CN107222359A - Link method for detecting abnormality and system in a kind of IS IS networks - Google Patents

Link method for detecting abnormality and system in a kind of IS IS networks Download PDF

Info

Publication number
CN107222359A
CN107222359A CN201710256761.7A CN201710256761A CN107222359A CN 107222359 A CN107222359 A CN 107222359A CN 201710256761 A CN201710256761 A CN 201710256761A CN 107222359 A CN107222359 A CN 107222359A
Authority
CN
China
Prior art keywords
router
link
route
networks
state packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710256761.7A
Other languages
Chinese (zh)
Other versions
CN107222359B (en
Inventor
景全亮
刘琳
毕经平
姚忠将
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201710256761.7A priority Critical patent/CN107222359B/en
Publication of CN107222359A publication Critical patent/CN107222359A/en
Application granted granted Critical
Publication of CN107222359B publication Critical patent/CN107222359B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • H04L45/123Evaluation of link metrics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results

Abstract

The present invention proposes link method for detecting abnormality and system in a kind of IS IS networks, it is related to technical field of network security, the system includes routing iinformation acquisition module, the Link State Packet of IS IS protocol routers is run in domain for gathering, and the Link State Packet is reported into route anomaly analysis module, providing data extremely for the link in detecting domains supports;Whether the route exception monitoring module, for the Link State Packet and the Link State Packet stored to be associated into analysis, occur link anomalous event, and produce warning message according to association analysis results verification.The present invention is by obtaining Link State Packet information, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using timing and link association analysis method, pinpointing the problems for the routers such as the router off-grid that router is caused extremely exception is solved.

Description

Link method for detecting abnormality and system in a kind of IS-IS networks
Technical field
The present invention relates to technical field of network security, the link method for detecting abnormality in more particularly to a kind of IS-IS networks And system.
Background technology
Computer network is produced during computer technology and development communication technologies, 1990s mid-term WWW is invented and is applied to after network, and the application on network is increasing, network size is increased rapidly, number of network users It increased dramatically, internet is just progressively developing into the information infrastructure for human society, however, any equipment was being run All can be lossy in journey, it may occur that abnormal conditions, it is increasingly serious in the caused loss of exception of the router of internet in recent years, The exception of router device how is found in time, quickly generate warning information to take reclamation activities by industry rapidly Boundary and the very big concern of academia.
The content of the invention
In view of the shortcomings of the prior art, the present invention proposes the link method for detecting abnormality and system in a kind of IS-IS networks.
The present invention proposes the link abnormality detection system in a kind of IS-IS networks, including:
Routing iinformation acquisition module, the Link State Packet of Intermediate System to Intermediate System router is run for gathering in domain, and by institute State Link State Packet and report route anomaly analysis module, providing data extremely for the link in detecting domains supports;
The route exception monitoring module, for the Link State Packet and the Link State Packet stored to be carried out Whether association analysis, occur link anomalous event, and produce warning message according to association analysis results verification.
The routing iinformation acquisition module is also included the source Sys_Id information of the header of the Link State Packet Parsing is stored in data structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The route exception monitoring module includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms Router off-grid, otherwise, without off-grid.
The present invention also proposes the link method for detecting abnormality in a kind of IS-IS networks, including:
Step 1, in collection domain operation Intermediate System to Intermediate System router Link State Packet, and by the Link State Packet Reported, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association point Whether analysis results verification occurs link anomalous event, and produces warning message.
The step 1 also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in number According in structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The step 2 includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms Router off-grid, otherwise, without off-grid.
From above scheme, the advantage of the invention is that:
The present invention proposes that one equipment self-action of region-wide deployment passively gathers routing iinformation, by obtaining Link State report Literary information, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using timing With link association analysis method, pinpointing the problems for the routers such as the router off-grid that router is caused extremely exception is solved.
Brief description of the drawings
Fig. 1 is Net address structure figures;
Fig. 2 is LSP heading format charts;
Fig. 3 is that system constitutes structure Organization Chart;
Fig. 4 is operating scheme schematic diagram.
Embodiment
Router it is newly-increased:In IS-IS networks, every router is all identified with Net addresses, generally in Level-2 Region, all Sys_Id are that the whole network is unique, and Net addresses are as shown in Figure 1;As shown in Fig. 2 the link shape generated in router In the heading of state message (LSP), there is a field LSP ID including Sys_Id, NSEL and burst, by receiving Heading field analysis finds the Sys_Id and NSEL of corresponding router, by the route-map in audit memory, if There is no this Sys_Id router in internal memory, it is the newly-increased router in network just to illustrate this router, wherein, by heading The source Sys_Id information parsing in portion is stored in data structure.Searching data is passed through to each LSP received source Sys_Id Information in structure, judges newly-increased router.
The off-grid of router:Typically do not have message in a network to notify the off-grid of router.Router in network Loss is divided into two kinds of situations:
(1), when the direct-connected loss of link of router, whether inquiry also has other links by source of this router, such as Fruit has, then without any processing;Otherwise, decide that this router departs from network.
(2), there are several router interconnections, and the big net monitored with this monitoring system loses link and contacted.Inquiring about, this is several During platform router, due to still there is link connection, it is impossible to judge router off-grid.At this moment because monitoring system can not continue to receive The Link State Packet (LSP) sent to this several routers, and LSP update cycle be 900s. so, by judging internal memory In this several route-maps creation time by the end of inquiry the moment time interval whether be more than 900s, if it does, saying This bright router off-grid, otherwise, without off-grid.
The system architecture of the present invention is illustrated in figure 3, is specifically included:
Present system is made up of routing iinformation acquisition module with route anomaly analysis module two large divisions, wherein route letter The effect of breath acquisition module is the Link State Packet in real-time collecting region, the presence of itself is shielded to networking, by link shape State message is transmitted to route anomaly analysis module, and the effect of route anomaly analysis module is data receiver and parsing, new message letter Whether breath and old message information association analysis, there is the generation of routing link anomalous event according to association analysis results verification.
Routing iinformation acquisition module:The effect of routing iinformation acquisition module is to run Intermediate System to Intermediate System router in collection domain Link-state information, route anomaly analysis module is reported after collection, number is provided for the network route in detecting domains is abnormal According to support;
It route exception monitoring module:By passively listening the IS-IS link-state informations that routing iinformation acquisition module is uploaded The mode of message, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using Timing and link association analysis method, solve the abnormal discovery of the routers such as the router off-grid that router is caused extremely and ask Topic, and produce warning information.
In actual applications, Fig. 4 illustrates the deployment operational mode of route exception monitoring system to the present invention.Present system Including routing iinformation acquisition module and route anomaly analysis two parts of module, wherein, the deployment of routing iinformation acquisition module In each AS, the collection to LSP messages is supported, and is reported to route anomaly analysis module to be analysed in depth collection result, Routing iinformation acquisition module is generally in the respectively deployment one of each management domain, and route anomaly analysis module is provided to the whole network routing link The analytic function of information, detection and analysis network route anomalous event, it is used as the important soft of Network Abnormal monitoring analysis system Part module, is typically deployed at general headquarters.
The present invention also proposes the link method for detecting abnormality in a kind of IS-IS networks, including:
Step 1, in collection domain operation Intermediate System to Intermediate System router Link State Packet, and by the Link State Packet Reported, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association point Whether analysis results verification occurs link anomalous event, and produces warning message.
The step 1 also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in number According in structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The step 2 includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms Router off-grid, otherwise, without off-grid.

Claims (8)

1. the link abnormality detection system in a kind of IS-IS networks, it is characterised in that including:
Routing iinformation acquisition module, the Link State Packet of Intermediate System to Intermediate System router is run for gathering in domain, and by the chain Line state message reports route anomaly analysis module, and providing data extremely for the link in detecting domains supports;
The route exception monitoring module, for the Link State Packet and the Link State Packet that has stored to be associated Whether analysis, occur link anomalous event, and produce warning message according to association analysis results verification.
2. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the routing iinformation Acquisition module also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in data structure.
3. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the route is abnormal Monitoring modular includes:
The newly-increased router of detection:Obtain Sys_Id, the route-map in audit memory, if in the internal memory not with institute The corresponding routers of Sys_Id are stated, then the router is the newly-increased router in IS-IS networks.
4. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the route is abnormal Monitoring modular includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has other chains using a certain router as source Road, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging that N platforms described in internal memory is route Whether time interval of the establishment moment of the information of device by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms are route Device off-grid, otherwise, without off-grid.
5. the link method for detecting abnormality in a kind of IS-IS networks, it is characterised in that including:
Step 1, the Link State Packet of Intermediate System to Intermediate System router is run in collection domain, and the Link State Packet is carried out Report, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association analysis knot Fruit is confirmed whether occur link anomalous event, and produces warning message.
6. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the step 1 is also wrapped Include and the source Sys_Id information parsing of the header of the Link State Packet is stored in data structure.
7. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the route is abnormal Monitoring modular includes:
The newly-increased router of detection:Obtain Sys_Id, the route-map in audit memory, if in the internal memory not with institute The corresponding routers of Sys_Id are stated, then the router is the newly-increased router in IS-IS networks.
8. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the step 2 is wrapped Include:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has other chains using a certain router as source Road, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging that N platforms described in internal memory is route Whether time interval of the establishment moment of the information of device by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms are route Device off-grid, otherwise, without off-grid.
CN201710256761.7A 2017-04-19 2017-04-19 Link abnormity detection method and system in IS-IS network Active CN107222359B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710256761.7A CN107222359B (en) 2017-04-19 2017-04-19 Link abnormity detection method and system in IS-IS network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710256761.7A CN107222359B (en) 2017-04-19 2017-04-19 Link abnormity detection method and system in IS-IS network

Publications (2)

Publication Number Publication Date
CN107222359A true CN107222359A (en) 2017-09-29
CN107222359B CN107222359B (en) 2020-01-07

Family

ID=59928251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710256761.7A Active CN107222359B (en) 2017-04-19 2017-04-19 Link abnormity detection method and system in IS-IS network

Country Status (1)

Country Link
CN (1) CN107222359B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881295A (en) * 2018-07-24 2018-11-23 瑞典爱立信有限公司 For detecting and solving the method and the network equipment of anomalous routes
CN114006800A (en) * 2021-10-11 2022-02-01 中盈优创资讯科技有限公司 Equipment offline alarm method and device based on IGP-SPF algorithm

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7957380B2 (en) * 2005-11-21 2011-06-07 Cisco Technology, Inc. Support of unidirectional link in IS-IS without IP encapsulation and in presence of unidirectional return path
CN105024866A (en) * 2015-08-17 2015-11-04 中国科学院计算技术研究所 Detection system and method for routing configuration abnormity of IS-ISv6 network
CN106059850A (en) * 2016-05-17 2016-10-26 中国科学院计算技术研究所 Link abnormity detection method, system, apparatus, and chip in IS-IS network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7957380B2 (en) * 2005-11-21 2011-06-07 Cisco Technology, Inc. Support of unidirectional link in IS-IS without IP encapsulation and in presence of unidirectional return path
CN105024866A (en) * 2015-08-17 2015-11-04 中国科学院计算技术研究所 Detection system and method for routing configuration abnormity of IS-ISv6 network
CN106059850A (en) * 2016-05-17 2016-10-26 中国科学院计算技术研究所 Link abnormity detection method, system, apparatus, and chip in IS-IS network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881295A (en) * 2018-07-24 2018-11-23 瑞典爱立信有限公司 For detecting and solving the method and the network equipment of anomalous routes
US11711281B2 (en) 2018-07-24 2023-07-25 Telefonoktiebolagget LM Ericsson (Publ) Methods and network devices for detecting and resolving abnormal routes
CN114006800A (en) * 2021-10-11 2022-02-01 中盈优创资讯科技有限公司 Equipment offline alarm method and device based on IGP-SPF algorithm
CN114006800B (en) * 2021-10-11 2023-12-05 中盈优创资讯科技有限公司 Equipment off-network alarm method and device based on IGP-SPF algorithm

Also Published As

Publication number Publication date
CN107222359B (en) 2020-01-07

Similar Documents

Publication Publication Date Title
CN103442008B (en) A kind of routing safety detecting system and detection method
US10075870B2 (en) Mobile communications network detection method and apparatus
CN102204164B (en) Method and apparatus for reporting network packet-losing message
CN102035694A (en) Link detection device and method
CN112887274B (en) Method and device for detecting command injection attack, computer equipment and storage medium
CN106789625A (en) A kind of loop detecting method and device
JP2008153752A (en) Abnormal traffic monitoring device, entry management device, and network system
CN111030873A (en) Fault diagnosis method and device
CN107210927A (en) Abnormality detection in protocol processes
CN112769833B (en) Method and device for detecting command injection attack, computer equipment and storage medium
Smys et al. Assessment of fire risk and forest fires in rural areas using long range technology
CN106130791B (en) Cache equipment service capability traversal test system and method based on service quality
CN107222359A (en) Link method for detecting abnormality and system in a kind of IS IS networks
CN106603464A (en) Network detection method, system and device
EP3892026A2 (en) Node outage determination and reporting in a mesh network
CN107888424A (en) Warning information recognition methods and device, NMS
CN102571464B (en) Link tracking processing method and system
CN106059850A (en) Link abnormity detection method, system, apparatus, and chip in IS-IS network
CN101425978B (en) Method and device for preventing routing loop in autonomous system
CN104980408A (en) Blocking method, device and system for malicious website
CN107509214A (en) A kind of more radio frequency link wireless routers and method for diagnosing faults
CN110896544B (en) Fault delimiting method and device
CN104935556B (en) A kind of network security processing method, apparatus and system
JP2007537617A (en) How to speed up execution file transit time via checkpoint
CN110855566A (en) Method and device for dragging upstream flow

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant