net in current parsing pond in this document The IP address of network node.Since html file has its own a text formatting, in the present embodiment, using regular expression to this Data are matched in html file, to extract IP address wherein included, form IP address collection.
Specifically, the text style for returning to a html file may is that
<td>10.1.1.1</td>
<td>10.1.1.2</td>
<td>10.1.1.3</td>
Matching treatment is carried out with regular expression, each IP is taken out and is appended in list, list is finally obtained [‘10.1.1.1’,’10.1.1.2’,’10.1.1.3’…..]
IP in list is the IP address of the network node in current parsing pond.
According to the embodiment of the present application, IP address is rapidly extracted from html file by using regular expression, is improved The extraction efficiency of IP address.
The application is described below by a preferred embodiment.In this embodiment, main includes identification Module, IP address generation module, detecting module and alarm module.Wherein, identification module is equivalent to second in the embodiment of the present application Transmission unit, extraction unit and query unit, IP address generation module are equivalent to second acquisition unit, and detecting module is equivalent to inspection Unit is surveyed, alarm module is equivalent to the first transmission unit.Specifically:
Identification module is used for before starting detection, is issued monitoring inquiry of the domain name to DNS first and is requested, and by DNS Return information CNAME field take out, obtain CNAME carry out CDN service quotient discrimination.
For example, DNS query result are as follows: www.gridsum.com CNAME gridsum.com.ccgslb.com.cn
Obtain CNAME:gridsum.com.ccgslb.com.cn;
With the CNAME referring to table (the preparatory customized good CDN abbreviation of program, CNAME, parsing inquiry API, service calls The table of comparisons) in take out CDN referred to as, in case alarm module generate alarm when by this referred to as be added warning message " CDN service quotient In name " item;Continued to take out the parsing inquiry address API in referring to table with the CNAME, which is that CDN service quotient provides, and is used to The dynamic CDN parsing pond IP is inquired, which is stored away, is used for following IP address list generation module;With this CNAME continues to take out " service calls " in referring to table.
IP address generation module is used to issue HTTP connection request to the API, which returns to a html file, file In have several IP address, text style is similar:
<td>10.1.1.1</td>
<td>10.1.1.2</td>
<td>10.1.1.3</td>
Matching treatment is carried out with regular expression, each take out is appended in list, list is finally obtained [‘10.1.1.1’,’10.1.1.2’,’10.1.1.3’…..]
IP in list is the IP address of the server in current parsing pond.This list is saved, for detecting module Fixed IP is detected.
Detecting module is used for after receiving the IP address list that IP address generation module is sent, first by the more of python Threading models create a sub thread, this sub thread is detected using two ways:
The first: call python pycurl module (this module dedicated for HTTP request detection, detection can be collected The links response time in the process, such as DNS time, TCP build connection time, download time), main thread first with For circulation is that each sub thread takes out detection IP, pycurl a sending probe requests thereby in IP list, detection process is obtained To the corresponding temporal information of each link be stored in predefined variable;
Second: ping test being carried out to the IP address of network node, probe command ping-f-c 1000 is quickly sent out 1000 ping tests out obtain packet loss with packet loss number/1000.
Detecting module is also used to the alarm decision to network node, specifically, if the total duration of this probe requests thereby is not More than 10 seconds and the packet loss of ping was less than 10%, then terminated the detection process of the sub thread;In case of probe requests thereby 10 Whether second time-out or packet loss are more than any situation in 10%, then " frequency of failure "+1, judge " frequency of failure " more than 3 Secondary, if being also less than 3 times, this exception is " doubtful alarm ", the suspend mode of this thread 10 seconds, is detected again;If " failure time Number " is more than 3 times, then this exception is " true alarm ", and detecting module is surveyed with the last time that pycurl test process retains Information variable, the ping packet loss of examination, generate a dictionary, and the format of dictionary is exemplified below:
{ ' IP ': ' 10.1.1.1 ', ' CDN ': ' chinacache ', ' ping_lost ': ' 0% ', ' time_totle ': ' 11s’,’time_dns’:’1s’,’time_connect’:’10s’…}
Most contents can be used to generate the detection details content in warning message in next step in the dictionary.
Alarm module is then IP service performance the case where having IP address detection continuous 3 times more than 10 seconds when being triggered There may be exception, need to report first to be read out the dictionary that previous step generates to website operator, obtain alarm IP, CDN Then title, detection time details call " nali " tool to detect this IP ownership place in shell, next start to arrange lattice The exquisiteness that identification module and detecting module obtain is organized into one section of bell character(BEL) string, character string citing by formula:
[IP:10.1.1.1 state: alarm]
Ownership place: China-Beijing
CDN service quotient: chinacache
Detect details:
time_totle:11s
time_dns:1s
time_connect:10s
time_download:0s
Ping_lost:0%
Service calls: 010-******
Alarm module calls monitored module in shell, this character string is sent to monitor terminal, which exists It is configurable in configuration file.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered It is considered as the protection scope of the application.

Claims (8)

1. a kind of network monitoring method characterized by comprising
Obtain the address API for inquiring the IP address of network node;
Multiple IP address are obtained using the address API, obtain IP address collection;
Whether detect the IP address concentrates the service performance of the corresponding network node of each IP address abnormal;And
When the service performance for detecting the corresponding network node of IP address occurs abnormal, abnormal IP address and its right will occur The exception information answered is sent to monitor terminal, so that the monitor terminal shows described abnormal IP address and its corresponding occur Exception information,
Before the address API for obtaining the IP address for inquiring network node, the method also includes: it is sent to domain name system To the inquiry request of target domain name;The query result that domain name system returns is received, the target is extracted from the query result The corresponding canonical name of domain name;Using the canonical name preset referring to inquiring the corresponding CDN of the canonical name in table The address API of the information of service provider and the IP address for inquiring network node, wherein will occur abnormal IP address and its While corresponding exception information is sent to monitor terminal, the information of the CDN service quotient is sent to the monitor terminal.
2. concentrating each IP address corresponding the method according to claim 1, wherein detecting the IP address The service performance of network node whether include: extremely
Probe requests thereby is sent to the corresponding network node of each IP address, the total duration of the probe requests thereby is recorded, judges institute State whether total duration is more than preset time;And/or the network of preset times is sent to the corresponding network node of each IP address Test, records the packet loss number of the network test, with calculating each IP using the preset times and the packet loss number The packet loss of the network test of the corresponding network node in location judges whether the packet loss is more than preset threshold;
When judging that the total duration is more than the preset threshold more than the preset time or the packet loss, determine total Duration is more than the clothes of the preset time or the packet loss more than the corresponding network node of IP address of the preset threshold Performance of being engaged in occurs abnormal.
3. concentrating each IP address corresponding the method according to claim 1, wherein detecting the IP address The service performance of network node whether include: extremely
Step A: the IP address that the IP address is concentrated is obtained;
Step B: sending probe requests thereby to the corresponding network node of IP address of acquisition, record the total duration of the probe requests thereby, Judge whether the total duration is more than preset time;And/or preset times are sent to the corresponding network node of the IP address of acquisition Network test, record the packet loss number of the network test, calculated using the preset times and the packet loss number each The packet loss of the network test of the corresponding network node of a IP address, judges whether the packet loss is more than preset threshold;
Step C: when judging that the total duration is more than the preset threshold more than the preset time or the packet loss, Frequency of abnormity adds 1;
Step D: judge whether frequency of abnormity reaches preset times;
When frequency of abnormity is not up to the preset times, returns and execute the step B;
When frequency of abnormity reaches the preset times, the service performance of the corresponding network node of the IP address of the acquisition is determined Occur abnormal.
4. obtaining IP the method according to claim 1, wherein obtaining multiple IP address using the address API Address set includes:
HTTP connection request is sent to the corresponding server in the address API, so that the corresponding server return in the address API includes There is the html file of the IP address of network node;
The html file that the corresponding server in the address API returns is received, is obtained in html file and is wrapped using regular expression The IP address of the network node contained obtains the IP address collection.
5. a kind of network monitor device characterized by comprising
First acquisition unit, for obtaining the address API of the IP address for inquiring network node;
Second acquisition unit obtains IP address collection for obtaining multiple IP address using the address API;
Whether detection unit concentrates the service performance of the corresponding network node of each IP address different for detecting the IP address Often;And
First transmission unit, for will occur when the service performance for detecting the corresponding network node of IP address occurs abnormal Abnormal IP address and its corresponding exception information is sent to monitor terminal, so that the monitor terminal shows that the appearance is abnormal IP address and its corresponding exception information,
Described device further include: the second transmission unit, for obtain for inquire network node IP address the address API it Before, the inquiry request to target domain name is sent to domain name system;Extraction unit, for receiving the inquiry knot of domain name system return Fruit extracts the corresponding canonical name of the target domain name from the query result;
Query unit, for being taken preset referring to inquiring the corresponding CDN of the canonical name in table using the canonical name The information of quotient of being engaged in and the address API of the IP address for inquiring network node, wherein first transmission unit is also used to inciting somebody to action While the IP address and its corresponding exception information for exception occur are sent to monitor terminal, by the information of the CDN service quotient It is sent to the monitor terminal.
6. device according to claim 5, which is characterized in that the detection unit includes:
First judgment module records the detection and asks for sending probe requests thereby to the corresponding network node of each IP address The total duration asked judges whether the total duration is more than preset time;And/or to the corresponding network node of each IP address The network test for sending preset times, records the packet loss number of the network test, utilizes the preset times and the packet loss Number calculates the packet loss of the network test of the corresponding network node of each IP address, judges whether the packet loss is more than pre- If threshold value;
First determining module, for judging that the total duration is more than the preset time or the packet loss is more than described When preset threshold, determine that total duration is more than the preset time or the packet loss is more than the IP address pair of the preset threshold The service performance for the network node answered occurs abnormal.
7. device according to claim 5, which is characterized in that the detection unit includes:
Module is obtained, the IP address concentrated for obtaining the IP address;
Second judgment module sends probe requests thereby for the corresponding network node of IP address to acquisition, records the detection and ask The total duration asked judges whether the total duration is more than preset time;And/or to the corresponding network node of the IP address of acquisition The network test for sending preset times, records the packet loss number of the network test, utilizes the preset times and the packet loss Number calculates the packet loss of the ping test of the corresponding network node of each IP address, judges whether the packet loss is more than pre- If threshold value;
Accumulator module, for judging that the total duration is more than the preset time or the packet loss is more than described default When threshold value, frequency of abnormity adds 1;
Third judgment module, for judging whether frequency of abnormity reaches preset times;
Second determining module, for when frequency of abnormity reaches the preset times, determining that the IP address of the acquisition is corresponding There is exception in the service performance of network node,
Wherein, the second judgment module again examines the IP address of acquisition when frequency of abnormity is not up to the preset times It surveys.
8. device according to claim 5, which is characterized in that the second acquisition unit includes:
Sending module, for sending HTTP connection request to the corresponding server in the address API, so that the address API is corresponding Server return includes the html file of the IP address of network node;
Receiving module, the html file returned for receiving the corresponding server in the address API, is obtained using regular expression The IP address for the network node for including in html file obtains the IP address collection.
CN201510580034.7A 2015-09-11 2015-09-11 Network monitoring method and device Active CN106533722B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510580034.7A CN106533722B (en) 2015-09-11 2015-09-11 Network monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510580034.7A CN106533722B (en) 2015-09-11 2015-09-11 Network monitoring method and device

Publications (2)

Publication Number Publication Date
CN106533722A CN106533722A (en) 2017-03-22
CN106533722B true CN106533722B (en) 2019-06-21

Family

ID=58348105

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510580034.7A Active CN106533722B (en) 2015-09-11 2015-09-11 Network monitoring method and device

Country Status (1)

Country Link
CN (1) CN106533722B (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108696555B (en) * 2017-04-11 2020-01-14 贵州白山云科技股份有限公司 Equipment detection method and device
CN107294780A (en) * 2017-06-29 2017-10-24 重庆邮电大学 Resources-type internet source of trouble localization method based on network monitoring
CN109245955B (en) * 2017-07-10 2022-12-09 阿里巴巴集团控股有限公司 Data processing method and device and server
CN107506298A (en) * 2017-07-28 2017-12-22 杭州销冠网络科技有限公司 A kind of monitoring method and system for business on line
CN107682174B (en) * 2017-08-24 2021-06-01 郑州云海信息技术有限公司 Method for collecting network equipment support data
CN107769957B (en) * 2017-08-30 2018-07-06 贵州白山云科技有限公司 A kind of domain name system failure cause analysis method and device
CN109728920B (en) * 2017-10-27 2020-08-21 贵州白山云科技股份有限公司 Method and device for improving service quality of network service product
CN107894950A (en) * 2017-10-30 2018-04-10 北京奇虎科技有限公司 A kind of equipment detection method, device, server and storage medium
CN108400907B (en) * 2018-02-08 2021-06-01 安徽农业大学 Link packet loss rate reasoning method under uncertain network environment
CN108759920B (en) * 2018-06-04 2021-08-27 深圳源广安智能科技有限公司 Warehouse safety monitoring system based on thing networking
CN108924005B (en) * 2018-06-29 2020-05-12 优刻得科技股份有限公司 Network detection method, network detection apparatus, medium, and device
CN109450699A (en) * 2018-12-06 2019-03-08 合肥海诺恒信息科技有限公司 Integration firm IT operation management system and method
CN111371826B (en) * 2018-12-26 2024-04-09 三六零科技集团有限公司 CDN node performance detection method, device and system
CN111385244B (en) * 2018-12-27 2022-12-27 中国移动通信集团四川有限公司 Abnormal flow identification method, device, equipment, system and medium
CN109614340A (en) * 2018-12-28 2019-04-12 北京微播视界科技有限公司 Exploitation adjustment method, device, electronic equipment and the storage medium of application program
CN110557304B (en) * 2019-09-20 2022-10-14 腾讯科技(深圳)有限公司 Address detection method and device and computer readable storage medium
CN111224959A (en) * 2019-12-29 2020-06-02 西安天互通信有限公司 Server port automatic detection and forwarding defense system and defense method
CN111327592B (en) * 2020-01-19 2022-11-18 陈建慧 Network monitoring method and related device
CN111885145A (en) * 2020-07-20 2020-11-03 北京百度网讯科技有限公司 Switching method, device, equipment and computer storage medium
CN112751745A (en) * 2020-12-28 2021-05-04 上海蓝云网络科技有限公司 Message reminding method and device
CN113472607B (en) * 2021-06-29 2023-05-02 未鲲(上海)科技服务有限公司 Application program network environment detection method, device, equipment and storage medium
CN113691420A (en) * 2021-08-26 2021-11-23 北京基调网络股份有限公司 Method for monitoring CDN quality, electronic equipment, server and storage medium
CN113783755A (en) * 2021-09-15 2021-12-10 云茂互联智能科技(厦门)有限公司 Network monitoring method, network monitoring device, storage medium and electronic device
CN114285763B (en) * 2021-11-26 2023-05-30 中国联合网络通信集团有限公司 Data acquisition method, device and computer readable storage medium
CN114615310A (en) * 2022-03-01 2022-06-10 天翼安全科技有限公司 Method and device for maintaining TCP connection and electronic equipment
CN114629824B (en) * 2022-03-24 2024-03-19 阿里巴巴(中国)有限公司 Packet loss positioning method, device, computing equipment and medium
CN115190045B (en) * 2022-07-06 2024-04-09 南京云柜网络科技有限公司 Monitoring method and device for express cabinet system service, electronic equipment and storage medium
CN115361358B (en) * 2022-08-19 2024-02-06 山石网科通信技术股份有限公司 IP extraction method and device, storage medium and electronic device
CN116170294B (en) * 2023-02-21 2023-07-11 北京志凌海纳科技有限公司 Network anomaly detection method and system for distributed system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741643A (en) * 2009-12-24 2010-06-16 北京世纪互联宽带数据中心有限公司 Content delivery network node detecting method and system
CN102932204A (en) * 2012-11-09 2013-02-13 北京奇虎科技有限公司 Monitoring method and monitoring system of content delivery network
CN102938709A (en) * 2012-11-09 2013-02-20 北京奇虎科技有限公司 Monitoring method and monitoring server for content delivery network (CDN)
CN103428011A (en) * 2012-05-16 2013-12-04 深圳市腾讯计算机系统有限公司 Node state detection method, system and device used in distributed system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9503333B2 (en) * 2013-08-08 2016-11-22 Level 3 Communications, Llc Content delivery methods and systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741643A (en) * 2009-12-24 2010-06-16 北京世纪互联宽带数据中心有限公司 Content delivery network node detecting method and system
CN103428011A (en) * 2012-05-16 2013-12-04 深圳市腾讯计算机系统有限公司 Node state detection method, system and device used in distributed system
CN102932204A (en) * 2012-11-09 2013-02-13 北京奇虎科技有限公司 Monitoring method and monitoring system of content delivery network
CN102938709A (en) * 2012-11-09 2013-02-20 北京奇虎科技有限公司 Monitoring method and monitoring server for content delivery network (CDN)

Also Published As

Publication number Publication date
CN106533722A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106533722B (en) Network monitoring method and device
CN104348803B (en) Link kidnaps detection method, device, user equipment, Analysis server and system
CN105897947B (en) The Network Access Method and device of mobile terminal
CN103001817B (en) A kind of method and apparatus of real-time detection of webpage cross-domain request
CN103794033B (en) Monitoring alarm method and device
CN104932978B (en) A kind of system operation automatic fault selftesting and the method and system of selfreparing
CN102870118B (en) Access method, device and system to user behavior
CN103955507B (en) The method for early warning and device perceived based on user
CN109714209A (en) A kind of diagnostic method and system of website visiting failure
CN104125215B (en) Website domain name kidnaps detection method and system
CN111176941B (en) Data processing method, device and storage medium
CN103248625A (en) Monitoring method and system for abnormal operation of web crawler
CN107147546A (en) Double net heartbeat inspecting method and system
CN105468587A (en) Webpage anomaly monitoring method and apparatus
CN109905262A (en) A kind of monitoring system and monitoring method of CDN device service
CN107395687B (en) Equipment monitoring method, device and system and air conditioner
EP1139221A1 (en) Web monitor
CN109451091A (en) Means of defence and agent equipment
CN105847092A (en) Method and device for monitoring website in real time
CN105262858B (en) Method and device for detecting safety of Domain Name System (DNS) server
CN113765912A (en) Distributed firewall device and detection method thereof
CN110198230A (en) Monitoring method, device, storage medium and the electronic device of application
CN103885877B (en) Method and device for generating simulation browser testing script of HTTP
CN104348669B (en) A kind of Domain Hijacking detection method, system and device
CN108667649B (en) A kind of malfunction elimination method, apparatus and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing

Applicant after: Beijing Guoshuang Technology Co.,Ltd.

Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing

Applicant before: Beijing Guoshuang Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant