CN108667708B - The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows - Google Patents

The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows Download PDF

Info

Publication number
CN108667708B
CN108667708B CN201810353208.XA CN201810353208A CN108667708B CN 108667708 B CN108667708 B CN 108667708B CN 201810353208 A CN201810353208 A CN 201810353208A CN 108667708 B CN108667708 B CN 108667708B
Authority
CN
China
Prior art keywords
vpn
flow
user
hexa
atomic group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810353208.XA
Other languages
Chinese (zh)
Other versions
CN108667708A (en
Inventor
张家琦
邹昕
许翠
贾有春
孙浩
汪立东
何清林
郭三川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Original Assignee
Nanjing Sinovatio Technology LLC
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sinovatio Technology LLC, National Computer Network and Information Security Management Center filed Critical Nanjing Sinovatio Technology LLC
Priority to CN201810353208.XA priority Critical patent/CN108667708B/en
Publication of CN108667708A publication Critical patent/CN108667708A/en
Application granted granted Critical
Publication of CN108667708B publication Critical patent/CN108667708B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging
    • H04L12/465Details on frame tagging wherein a single frame includes a plurality of VLAN tags
    • H04L12/4658Details on frame tagging wherein a single frame includes a plurality of VLAN tags wherein a VLAN tag represents a service provider backbone VLAN, e.g. B-Tag, S-Tag
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows

Abstract

The present invention discloses the acquisition analysis system and capturing analysis method of one kind of multiple VPN flows, how to be screened in rapid growth situation to different VPN flows with solving the problem of that VPN discharge pattern becomes more, magnitude.VPN user concept is introduced in the present invention, every equipment can have multiple VPN users, each user one-to-many can map multiple MPLS, VlAN, Frame relay, VPN otherness can effectively be shielded, it is mapped compared to multi-to-multi, space complexity can be effectively reduced again, it uses hexa-atomic group regular (VPN user, source IP, destination IP, source port, destination port, protocol type), VPN and five-tuple field can be matched simultaneously, target VPN flow can be precisely identified, the accuracy rate of flow collection analysis is significantly improved.

Description

The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows
Technical field
The present invention relates to Internet technical fields, and in particular to a kind of VPN flows a variety of to backbone network on first device The system of collection analysis.
Present invention simultaneously relates to the methods of VPN flow collections a variety of to backbone network on first device analysis.
Background technique
With the rapid growth of network bandwidth and the fast development of network technology, telecommunications, connection, VPN in mobile backbone Discharge pattern is more, magnitude is big, is in rapid growth situation, there are problems that identical subnet traffic is also more prominent between different VPN flows Out, lack the method that can accurately and efficiently filter out target VPN flow always to this first device.It is merely able in the prior art VPN field or five-tuple are matched to screen target VPN flow, but the accuracy rate of the program is lower.
Therefore the technical solution for needing one kind new is to solve the above problems.
Summary of the invention
It is an object of the invention to: the acquisition analysis system of one kind of multiple VPN flows is provided, is difficult to VPN stream to solve The problem of how accurately and efficiently filtering out target VPN flow in the case that amount type is more and more.
Present invention simultaneously provides the capturing analysis methods of a variety of VPN flows, equally to solve how accurately and efficiently to sieve The problem of selecting target VPN flow.
In order to achieve the above objectives, following technical solution can be used in the acquisition analysis system of a variety of VPN flows of the present invention:
The acquisition analysis system of one kind of multiple VPN flows, comprising:
VPN line module, to construct VPN user's table and analysis flow;The key assignments of VPN user's table is VPN type, VPN The corresponding MPLS label value of type or VLAN mark or DLCI, result are VPN user;Analysis flow is obtained from VPN flow VPN type extracts VPN field, organizes key assignments, looks into VPN user's table;If in looking into, extracting VPN user information;
Hexa-atomic group of module, after constructing hexa-atomic group of rule list and analysis VPN line module extraction VPN user information VPN flow;Wherein hexa-atomic group of rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, As a result the processing strategie to be carried out to flow;It analyzes VPN line module and extracts the VPN flow i.e. extraction five after VPN user information Tuple extracts VPN user information, inquires hexa-atomic group of rule list;If hit extracts flow processing strategie information, carries out subsequent place Reason.
The utility model has the advantages that it is general to introduce VPN user in the acquisition analysis system of a variety of VPN flows of backbone network provided by the invention It reads, every equipment can have multiple VPN users, and each user one-to-many can map multiple MPLS, VLAN, Frame relay, can Effectively shielding VPN otherness, maps, and space complexity can be effectively reduced compared to multi-to-multi, and using hexa-atomic group of rule, (VPN is used Family, source IP, destination IP, source port, destination port, protocol type), VPN and five-tuple field can be matched simultaneously, can precisely be marked Know target VPN flow out, significantly improves the accuracy rate of flow collection analysis.
Wherein, hexa-atomic group includes VPN user, source IP, destination IP, source port, destination port, protocol type.Five-tuple packet Include source IP address, source port, purpose IP address, destination port, protocol type.
Further, VPN line module configures one or more VPN users, the multiple phases of each one-to-many correspondence of VPN user Same or different types of VPN.
Following technical scheme can be used in the capturing analysis method of a variety of VPN flows provided by the invention, comprising the following steps:
(1), VPN user's table and analysis flow are constructed;The key assignments of VPN user's table is VPN type, VPN type is corresponding MPLS label value or VLAN mark or DLCI, result are VPN user;It analyzes flow and obtains VPN type from VPN flow, mention VPN field is taken, key assignments is organized, looks into VPN user's table;If in looking into, extracting VPN user information;
(2), it constructs hexa-atomic group of rule list and analyzes VPN line module and extract the VPN flow after VPN user information;Wherein Hexa-atomic group of rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, and result is to flow The processing strategie of progress;It analyzes VPN line module and extracts the VPN flow i.e. extraction five-tuple after VPN user information, extract VPN User information inquires hexa-atomic group of rule list;If flow processing strategie information is extracted in hit, subsequent processing is carried out.
The utility model has the advantages that in the capturing analysis method of a variety of VPN flows provided by the invention, introducing VPN user concept, every Equipment can have multiple VPN users, and each user one-to-many can map multiple MPLS, VLAN, Frame relay, can effectively shield VPN otherness is covered, is mapped compared to multi-to-multi, and space complexity can be effectively reduced, hexa-atomic group of regular (VPN user, source are used IP, destination IP, source port, destination port, protocol type), VPN and five-tuple field can be matched simultaneously, can precisely be identified Target VPN flow significantly improves the accuracy rate of flow collection analysis.
The capturing analysis method of a variety of VPN flows provided by the invention can also use following technical scheme, including following Step:
Step 101, configure one or more VPN users as needed, each VPN user configuration correlation MPLS label value or VLAN mark or DLCI;
Step 102, one or more hexa-atomic group of rule is configured as needed;
Step 103, flow enters device data packet handing module from backbone network;
Step 104, message is analyzed, is identified whether as VPN, if so, 106 are thened follow the steps, it is no to then follow the steps 105;
Step 105, other uncorrelated process flows;
Step 106, it identifies VPN type, extracts type and corresponding MPLS label value or VLAN mark or DLCI, set up VPN user's table key assignments;
Step 107, VPN user's table is inquired, if hit, executes step 108;It is no to then follow the steps 105;
Step 108, VPN user information is extracted, flow, extraction source IP, destination IP, source port, destination port, agreement are parsed Type sets up hexa-atomic group of rule list key assignments;
Step 109, hexa-atomic group of rule list is inquired, if hit, executes step 110;It is no to then follow the steps 105;
Step 110, flow processing strategie is extracted, and carries out subsequent processing according to this.
The utility model has the advantages that in the capturing analysis method of a variety of VPN flows provided by the invention, introducing VPN user concept, every Equipment can have multiple VPN users, and each user one-to-many can map multiple MPLS, VLAN, Frame relay, can effectively shield VPN otherness is covered, is mapped compared to multi-to-multi, and space complexity can be effectively reduced, hexa-atomic group of regular (VPN user, source are used IP, destination IP, source port, destination port, protocol type), VPN and five-tuple field can be matched simultaneously, can precisely be identified Target VPN flow significantly improves the accuracy rate of flow collection analysis.
Detailed description of the invention
Fig. 1 is that a variety of VPN flow collections of the invention analyze process flow diagram.
Specific embodiment
With reference to the accompanying drawing to being illustrated.
Embodiment one
Can refer to Fig. 1, embodiment one provides the acquisition analysis system of one kind of multiple VPN flows, is mainly used in backbone network, The situation that the VPN discharge pattern that especially multiple Network Provider are provided is more, magnitude is big.The collection analysis of a variety of VPN flows System includes:
VPN line module, to construct VPN user's table and analysis flow;The key assignments of VPN user's table is VPN type, VPN The corresponding MPLS label value of type or VLAN mark or DLCI, result are VPN user;Analysis flow is obtained from VPN flow VPN type extracts VPN field, organizes key assignments, looks into VPN user's table;If in looking into, extracting VPN user information;The configuration of VPN line module One or more VPN users, the VPN of each multiple identical or different types of the one-to-many correspondence of VPN user.
Hexa-atomic group of module, after constructing hexa-atomic group of rule list and analysis VPN line module extraction VPN user information VPN flow;Wherein hexa-atomic group of rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, As a result the processing strategie to be carried out to flow;It analyzes VPN line module and extracts the VPN flow i.e. extraction five after VPN user information Tuple extracts VPN user information, inquires hexa-atomic group of rule list;If hit extracts flow processing strategie information, carries out subsequent place Reason.
Wherein, hexa-atomic group includes VPN user, source IP, destination IP, source port, destination port, protocol type.Five-tuple packet Include source IP address, source port, purpose IP address, destination port, protocol type.
Embodiment two
Corresponding above-mentioned acquisition analysis system, the embodiment two provide the capturing analysis method of a variety of VPN flows of a backbone network, Include:
(1), VPN user's table and analysis flow are constructed;The key assignments of VPN user's table is VPN type, VPN type is corresponding MPLS label value or VLAN mark or DLCI, result are VPN user;It analyzes flow and obtains VPN type from VPN flow, mention VPN field is taken, key assignments is organized, looks into VPN user's table;If in looking into, extracting VPN user information;
(2), it constructs hexa-atomic group of rule list and analyzes VPN line module and extract the VPN flow after VPN user information;Wherein Hexa-atomic group of rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, and result is to flow The processing strategie of progress;It analyzes VPN line module and extracts the VPN flow i.e. extraction five-tuple after VPN user information, extract VPN User information inquires hexa-atomic group of rule list;If flow processing strategie information is extracted in hit, subsequent processing is carried out.
Embodiment three
Incorporated by reference to shown in Fig. 1, the present embodiment provides the capturing analysis methods of one kind of multiple VPN flows, comprising the following steps:
Step 101, configure one or more VPN users as needed, each VPN user configuration correlation MPLS label value or VLAN mark or DLCI;
Step 102, one or more hexa-atomic group of rule is configured as needed;
Step 103, flow enters device data packet handing module from backbone network;
Step 104, message is analyzed, is identified whether as VPN, if so, 106 are thened follow the steps, it is no to then follow the steps 105;
Step 105, other uncorrelated process flows;
Step 106, it identifies VPN type, extracts type and corresponding MPLS label value or VLAN mark or DLCI, set up VPN user's table key assignments;
Step 107, VPN user's table is inquired, if hit, executes step 108;It is no to then follow the steps 105;
Step 108, VPN user information is extracted, flow, extraction source IP, destination IP, source port, destination port, agreement are parsed Type sets up hexa-atomic group of rule list key assignments;
Step 109, hexa-atomic group of rule list is inquired, if hit, executes step 110;It is no to then follow the steps 105;
Step 110, flow processing strategie is extracted, and carries out subsequent processing according to this.
For the previous only low accuracy rate of matching VPN field or five-tuple scheme in the present invention, VPN diversity bring is poor The opposite sex takes into account raising storage efficiency, set forth herein it is a kind of " VPN subnet is mapped with VPN user, shielding VPN difference in flow is anisotropic, with One collection analysis of hexa-atomic group of regular (VPN user, source IP, destination IP, source port, destination port, protocol type) precise marking The solution of target ".Wherein, VPN user concept is introduced, every equipment there can be multiple VPN users, and each user can be one-to-many Multiple MPLS, VLAN, Frame relay are mapped, VPN otherness can be effectively shielded, are mapped compared to multi-to-multi, and can effectively drop Low spatial complexity.
Introduce six triplet concepts: VPN user, source IP, destination IP, source port, destination port, agreement;Simultaneously match VPN and Five-tuple field can precisely identify target VPN flow, significantly improve the accuracy rate of flow collection analysis.

Claims (7)

1. the acquisition analysis system of one kind of multiple VPN flows characterized by comprising
VPN line module, to construct VPN user's table and analysis flow;The key assignments of VPN user's table is VPN type, VPN type Corresponding MPLS label value or VLAN mark or DLCI, result are VPN user;It analyzes flow and obtains VPN class from VPN flow Type extracts VPN field, organizes key assignments, looks into VPN user's table;If in looking into, extracting VPN user information;
Hexa-atomic group of module, to construct hexa-atomic group of rule list and analyze the VPN stream after VPN line module extracts VPN user information Amount;Wherein hexa-atomic group of rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, and result is The processing strategie that flow is carried out;It analyzes VPN line module and extracts the VPN flow i.e. extraction five-tuple after VPN user information, mention VPN user information is taken, hexa-atomic group of rule list is inquired;If flow processing strategie information is extracted in hit, subsequent processing is carried out.
2. acquisition analysis system according to claim 1, it is characterised in that: five-tuple includes source IP address, source port, mesh IP address, destination port, protocol type.
3. acquisition analysis system according to claim 1, it is characterised in that: VPN line module configures one or more VPN User, the VPN of each multiple identical or different types of the one-to-many correspondence of VPN user.
4. the capturing analysis method of one kind of multiple VPN flows, which comprises the following steps:
(1), VPN user's table and analysis flow are constructed;The key assignments of VPN user's table is VPN type, the corresponding MPLS mark of VPN type Label value or VLAN mark or DLCI, result are VPN user;It analyzes flow and obtains VPN type from VPN flow, extract VPN word Section organizes key assignments, looks into VPN user's table;If in looking into, extracting VPN user information;
(2), it constructs hexa-atomic group of rule list and analyzes VPN line module and extract the VPN flow after VPN user information;It is wherein hexa-atomic Group rule list: key assignments is VPN user, source IP, destination IP, source port, destination port, protocol type, and result is to carry out to flow Processing strategie;It analyzes VPN line module and extracts the VPN flow i.e. extraction five-tuple after VPN user information, extract VPN user Information inquires hexa-atomic group of rule list;If flow processing strategie information is extracted in hit, subsequent processing is carried out.
5. capturing analysis method according to claim 4, it is characterised in that: five-tuple includes source IP address, source port, mesh IP address, destination port, protocol type.
6. capturing analysis method according to claim 4, it is characterised in that: VPN line module configures one or more VPN User, the VPN of each multiple identical or different types of the one-to-many correspondence of VPN user.
7. the capturing analysis method of one kind of multiple VPN flows, which comprises the following steps:
Step 101, one or more VPN users, each VPN user configuration correlation MPLS label value or VLAN are configured as needed Mark or DLCI;
Step 102, one or more hexa-atomic group of rule is configured as needed;
Step 103, flow enters device data packet handing module from backbone network;
Step 104, message is analyzed, is identified whether as VPN, if so, 106 are thened follow the steps, it is no to then follow the steps 105;
Step 105, other uncorrelated process flows;
Step 106, it identifies VPN type, extracts type and corresponding MPLS label value or VLAN mark or DLCI, set up VPN and use Family table key assignments;
Step 107, VPN user's table is inquired, if hit, executes step 108;It is no to then follow the steps 105;
Step 108, VPN user information is extracted, flow, extraction source IP, destination IP, source port, destination port, protocol class are parsed Type sets up hexa-atomic group of rule list key assignments;
Step 109, hexa-atomic group of rule list is inquired, if hit, executes step 110;It is no to then follow the steps 105;
Step 110, flow processing strategie is extracted, and carries out subsequent processing according to this.
CN201810353208.XA 2018-04-19 2018-04-19 The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows Active CN108667708B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810353208.XA CN108667708B (en) 2018-04-19 2018-04-19 The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810353208.XA CN108667708B (en) 2018-04-19 2018-04-19 The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows

Publications (2)

Publication Number Publication Date
CN108667708A CN108667708A (en) 2018-10-16
CN108667708B true CN108667708B (en) 2019-08-13

Family

ID=63780755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810353208.XA Active CN108667708B (en) 2018-04-19 2018-04-19 The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows

Country Status (1)

Country Link
CN (1) CN108667708B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112653609B (en) * 2020-12-14 2022-05-27 北京指掌易科技有限公司 VPN identification application method, device, terminal and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217491A (en) * 2008-01-04 2008-07-09 杭州华三通信技术有限公司 A method of rectification processing unit load allocation method and device
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
CN102025643A (en) * 2010-12-30 2011-04-20 华为技术有限公司 Flow table search method and device
CN103200112A (en) * 2012-01-06 2013-07-10 北京奇策科技有限公司 Computer network transmission control protocol (TCP) flow control method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5398787B2 (en) * 2011-06-22 2014-01-29 アラクサラネットワークス株式会社 Virtual network connection method, network system and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217491A (en) * 2008-01-04 2008-07-09 杭州华三通信技术有限公司 A method of rectification processing unit load allocation method and device
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
CN102025643A (en) * 2010-12-30 2011-04-20 华为技术有限公司 Flow table search method and device
CN103200112A (en) * 2012-01-06 2013-07-10 北京奇策科技有限公司 Computer network transmission control protocol (TCP) flow control method

Also Published As

Publication number Publication date
CN108667708A (en) 2018-10-16

Similar Documents

Publication Publication Date Title
CN107404400B (en) Network situation awareness implementation method and device
US8751642B2 (en) Method and system for management of sampled traffic data
CN102420701B (en) Method for extracting internet service flow characteristics
CN102271090B (en) Transport-layer-characteristic-based traffic classification method and device
US8510830B2 (en) Method and apparatus for efficient netflow data analysis
CN106034056A (en) Service safety analysis method and system thereof
CN101488925A (en) Method for collecting and designing VPN flow by using Netflow
CN111222019B (en) Feature extraction method and device
CN109271793A (en) Internet of Things cloud platform device class recognition methods and system
CN106294706A (en) Cloud platform customer service statistical analysis system based on DFI and method
CN113825129A (en) Industrial internet asset mapping method under 5G network environment
CN106535240A (en) Mobile APP centralized performance analysis method based on cloud platform
CN108667708B (en) The acquisition analysis system and capturing analysis method of one kind of multiple VPN flows
CN105183780A (en) Improved AGNES algorithm based protocol classification method
CN113283498A (en) VPN flow rapid identification method facing high-speed network
CN103716211B (en) The data traffic measuring method of the network terminal
CN106713162B (en) Method and device for counting BGP community attributes or expanding community attribute flow values
CN110336798A (en) Message matching filtering method and device based on DPI
CN104021348A (en) Real-time detection method and system of dormant P2P (Peer to Peer) programs
CN110099138A (en) A kind of method and system handling the DHCP data with VLAN TAG
CN104244217B (en) Realize the method and system of user data real-time synchronization
CN103532779A (en) Method and system for rapidly positioning packet loss of distribution equipment
CN110620682B (en) Resource information acquisition method and device, storage medium and terminal
CN105871573A (en) Method and device for analyzing and filtering message
CN102891781B (en) Network shares detection system and network shares detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant