CN109104291B - Network disconnection control method, network disconnection control device and network control system - Google Patents

Network disconnection control method, network disconnection control device and network control system Download PDF

Info

Publication number
CN109104291B
CN109104291B CN201810578892.1A CN201810578892A CN109104291B CN 109104291 B CN109104291 B CN 109104291B CN 201810578892 A CN201810578892 A CN 201810578892A CN 109104291 B CN109104291 B CN 109104291B
Authority
CN
China
Prior art keywords
network
network disconnection
disconnection
control device
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810578892.1A
Other languages
Chinese (zh)
Other versions
CN109104291A (en
Inventor
霍元智
王钢
石平元
潘龙
颜培志
孙建华
贾晓强
高杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inner Mongolia University of Technology
CERNET Corp
Original Assignee
Inner Mongolia University of Technology
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inner Mongolia University of Technology, CERNET Corp filed Critical Inner Mongolia University of Technology
Priority to CN201810578892.1A priority Critical patent/CN109104291B/en
Publication of CN109104291A publication Critical patent/CN109104291A/en
Application granted granted Critical
Publication of CN109104291B publication Critical patent/CN109104291B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)

Abstract

A network disconnection control method, a network disconnection control device and a network disconnection control system are disclosed. The network disconnection control device comprises: at least one processor, at least one memory associated with the at least one processor for storing a plurality of script files, and a network interface associated with the at least one processor; the at least one processor is used for receiving a network disconnection instruction through the network interface and calling at least one of the script files according to the network disconnection instruction to realize network disconnection. The embodiment of the invention sends the network disconnection instruction, and selects at least one script file from the pre-stored script files to execute according to the network disconnection instruction so as to realize network disconnection, thereby simplifying the network disconnection operation, and being particularly suitable for the emergency condition of urgent network disconnection.

Description

Network disconnection control method, network disconnection control device and network control system
Technical Field
The present invention relates to network technologies, and in particular, to a network disconnection control method, a network disconnection control device, and a network control system.
Background
With the explosion of internet technology, various resources in the access network are increasing, and accordingly, network security is also more and more important. The existing various security measures, for example, the isolation method for isolating important resources from the internet includes physical isolation and logical isolation, and virus checking and killing by regularly adopting antivirus software, and the like, solve the problem of network security at a certain level, and prevent various adverse behaviors such as stealing information, tampering information, transmitting adverse information, and the like.
But at some critical time it is also necessary to cut the network down quickly to prevent information flooding. At present, the method of cutting off the network generally requires an engineer to enter a machine room to close a main switch or a firewall, or to access the main switch or the firewall through a workstation, and the connection with an external network is cut off after an instruction is input. Both of these approaches have certain disadvantages, such as the inability to quickly cut off the network when the engineer cannot arrive at the site in time, or the engineer is not familiar with the network structure of the unit.
Disclosure of Invention
In view of the above, the present application provides a network disconnection control method, a network disconnection control device, and a network control system including the network disconnection control device, which help engineers to quickly disconnect a network at a remote location or in a situation where the network structure of the unit is not familiar.
According to a first aspect of the present invention, there is provided a network disconnection control apparatus comprising: at least one processor, at least one memory associated with the at least one processor, a network interface associated with the at least one processor,
the at least one memory is used for storing a plurality of script files;
the at least one processor is used for receiving a network disconnection instruction through the network interface and calling at least one of the script files according to the network disconnection instruction to realize network disconnection.
Preferably, after receiving the network disconnection instruction, the processor searches the relationship table between the network disconnection instruction and the script file, and selects at least one script file from the plurality of script files to execute according to the search result.
Preferably, the functions performed by the plurality of script files include one of the following three:
stopping power supply;
modifying the network access authority of the switch;
modifying the network access authority of the firewall; and
and modifying the network access right of the router.
Preferably, the network disconnection control device is implemented based on a raspberry pi.
Preferably, the network interface supports wireless communication.
Preferably, the at least one processor is further configured to receive a networking instruction through the network interface, and invoke at least one of the plurality of script files according to the networking instruction to implement networking.
Preferably, the method further comprises the following steps: and the display screen is used for displaying the current network state.
According to a second aspect of the present invention, there is provided a network control system including the above-mentioned network disconnection control device, an internal network connected to the network disconnection control device, a smart socket connected to the network disconnection control device, and a power supply connected to the smart socket, the power supply supplying power to the internal network via the network disconnection control device, the internal network being connected to an external wide area network, the network control system including: at least one of a switch, a firewall, and a router, and a server to which the at least one of the switch, the firewall, and the router is connected.
Preferably, the method further comprises the following steps: and the network disconnection instruction is sent by the smart phone.
Preferably, the internal network and the external wide area network are based on the IPv6 protocol.
According to a third aspect of the present invention, there is provided a network disconnection control method applied to the network control system, including:
receiving a network disconnection instruction;
selecting at least one script file from a plurality of pre-stored script files according to the network disconnection instruction;
and executing the selected at least one script file to realize the network breaking.
Preferably, the selecting at least one script from a plurality of pre-stored script files according to the network disconnection includes:
and retrieving a pre-stored relation table of the network disconnection instruction and the script file, and obtaining the at least one script file according to the network disconnection instruction.
Preferably, the method further comprises the following steps:
receiving a networking instruction;
selecting at least one script file from the plurality of script files according to the networking instruction; and
and executing the selected at least one script file to realize networking.
The embodiment of the invention sends the network disconnection instruction, and selects at least one script file from the pre-stored script files to execute according to the network disconnection instruction so as to realize network disconnection, thereby simplifying the network disconnection operation, and being particularly suitable for the emergency condition of urgent network disconnection.
In some embodiments, the network outages include a software level network outages and a hardware level network outages. The network break of the software layer is realized by controlling the access control authority of the switch, the router and/or the firewall, and the hardware layer is realized by the power break.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing embodiments of the present invention with reference to the following drawings, in which:
fig. 1 is a structural diagram of a network control system of an embodiment of the present invention;
FIG. 2 is a flow chart of a network outage control method according to an embodiment of the present invention;
fig. 3 is a structural diagram of a network disconnection control apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an APP interface applied to an embodiment of the present invention.
Detailed Description
The invention will be described in more detail below with reference to the accompanying drawings. Like elements in the various figures are denoted by like reference numerals. For purposes of clarity, the various features in the drawings are not necessarily drawn to scale. In addition, certain well known components may not be shown.
Fig. 1 is a configuration diagram of a network control system according to an embodiment of the present invention.
As shown in fig. 1, the network control system includes an internal network 101, a smart socket 102 connected to the internal network 101, a power supply 103 connected to the smart socket, the smart socket 102 and a network disconnection control device 104 connected to the internal network 101, wherein the power supply 103 is used for supplying power to the internal network 101, and the internal network 101 is used for connecting to an external computer 106 via a wide area network. The intranet 101 is composed of a web site 1011, a web server 1012, a switch 1013, a master switch 1014, and a firewall 1015 connected to each other. Switch 1013 and master switch 1014 are used for network addressing and network access control. Firewall 1015 is used for network security. Of course, the structure of the internal network 101 is not limited thereto. For example, the number of switches and servers may be varied, and for example, routers may be used in the internal network 101 for addressing and network access control.
When the network control system is in normal operation, the internal network 101 and the external computer 106 are in normal communication, the network disconnection control device 104 can be ignored at this time, when a fast network disconnection is required, an engineer sends a network disconnection instruction through, for example, the smart phone 105, and after the network disconnection control device 104 receives the network disconnection instruction, at least one script is selected from a plurality of pre-stored script files, and the selected at least one script file is executed, so that the network disconnection is realized. The script file may contain various instructions to implement the network disconnection. The network failure comprises the network failure of a software layer and the network failure of a hardware layer. The software layer is mainly used for controlling the access authority of the switch, the router and the firewall to realize the network breaking under the general condition, and measures such as limiting the range of IP addresses, modifying ports of the switch and the router, modifying the mapping of the IP addresses and MAC addresses and the like are adopted to realize the network breaking. In this case, the communication between the internal network and the external wide area network implements a software level of interruption, but a hardware level is still connected. The disconnection of the hardware layer is mostly applied to the emergency, and the connection of the hardware layer is disconnected. For example, a script is executed that sends instructions to the smart jack for disabling the power supply 103 so that power is no longer supplied to the internal network 101. Of course, in order to maintain the normal operation of the network interruption control device 104, the network interruption control device 104 preferably does not share the power supply with the internal network 101, or the network interruption control device 104 and the internal network 101 have different power supply lines, so that the network interruption control device 104 is not affected after the power supply of the internal network 101 is interrupted. In this way, the network disconnection control apparatus 101 can receive the networking command from the smartphone 105 again. The network disconnection control device 101 executes the networking operation after receiving the networking command.
Fig. 2 is a flowchart of a network disconnection control method according to an embodiment of the present invention, where the network disconnection control method is applied to the network disconnection control device 104 in the network disconnection control system. Comprises the following steps.
In step S100, a network disconnection command is received.
In step S200, at least one script file is selected from a plurality of pre-stored script files according to a network disconnection instruction.
In step S300, the selected at least one script file is executed to implement network disconnection.
In combination with the above-mentioned network disconnection control system, the network disconnection control method according to the present invention prestores a plurality of script files in the network disconnection control device, and when a network disconnection instruction is received, the network disconnection instruction can be set very simply, for example, numbers 1,2, and 3 are used as network disconnection instructions, and corresponding script files are called according to the network disconnection instruction to realize network disconnection. The method simplifies the operation of network disconnection, and is suitable for the scene requiring the emergency network disconnection. Since the script file is already deployed on the network-disconnected control device, the script file can be quickly executed. And the network disconnection command can be remotely sent to the network disconnection control device, so that remote network disconnection is realized. In normal work, the engineer maintains the script file.
In some embodiments, the network disconnect instruction is from a smartphone. With the popularization of smart phones, only an APP for sending a network disconnection instruction needs to be installed on the smart phone. The smart phone and the network disconnection control device can be in wireless or wired communication, and the wireless mode is more convenient. .
In some embodiments, the smart phone sends a networking instruction, and after receiving the networking instruction, the network disconnection control device selects at least one script file from the plurality of script files according to the networking instruction; and executing the selected at least one script file to realize networking.
Fig. 3 is a configuration diagram of a network disconnection control apparatus according to an embodiment of the present invention.
As shown in fig. 3, the network disconnection control apparatus includes a memory 301, a processor 302, and a network interface 303 connected by a bus. The memory 301 stores therein a plurality of script files. The processor 302 receives the network disconnection instruction through the network interface 303, and calls at least one of the script files according to the network disconnection instruction to realize network disconnection.
In some embodiments, the memory further stores a relationship table of network disconnection commands and script files, and when the processor receives a network disconnection command, at least one script file is selected to be executed according to the network disconnection command retrieved from the relationship table. The relational tables may be stored in the form of files or databases.
In some embodiments, the network disconnection control device further comprises a display screen for displaying the current network status.
In some embodiments, the offline control device is implemented based on a raspberry pi. The raspberry pi is connected with an operating switch or a router, and the network breaking control device can be based on a set of complete network breaking systems of the raspberry pi. According to a specific network environment, such as a network environment of a specific company, an IP address of a switch or a router matched with the raspberry group is set on the raspberry group, a corresponding script file is put into the raspberry group according to the type of the switch or the router provided by a user, and the switch or the router is disconnected in the script file through SSH or Telnet. The IP address here may be an IP address of an IPv6 environment or an IPv4 environment. This is not limiting.
FIG. 4 is a schematic diagram of an APP interface applied to an embodiment of the present invention.
As shown in the figure, when the smart phone App is opened, the current networking equipment can be displayed, 9 networking equipment can be supported at most, when a user clicks the specific networking equipment, the specific equipment name can be displayed, the user can click the equipment which wants to be disconnected according to needs, after the user clicks, the App sends a network disconnection instruction to the network disconnection control device, the network disconnection control device can run a specific script file according to the network disconnection instruction, and the corresponding equipment is disconnected. And the network disconnection box also supports the operation of networking the disconnected equipment, so that the disconnected equipment can be remotely recovered to be re-networked, and the access of a website is recovered. In some embodiments, when sending the network disconnection instruction, the smartphone sends a network disconnection type, for example, a network disconnection type of telnet, which indicates that the smartphone logs in a router or a switch in a telnet manner to perform network disconnection.
The embodiment of the invention sends the network disconnection instruction, and selects at least one script file from the pre-stored script files to execute according to the network disconnection instruction so as to realize network disconnection, thereby simplifying the network disconnection operation, and being particularly suitable for the emergency condition of urgent network disconnection.
In some embodiments, the network outages include a software level network outages and a hardware level network outages. The network break of the software layer is realized by controlling the access control authority of the switch, the router and/or the firewall, and the hardware layer is realized by the power break.
Although the preferred embodiments of the present invention have been disclosed in the foregoing description, it should be understood that they are not intended to limit the scope of the claims appended hereto, and that various changes and modifications may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A network control system comprises a network disconnection control device, an internal network connected with the network disconnection control device, an intelligent socket connected with the network disconnection control device, and a power supply connected with the intelligent socket, wherein the power supply supplies power to the internal network through the network disconnection control device, the internal network is connected with an external wide area network, and the internal network comprises: at least one of a switch, a firewall, and a router, and a server connected to the at least one of the switch, the firewall, and the router,
the network disconnection control device comprises: at least one processor, at least one memory associated with the at least one processor, a network interface associated with the at least one processor,
the at least one memory is used for storing a plurality of script files;
the at least one processor is used for receiving a network disconnection instruction and a network disconnection type through the network interface, and calling at least one of the script files according to the network disconnection instruction, so that network disconnection is realized in a set mode corresponding to the network disconnection type, wherein the set mode is one of the following modes:
stopping power supply to the internal network by controlling a smart socket;
modifying the network access authority of the switch;
modifying the network access authority of the firewall;
the network access rights of the router are modified,
the network disconnection control device adopts another power supply different from the internal network to supply power, and receives a networking instruction to recover networking.
2. The network control system according to claim 1, wherein the processor retrieves the relation table between the network disconnection command and the script file after receiving the network disconnection command, and selects at least one script file from the plurality of script files to execute according to the retrieval result.
3. The network control system of claim 1, the offline control device implemented based on a raspberry pi.
4. The network control system of claim 1, wherein the network interface supports wireless communication.
5. The network control system of claim 1, wherein the at least one processor is further configured to receive a networking instruction through the network interface, and to invoke at least one of the plurality of script files according to the networking instruction to implement networking.
6. The network control system according to claim 1, wherein the network disconnection control apparatus further comprises: and the display screen is used for displaying the current network state.
7. The network control system according to claim 1, wherein the network disconnection command is issued to the network disconnection control device through a smart phone.
8. The network control system of claim 1, wherein the internal network and the external wide area network are based on an IPv6 protocol.
CN201810578892.1A 2018-06-07 2018-06-07 Network disconnection control method, network disconnection control device and network control system Active CN109104291B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810578892.1A CN109104291B (en) 2018-06-07 2018-06-07 Network disconnection control method, network disconnection control device and network control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810578892.1A CN109104291B (en) 2018-06-07 2018-06-07 Network disconnection control method, network disconnection control device and network control system

Publications (2)

Publication Number Publication Date
CN109104291A CN109104291A (en) 2018-12-28
CN109104291B true CN109104291B (en) 2021-07-30

Family

ID=64796694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810578892.1A Active CN109104291B (en) 2018-06-07 2018-06-07 Network disconnection control method, network disconnection control device and network control system

Country Status (1)

Country Link
CN (1) CN109104291B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960272A (en) * 2005-10-31 2007-05-09 环达电脑(上海)有限公司 Network security protection device for server, and implementation method
CN203166986U (en) * 2013-02-19 2013-08-28 上海虹港数据信息有限公司 Data security system of data center
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9319967B2 (en) * 2006-05-15 2016-04-19 Boingo Wireless, Inc. Network access point detection and use

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1960272A (en) * 2005-10-31 2007-05-09 环达电脑(上海)有限公司 Network security protection device for server, and implementation method
CN203166986U (en) * 2013-02-19 2013-08-28 上海虹港数据信息有限公司 Data security system of data center
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal

Also Published As

Publication number Publication date
CN109104291A (en) 2018-12-28

Similar Documents

Publication Publication Date Title
EP2725737B1 (en) Network policy configuration method, management device and network management centre device
EP3675419A1 (en) Method and apparatus for detecting network fault
CN101090402B (en) Thin client system using session managing server and session managing method
CN100414890C (en) Method and system for centrally configurating terminal equipment
US9137135B2 (en) Selective IP address allocation for probes that do not have assigned IP addresses
CN107615710B (en) Direct reply actions in SDN switches
CN112165429B (en) Link aggregation convergence method and device for distributed switching equipment
EP1631034B1 (en) Peer-to-peer distribution of firmware
CN109510726A (en) Network visualization implementation method, device, computer equipment and storage medium
CN104579889A (en) Method and device for calling NF (network function)
US8214680B1 (en) PoE powered management circuitry using out-of-band data port
CN109510717B (en) Method, device, equipment and storage medium for acquiring information of node equipment
CN109104291B (en) Network disconnection control method, network disconnection control device and network control system
CN101404594A (en) Hot backup performance test method and apparatus, communication equipment
US10348521B2 (en) Distributed gateways
CN107342972B (en) Method and device for realizing remote access
CN103138961B (en) server control method, controlled server and central control server
CN101909021A (en) BGP (Border Gateway Protocol) gateway equipment and method for realizing gateway on-off function by utilizing equipment
CN105591804A (en) Configuration changing processing method and device
CN103619032A (en) Wireless routing equipment optimizing method and device
Cisco Configuring IBM Channel Attach
CN111343033B (en) Network management system for multi-layer difference
Cisco Configuring IBM Channel Attach
KR20220070875A (en) Smart home network system based on sdn/nfv
CN113364616A (en) Method for migrating application developed based on K8s to wireless environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200422

Address after: 010000 No. 49, New District, Hohhot City, Inner Mongolia Autonomous Region

Applicant after: INNER MONGOLIA UNIVERSITY OF TECHNOLOGY

Applicant after: CERNET Co.,Ltd.

Address before: 010000 No. 49, New District, Hohhot City, Inner Mongolia Autonomous Region

Applicant before: Huo Yuanzhi

Applicant before: Wang Gang

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant