CN106789147A - A kind of flow analysis method and device - Google Patents

A kind of flow analysis method and device Download PDF

Info

Publication number
CN106789147A
CN106789147A CN201610285409.1A CN201610285409A CN106789147A CN 106789147 A CN106789147 A CN 106789147A CN 201610285409 A CN201610285409 A CN 201610285409A CN 106789147 A CN106789147 A CN 106789147A
Authority
CN
China
Prior art keywords
message
address
destination address
sdn controllers
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610285409.1A
Other languages
Chinese (zh)
Other versions
CN106789147B (en
Inventor
王海
韩东亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201610285409.1A priority Critical patent/CN106789147B/en
Publication of CN106789147A publication Critical patent/CN106789147A/en
Application granted granted Critical
Publication of CN106789147B publication Critical patent/CN106789147B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design

Abstract

The embodiment of the invention discloses a kind of flow analysis method and device, the method is applied to the software defined network SDN controllers in cluster, and SDN controllers include at least one dummy storage node, and the method includes:The first message of each flow is obtained, by first packet storage to destination virtual memory node;Obtain the first access times set;Receive the second access times set of at least one of the cluster other SDN controllers transmission;According to the first access times set and the second access times set, the total number of first message of the statistics with same source and destination address determines that the corresponding equipment of each source address accesses the number of times of the corresponding equipment of destination address, generates flow analysis result.Using the embodiment of the present invention, the speed of flow analysis is improve, and then improve Consumer's Experience.

Description

A kind of flow analysis method and device
Technical field
The present invention relates to network technique field, more particularly to a kind of flow analysis method and device.
Background technology
In daily life and work, it is often necessary to which the website that user accesses is analyzed.Traditional data In center, when being analyzed to the website that user accesses, it is necessary to all flows in the time period to be analyzed All it is incorporated into an equipment for flow analysis, is parsed by each message to each flow, Reach the purpose being analyzed to the website that user accesses.And with the development of network technology, each network Scale is increasing, and the flow in network is also more and more, in this case, all flows of data center All it is analyzed in an equipment for flow analysis so that the speed of analysis flow can be very slow, Consumer's Experience It is not good.
The content of the invention
The embodiment of the invention discloses a kind of flow analysis method and device, to improve the speed of analysis flow, And then improve Consumer's Experience.
To reach above-mentioned purpose, the embodiment of the invention discloses a kind of flow analysis method, it is applied in cluster Software defined network SDN controllers, the SDN controllers include at least one dummy storage node, institute The method of stating includes:
A kind of flow analysis method, is applied to the software defined network SDN controllers in cluster, the SDN Controller includes at least one dummy storage node, and methods described includes:
The first message of each flow is obtained, by the first packet storage to destination virtual memory node;
Obtain the first access times set;The first access times set is included:Local each virtual memory The first message number sum of source address and destination address identical that node is calculated;
Receive the second access times set of at least one of described cluster other SDN controllers transmission;
According to first access times set and the second access times set, statistics has identical sources ground The total number of the first message of location and destination address, determines that the corresponding equipment of each source address accesses destination address The number of times of corresponding equipment, generates flow analysis result.
Optionally, the destination virtual memory node is:Dummy storage node in the SDN controllers or With the dummy storage node in other SDN controllers in the cluster.
Optionally, it is described by the first packet storage to destination virtual memory node, including:
Store the first message is corresponding with the mark of the SDN controllers to destination virtual memory node In.
Optionally, the first access times set of the acquisition, including:
The dummy storage node according to default first Receive message condition, from locally stored first report At least one first message is obtained in text;The source address and destination address of each first message are analyzed, source is calculated Address and the number of the first message of destination address identical;
The SDN controllers obtain source address and the destination address that local each dummy storage node is calculated The number of the first message of identical, the number of the first message being calculated to local each dummy storage node Sum up, obtain the first access times set.
Optionally, the source address and destination address for analyzing each first message, calculates source address and purpose The number of the first message of address identical, including:
The destination address that will be carried in first message comprising same source is stored in same address file; The identical destination address stored in each address file is merged into a destination address, and counts merging time Number;According to the merging number of times of statistics, the number of source address first message identical with destination address is determined.
To reach above-mentioned purpose, the embodiment of the invention also discloses a kind of flow analysis device, cluster is applied to In software defined network SDN controllers, the SDN controllers include at least one dummy storage node, Described device includes:
Packet storage module, the first message for obtaining each flow, by the first packet storage to mesh Mark dummy storage node;
Set obtains module, for obtaining the first access times set;The first access times set is included: Source address and the first message number sum of destination address identical that local each dummy storage node is calculated;
Set receiver module, for receive that at least one of described cluster other SDN controllers send the Two access times set;
Result-generation module, for according to first access times set and the second access times set, The total number of first message of the statistics with same source and destination address, determines that each source address is corresponding Equipment accesses the number of times of the corresponding equipment of destination address, generates flow analysis result.
Optionally, the destination virtual memory node is:Dummy storage node in the SDN controllers or With the dummy storage node in other SDN controllers of the cluster.
Optionally, the packet storage module, specifically for:
The first message of each flow is obtained, the first message is stored with the mark of the SDN controllers Into the first message destination virtual memory node.
Optionally, the set obtains module, including:
Number calculating sub module, is arranged in the dummy storage node, for according to default first message Acquisition condition, obtains at least one first message from locally stored first message;Analyze each first The source address and destination address of message, calculate the number of source address and the first message of destination address identical;
Set obtains submodule, is arranged in the SDN controllers, for obtaining local each virtual memory Source address and the number of the first message of destination address identical that node is calculated, virtually deposit to local each The number of the first message that storage node is calculated is summed up, and obtains the first access times set.
Optionally, the number calculating sub module, including:
Receive message unit, for according to default first Receive message condition, from locally stored first At least one first message is obtained in message;
Number computing unit, for the destination address storage that will be carried in the first message comprising same source In same address file;The identical destination address stored in each address file is merged into a purpose Address, and count merging number of times;According to the merging number of times of statistics, source address head identical with destination address is determined The number of individual message.
From the foregoing, it will be observed that in the embodiment of the present invention, each first packet storage mesh that SDN controllers are obtained Mark dummy storage node, obtains the first access times set, and the first access times set is included:It is local each Source address and the number sum of the first message of destination address identical that individual dummy storage node is calculated, meanwhile, The SDN controllers receive the second access times collection of at least one other SDN controllers transmission in same cluster Close, according to the first access times set and the second access times set, statistics has same source and purpose The total number of the first message of address, the mesh that the corresponding equipment of each source address is accessed is determined according to the total number The corresponding equipment in address number of times, and then generate flow analysis result.Here, SDN controllers equivalent to One flow analysis equipment, each SDN controller obtains an access times set respectively, then by a SDN The access times set that controller is obtained according to each SDN controller, statistics source address is identical with destination address First message total number, reduce the data volume that single SDN controllers are calculated, improve flow analysis Speed, and then improve Consumer's Experience.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to implementing Example or the accompanying drawing to be used needed for description of the prior art are briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying On the premise of going out creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of structural representation of flow analysis system provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of flow analysis method provided in an embodiment of the present invention;
Fig. 3 is a kind of first packet storage form schematic diagram provided in an embodiment of the present invention;
Fig. 4 is the process schematic of first time MapReduce computings provided in an embodiment of the present invention;
Fig. 5 is the process schematic of second MapReduce computings provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation of flow analysis device provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation Property work under the premise of the every other embodiment that is obtained, belong to the scope of protection of the invention.
Below by specific embodiment, the present invention is described in detail.
With reference to Fig. 1, Fig. 1 is a kind of structural representation of flow analysis system provided in an embodiment of the present invention, should Flow analysis system is applied to a cluster of data center, and the cluster includes at least two SDN controllers 101, every SDN controllers 101 include at least one dummy storage node 102;
Wherein, SDN controllers 101, obtain the first message of each flow, by first packet storage to target Dummy storage node;Here, source address and destination address are carried in first message;
SDN controllers 101, obtain the first access times set;Here, the first access times set is included: Source address that local each dummy storage node 102 is calculated and the first message number of destination address identical it With;
Dummy storage node 102, for calculating source address and the first message number of destination address identical;
SDN controllers 101, can also receive and be at least one of same cluster other SDN controllers with it 101 the second access times set for sending;
Here, first and second access times set is included:Source address, destination address and source address and mesh The first message number sum of address identical.
SDN controllers 101, according to the first access times set and the second access times set, statistics has phase The total number of the first message of homologous address and destination address, determines the mesh that each source address corresponding device is accessed Address corresponding device number of times, generate flow analysis result.
In a kind of implementation of the invention, any one the SDN controller 101 in cluster can pass through Said process determines the number of times of the destination address corresponding device that each source address corresponding device is accessed, and generates stream Amount analysis result.
In a kind of implementation of the invention, DataNode is disposed (here, on SDN controllers 101 DataNode is equivalent to dummy storage node) and HDFS (Hadoop Distributed File System, distribution Formula file system) client, so, SDN controllers 101 are after first message is received, it is possible to pass through HDFS clients, by first packet storage to destination virtual memory node.In addition, SDN controllers 101 are also Data first message of the storage in dummy storage node can be read by HDFS clients.
In addition, in a kind of implementation of the invention, the multiple first message comprising same source, its The destination address of carrying might not be identical.Calculating the number of source address first message identical with destination address When, the destination address that local each dummy storage node 102 will be carried in the first message comprising same source Storage merges into one in same address file, then by the identical destination address stored in the address file Destination address, statistics merges number of times;According to the merging number of times of statistics, determine that source address is identical with destination address First message number.
It is assumed that the first message that dummy storage node N is obtained has 4, respectively:X1, X2, X3, X4, The source address and destination address of this 4 first messages are respectively:{X1:Source address a1, destination address b2 }, { X2: Source address a1, destination address b1 }, { X3:Source address a2, destination address b2 }, { X4:Source address a1, mesh Address b2, now, X1, X2, X4 include source address a1, then dummy storage node N is by the mesh of X1 Address b2, X2 destination address b1, X4 purpose set address b2 storage the entitled a1 of file address file In, the destination address b2 of X3 is stored in the address file of the entitled a2 of file, so, the ground of the entitled a1 of file Included in the file of location:b2、b1、b2;Included in the address file of the entitled a2 of file:b2.In the entitled a1 of file Address file in include two b2, a b1, the two b2 are merged into a b2, determine that file is entitled The merging number of times of b2 is that the merging number of times of 1, b1 is 0 in the address file of a1, in the address file of the entitled a2 of file In include a b2, determine that the merging number of times of b2 in the address file of the entitled a2 of file is 0, to each purpose The corresponding number of times that merges in address adds 1, so that it is determined that going out the number of source address and the first message of destination address identical For:The number of the first message of a1 and b2 identicals is that the number of 2, the first message of a1 and b1 identicals is 1, a2 It is 1 with the number of the first message of b2 identicals.
Specifically, with reference to Fig. 2, Fig. 2 is that a kind of flow of flow analysis method provided in an embodiment of the present invention is shown It is intended to, is applied to SDN controllers, the SDN controllers includes at least one dummy storage node, the method Including:
S201:The first message of each flow is obtained, the first packet storage that will be obtained is deposited to destination virtual Storage node;
In a kind of implementation of the invention, every flow sends when flow table is applied for SDN controllers First message, carries source address and destination address in the first message.
In addition, above-mentioned destination virtual memory node can be the dummy storage node in SDN controllers, also may be used Being the dummy storage node in other SDN controllers for belong to same cluster with SDN controllers.
In a kind of implementation of the invention, SDN controllers are controlled after first message is received from SDN In corresponding each dummy storage node of the affiliated cluster of device processed, a destination virtual memory node is determined, In one embodiment of the present of invention, determine that a destination virtual memory node can be:The content that will be stored Minimum dummy storage node is defined as destination virtual memory node;Determine a destination virtual memory node Can also be:To store to receive the most fast dummy storage node of the first message that obtains and be defined as destination virtual and deposit Storage node.HDFS clients on the SDN controllers are first by what is received according to Hadoop storage rules Packet storage to a destination virtual memory node, here Hadoop storage rules is prior art, herein not Repeat again.
In a kind of implementation of the invention, the first packet storage that will be obtained to destination virtual is stored and saved Point, Ke Yiwei:Store to destination virtual corresponding with the mark of SDN controllers of first message that will be obtained is deposited In storage node.So, when the first message stored in needing to read dummy storage node, can be according to SDN The mark of controller, rapidly obtains the first message of storage corresponding with the mark of the SDN controllers.
In a kind of implementation of the invention, message file is pre-created in dummy storage node.Now, The above-mentioned first message that will be obtained is corresponding with the mark of SDN controllers to be stored to destination virtual memory node In, Ke Yiwei:According to the time, the first message storage corresponding with the mark of SDN controllers that will be obtained exists In same message file, such as:The first message that the SDN controllers on April 11st, 2015 are received is stored in together In one message file, it is to avoid a message file includes the head from multiple SDN controllers and/or multiple dates The content of individual message so that excessive first message is stored in the message file, causes user quick The first message of needs is acquired, and the first message that SDN controllers are received is stored same according to the time Message file, user just can rapidly obtain the first of needs according to the mark of SDN controllers, time Message.In one embodiment, the naming method of message file can be:Mark+the days of SDN controllers Day+sequence number.It is assumed that currently have a message file of entitled A201504110001, wherein, A is SDN The mark of controller, 20150411 is the date, and 0001 is sequence number, and the content of its storage is as shown in table 1.
Table 1
The transmission time of first message Source address Destination address First message content
20151020101010000 10.1.1.10 20.1.1.10 ……
20151020101010005 10.1.1.10 20.1.1.10 ……
20151020101010005 10.1.1.10 10.3.1.10 ……
20151020101010006 10.1.1.11 10.1.2.10 ……
A first message is represented per a line in above-mentioned table 1, wherein, the transmission time of first message includes:Year, The moon, day, when, minute, second, millisecond, first message content can include:The interface of source address corresponding device The information such as mark, the interface identifier of destination address corresponding device, network identity.In one embodiment, it is first Individual message is stored in message file in a text form, first for the ease of distinguishing each first message Message is stored in message file in rows, it is, storing a first message, such as table 1 per a line In first message when storing in the form of text, its storage form is as shown in Figure 3.
S202:Obtain the first access times set;
Here, the first access times set is included:Source address that local each dummy storage node is calculated and The first message number sum of destination address identical.
In a kind of implementation of the invention, in order to further speed up the speed of calculating, source address is being calculated During message number first with destination address identical, source address and purpose are first calculated by each dummy storage node The first message number of address identical, SDN controllers count what local each dummy storage node was calculated again Source address and the first message number sum of destination address identical.Here, each dummy storage node calculates source Address and the first message number of destination address identical, detailed process can include:
S1, according to default first Receive message condition, from the first message that this dummy storage node has been stored At least one first message of middle acquisition;
Can be pre-set in a kind of implementation of the invention, in SDN controllers a time point t1 and when Between section T2, default first Receive message condition is:If current time is time point t1, according in first message The transmission time of carrying, obtain first message of the transmission time in time period T2.For example, time point t1 is icepro Morning 03:00, time period T2 are 24 hours before time point t1, it is, mornings of the time period T2 for the previous day 03:The morning 03 on 00 to the same day:00, if current time is morning at time point 03:00, the transmission time is obtained in the time The first message that this dummy storage node in section T2 has been stored.
Preferably, time point t1 is 03:00, because generally, 03:The stream of SDN controllers treatment when 00 Amount forwarding service is all fewer, so, can accelerate SDN controllers to flow analyze speed, and not shadow Ring treatment of the SDN controllers to flow forwarding service.
S2, the source address and destination address of analyzing each first message, calculate source address identical with destination address First message number;
In a kind of implementation of the invention, step S2 can include:
S21, the destination address that will be carried in the first message comprising same source are stored in same address file In;
It is assumed that dummy storage node N1 obtains first message 4, source address and mesh that each first message is carried Address it is as shown in table 2.
Table 2
Analytical table 2 is obtained, and the source address 10.1.1.10 of A, B, C this 3 first messages is identical, virtual memory section The destination address that point N1 carries A, B, C is stored in the entitled 10.1.1.10 address files of file, the address { 20.1.1.10,20.1.1.10,10.3.1.10 } is included in file;In addition, dummy storage node N1 carries D Destination address store in the entitled 10.1.1.11 address files of address file, included in the address file {10.1.2.10}。
S22, the identical destination address stored in each address file is merged into a destination address, and united Meter merges number of times;
As in S21 it is assumed that the destination address that is stored with the address file of the entitled 10.1.1.10 of file 20.1.1.10, 20.1.1.10,10.3.1.10 }, two 20.1.1.10 are included in the address file, 20.1.1.10 is merged, Now the merging number of times for 20.1.1.10 is 1 time, and the merging number of times for 10.3.1.10 is 0 time.In addition, literary Destination address { 10.1.2.10 } is only stored in the address file of the entitled 10.1.1.11 of part, for the conjunction of 10.1.2.10 And number of times is 0 time.
S23, the merging number of times according to statistics, determine the number of source address and the first message of destination address identical.
According to the merging number of times obtained in S22, add 1 by merging number of times, it may be determined that source address and destination address The number of the first message of identical is as shown in table 3.
Table 3
Dummy storage node, after the number that source address and the first message of destination address identical is determined, will The number of source address, destination address and the first message for determining is sent to SDN controllers, SDN controls The number of the first message that device determines to local each dummy storage node is summed up, and is obtained first and is accessed secondary Manifold is closed.
It is assumed that in addition to dummy storage node N1 of the SDN controllers in comprising S21, also comprising a virtual memory In node N2, dummy storage node N2 determines source address 10.1.1.10 and destination address 20.1.1.10 identicals The number of first message is 1, with reference to the number of the first message obtained in above-mentioned table 3, can finally be determined: The number of the first message of source address 10.1.1.10 and destination address 20.1.1.10 is 3, source address 10.1.1.10 and mesh Address 10.3.1.10 first message number be 1, the head of source address 10.1.1.11 and destination address 10.1.2.10 The number of individual message is 1;The number of the first message according to the final determination, obtains the first access times set.
In one embodiment of the invention, dummy storage node can be using mapping stipulations MapReduce algorithms Determine the number of source address first message identical with destination address.
Specifically, using MapReduce algorithms determine source address and the first message of destination address identical , it is necessary to carry out MapReduce computings twice during number:
The computing of first time MapReduce:
The each first message that will be obtained using key/value to mode as Map the first input value, wherein, key For first message side-play amount of the start memory location in this dummy storage node (such as:First packet storage In message file, key can be skew of the start memory location of the first message in the message file Amount), it is first message to be worth.After Map has processed the first input value, the source address and mesh in first message are obtained Address, and the source address and destination address of acquisition are sent to Reduce, Reduce is by source address identical Item merges, and the destination address in source address identical entry is stored in specified address file.
Second MapReduce computing:
Destination address in the address file that the computing of first time MapReduce is obtained using key/value to mode as Second input value of Map, wherein, key is the start memory location of destination address in address file in address file In side-play amount, it is purpose address to be worth.After Map has processed the second input value, the key of each key/value centering becomes It is purpose address, value is changed into 1, after deforming by Shuffie, merges the key/value pair with same keys, and will Key/value after merging travels through each key to being sent to Reduce, Reduce, and the corresponding Data-Statistics of each key are added With.Now, according to the corresponding source address of address file, statistics plus and rear key in destination address, Yi Jitong The numerical value in adding and being worth afterwards is counted, the number of source address and the first message of destination address identical is determined.
It is assumed that dummy storage node is when the number of source address and the first message of destination address identical is calculated, The first message for obtaining is 4 first messages as shown in Figure 3, carries out the process of first time MapReduce computing As shown in figure 4, specifically, it is determined that the first input value, such as (0, 20151020101010000010001001010020001001010 ...), wherein, " 0 " in key is this Side-play amount of the key/value to the start memory location of corresponding first message in message file, in value " 20151020101010000010001001010020001001010 ... " are first message;It is defeated by first Enter value and be sent to Map, Map obtains source address and the destination of each starting message from the first input value Location, such as " 010001001010,020001001010 ", wherein, 010001001010 is source address, 020001001010 is purpose address;The source address and destination address of acquisition are sent to Reduce, Reduce After source address identical is merged, 2 address files are obtained, respectively:The ground of the entitled 10.1.1.10 of file The address file of location file and the entitled 10.1.1.11 of file, includes mesh in the address file of the entitled 10.1.1.10 of file Address { 020001001010,020001001010,010003001010 }, the entitled 10.1.1.11 addresses of file Destination address { 010001002010 } is included in file;
The two address files are carried out with second MapReduce computing, its process as shown in figure 5, specifically, Determine the second input value, such as (0,020001001010), wherein, " 0 " in key is the key/value to correspondence Destination address side-play amount of the start memory location in message file, " 020001001010 " in value It is purpose address;Second input value is sent to Map, Map becomes from the second input value to key-value pair Change, the key of each key/value centering is changed into destination address, value is changed into 1, such as by (0,020001001010) (020001001010,1) is transformed to, by after Shuffie deformations, merging the key/value pair with same keys, Such as, there are two keys of key/value pair after conversion for " 020001001010 ", after Shuffie deforms, Ke Yibian Shape is (020001001010, [1,1]);By the key/value after deformation to being sent to Reduce, Reduce traversals Each key, the corresponding Data-Statistics of each key are added and, e.g., to (020001001010, [1, the 1]) key assignments To Data-Statistics add and, can obtain (020001001010,2).
Now combine address filename, statistics plus and rear key in destination address, and statistics plus and rear value in Numerical value, determine the number of source address and the first message of destination address identical:Comprising source address 10.1.1.10 Number with the first message of destination address 20.1.1.10 is 2, it is determined that comprising source address 10.1.1.10 and destination The number of the first message of location 10.3.1.10 is 1, it is determined that comprising source address 10.1.1.11 and destination address 10.1.2.10 First message number be 1.
S203:Receive the second access times set that at least one of cluster other SDN controllers send;
Here, SDN controllers can receive its every other SDN controllers in the cluster send the Two access times set, it is also possible to receive the second access times that any one or more SDN controllers send Set.
It is noted that obtaining the method for the second access times set and obtaining the first access times set Method is identical, and first and second access times set includes:Source address, destination address and source address and The number of the first message of destination address identical.
S204:According to the first access times set and the second access times set, statistics has same source With the total number of the first message of destination address, determine that the corresponding equipment of each source address accesses destination address pair The number of times of the equipment answered, generates flow analysis result.
Here, flow analysis result is included:The number of times of the purpose that source address, destination address and source access. Herein, destination address can be the address of the website that user accesses, according to the source included in flow analysis result The corresponding relation of the number of times of the purpose that address, destination address and source access, user just can obtain each source The corresponding equipment in address accesses the number of times of same website.
It is assumed that statistics obtains total of source address 10.1.1.10 and the first message of destination address 20.1.1.10 identicals Number be 4, it is determined that the website of the corresponding equipment reference address 20.1.1.10 of source address of address 10.1.1.10 time Number is 4.
In a kind of implementation of the invention, the address included in flow analysis result is IP address, if will IP address shows user, and which the website that user can not get information about the corresponding equipment access of source address is Website, therefore, after flow analysis result is generated, can also include:
Flow analysis result is sent to dns server, the dns server will be included in flow analysis result Source address and destination address resolve to domain name, and the domain name for obtaining will be parsed show user, so, use Family can just get information about according to domain name is which website is the corresponding equipment of which source address have accessed.
If in addition, user should also be understood that the corresponding equipment of source address access a certain website in what has done, SDN controllers can obtain the source address and destination stored in dummy storage node by HDFS clients The corresponding first message in location, and then the information of user's needs is obtained from the first message for obtaining.
Using embodiment illustrated in fig. 1, each first packet storage destination virtual that SDN controllers are obtained is deposited Storage node, obtains the first access times set, and the first access times set is included:Local each is virtually deposited Source address and the number sum of the first message of destination address identical that storage node is calculated, meanwhile, the SDN Controller receives the second access times set of at least one other SDN controllers transmission in same cluster, root According to the first access times set and the second access times set, statistics is with same source and destination address The total number of first message, determines that the corresponding equipment of each source address accesses destination address pair according to the total number The number of times of the equipment answered, and then generate flow analysis result.Here, SDN controllers are equivalent to a flow Analytical equipment, each SDN controller obtains an access times set respectively, then by a SDN controller According to the access times set that each SDN controller is obtained, statistics source address and destination address identical are first The total number of message, reduces the data volume that single SDN controllers are calculated, and improves the speed of flow analysis, And then improve Consumer's Experience.
With reference to Fig. 6, Fig. 6 is a kind of structural representation of flow analysis device provided in an embodiment of the present invention, should For the software defined network SDN controllers in cluster, SDN controllers include at least one virtual memory section Point, the device includes:
Packet storage unit 601, the first message for obtaining each flow, each first report that will be obtained Corresponding destination virtual memory node is arrived in text storage;Here, source address and destination are carried in first message Location;
Set obtaining unit 602, for obtaining the first access times set;First access times set is included: Source address and the first message number sum of destination address identical that local each dummy storage node is calculated;
Set receiving unit 603, for receiving sent with least one of cluster other SDN controllers the Two access times set;
As a result generation unit 604, for according to the first access times set and the second access times set, statistics The total number of the first message with same source and destination address, determines the corresponding equipment of each source address The number of times of the corresponding equipment of destination address is accessed, flow analysis result is generated.
In a kind of implementation of the invention, destination virtual memory node is:Void in the SDN controllers Intend the dummy storage node in other SDN controllers of memory node or cluster.
In a kind of implementation of the invention, packet storage unit 601, specifically for:
The first message of each flow is obtained, is stored first message is corresponding with the mark of SDN controllers to mesh In mark dummy storage node.
In a kind of implementation of the invention, set obtains module 602, can include:
Number calculating sub module, is arranged in dummy storage node, for according to default first Receive message Condition, obtains at least one first message from locally stored first message;Analyze each first message Source address and destination address, calculate the number of source address and the first message of destination address identical;
Set obtains submodule, is arranged in SDN controllers, for obtaining local each dummy storage node The source address and the number of the first message of destination address identical being calculated, to local each virtual memory section The number of the first message that point is calculated is summed up, and is obtained the first access times set and (is not shown in Fig. 6 Go out).
In a kind of implementation of the invention, number calculating sub module can include:
Receive message unit, for according to default first Receive message condition, from locally stored first At least one first message is obtained in message;
Number computing unit, for the destination address storage that will be carried in the first message comprising same source In same address file;The identical destination address stored in each address file is merged into a purpose Address, and count merging number of times;According to the merging number of times of statistics, source address head identical with destination address is determined The number of individual message.
Using embodiment illustrated in fig. 6, each first packet storage destination virtual that SDN controllers are obtained is deposited Storage node, obtains the first access times set, and the first access times set is included:Local each is virtually deposited Source address and the number sum of the first message of destination address identical that storage node is calculated, meanwhile, the SDN Controller receives the second access times set of at least one other SDN controllers transmission in same cluster, root According to the first access times set and the second access times set, statistics is with same source and destination address The total number of first message, determines that the corresponding equipment of each source address accesses destination address pair according to the total number The number of times of the equipment answered, and then generate flow analysis result.Here, SDN controllers are equivalent to a flow Analytical equipment, each SDN controller obtains an access times set respectively, then by a SDN controller According to the access times set that each SDN controller is obtained, statistics source address and destination address identical are first The total number of message, reduces the data volume that single SDN controllers are calculated, and improves the speed of flow analysis, And then improve Consumer's Experience.
For system, device embodiment, because it is substantially similar to embodiment of the method, so description Fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these There is any this actual relation or order between entity or operation.And, term " including ", "comprising" Or any other variant thereof is intended to cover non-exclusive inclusion, so that a series of mistake including key elements Journey, method, article or equipment not only include those key elements, but also other including being not expressly set out Key element, or it is this process, method, article or the intrinsic key element of equipment also to include.Do not having In the case of more limitations, the key element limited by sentence "including a ...", it is not excluded that wanted including described Also there is other identical element in process, method, article or the equipment of element.
One of ordinary skill in the art will appreciate that realizing all or part of step in above method implementation method Program be can be by instruct the hardware of correlation to complete, described program can be stored in computer-readable In taking storage medium, storage medium designated herein, such as:ROM/RAM, magnetic disc, CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the scope of the present invention. All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in In protection scope of the present invention.

Claims (10)

1. a kind of flow analysis method, is applied to the software defined network SDN controllers in cluster, its feature It is that the SDN controllers include at least one dummy storage node, methods described includes:
The first message of each flow is obtained, by the first packet storage to destination virtual memory node;
Obtain the first access times set;The first access times set is included:Local each virtual memory The first message number sum of source address and destination address identical that node is calculated;
Receive the second access times set of at least one of described cluster other SDN controllers transmission;
According to first access times set and the second access times set, statistics has identical sources ground The total number of the first message of location and destination address, determines that the corresponding equipment of each source address accesses destination address The number of times of corresponding equipment, generates flow analysis result.
2. method according to claim 1, it is characterised in that the destination virtual memory node is: Dummy storage node in the SDN controllers or with the cluster in other SDN controllers in it is virtual Memory node.
3. method according to claim 1, it is characterised in that described to arrive the first packet storage Destination virtual memory node, including:
Store the first message is corresponding with the mark of the SDN controllers to destination virtual memory node In.
4. method according to claim 1, it is characterised in that the acquisition the first access times set, Including:
The dummy storage node according to default first Receive message condition, from locally stored first report At least one first message is obtained in text;The source address and destination address of each first message are analyzed, source is calculated Address and the number of the first message of destination address identical;
The SDN controllers obtain source address and the destination address that local each dummy storage node is calculated The number of the first message of identical, the number of the first message being calculated to local each dummy storage node Sum up, obtain the first access times set.
5. method according to claim 4, it is characterised in that the source of the analysis each first message Address and destination address, calculate the number of source address and the first message of destination address identical, including:
The destination address that will be carried in first message comprising same source is stored in same address file; The identical destination address stored in each address file is merged into a destination address, and counts merging time Number;According to the merging number of times of statistics, the number of source address first message identical with destination address is determined.
6. a kind of flow analysis device, is applied to the software defined network SDN controllers in cluster, its feature It is that the SDN controllers include at least one dummy storage node, described device includes:
Packet storage module, the first message for obtaining each flow, by the first packet storage to mesh Mark dummy storage node;
Set obtains module, for obtaining the first access times set;The first access times set is included: Source address and the first message number sum of destination address identical that local each dummy storage node is calculated;
Set receiver module, for receive that at least one of described cluster other SDN controllers send the Two access times set;
Result-generation module, for according to first access times set and the second access times set, The total number of first message of the statistics with same source and destination address, determines that each source address is corresponding Equipment accesses the number of times of the corresponding equipment of destination address, generates flow analysis result.
7. device according to claim 6, it is characterised in that the destination virtual memory node is: Dummy storage node in the SDN controllers or with other SDN controllers of the cluster in virtual deposit Storage node.
8. device according to claim 6, it is characterised in that the packet storage module, it is specific to use In:
The first message of each flow is obtained, the first message is corresponding with the mark of the SDN controllers Store into the first message destination virtual memory node.
9. device according to claim 6, it is characterised in that the set obtains module, including:
Number calculating sub module, is arranged in the dummy storage node, for according to default first message Acquisition condition, obtains at least one first message from locally stored first message;Analyze each first The source address and destination address of message, calculate the number of source address and the first message of destination address identical;
Set obtains submodule, is arranged in the SDN controllers, for obtaining local each virtual memory Source address and the number of the first message of destination address identical that node is calculated, virtually deposit to local each The number of the first message that storage node is calculated is summed up, and obtains the first access times set.
10. device according to claim 9, it is characterised in that the number calculating sub module, including:
Receive message unit, for according to default first Receive message condition, from locally stored first At least one first message is obtained in message;
Number computing unit, for the destination address storage that will be carried in the first message comprising same source In same address file;The identical destination address stored in each address file is merged into a purpose Address, and count merging number of times;According to the merging number of times of statistics, source address head identical with destination address is determined The number of individual message.
CN201610285409.1A 2016-04-29 2016-04-29 Flow analysis method and device Active CN106789147B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610285409.1A CN106789147B (en) 2016-04-29 2016-04-29 Flow analysis method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610285409.1A CN106789147B (en) 2016-04-29 2016-04-29 Flow analysis method and device

Publications (2)

Publication Number Publication Date
CN106789147A true CN106789147A (en) 2017-05-31
CN106789147B CN106789147B (en) 2020-09-25

Family

ID=58972195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610285409.1A Active CN106789147B (en) 2016-04-29 2016-04-29 Flow analysis method and device

Country Status (1)

Country Link
CN (1) CN106789147B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450798A (en) * 2018-12-13 2019-03-08 郑州云海信息技术有限公司 The management method and computer readable storage medium of routing table information
CN109462580A (en) * 2018-10-24 2019-03-12 全球能源互联网研究院有限公司 Training flow detection model, the method and device for detecting service traffics exception
CN112800142A (en) * 2020-12-15 2021-05-14 赛尔网络有限公司 MR (magnetic resonance) job processing method and device, electronic equipment and storage medium
CN113259187A (en) * 2021-07-12 2021-08-13 深圳市永达电子信息股份有限公司 SDN-based traffic stack analysis method, system and computer-readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335709A (en) * 2008-08-07 2008-12-31 杭州华三通信技术有限公司 Method for implementing load sharing among flow analysis servers and shunting equipment
CN101741633A (en) * 2008-11-06 2010-06-16 北京启明星辰信息技术股份有限公司 Association analysis method and system for massive logs
CN101808017A (en) * 2010-03-26 2010-08-18 中国科学院计算技术研究所 Method and system for quantificationally calculating network abnormity index
WO2016027221A1 (en) * 2014-08-18 2016-02-25 Telefonaktiebolaget L M Ericsson (Publ) A method and system to dynamically collect statistics of traffic flows in a software-defined networking (sdn) system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101335709A (en) * 2008-08-07 2008-12-31 杭州华三通信技术有限公司 Method for implementing load sharing among flow analysis servers and shunting equipment
CN101741633A (en) * 2008-11-06 2010-06-16 北京启明星辰信息技术股份有限公司 Association analysis method and system for massive logs
CN101808017A (en) * 2010-03-26 2010-08-18 中国科学院计算技术研究所 Method and system for quantificationally calculating network abnormity index
WO2016027221A1 (en) * 2014-08-18 2016-02-25 Telefonaktiebolaget L M Ericsson (Publ) A method and system to dynamically collect statistics of traffic flows in a software-defined networking (sdn) system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462580A (en) * 2018-10-24 2019-03-12 全球能源互联网研究院有限公司 Training flow detection model, the method and device for detecting service traffics exception
CN109462580B (en) * 2018-10-24 2021-03-30 全球能源互联网研究院有限公司 Training flow detection model, method and device for detecting abnormal business flow
CN109450798A (en) * 2018-12-13 2019-03-08 郑州云海信息技术有限公司 The management method and computer readable storage medium of routing table information
CN112800142A (en) * 2020-12-15 2021-05-14 赛尔网络有限公司 MR (magnetic resonance) job processing method and device, electronic equipment and storage medium
CN112800142B (en) * 2020-12-15 2023-08-08 赛尔网络有限公司 MR job processing method, device, electronic equipment and storage medium
CN113259187A (en) * 2021-07-12 2021-08-13 深圳市永达电子信息股份有限公司 SDN-based traffic stack analysis method, system and computer-readable storage medium
CN113259187B (en) * 2021-07-12 2021-10-26 深圳市永达电子信息股份有限公司 SDN-based traffic stack analysis method, system and computer-readable storage medium

Also Published As

Publication number Publication date
CN106789147B (en) 2020-09-25

Similar Documents

Publication Publication Date Title
CN103886047B (en) Towards the online recommendation method of distribution of stream data
CN106326361B (en) Data query method and device based on HBase database
CN106789147A (en) A kind of flow analysis method and device
TW201430598A (en) Method and server for searching and determining active areas
CN105989076A (en) Data statistical method and device
CN102667761A (en) Scalable cluster database
CN109710611B (en) The method of storage table data, the method, apparatus of lookup table data and storage medium
JP2019512764A (en) Method and apparatus for identifying the type of user geographical location
CN101694672A (en) Distributed safe retrieval system
CN106874356B (en) Geographical location information management method and device
CN105099729A (en) User ID (Identification) recognition method and device
JP2018517218A (en) Location information providing method and apparatus
CN106952085B (en) Method and device for data storage and service processing
CN108304404B (en) Data frequency estimation method based on improved Sketch structure
CN107291746A (en) A kind of method and apparatus for storing and reading data
CN107562762A (en) Data directory construction method and device
CN104636384B (en) A kind of method and device handling document
CN110909072B (en) Data table establishment method, device and equipment
CN111562990B (en) Lightweight serverless computing method based on message
Liu et al. Parallelizing uncertain skyline computation against n‐of‐N data streaming model
CN104794237A (en) Web page information processing method and device
CN102087655A (en) Web site system capable of embodying interpersonal relation net
CN110019054A (en) Log De-weight method and system, content distribution network system
CN114756622A (en) Government affair data sharing exchange system based on data lake
US20210042328A1 (en) Partitioning data in a clustered database environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant