CN107294780A - Resources-type internet source of trouble localization method based on network monitoring - Google Patents
Resources-type internet source of trouble localization method based on network monitoring Download PDFInfo
- Publication number
- CN107294780A CN107294780A CN201710516046.2A CN201710516046A CN107294780A CN 107294780 A CN107294780 A CN 107294780A CN 201710516046 A CN201710516046 A CN 201710516046A CN 107294780 A CN107294780 A CN 107294780A
- Authority
- CN
- China
- Prior art keywords
- address
- failure
- source
- domain name
- name resolution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Data Mining & Analysis (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of source of trouble localization method for resources-type internet failure is claimed in the present invention, belongs to Developing Technology of Applied Software field.The source of trouble that the present invention completes resources-type Internet service failure by the way that Network monitor technology, DNS name resolution technology, route tracking technique etc. are combined is positioned.Data of the main frame in transmission over networks are got first with Network monitor technology, the data frame being truncated to is analyzed, failure source IP address is judged.Again to the IP address carry out route tracking, get main frame to the IP address routed path, walk export.Finally, by the way that the IP address of each routing node and the exit address pond of walking of operator internal record are compared, the CDN producers or source address producer of Internet service failure are oriented.
Description
Technical field
The present invention relates to a kind of source of trouble localization method of internet failure, belong to Developing Technology of Applied Software field, fit
The source of trouble for resources-type Internet service failure is positioned.
Background technology
In recent years, the progress of Internet technology brings great space for the development of Internet service.Internet service
Demand is sharply increased, and the visit capacity of many websites is increased sharply, and this is that server brings very big burden, the phenomenon of server crash
Happen occasionally so that Consumer's Experience is deteriorated.Certainly cross operator, trans-regional, server load capacity are too low, bandwidth is very few etc. brings
The problem of become increasingly conspicuous.CDN (content distributing network) arises at the historic moment.CDN is based on caching server, and content provider is provided
Information be mirrored on each service node, can in real time according to the connection of network traffics and each node, load state with
And re-direct the request of user on the service node nearest from user to the integrated information such as the distance of user and response time.
Web site contents are mirrored on multiple service nodes by CDN, have so largely shared the pressure of server,
The access speed of user is improved, but also related service equipment is increased, networking is more complicated.Although CDN use can
The problems such as effectively to prevent assault, solve cross operator, but its real-time is not fine, from remote server
Web content webpage can not keep real-time synchronization with the webpage in duplicate server or buffer.When faulty generation, due to
Networking is complicated, and service node has uncertainty, and this is that relevant staff brings larger obstruction when positioning the source of trouble.
Present operator staff is when the source of trouble to internet failure is positioned, mainly by manually to correlation
Packet capturing file is analyzed, and gets be compared to judge to be out of order with mapping table again after failure IP address after analysis
Producer.Whole source of trouble position fixing process is dependent on being accomplished manually, and work is complicated cumbersome, less efficient, and relevant staff
Mainly by virtue of experience judge when analyzing packet capturing file, analysis result is not accurate enough.
The content of the invention
It is low it is an object of the invention to solve the existing inaccurate, efficiency of source of trouble positioning to resources-type internet failure
Problem, the correlation techniques such as Network monitor technology, DNS name resolution technology, route tracking technique is combined, crawl main frame is passed
Defeated internet data frame, is analyzed data frame, accurately and efficiently orients the internet source of trouble.
The present invention realizes that the scheme of above-mentioned technological innovation is, the data that computer is transmitted are captured using Network monitor technology
Frame is simultaneously analyzed it.Internet is made up of numerous LANs, and these LANs are usually Ethernet, Token Ring knot
Structure.Data are the unit transmission for being referred to as frame (Frame) with very little on these networks, and frame passes through specific network-driven journey
Sequence is molded, and is then sent to by network interface card on netting twine.When network interface is in normal condition, network interface card receives what transmission came
Chip program in data frame, network interface card first receives the target MAC (Media Access Control) address of data head, is set according to the NIC driver on computer
The reception pattern put judges to receive, if it is considered to being the data frame or broadcast frame that destination address is the machine address, then
Simultaneously generation interrupt signal notifies CPU after the receipt for reception, otherwise just abandons regardless of CPU obtains interrupt signal generation interruption, operation
System just receives data according to the network interface card interrupt routine call by location driver set in NIC driver, and driver connects
Storehouse is put into after receipts data to handle by operating system.The present invention is using the WinPcap storages provided and reads network data
Function, by being promiscuous mode by Network card setup, it produces a hardware interrupts to each frame run into remind behaviour
Make system and handle each the message bag flowed through on the physical medium.Corresponding software is redesigned to Message processing, these are analyzed
The content of data, gets failure IP address.Finally by route tracking, compared with address pool and orient Internet service failure
CDN producers or source address producer.
Advantage whereabouts proposed by the present invention:A kind of complete internet source of trouble positioning flow is proposed, network is supervised
Listen the correlation techniques such as technology, DNS name resolution technology, route tracking technique to be combined, can intelligently be accurately positioned out resource
The class internet source of trouble, largely saves manpower, improves the efficiency of troubleshooting.Source of trouble positioning software can basis
Different situations are positioned, and for web page class failure, can intuitively get the domain name URL of failure, this type fault can be direct
Domain name URL is resolved to by the IP address mapped with it by DNS name resolution, failure source IP address is got;And for software
The failures such as class, game class, it is impossible to be directly obtained failure IP address, this type fault is got firstly the need of network monitoring is carried out
Main frame then by being analyzed by http protocol, ICP/IP protocol etc. data frame, is oriented in the data of transmission over networks
Failure source IP address.
Brief description of the drawings
Fig. 1 is Internet service source of trouble positioning flow figure of the present invention.
The general frame of Fig. 2 network monitoring systems.
Fig. 3 is that network monitoring program realizes step.
Fig. 4 is that crucial protocol-analysis model simplified flowchart (namely decoding functions call relation is carried out to data frame
Figure).
Embodiment
The present invention proposes a kind of resources-type internet source of trouble localization method based on network monitoring, by network monitoring, DNS
Domain name mapping, data frame analysis, than five parts of route tracking and address pool are constituted.
The internet source of trouble is positioned, first has to obtain the IP address of failure., can for web page class internet failure
Intuitively to get the domain name URL of failure, this type fault can directly by DNS name resolution by domain name URL resolve to
Its IP address mapped, gets failure source IP address.For this kind of situation, the present invention is mutually tied using dynamic and static domain name mapping
The method of conjunction carries out parsing mapping to domain name, first using the method for static domain name resolution, if static domain name resolution is unsuccessful,
The method for using dynamic territory analyzing again, some conventional domain names are put into static domain name resolution table, can so be carried significantly
High domain name resolution efficiency.
For the internet failure of software class or game class, it is impossible to intuitively get the domain name URL of failure, the event of this type
Barrier gets data of the main frame in transmission over networks firstly the need of network monitoring is carried out.Establishment one is first had to use
Wpcap.dll or packet.dll program, the usual WinPcap application program first thing to be done is to obtain network to fit
Orchestration list.WinPcap provides pacp_findalldevs_ex () function, and it returns to the chained list of a pcap_if structure,
Each pcap_if structures contain the information of adapter.Name and description field in the structure are name and the description of equipment.Second
The thing to be done is exactly to open network adapter.The method for opening capture device is pcap_open ().3rd thing to be done is just
It is compiling and filter is set.The very powerful characteristic that WinPcap is provided is exactly filter engine.It is provided has very much
The method receiving portion network traffics of effect, it is integrated in the Packet capturing mechanism of WinPcap offers.It is for the function of bag filter
Pcap_compile () and pcap_setfilter () opcap_compile () receives high-rise boolean's filter expression word
Symbol string, and produce the level binary code that can be explained by filter engine.Pcap_compile () is used for character string to be compiled into
Filter fly sequence.Pcap_setfilter () makes capture and kernel-driven associated.Once pcap_setfilter () is called, phase
The filter of pass can be used in all packets arrived on network, and all satisfactory bags can be copied into application program.
Once open adapter, it is possible to captured using pcap_dispatch () or pcap_loop () function.This is also
Four things to be done.The two functions are much like, and difference is that pcap_dispatch () time-out can be returned, and pcap_
Loop () can just be returned until coating capture.These functions have a readjustment parameter, and packed_hardler points to one
Receive the function of bag.Whenever new bag arrives, this function is called, receive a state and with a head, this head contains
The bag data of the information of some bags, such as timestamp, packet length and reality.Final step is exactly the agreement point for capturing packet
Analysis and content analysis.Packet structure variables are stated in processing data packets function, and call corresponding decoding functions, example
If calling Ethernet decoding functions, then it can capture data link layer information and be stored in Packet structures, and according to Ethernet
Frame type field in header judges message last layer (Internet) protocol type, calls corresponding Internet decoding functions.It is each
Layer decoding functions it is similar, whole decoder module be exactly one top down, the tree structure of continuous branch.Each layer analysis is all
This layer of information is write into Packet structures and this layer of header is pumped, according to message content, next stage solution is selected according to protocol hierarchy
Code function, gives it by remaining message and handles.Then Packet structures are analyzed, you can extract each layer information and by these information
Export to user interface or journal file.All will modification statistical information (PacketCount knots in each layer of processing procedure
Structure), analyze PacketCount structures, so that it may draw statistical information.
After failure IP address is got, route tracking is carried out to the IP address, determines that IP datagram access target is adopted
The path taken, judges the routing node that the routing node or route of walked outlet are interrupted.
Finally, the address pool of the routing node for walking outlet got and operator internal database is compared,
Orient the CDN producers or source address producer of Internet service failure.
Claims (4)
1. for resources-type internet failure source of trouble localization method by network monitoring, DNS name resolution, data frame analysis,
Route tracking and address pool compare five part compositions, and its feature includes following part:
(1) network monitoring is monitored mainly for Ethernet, gets data of the main frame in transmission over networks.
(2) DNS name resolution resolves to domain name URL the IP address mapped with it, gets failure source IP address.
(3) data frame analysis by http protocol, ICP/IP protocol etc. by being analyzed institute's packet capturing file, and positioning is out of order
Source IP address.
(4) route tracking determines the path that IP datagram access target is taken, to judge routing node or the road of walked outlet
By the routing node interrupted.
(5) it is the routing node for walking outlet that will get to be compared with address pool and the address pool of operator internal database is entered
Row is compared, and orients the CDN producers or source address producer of Internet service failure.
2. network monitoring and DNS name resolution are by part according to claim 1, it is characterised in that for mutual without type
The failure source IP address localization method that networking service failure is taken is different, mainly including following:
(1) web page class internet failure is directed to, the domain name URL of failure can be intuitively got, this type fault can directly lead to
Cross DNS name resolution and domain name URL is resolved to the IP address mapped with it, get failure source IP address.Wherein host name is arrived
IP address is mapped with two ways, and the first is that main frame is all configured in static mappings, every equipment to the mapping of IP address, respectively
The equipment independent maintenance mapping table of oneself, and used only for this equipment;Second is dynamic mapping, sets up a set of domain name mapping
System (DNS), the mapping that main frame arrives IP address is only configured on special dns server, needs to use on network host name logical
The equipment of letter, it is necessary first to inquire about the IP address corresponding to main frame to dns server.The present invention intends using dynamic and static domain name solution
The method that phase separation is combined carries out parsing mapping to domain name, first using the method for static domain name resolution, if static domain name resolution
It is unsuccessful, then using the method for dynamic territory analyzing, some conventional domain names are put into static domain name resolution table, so can be with
Greatly improve domain name resolution efficiency.
(2) for the internet failure of software class or game class, it is impossible to intuitively get the domain name URL of failure, the event of this type
Barrier gets data of the main frame in transmission over networks firstly the need of network monitoring is carried out, then by being assisted to data frame by HTTP
View, ICP/IP protocol etc. are analyzed, and orient failure source IP address.
3. part is compared with address pool according to claim 1, used address pool be IP address inside operator with
Between the mapping table of Suo Zou exporters, different operators or same operator difference does not save mapping table between net not
Together, this patent software support data base import feature, can be compared for different mappings table.
4. according to claims 1 to 3 part, this patent only supports the source of trouble of resources-type Internet service failure to position, and can determine
Position goes out the CDN producers or source address producer of provided Internet service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710516046.2A CN107294780A (en) | 2017-06-29 | 2017-06-29 | Resources-type internet source of trouble localization method based on network monitoring |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710516046.2A CN107294780A (en) | 2017-06-29 | 2017-06-29 | Resources-type internet source of trouble localization method based on network monitoring |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107294780A true CN107294780A (en) | 2017-10-24 |
Family
ID=60098992
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710516046.2A Pending CN107294780A (en) | 2017-06-29 | 2017-06-29 | Resources-type internet source of trouble localization method based on network monitoring |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107294780A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013960A (en) * | 2007-02-12 | 2007-08-08 | 华为技术有限公司 | Method and apparatus for obtaining physical address of Ethernet node |
CN102412999A (en) * | 2011-12-23 | 2012-04-11 | 华为技术有限公司 | Packet capturing based remote fault location method, system and device |
CN105306303A (en) * | 2015-11-09 | 2016-02-03 | 上海斐讯数据通信技术有限公司 | Fault real-time monitoring system based on terminal network device, and terminal network device |
CN105471669A (en) * | 2014-09-11 | 2016-04-06 | 中国移动通信集团湖南有限公司 | Fault positioning method and device of communication network |
CN106533722A (en) * | 2015-09-11 | 2017-03-22 | 北京国双科技有限公司 | Network monitoring method and network monitoring device |
US20170104622A1 (en) * | 2014-04-16 | 2017-04-13 | Dell Products, L.P. | Network element reachability |
-
2017
- 2017-06-29 CN CN201710516046.2A patent/CN107294780A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013960A (en) * | 2007-02-12 | 2007-08-08 | 华为技术有限公司 | Method and apparatus for obtaining physical address of Ethernet node |
CN102412999A (en) * | 2011-12-23 | 2012-04-11 | 华为技术有限公司 | Packet capturing based remote fault location method, system and device |
US20170104622A1 (en) * | 2014-04-16 | 2017-04-13 | Dell Products, L.P. | Network element reachability |
CN105471669A (en) * | 2014-09-11 | 2016-04-06 | 中国移动通信集团湖南有限公司 | Fault positioning method and device of communication network |
CN106533722A (en) * | 2015-09-11 | 2017-03-22 | 北京国双科技有限公司 | Network monitoring method and network monitoring device |
CN105306303A (en) * | 2015-11-09 | 2016-02-03 | 上海斐讯数据通信技术有限公司 | Fault real-time monitoring system based on terminal network device, and terminal network device |
Non-Patent Citations (4)
Title |
---|
潘伟等: "《计算机网络——理论与实验》", 31 December 2013, 厦门大学出版社 * |
王轶栋: "用Ethereal抓包方法分析网络故障的方法", 《信息与电脑(理论版)》 * |
金纯等: "《IPTV及其解决方案》", 30 September 2006, 国防工业出版社 * |
陈卓然等: "《计算机应用基础任务驱动教程》", 31 August 2015, 国防工业出版社 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ventre et al. | Segment routing: a comprehensive survey of research activities, standardization efforts, and implementation results | |
CN106100999B (en) | Image network flow control methods in a kind of virtualized network environment | |
EP3151470B1 (en) | Analytics for a distributed network | |
US10560354B2 (en) | End-to-end, in situ packet enrichment for network analytics | |
US8028088B2 (en) | System and method for service assurance in IP networks | |
CN104488231B (en) | Method, apparatus and system for selectively monitoring flow | |
CN105262615B (en) | Physical path determination for virtual network packet flows | |
JP4598462B2 (en) | Provider network providing an L2-VPN service and edge router | |
KR101445468B1 (en) | Method, system and apparatus providing secure infrastructure | |
CN106130766A (en) | A kind of system and method realizing automated network accident analysis based on SDN technology | |
CN107453884A (en) | The service quality detection method and device of a kind of network equipment | |
CN105227341A (en) | For the system and method by content center network management devices | |
CN106105115A (en) | The service chaining originated by service node in network environment | |
CN106452925A (en) | Method, apparatus and system for detecting faults in NFV system | |
CN106789625A (en) | A kind of loop detecting method and device | |
CN105827629A (en) | Software definition safety guiding device under cloud computing environment and implementation method thereof | |
CN109168050A (en) | A kind of video multicast method based on SDN | |
US20220210036A1 (en) | Network Measurement System And Method, Device, And Storage Medium | |
CN102132524A (en) | Methods for establishing a traffic connection and an associated monitoring connection | |
CN102164048B (en) | Data stream optimization device and method for realizing multi-ISP (internet service provider) access in local area network | |
CN108696398B (en) | Communication loopback fault detection method and device in a kind of communication network | |
WO2023065848A1 (en) | Service scheduling method and apparatus, device and computer readable storage medium | |
CN109857419B (en) | Method and device for automatically upgrading scheduling system | |
US8428068B2 (en) | Method, apparatus and system for managing routes | |
US11240140B2 (en) | Method and system for interfacing communication networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171024 |
|
WD01 | Invention patent application deemed withdrawn after publication |