CN107222359A - Link method for detecting abnormality and system in a kind of IS IS networks - Google Patents
Link method for detecting abnormality and system in a kind of IS IS networks Download PDFInfo
- Publication number
- CN107222359A CN107222359A CN201710256761.7A CN201710256761A CN107222359A CN 107222359 A CN107222359 A CN 107222359A CN 201710256761 A CN201710256761 A CN 201710256761A CN 107222359 A CN107222359 A CN 107222359A
- Authority
- CN
- China
- Prior art keywords
- router
- link
- route
- networks
- state packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
- H04L45/123—Evaluation of link metrics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/70—Routing based on monitoring results
Abstract
The present invention proposes link method for detecting abnormality and system in a kind of IS IS networks, it is related to technical field of network security, the system includes routing iinformation acquisition module, the Link State Packet of IS IS protocol routers is run in domain for gathering, and the Link State Packet is reported into route anomaly analysis module, providing data extremely for the link in detecting domains supports;Whether the route exception monitoring module, for the Link State Packet and the Link State Packet stored to be associated into analysis, occur link anomalous event, and produce warning message according to association analysis results verification.The present invention is by obtaining Link State Packet information, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using timing and link association analysis method, pinpointing the problems for the routers such as the router off-grid that router is caused extremely exception is solved.
Description
Technical field
The present invention relates to technical field of network security, the link method for detecting abnormality in more particularly to a kind of IS-IS networks
And system.
Background technology
Computer network is produced during computer technology and development communication technologies, 1990s mid-term
WWW is invented and is applied to after network, and the application on network is increasing, network size is increased rapidly, number of network users
It increased dramatically, internet is just progressively developing into the information infrastructure for human society, however, any equipment was being run
All can be lossy in journey, it may occur that abnormal conditions, it is increasingly serious in the caused loss of exception of the router of internet in recent years,
The exception of router device how is found in time, quickly generate warning information to take reclamation activities by industry rapidly
Boundary and the very big concern of academia.
The content of the invention
In view of the shortcomings of the prior art, the present invention proposes the link method for detecting abnormality and system in a kind of IS-IS networks.
The present invention proposes the link abnormality detection system in a kind of IS-IS networks, including:
Routing iinformation acquisition module, the Link State Packet of Intermediate System to Intermediate System router is run for gathering in domain, and by institute
State Link State Packet and report route anomaly analysis module, providing data extremely for the link in detecting domains supports;
The route exception monitoring module, for the Link State Packet and the Link State Packet stored to be carried out
Whether association analysis, occur link anomalous event, and produce warning message according to association analysis results verification.
The routing iinformation acquisition module is also included the source Sys_Id information of the header of the Link State Packet
Parsing is stored in data structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory
The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The route exception monitoring module includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router
His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory
Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms
Router off-grid, otherwise, without off-grid.
The present invention also proposes the link method for detecting abnormality in a kind of IS-IS networks, including:
Step 1, in collection domain operation Intermediate System to Intermediate System router Link State Packet, and by the Link State Packet
Reported, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association point
Whether analysis results verification occurs link anomalous event, and produces warning message.
The step 1 also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in number
According in structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory
The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The step 2 includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router
His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory
Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms
Router off-grid, otherwise, without off-grid.
From above scheme, the advantage of the invention is that:
The present invention proposes that one equipment self-action of region-wide deployment passively gathers routing iinformation, by obtaining Link State report
Literary information, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using timing
With link association analysis method, pinpointing the problems for the routers such as the router off-grid that router is caused extremely exception is solved.
Brief description of the drawings
Fig. 1 is Net address structure figures;
Fig. 2 is LSP heading format charts;
Fig. 3 is that system constitutes structure Organization Chart;
Fig. 4 is operating scheme schematic diagram.
Embodiment
Router it is newly-increased:In IS-IS networks, every router is all identified with Net addresses, generally in Level-2
Region, all Sys_Id are that the whole network is unique, and Net addresses are as shown in Figure 1;As shown in Fig. 2 the link shape generated in router
In the heading of state message (LSP), there is a field LSP ID including Sys_Id, NSEL and burst, by receiving
Heading field analysis finds the Sys_Id and NSEL of corresponding router, by the route-map in audit memory, if
There is no this Sys_Id router in internal memory, it is the newly-increased router in network just to illustrate this router, wherein, by heading
The source Sys_Id information parsing in portion is stored in data structure.Searching data is passed through to each LSP received source Sys_Id
Information in structure, judges newly-increased router.
The off-grid of router:Typically do not have message in a network to notify the off-grid of router.Router in network
Loss is divided into two kinds of situations:
(1), when the direct-connected loss of link of router, whether inquiry also has other links by source of this router, such as
Fruit has, then without any processing;Otherwise, decide that this router departs from network.
(2), there are several router interconnections, and the big net monitored with this monitoring system loses link and contacted.Inquiring about, this is several
During platform router, due to still there is link connection, it is impossible to judge router off-grid.At this moment because monitoring system can not continue to receive
The Link State Packet (LSP) sent to this several routers, and LSP update cycle be 900s. so, by judging internal memory
In this several route-maps creation time by the end of inquiry the moment time interval whether be more than 900s, if it does, saying
This bright router off-grid, otherwise, without off-grid.
The system architecture of the present invention is illustrated in figure 3, is specifically included:
Present system is made up of routing iinformation acquisition module with route anomaly analysis module two large divisions, wherein route letter
The effect of breath acquisition module is the Link State Packet in real-time collecting region, the presence of itself is shielded to networking, by link shape
State message is transmitted to route anomaly analysis module, and the effect of route anomaly analysis module is data receiver and parsing, new message letter
Whether breath and old message information association analysis, there is the generation of routing link anomalous event according to association analysis results verification.
Routing iinformation acquisition module:The effect of routing iinformation acquisition module is to run Intermediate System to Intermediate System router in collection domain
Link-state information, route anomaly analysis module is reported after collection, number is provided for the network route in detecting domains is abnormal
According to support;
It route exception monitoring module:By passively listening the IS-IS link-state informations that routing iinformation acquisition module is uploaded
The mode of message, using the information in search correction data structure, solves the problems, such as the newly-increased route anomaly of router;Using
Timing and link association analysis method, solve the abnormal discovery of the routers such as the router off-grid that router is caused extremely and ask
Topic, and produce warning information.
In actual applications, Fig. 4 illustrates the deployment operational mode of route exception monitoring system to the present invention.Present system
Including routing iinformation acquisition module and route anomaly analysis two parts of module, wherein, the deployment of routing iinformation acquisition module
In each AS, the collection to LSP messages is supported, and is reported to route anomaly analysis module to be analysed in depth collection result,
Routing iinformation acquisition module is generally in the respectively deployment one of each management domain, and route anomaly analysis module is provided to the whole network routing link
The analytic function of information, detection and analysis network route anomalous event, it is used as the important soft of Network Abnormal monitoring analysis system
Part module, is typically deployed at general headquarters.
The present invention also proposes the link method for detecting abnormality in a kind of IS-IS networks, including:
Step 1, in collection domain operation Intermediate System to Intermediate System router Link State Packet, and by the Link State Packet
Reported, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association point
Whether analysis results verification occurs link anomalous event, and produces warning message.
The step 1 also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in number
According in structure.
The route exception monitoring module includes:
The newly-increased router of detection:The route-map in Sys_Id, audit memory is obtained, if do not had in the internal memory
The router corresponding with the Sys_Id, then the router is the newly-increased router in IS-IS networks.
The step 2 includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has its by source of a certain router
His link, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging N platforms described in internal memory
Whether time interval of the establishment moment of the information of router by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms
Router off-grid, otherwise, without off-grid.
Claims (8)
1. the link abnormality detection system in a kind of IS-IS networks, it is characterised in that including:
Routing iinformation acquisition module, the Link State Packet of Intermediate System to Intermediate System router is run for gathering in domain, and by the chain
Line state message reports route anomaly analysis module, and providing data extremely for the link in detecting domains supports;
The route exception monitoring module, for the Link State Packet and the Link State Packet that has stored to be associated
Whether analysis, occur link anomalous event, and produce warning message according to association analysis results verification.
2. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the routing iinformation
Acquisition module also includes the source Sys_Id information parsing of the header of the Link State Packet being stored in data structure.
3. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the route is abnormal
Monitoring modular includes:
The newly-increased router of detection:Obtain Sys_Id, the route-map in audit memory, if in the internal memory not with institute
The corresponding routers of Sys_Id are stated, then the router is the newly-increased router in IS-IS networks.
4. the link abnormality detection system in IS-IS networks as claimed in claim 1, it is characterised in that the route is abnormal
Monitoring modular includes:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has other chains using a certain router as source
Road, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging that N platforms described in internal memory is route
Whether time interval of the establishment moment of the information of device by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms are route
Device off-grid, otherwise, without off-grid.
5. the link method for detecting abnormality in a kind of IS-IS networks, it is characterised in that including:
Step 1, the Link State Packet of Intermediate System to Intermediate System router is run in collection domain, and the Link State Packet is carried out
Report, providing data extremely for the link in detecting domains supports;
Step 2, the Link State Packet and the Link State Packet stored are associated analysis, according to association analysis knot
Fruit is confirmed whether occur link anomalous event, and produces warning message.
6. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the step 1 is also wrapped
Include and the source Sys_Id information parsing of the header of the Link State Packet is stored in data structure.
7. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the route is abnormal
Monitoring modular includes:
The newly-increased router of detection:Obtain Sys_Id, the route-map in audit memory, if in the internal memory not with institute
The corresponding routers of Sys_Id are stated, then the router is the newly-increased router in IS-IS networks.
8. the link method for detecting abnormality in IS-IS networks as claimed in claim 5, it is characterised in that the step 2 is wrapped
Include:
Detection departs from the router of network:
(1), when the direct-connected loss of link of a certain router, whether inquiry also has other chains using a certain router as source
Road, if so, then without any processing;Otherwise, it is determined that a certain router departs from network;
(2), when there is N platform router interconnections, when inquiring about the N platforms router, by judging that N platforms described in internal memory is route
Whether time interval of the establishment moment of the information of device by the end of the inquiry moment is more than 900s, if it is greater, then the N platforms are route
Device off-grid, otherwise, without off-grid.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710256761.7A CN107222359B (en) | 2017-04-19 | 2017-04-19 | Link abnormity detection method and system in IS-IS network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710256761.7A CN107222359B (en) | 2017-04-19 | 2017-04-19 | Link abnormity detection method and system in IS-IS network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107222359A true CN107222359A (en) | 2017-09-29 |
CN107222359B CN107222359B (en) | 2020-01-07 |
Family
ID=59928251
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710256761.7A Active CN107222359B (en) | 2017-04-19 | 2017-04-19 | Link abnormity detection method and system in IS-IS network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107222359B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881295A (en) * | 2018-07-24 | 2018-11-23 | 瑞典爱立信有限公司 | For detecting and solving the method and the network equipment of anomalous routes |
CN114006800A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | Equipment offline alarm method and device based on IGP-SPF algorithm |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7957380B2 (en) * | 2005-11-21 | 2011-06-07 | Cisco Technology, Inc. | Support of unidirectional link in IS-IS without IP encapsulation and in presence of unidirectional return path |
CN105024866A (en) * | 2015-08-17 | 2015-11-04 | 中国科学院计算技术研究所 | Detection system and method for routing configuration abnormity of IS-ISv6 network |
CN106059850A (en) * | 2016-05-17 | 2016-10-26 | 中国科学院计算技术研究所 | Link abnormity detection method, system, apparatus, and chip in IS-IS network |
-
2017
- 2017-04-19 CN CN201710256761.7A patent/CN107222359B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7957380B2 (en) * | 2005-11-21 | 2011-06-07 | Cisco Technology, Inc. | Support of unidirectional link in IS-IS without IP encapsulation and in presence of unidirectional return path |
CN105024866A (en) * | 2015-08-17 | 2015-11-04 | 中国科学院计算技术研究所 | Detection system and method for routing configuration abnormity of IS-ISv6 network |
CN106059850A (en) * | 2016-05-17 | 2016-10-26 | 中国科学院计算技术研究所 | Link abnormity detection method, system, apparatus, and chip in IS-IS network |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881295A (en) * | 2018-07-24 | 2018-11-23 | 瑞典爱立信有限公司 | For detecting and solving the method and the network equipment of anomalous routes |
US11711281B2 (en) | 2018-07-24 | 2023-07-25 | Telefonoktiebolagget LM Ericsson (Publ) | Methods and network devices for detecting and resolving abnormal routes |
CN114006800A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | Equipment offline alarm method and device based on IGP-SPF algorithm |
CN114006800B (en) * | 2021-10-11 | 2023-12-05 | 中盈优创资讯科技有限公司 | Equipment off-network alarm method and device based on IGP-SPF algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN107222359B (en) | 2020-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103442008B (en) | A kind of routing safety detecting system and detection method | |
US10075870B2 (en) | Mobile communications network detection method and apparatus | |
CN102204164B (en) | Method and apparatus for reporting network packet-losing message | |
CN102035694A (en) | Link detection device and method | |
CN112887274B (en) | Method and device for detecting command injection attack, computer equipment and storage medium | |
CN106789625A (en) | A kind of loop detecting method and device | |
JP2008153752A (en) | Abnormal traffic monitoring device, entry management device, and network system | |
CN111030873A (en) | Fault diagnosis method and device | |
CN107210927A (en) | Abnormality detection in protocol processes | |
CN112769833B (en) | Method and device for detecting command injection attack, computer equipment and storage medium | |
Smys et al. | Assessment of fire risk and forest fires in rural areas using long range technology | |
CN106130791B (en) | Cache equipment service capability traversal test system and method based on service quality | |
CN107222359A (en) | Link method for detecting abnormality and system in a kind of IS IS networks | |
CN106603464A (en) | Network detection method, system and device | |
EP3892026A2 (en) | Node outage determination and reporting in a mesh network | |
CN107888424A (en) | Warning information recognition methods and device, NMS | |
CN102571464B (en) | Link tracking processing method and system | |
CN106059850A (en) | Link abnormity detection method, system, apparatus, and chip in IS-IS network | |
CN101425978B (en) | Method and device for preventing routing loop in autonomous system | |
CN104980408A (en) | Blocking method, device and system for malicious website | |
CN107509214A (en) | A kind of more radio frequency link wireless routers and method for diagnosing faults | |
CN110896544B (en) | Fault delimiting method and device | |
CN104935556B (en) | A kind of network security processing method, apparatus and system | |
JP2007537617A (en) | How to speed up execution file transit time via checkpoint | |
CN110855566A (en) | Method and device for dragging upstream flow |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |