CN107294780A - Resources-type internet source of trouble localization method based on network monitoring - Google Patents

Resources-type internet source of trouble localization method based on network monitoring Download PDF

Info

Publication number
CN107294780A
CN107294780A CN201710516046.2A CN201710516046A CN107294780A CN 107294780 A CN107294780 A CN 107294780A CN 201710516046 A CN201710516046 A CN 201710516046A CN 107294780 A CN107294780 A CN 107294780A
Authority
CN
China
Prior art keywords
address
failure
source
domain name
name resolution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710516046.2A
Other languages
Chinese (zh)
Inventor
冯宇
梁燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201710516046.2A priority Critical patent/CN107294780A/en
Publication of CN107294780A publication Critical patent/CN107294780A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/18Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of source of trouble localization method for resources-type internet failure is claimed in the present invention, belongs to Developing Technology of Applied Software field.The source of trouble that the present invention completes resources-type Internet service failure by the way that Network monitor technology, DNS name resolution technology, route tracking technique etc. are combined is positioned.Data of the main frame in transmission over networks are got first with Network monitor technology, the data frame being truncated to is analyzed, failure source IP address is judged.Again to the IP address carry out route tracking, get main frame to the IP address routed path, walk export.Finally, by the way that the IP address of each routing node and the exit address pond of walking of operator internal record are compared, the CDN producers or source address producer of Internet service failure are oriented.

Description

Resources-type internet source of trouble localization method based on network monitoring
Technical field
The present invention relates to a kind of source of trouble localization method of internet failure, belong to Developing Technology of Applied Software field, fit The source of trouble for resources-type Internet service failure is positioned.
Background technology
In recent years, the progress of Internet technology brings great space for the development of Internet service.Internet service Demand is sharply increased, and the visit capacity of many websites is increased sharply, and this is that server brings very big burden, the phenomenon of server crash Happen occasionally so that Consumer's Experience is deteriorated.Certainly cross operator, trans-regional, server load capacity are too low, bandwidth is very few etc. brings The problem of become increasingly conspicuous.CDN (content distributing network) arises at the historic moment.CDN is based on caching server, and content provider is provided Information be mirrored on each service node, can in real time according to the connection of network traffics and each node, load state with And re-direct the request of user on the service node nearest from user to the integrated information such as the distance of user and response time.
Web site contents are mirrored on multiple service nodes by CDN, have so largely shared the pressure of server, The access speed of user is improved, but also related service equipment is increased, networking is more complicated.Although CDN use can The problems such as effectively to prevent assault, solve cross operator, but its real-time is not fine, from remote server Web content webpage can not keep real-time synchronization with the webpage in duplicate server or buffer.When faulty generation, due to Networking is complicated, and service node has uncertainty, and this is that relevant staff brings larger obstruction when positioning the source of trouble.
Present operator staff is when the source of trouble to internet failure is positioned, mainly by manually to correlation Packet capturing file is analyzed, and gets be compared to judge to be out of order with mapping table again after failure IP address after analysis Producer.Whole source of trouble position fixing process is dependent on being accomplished manually, and work is complicated cumbersome, less efficient, and relevant staff Mainly by virtue of experience judge when analyzing packet capturing file, analysis result is not accurate enough.
The content of the invention
It is low it is an object of the invention to solve the existing inaccurate, efficiency of source of trouble positioning to resources-type internet failure Problem, the correlation techniques such as Network monitor technology, DNS name resolution technology, route tracking technique is combined, crawl main frame is passed Defeated internet data frame, is analyzed data frame, accurately and efficiently orients the internet source of trouble.
The present invention realizes that the scheme of above-mentioned technological innovation is, the data that computer is transmitted are captured using Network monitor technology Frame is simultaneously analyzed it.Internet is made up of numerous LANs, and these LANs are usually Ethernet, Token Ring knot Structure.Data are the unit transmission for being referred to as frame (Frame) with very little on these networks, and frame passes through specific network-driven journey Sequence is molded, and is then sent to by network interface card on netting twine.When network interface is in normal condition, network interface card receives what transmission came Chip program in data frame, network interface card first receives the target MAC (Media Access Control) address of data head, is set according to the NIC driver on computer The reception pattern put judges to receive, if it is considered to being the data frame or broadcast frame that destination address is the machine address, then Simultaneously generation interrupt signal notifies CPU after the receipt for reception, otherwise just abandons regardless of CPU obtains interrupt signal generation interruption, operation System just receives data according to the network interface card interrupt routine call by location driver set in NIC driver, and driver connects Storehouse is put into after receipts data to handle by operating system.The present invention is using the WinPcap storages provided and reads network data Function, by being promiscuous mode by Network card setup, it produces a hardware interrupts to each frame run into remind behaviour Make system and handle each the message bag flowed through on the physical medium.Corresponding software is redesigned to Message processing, these are analyzed The content of data, gets failure IP address.Finally by route tracking, compared with address pool and orient Internet service failure CDN producers or source address producer.
Advantage whereabouts proposed by the present invention:A kind of complete internet source of trouble positioning flow is proposed, network is supervised Listen the correlation techniques such as technology, DNS name resolution technology, route tracking technique to be combined, can intelligently be accurately positioned out resource The class internet source of trouble, largely saves manpower, improves the efficiency of troubleshooting.Source of trouble positioning software can basis Different situations are positioned, and for web page class failure, can intuitively get the domain name URL of failure, this type fault can be direct Domain name URL is resolved to by the IP address mapped with it by DNS name resolution, failure source IP address is got;And for software The failures such as class, game class, it is impossible to be directly obtained failure IP address, this type fault is got firstly the need of network monitoring is carried out Main frame then by being analyzed by http protocol, ICP/IP protocol etc. data frame, is oriented in the data of transmission over networks Failure source IP address.
Brief description of the drawings
Fig. 1 is Internet service source of trouble positioning flow figure of the present invention.
The general frame of Fig. 2 network monitoring systems.
Fig. 3 is that network monitoring program realizes step.
Fig. 4 is that crucial protocol-analysis model simplified flowchart (namely decoding functions call relation is carried out to data frame Figure).
Embodiment
The present invention proposes a kind of resources-type internet source of trouble localization method based on network monitoring, by network monitoring, DNS Domain name mapping, data frame analysis, than five parts of route tracking and address pool are constituted.
The internet source of trouble is positioned, first has to obtain the IP address of failure., can for web page class internet failure Intuitively to get the domain name URL of failure, this type fault can directly by DNS name resolution by domain name URL resolve to Its IP address mapped, gets failure source IP address.For this kind of situation, the present invention is mutually tied using dynamic and static domain name mapping The method of conjunction carries out parsing mapping to domain name, first using the method for static domain name resolution, if static domain name resolution is unsuccessful, The method for using dynamic territory analyzing again, some conventional domain names are put into static domain name resolution table, can so be carried significantly High domain name resolution efficiency.
For the internet failure of software class or game class, it is impossible to intuitively get the domain name URL of failure, the event of this type Barrier gets data of the main frame in transmission over networks firstly the need of network monitoring is carried out.Establishment one is first had to use Wpcap.dll or packet.dll program, the usual WinPcap application program first thing to be done is to obtain network to fit Orchestration list.WinPcap provides pacp_findalldevs_ex () function, and it returns to the chained list of a pcap_if structure, Each pcap_if structures contain the information of adapter.Name and description field in the structure are name and the description of equipment.Second The thing to be done is exactly to open network adapter.The method for opening capture device is pcap_open ().3rd thing to be done is just It is compiling and filter is set.The very powerful characteristic that WinPcap is provided is exactly filter engine.It is provided has very much The method receiving portion network traffics of effect, it is integrated in the Packet capturing mechanism of WinPcap offers.It is for the function of bag filter Pcap_compile () and pcap_setfilter () opcap_compile () receives high-rise boolean's filter expression word Symbol string, and produce the level binary code that can be explained by filter engine.Pcap_compile () is used for character string to be compiled into Filter fly sequence.Pcap_setfilter () makes capture and kernel-driven associated.Once pcap_setfilter () is called, phase The filter of pass can be used in all packets arrived on network, and all satisfactory bags can be copied into application program. Once open adapter, it is possible to captured using pcap_dispatch () or pcap_loop () function.This is also Four things to be done.The two functions are much like, and difference is that pcap_dispatch () time-out can be returned, and pcap_ Loop () can just be returned until coating capture.These functions have a readjustment parameter, and packed_hardler points to one Receive the function of bag.Whenever new bag arrives, this function is called, receive a state and with a head, this head contains The bag data of the information of some bags, such as timestamp, packet length and reality.Final step is exactly the agreement point for capturing packet Analysis and content analysis.Packet structure variables are stated in processing data packets function, and call corresponding decoding functions, example If calling Ethernet decoding functions, then it can capture data link layer information and be stored in Packet structures, and according to Ethernet Frame type field in header judges message last layer (Internet) protocol type, calls corresponding Internet decoding functions.It is each Layer decoding functions it is similar, whole decoder module be exactly one top down, the tree structure of continuous branch.Each layer analysis is all This layer of information is write into Packet structures and this layer of header is pumped, according to message content, next stage solution is selected according to protocol hierarchy Code function, gives it by remaining message and handles.Then Packet structures are analyzed, you can extract each layer information and by these information Export to user interface or journal file.All will modification statistical information (PacketCount knots in each layer of processing procedure Structure), analyze PacketCount structures, so that it may draw statistical information.
After failure IP address is got, route tracking is carried out to the IP address, determines that IP datagram access target is adopted The path taken, judges the routing node that the routing node or route of walked outlet are interrupted.
Finally, the address pool of the routing node for walking outlet got and operator internal database is compared, Orient the CDN producers or source address producer of Internet service failure.

Claims (4)

1. for resources-type internet failure source of trouble localization method by network monitoring, DNS name resolution, data frame analysis, Route tracking and address pool compare five part compositions, and its feature includes following part:
(1) network monitoring is monitored mainly for Ethernet, gets data of the main frame in transmission over networks.
(2) DNS name resolution resolves to domain name URL the IP address mapped with it, gets failure source IP address.
(3) data frame analysis by http protocol, ICP/IP protocol etc. by being analyzed institute's packet capturing file, and positioning is out of order Source IP address.
(4) route tracking determines the path that IP datagram access target is taken, to judge routing node or the road of walked outlet By the routing node interrupted.
(5) it is the routing node for walking outlet that will get to be compared with address pool and the address pool of operator internal database is entered Row is compared, and orients the CDN producers or source address producer of Internet service failure.
2. network monitoring and DNS name resolution are by part according to claim 1, it is characterised in that for mutual without type The failure source IP address localization method that networking service failure is taken is different, mainly including following:
(1) web page class internet failure is directed to, the domain name URL of failure can be intuitively got, this type fault can directly lead to Cross DNS name resolution and domain name URL is resolved to the IP address mapped with it, get failure source IP address.Wherein host name is arrived IP address is mapped with two ways, and the first is that main frame is all configured in static mappings, every equipment to the mapping of IP address, respectively The equipment independent maintenance mapping table of oneself, and used only for this equipment;Second is dynamic mapping, sets up a set of domain name mapping System (DNS), the mapping that main frame arrives IP address is only configured on special dns server, needs to use on network host name logical The equipment of letter, it is necessary first to inquire about the IP address corresponding to main frame to dns server.The present invention intends using dynamic and static domain name solution The method that phase separation is combined carries out parsing mapping to domain name, first using the method for static domain name resolution, if static domain name resolution It is unsuccessful, then using the method for dynamic territory analyzing, some conventional domain names are put into static domain name resolution table, so can be with Greatly improve domain name resolution efficiency.
(2) for the internet failure of software class or game class, it is impossible to intuitively get the domain name URL of failure, the event of this type Barrier gets data of the main frame in transmission over networks firstly the need of network monitoring is carried out, then by being assisted to data frame by HTTP View, ICP/IP protocol etc. are analyzed, and orient failure source IP address.
3. part is compared with address pool according to claim 1, used address pool be IP address inside operator with Between the mapping table of Suo Zou exporters, different operators or same operator difference does not save mapping table between net not Together, this patent software support data base import feature, can be compared for different mappings table.
4. according to claims 1 to 3 part, this patent only supports the source of trouble of resources-type Internet service failure to position, and can determine Position goes out the CDN producers or source address producer of provided Internet service.
CN201710516046.2A 2017-06-29 2017-06-29 Resources-type internet source of trouble localization method based on network monitoring Pending CN107294780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710516046.2A CN107294780A (en) 2017-06-29 2017-06-29 Resources-type internet source of trouble localization method based on network monitoring

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710516046.2A CN107294780A (en) 2017-06-29 2017-06-29 Resources-type internet source of trouble localization method based on network monitoring

Publications (1)

Publication Number Publication Date
CN107294780A true CN107294780A (en) 2017-10-24

Family

ID=60098992

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710516046.2A Pending CN107294780A (en) 2017-06-29 2017-06-29 Resources-type internet source of trouble localization method based on network monitoring

Country Status (1)

Country Link
CN (1) CN107294780A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013960A (en) * 2007-02-12 2007-08-08 华为技术有限公司 Method and apparatus for obtaining physical address of Ethernet node
CN102412999A (en) * 2011-12-23 2012-04-11 华为技术有限公司 Packet capturing based remote fault location method, system and device
CN105306303A (en) * 2015-11-09 2016-02-03 上海斐讯数据通信技术有限公司 Fault real-time monitoring system based on terminal network device, and terminal network device
CN105471669A (en) * 2014-09-11 2016-04-06 中国移动通信集团湖南有限公司 Fault positioning method and device of communication network
CN106533722A (en) * 2015-09-11 2017-03-22 北京国双科技有限公司 Network monitoring method and network monitoring device
US20170104622A1 (en) * 2014-04-16 2017-04-13 Dell Products, L.P. Network element reachability

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013960A (en) * 2007-02-12 2007-08-08 华为技术有限公司 Method and apparatus for obtaining physical address of Ethernet node
CN102412999A (en) * 2011-12-23 2012-04-11 华为技术有限公司 Packet capturing based remote fault location method, system and device
US20170104622A1 (en) * 2014-04-16 2017-04-13 Dell Products, L.P. Network element reachability
CN105471669A (en) * 2014-09-11 2016-04-06 中国移动通信集团湖南有限公司 Fault positioning method and device of communication network
CN106533722A (en) * 2015-09-11 2017-03-22 北京国双科技有限公司 Network monitoring method and network monitoring device
CN105306303A (en) * 2015-11-09 2016-02-03 上海斐讯数据通信技术有限公司 Fault real-time monitoring system based on terminal network device, and terminal network device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
潘伟等: "《计算机网络——理论与实验》", 31 December 2013, 厦门大学出版社 *
王轶栋: "用Ethereal抓包方法分析网络故障的方法", 《信息与电脑(理论版)》 *
金纯等: "《IPTV及其解决方案》", 30 September 2006, 国防工业出版社 *
陈卓然等: "《计算机应用基础任务驱动教程》", 31 August 2015, 国防工业出版社 *

Similar Documents

Publication Publication Date Title
Ventre et al. Segment routing: a comprehensive survey of research activities, standardization efforts, and implementation results
CN106100999B (en) Image network flow control methods in a kind of virtualized network environment
EP3151470B1 (en) Analytics for a distributed network
US10560354B2 (en) End-to-end, in situ packet enrichment for network analytics
US8028088B2 (en) System and method for service assurance in IP networks
CN104488231B (en) Method, apparatus and system for selectively monitoring flow
CN105262615B (en) Physical path determination for virtual network packet flows
JP4598462B2 (en) Provider network providing an L2-VPN service and edge router
KR101445468B1 (en) Method, system and apparatus providing secure infrastructure
CN106130766A (en) A kind of system and method realizing automated network accident analysis based on SDN technology
CN107453884A (en) The service quality detection method and device of a kind of network equipment
CN105227341A (en) For the system and method by content center network management devices
CN106105115A (en) The service chaining originated by service node in network environment
CN106452925A (en) Method, apparatus and system for detecting faults in NFV system
CN106789625A (en) A kind of loop detecting method and device
CN105827629A (en) Software definition safety guiding device under cloud computing environment and implementation method thereof
CN109168050A (en) A kind of video multicast method based on SDN
US20220210036A1 (en) Network Measurement System And Method, Device, And Storage Medium
CN102132524A (en) Methods for establishing a traffic connection and an associated monitoring connection
CN102164048B (en) Data stream optimization device and method for realizing multi-ISP (internet service provider) access in local area network
CN108696398B (en) Communication loopback fault detection method and device in a kind of communication network
WO2023065848A1 (en) Service scheduling method and apparatus, device and computer readable storage medium
CN109857419B (en) Method and device for automatically upgrading scheduling system
US8428068B2 (en) Method, apparatus and system for managing routes
US11240140B2 (en) Method and system for interfacing communication networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171024

WD01 Invention patent application deemed withdrawn after publication