CN106982179A - A kind of method for controlling network flow and switch device - Google Patents
A kind of method for controlling network flow and switch device Download PDFInfo
- Publication number
- CN106982179A CN106982179A CN201611257763.XA CN201611257763A CN106982179A CN 106982179 A CN106982179 A CN 106982179A CN 201611257763 A CN201611257763 A CN 201611257763A CN 106982179 A CN106982179 A CN 106982179A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- encapsulation
- image flow
- routed encapsulation
- routed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of method for controlling network flow, it includes:Mirror image is carried out to the message transmitted in network;Routed encapsulation is carried out for the mirror image flow of the message;And from locally exporting the mirror image flow through routed encapsulation.In addition, present invention also offers a kind of switch device, it includes:Mirror module, for carrying out mirror image to the message transmitted in network;Package module, for carrying out routed encapsulation for the mirror image flow of the message;And export module, for from locally exporting the mirror image flow through routed encapsulation.
Description
Technical field
This invention relates generally to network O&M technical field technical field, and in particular it relates to control of network flow quantity
Scheme.
Background technology
With the popularization of internet, the monitoring to network traffics turns into the important component in the network operation and maintenance.
In order to not influence normal data in network to send, while analyzing network traffics, the method generally used is interchanger
Port Mirroring, that is, the flow of actual transmissions in switch-link is completely copied to some destination, then by network
Keeper finds out network reason of problems by analyser in destination as flow, is included in backstage in network
Data flow, throughput performance, failure misarrangement and security exception etc. are analyzed.
However, current Port Mirroring analysis includes mirror image flow routing to remote location, the mirror image flow after encapsulation
Same link resource is shared with normal flow, this flow that will normally be forwarded in influence network.
It is therefore desired to control of network flow quantity scheme a kind of simple and easy to apply and inexpensive be designed, to mitigate or keep away
Exempt from the interference of the mirror image flow normal stream amount for network analysis.
The content of the invention
In view of this, the invention provides a kind of control of network flow quantity scheme, above mentioned problem can be improved.
On the one hand, the invention provides a kind of method for controlling network flow, it includes:The message transmitted in network is carried out
Mirror image;Routed encapsulation is carried out for the mirror image flow of the message;And from locally exporting the mirror image flow through routed encapsulation.
Method as described above, wherein, from the mirror image flow through routed encapsulation is locally exported including being on the local device
Mirror image flow through routed encapsulation reserves port, and exports the mirror image flow through routed encapsulation from the reserved port.
Method as described above, wherein, include being described from the reserved mirror image flow of the port export through routed encapsulation
Reserved port static binding IP address, and the mirror through routed encapsulation will be used as with the IP address of the reserved port binding
As the destination address of flow.
Method as described above, wherein, the local device is three-tier switch.
Method as described above, includes from locally by through routed encapsulation from the mirror image flow through routed encapsulation is locally exported
Mirror image flow is sent to traffic aggregation equipment, wherein the traffic aggregation equipment is communicated to connect with Network analyzing equipment.
Method as described above, wherein, the routed encapsulation includes the description information of the message.
Method as described above, wherein, the routed encapsulation includes the index of the description information for the message.
Method as described above, wherein, the routed encapsulation uses the form of encapsulation remote port mirror image ERSPAN messages,
And it regard the session identity fields in the ERSPAN messages as the index.
On the other hand, present invention also offers a kind of switch device, it includes:Mirror module, for being passed in network
Defeated message carries out mirror image;Package module, for carrying out routed encapsulation for the mirror image flow of the message;And export module,
For from locally exporting the mirror image flow through routed encapsulation.
Brief description of the drawings
The present invention foregoing and other target, feature and advantage according to it is following to embodiments of the invention in particular
Bright to will be apparent, these embodiments are illustrated in the accompanying drawings.
Fig. 1 is the schematic flow diagram of the method for controlling network flow according to an example of the present invention.
Fig. 2 is the illustrative application scene of the method for controlling network flow of another example according to the present invention.
Fig. 3 is the schematic block diagram of the switch device according to an example of the present invention.
Embodiment
The schematic example of the present invention is described referring now to accompanying drawing, identical drawing reference numeral represents identical element.Hereafter
Each example of description contributes to those skilled in the art thoroughly to understand the present invention, and each example is intended to example and unrestricted.In figure
Each element, part, module, the diagram of device and apparatus body are only illustrate schematicallyd in the presence of these elements, part, module, device
And apparatus body also shows the relativeness between them simultaneously, but not to limit their concrete shape;In flow chart
The relation of each step is not also limited with given order, can be adjusted but not depart from the protection of the application according to practical application
Scope.
Fig. 1 is the schematic flow diagram of the method for controlling network flow according to an example of the present invention.Method shown in Fig. 1 can
To implement for example in switch device.As shown in figure 1, carrying out mirror image to the message transmitted in network in a step 11 first.
In some instances, this can for example with interchanger Port Mirroring process, i.e., it is the flow of the source port of interchanger is complete
Replicate a.The main purpose of generation mirror image is in order to which confession network manager finds out network by being analyzed message mirror
Reason of problems.The message of generation mirror image can be specified for example by network manager, or by interchanger or with exchanging
The processing system of machine communication connection is automatically generated according to condition set in advance.
Then, it is that generated mirror image flow carries out routed encapsulation in step 13 so that these mirror image flows can be
The Network analyzing equipment of distal end is routed in network.On the other hand, can also include in the header of these routed encapsulations or
Various description informations related to original message or comprising the index for these description informations, this is outstanding for cloud network environment
Its is useful.Cloud network is the network for carrying cloud platform virtualization applications.The features such as cloud network flow has virtualization, mobilism.
Virtualization refers to the flowing of access and actual physics flow that there is logic, and each physical port may carry multiple fictitious host computers
Flow.Mobilism refers to that fictitious host computer can be with dynamic migration, therefore its network traffics can also be migrated therewith, no
It is fixed on a certain physical port.By the description information comprising the message being mirrored in routed encapsulation or comprising for these
The index of description information, enables to network manager more accurately and efficiently to analyze network traffic conditions.Specifically,
The description information of message can such as tenant's information including message, routing information, virtual network group information in one or
It is multiple.
In one example, walking along the street can be entered to message mirror using the form of encapsulation remote port mirror image ERSPAN messages
By encapsulating., can be using the session identity fields in the ERSPAN messages as described using in the case of ERSPAN messages
Index.For example, can be during ERSPAN message encapsulation be carried out to message mirror, by the session identification in ERSPAN headers
(In session_id fields)Contingency table is stored into together with the description information of message.Thus, Network analyzing equipment is being received
Description information can be extracted according to session identification therein after ERSPAN messages, so that network manager is during analysis
Use.
In conventional system, these mirror image flows through routed encapsulation will in a network be passed together with normal discharge
It is defeated, so as to cause network congestion.By contrast, in the example of fig. 1, step 15 is included from locally exporting through routed encapsulation
Mirror image flow.
In some instances, can be the reserved port of the mirror image flow through routed encapsulation on local switch device,
And export the mirror image flow through routed encapsulation from reserved port.For example, can be reserved port static binding IP address, and
Using the destination address with the IP address of reserved port binding as the mirror image flow through routed encapsulation.
Local device may, for example, be three-tier switch, therefore can provide route to mirror image flow.However, in the present invention
In, regulation all exports the mirror image flow that all scripts will be routed to far-end network analytical equipment from local, so as to avoid
The influence that normal stream amount is caused in switch-link of mirror image flow.Mirror image flow can only take reserved interface bandwidth, and
It can be simply discarded beyond part, so as to will not overflow or occupy other link circuit resources.Meanwhile, route envelope can be utilized again
Dress causes mirror image flow to carry the description information related to message, so as to have relative to general local traffic mirroring more preferable
Flexibility and linkability, this is especially suitable under cloud network scene.
Fig. 2 is the illustrative application scene of the method for controlling network flow of another example according to the present invention.As shown in figure 1,
From locally export the mirror image flow through routed encapsulation can be from locally by the mirror image flow through routed encapsulation be sent to flow converge
Poly- equipment(Such as TAP equipment), and the traffic aggregation equipment is communicated to connect with Network analyzing equipment.Interchanger shown in Fig. 2
In deepened portion represent reserved port.Mirror image flow from different interchangers can carry out traffic aggregation by TAP equipment,
Final imported into Network analyzing equipment carries out flow analysis.
Networking flow control plan provided by the present invention can lift the controllable degree to mirror image flow effect, especially
The message of such as ERSPAN encapsulation.By using the method for the present invention, the mirror image flow through routed encapsulation will be limited in locally
Interchanger, it is to avoid it takes uplink bandwidth, and by reserving fixed port channel for mirror image flow, can be by mirror image
Flow restriction, so as to prevent from overflowing, greatly increases the stability of network and relevant device in controlled range.In addition, passing through this
The method of invention can be while influence of the mirror image flow of ERSPAN modes to network link be limited, using it relative to this
The more excellent flexibility of ground mirror image flow and linkability, so that more information useful for flow analysis are provided for keeper,
Improve the efficiency of network flow monitoring.As described above, this is especially suitable under cloud network scene.
Fig. 3 is the schematic block diagram of the switch device according to an example of the present invention.As shown in figure 3, switch device 300
Including mirror module 31, package module 33 and export module 35.Specifically, mirror module is arranged to being transmitted in network
Message carry out mirror image;Package module 33 is arranged to carry out routed encapsulation for the mirror image flow of the message;Export module 35
It is arranged to from locally exporting the mirror image flow through routed encapsulation.
The description to other constructions of general switch device is eliminated in this manual, it is unnecessary superfluous to avoid
It is remaining.But skilled artisans appreciate that the structure shown in Fig. 3 can be integrated in any interchanger existing or leaved for development
In equipment.Switch device shown in Fig. 3 can be configured as realizing it is as described above it is any with it is provided by the present invention,
The associative operation realized at switch device.It will be appreciated by those skilled in the art that the Module Division shown in Fig. 3 is only schematic
, these modules can carry out integrated or further division according to implementing, and come real in the form of any software or hardware
It is existing.
It should be noted that above embodiment is merely illustrative of the technical solution of the present invention rather than it is limited
System.Although the present invention is described in detail with reference to above-mentioned embodiment, one of ordinary skill in the art should
Understand, the embodiment of the present invention can still be modified or equivalent substitution is carried out without de- to some technical characteristics
From the essence of the present invention, it is encompassed by claimed scope of the invention.
Claims (16)
1. a kind of method for controlling network flow, it includes:
Mirror image is carried out to the message transmitted in network;
Routed encapsulation is carried out for the mirror image flow of the message;And
From locally exporting the mirror image flow through routed encapsulation.
2. the method for claim 1, wherein it is included in local device from locally exporting the mirror image flow through routed encapsulation
It is upper to reserve port for the mirror image flow through routed encapsulation, and export the mirror image flow through routed encapsulation from the reserved port.
3. method as claimed in claim 2, wherein, from the reserved port mirror image flow of the export through routed encapsulation including being
The reserved port static binding IP address, and using with the IP address of the reserved port binding as described through routed encapsulation
Mirror image flow destination address.
4. method as claimed in claim 2, wherein, the local device is three-tier switch.
5. the method as described in claim 1, include from the mirror image flow through routed encapsulation is locally exported from locally will be through route
The mirror image flow of encapsulation is sent to traffic aggregation equipment, wherein the traffic aggregation equipment is communicated to connect with Network analyzing equipment.
6. the method for claim 1, wherein the routed encapsulation includes the description information of the message.
7. the method for claim 1, wherein the routed encapsulation includes the rope of the description information for the message
Draw.
8. method as claimed in claim 7, wherein, the routed encapsulation is using encapsulation remote port mirror image ERSPAN messages
Form, and it regard the session identity fields in the ERSPAN messages as the index.
9. a kind of switch device, it includes:
Mirror module, for carrying out mirror image to the message transmitted in network;
Package module, for carrying out routed encapsulation for the mirror image flow of the message;And
Export module, for from locally exporting the mirror image flow through routed encapsulation.
10. switch device as claimed in claim 9, wherein, from the mirror image flow through routed encapsulation is locally exported including being
Mirror image flow through routed encapsulation reserves port, and exports the mirror image flow through routed encapsulation from the reserved port.
11. switch device as claimed in claim 10, wherein, from the reserved mirror image stream of the port export through routed encapsulation
Amount includes being the reserved port static binding IP address, and will be used as the warp with the IP address of the reserved port binding
The destination address of the mirror image flow of routed encapsulation.
12. switch device as claimed in claim 9, wherein, include inciting somebody to action from the mirror image flow through routed encapsulation is locally exported
Mirror image flow through routed encapsulation is sent to traffic aggregation equipment, wherein the traffic aggregation equipment communicates with Network analyzing equipment
Connection.
13. switch device as claimed in claim 9, wherein, the routed encapsulation includes the description information of the message.
14. switch device as claimed in claim 9, wherein, the routed encapsulation includes the description letter for the message
The index of breath.
15. switch device as claimed in claim 14, wherein, the routed encapsulation is using encapsulation remote port mirror image
The form of ERSPAN messages, and it regard the session identity fields in the ERSPAN messages as the index.
16. switch device as claimed in claim 9, wherein, the switch device is three-tier switch.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611257763.XA CN106982179A (en) | 2016-12-30 | 2016-12-30 | A kind of method for controlling network flow and switch device |
| PCT/CN2017/117705 WO2018121397A1 (en) | 2016-12-30 | 2017-12-21 | Network traffic control method and switch device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611257763.XA CN106982179A (en) | 2016-12-30 | 2016-12-30 | A kind of method for controlling network flow and switch device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106982179A true CN106982179A (en) | 2017-07-25 |
Family
ID=59340949
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611257763.XA Pending CN106982179A (en) | 2016-12-30 | 2016-12-30 | A kind of method for controlling network flow and switch device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106982179A (en) |
| WO (1) | WO2018121397A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107770098A (en) * | 2017-09-05 | 2018-03-06 | 全球能源互联网研究院有限公司 | A kind of transformer station's station communication drainage method and system based on SDN |
| CN108092845A (en) * | 2017-11-06 | 2018-05-29 | 中国银联股份有限公司 | The differentiation and positioning of mirror image flow |
| WO2018121397A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Network traffic control method and switch device |
| CN108270699A (en) * | 2017-12-14 | 2018-07-10 | 中国银联股份有限公司 | Message processing method, shunting interchanger and converging network |
| CN109120554A (en) * | 2018-09-25 | 2019-01-01 | 杭州迪普科技股份有限公司 | A kind of flow mirror method and switching equipment based on true mirror image |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN111683018A (en) * | 2019-03-10 | 2020-09-18 | 特拉维夫迈络思科技有限公司 | Mirroring dropped packets |
| CN112653628A (en) * | 2020-12-23 | 2021-04-13 | 新华三技术有限公司 | ERSPAN method and network equipment |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110891047A (en) * | 2019-10-08 | 2020-03-17 | 中国信息通信研究院 | Intelligent sound box data stream processing method and system |
| CN112202646B (en) * | 2020-12-03 | 2021-02-26 | 观脉科技(北京)有限公司 | Flow analysis method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155081A (en) * | 2006-09-29 | 2008-04-02 | 中兴通讯股份有限公司 | IP DSLAM business fault diagnosing method based on network processor |
| CN101193002A (en) * | 2006-11-20 | 2008-06-04 | 中兴通讯股份有限公司 | A fault diagnosis and alarming method for broadband access service |
| US20160182336A1 (en) * | 2014-12-22 | 2016-06-23 | Vmware, Inc. | Hybrid cloud network monitoring system for tenant use |
| US20160294647A1 (en) * | 2013-09-24 | 2016-10-06 | International Business Machines Corporation | Determining Sampling Rate from Randomly Sampled Events |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357075B (en) * | 2015-11-20 | 2019-02-05 | 武汉邮电科学研究院 | Flow monitoring system and method based on software defined network |
| CN105978852A (en) * | 2016-04-14 | 2016-09-28 | 北京北信源软件股份有限公司 | Network equipment access history information determination method, equipment and switch |
| CN106982179A (en) * | 2016-12-30 | 2017-07-25 | 中国银联股份有限公司 | A kind of method for controlling network flow and switch device |
-
2016
- 2016-12-30 CN CN201611257763.XA patent/CN106982179A/en active Pending
-
2017
- 2017-12-21 WO PCT/CN2017/117705 patent/WO2018121397A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155081A (en) * | 2006-09-29 | 2008-04-02 | 中兴通讯股份有限公司 | IP DSLAM business fault diagnosing method based on network processor |
| CN101193002A (en) * | 2006-11-20 | 2008-06-04 | 中兴通讯股份有限公司 | A fault diagnosis and alarming method for broadband access service |
| US20160294647A1 (en) * | 2013-09-24 | 2016-10-06 | International Business Machines Corporation | Determining Sampling Rate from Randomly Sampled Events |
| US20160182336A1 (en) * | 2014-12-22 | 2016-06-23 | Vmware, Inc. | Hybrid cloud network monitoring system for tenant use |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018121397A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Network traffic control method and switch device |
| CN107770098A (en) * | 2017-09-05 | 2018-03-06 | 全球能源互联网研究院有限公司 | A kind of transformer station's station communication drainage method and system based on SDN |
| CN108092845A (en) * | 2017-11-06 | 2018-05-29 | 中国银联股份有限公司 | The differentiation and positioning of mirror image flow |
| CN108270699A (en) * | 2017-12-14 | 2018-07-10 | 中国银联股份有限公司 | Message processing method, shunting interchanger and converging network |
| CN109120554A (en) * | 2018-09-25 | 2019-01-01 | 杭州迪普科技股份有限公司 | A kind of flow mirror method and switching equipment based on true mirror image |
| CN109120554B (en) * | 2018-09-25 | 2021-08-24 | 杭州迪普科技股份有限公司 | Stream mirroring method and exchange equipment based on true mirror |
| CN111683018A (en) * | 2019-03-10 | 2020-09-18 | 特拉维夫迈络思科技有限公司 | Mirroring dropped packets |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN111478862B (en) * | 2020-03-09 | 2022-02-22 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN112653628A (en) * | 2020-12-23 | 2021-04-13 | 新华三技术有限公司 | ERSPAN method and network equipment |
| CN112653628B (en) * | 2020-12-23 | 2022-07-12 | 新华三技术有限公司 | ERSPAN method and network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018121397A1 (en) | 2018-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106982179A (en) | A kind of method for controlling network flow and switch device | |
| AbdelSalam et al. | Implementation of virtual network function chaining through segment routing in a linux-based NFV infrastructure | |
| US10320749B2 (en) | Firewall rule creation in a virtualized computing environment | |
| US10237230B2 (en) | Method and system for inspecting network traffic between end points of a zone | |
| CN106302206B (en) | Message forwarding processing method, device and system | |
| CN104350467B (en) | Elasticity for the cloud security using SDN carries out layer | |
| US20170118173A1 (en) | Distributed firewalls and virtual network services using network packets with security tags | |
| US11870641B2 (en) | Enabling enterprise segmentation with 5G slices in a service provider network | |
| CN109462534A (en) | Regional internet controller, regional internet control method and computer storage medium | |
| JP2002044150A (en) | Packet processor with multi-level policing logic | |
| WO2016161937A1 (en) | Method, device, and system for identifying traffic flow | |
| US20170310581A1 (en) | Communication Network, Communication Network Management Method, and Management System | |
| CN108289061B (en) | Service chain topology system based on SDN | |
| CN105939312A (en) | Data transmission method and device | |
| CN107046506A (en) | A kind of message processing method, flow classifier and business function example | |
| CN106982180A (en) | Network flow monitoring method, switch device and message analysis system | |
| CN112202930A (en) | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network | |
| CN108173782A (en) | The method, apparatus and storage medium of transmitting data stream in virtual private cloud | |
| US20170207929A1 (en) | Encapsulation Packet With Class Of Service Encoding | |
| CN112165435A (en) | Bidirectional flow control method and system based on network service quality of virtual machine | |
| CN110311860A (en) | Multi-link load balance method and device under VXLAN | |
| CN115843429A (en) | Method and apparatus for isolation support in network slicing | |
| CN115460613A (en) | Safe application and management method for power 5G slice | |
| CN106713519A (en) | Network communication method and system based on software-defined networking | |
| EP2897328A1 (en) | Method, system and apparatus for establishing communication link |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1240426 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170725 |