CN109547257A - Method for controlling network flow, device, equipment, system and storage medium - Google Patents

Method for controlling network flow, device, equipment, system and storage medium Download PDF

Info

Publication number
CN109547257A
CN109547257A CN201811483441.6A CN201811483441A CN109547257A CN 109547257 A CN109547257 A CN 109547257A CN 201811483441 A CN201811483441 A CN 201811483441A CN 109547257 A CN109547257 A CN 109547257A
Authority
CN
China
Prior art keywords
network
target network
packet
information
flow control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811483441.6A
Other languages
Chinese (zh)
Other versions
CN109547257B (en
Inventor
黄楷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201811483441.6A priority Critical patent/CN109547257B/en
Publication of CN109547257A publication Critical patent/CN109547257A/en
Application granted granted Critical
Publication of CN109547257B publication Critical patent/CN109547257B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method for controlling network flow, this method comprises: obtaining preset configuration information corresponding with the packet amount warning information when detecting the packet amount warning information of destination network device;The configuration information is packaged into the remote procedure call rpc message based on NETCONF agreement;The rpc message is issued to the destination network device, so that the destination network device executes corresponding control of network flow quantity emergency operation according to the rpc message.The invention also discloses a kind of control of network flow quantity device, equipment, system and a kind of storage mediums.The present invention, which can be realized, carries out flow control efficient, precisely, stable and inexpensive to the network equipment under bank's basic network architectures.

Description

Network flow control method, device, equipment, system and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, a system, and a storage medium for controlling network traffic.
Background
Currently, the corresponding emergency operation based on network flow monitoring mainly includes two modes:
firstly, traffic monitoring is performed based on an SNMP (Simple Network Management Protocol), and then, based on a notification generated by monitoring, a conventional CLI (command-line interface) mode is used for logging in a conventional switch from a board jumper to perform corresponding emergency operation. The mode is the mode which is most applied to the infrastructure of each big bank at present, namely, the network environment is monitored based on the SNMP protocol, after an alarm occurs, an operation and maintenance person logs in equipment from a management IP on a board-jumping machine, and inputs a CLI instruction to carry out a series of network configurations such as a switch, a router, a firewall and the like. The disadvantages of this approach are:
1. the emergency operation is slow: for some emergency operations such as firewall bypass and the like, configuration operation needs to be carried out on a plurality of devices, and manual input at the time not only consumes time and manpower, but also influences the stability of production operation; 2. the programmability is weak: the instructions of different manufacturers are different, and the configuration mode has no uniform standard; 3. the macroscopicity is poor: the operator only configures the network equipment one by one, but not configures the whole network; 4. the operation and maintenance consumption is large: generally, the OID (Object identifier) of the same index is different from one manufacturer to another, which increases the operation and maintenance cost and increases the difficulty of monitoring application development only in the monitoring level.
Secondly, monitoring network flow based on an sflow protocol, and then configuring a real switch (which needs to support the openflow protocol) or issuing a flow table to an ovs (open vswitch) virtual switch to complete corresponding emergency operation based on the openflow protocol (a network communication protocol which belongs to a data link layer and can control a forwarding plane of a network switch or a router so as to change a network path taken by a network data packet) according to an announcement generated by the monitoring. The disadvantages of this approach are:
1. the adaptability in the financial industry is general: since the network architecture of the financial industry (traditional banks and securities dealers) has the first significance of stability, and the scheme needs to redesign a new network architecture (the OVS virtual switch and the physical switch need to coexist), the stable operation of the banks is not impacted; 2. the price is expensive: in terms of manpower, a new SDN (software-defined networking) software developer is needed, and a physical switch supporting an openflow protocol needs to be purchased physically.
Based on the defects of the two schemes, an efficient, accurate, stable and low-cost flow control scheme is lacked for network equipment under a bank infrastructure at present.
Disclosure of Invention
The invention mainly aims to provide a method, a device, equipment, a system and a storage medium for controlling network flow, and aims to realize efficient, accurate, stable and low-cost flow control of network equipment under a bank basic network architecture.
In order to achieve the above object, the present invention provides a network traffic control method, which includes the following steps:
when packet volume alarm information of target network equipment is detected, acquiring preset configuration information corresponding to the packet volume alarm information;
encapsulating the configuration information into a NETCONF protocol-based remote procedure call rpc message;
and sending the rpc message to the target network equipment so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message.
Preferably, before the step of acquiring the preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected, the method further includes:
acquiring packet quantity information of data packets flowing through target network equipment, which is acquired by packet quantity acquisition equipment;
analyzing the packet quantity information, and judging whether the packet quantity information meets a preset packet quantity alarm condition;
and if so, generating packet volume alarm information of the target network equipment.
Preferably, the step of issuing the rpc message to the target network device so that the target network device executes a corresponding network traffic control emergency operation according to the rpc message includes:
and sending the rpc message to the target network equipment through a preset NETCONF southbound interface so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message, wherein the network flow control emergency operation comprises one or more of closing a target network equipment port, setting an access control list, bypassing a firewall and refreshing a virtual private network.
Preferably, the step of sending the rpc message to the target network device through a preset NETCONF southbound interface includes:
and when a plurality of target network devices exist, the rpc message is sent to the target network devices in parallel through a preset NETCONF southbound interface.
Preferably, before the step of acquiring the preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected, the method further includes:
receiving network flow control rule information issued by a foreground application through a NETCONF northbound interface, and storing the network flow control rule information, wherein the network flow control rule information comprises a corresponding relation between packet quantity alarm information and configuration information;
the step of acquiring preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected comprises:
and when the packet volume alarm information of the target network equipment is detected, reading the configuration information corresponding to the packet volume alarm information from the stored network flow control rule information.
In addition, to achieve the above object, the present invention provides a network traffic control apparatus, including:
the configuration information acquisition module is used for acquiring preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network equipment is detected;
the packaging module is used for packaging the configuration information into a NETCONF protocol-based remote procedure call rpc message;
and the issuing module is used for issuing the rpc message to the target network equipment so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message.
In addition, to achieve the above object, the present invention further provides a network traffic control device, including: a memory, a processor and a network traffic control program stored on the memory and executable on the processor, the network traffic control program when executed by the processor implementing the steps of the network traffic control method as described above.
In addition, in order to achieve the above object, the present invention further provides a network traffic control system, where the network traffic control system includes a network traffic control device and a packet volume acquisition device; wherein,
the network flow control equipment is the network flow control equipment;
the packet quantity acquisition device is used for acquiring packet quantity information of data packets flowing through the target network device and sending the acquired packet quantity information to the network flow control device.
Preferably, the packet amount collecting device is an sFlow collector adopting an sFlow protocol, the sFlow collector is used for,
receiving flow data of the target network equipment port forwarded by an sFlow agent, wherein the sFlow agent is embedded in the target network equipment and is used for acquiring first flow data of the target network equipment port;
and analyzing the first flow data to obtain the packet volume information of the data packets flowing through the target network equipment.
Preferably, the packet amount collecting device is an SNMP collector using a simple network protocol SNMP, the SNMP collector is configured to,
inquiring the flow data of the target network equipment port from an SNMP agent according to a preset object identifier (ODI), wherein the SNMP agent is embedded in the target network equipment and is used for acquiring second flow data of the target network equipment port;
and analyzing the second flow data to obtain the packet volume information of the data packets flowing through the target network equipment.
In addition, in order to achieve the above object, the present invention further provides a storage medium, in which a network flow control program is stored, and the network flow control program implements the steps of the network flow control method as described above when executed by a processor.
According to the network flow control method, the NETCONF protocol is adopted to carry out control interaction between the network flow control equipment and the target network equipment, so that the interaction times are reduced, compared with the traditional CLI mode with multiple interactions, the method is more efficient and stable to execute, the existing network architecture of a bank does not need to be changed in a large scale, the routing protocol directly related to production does not need to be changed, and the labor and material cost is saved; in addition, the corresponding relation between the packet volume alarm information and the configuration information can be flexibly set, so that accurate flow control can be realized according to the corresponding relation. Therefore, the invention realizes the high-efficiency, accurate, stable and low-cost flow control of the network equipment under the bank basic network architecture.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a network traffic control method according to a first embodiment of the present invention;
fig. 3 is a schematic diagram of packet quantity collection and report performed by the sFlow collector in the embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
The network flow control device of the embodiment of the invention can be a PC or a server device.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a network traffic control program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke a network traffic control program stored in the memory 1005 and perform the operations in the various embodiments of the network traffic control method described below.
Based on the above hardware structure, the present invention provides various embodiments of the network traffic control method.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of a network traffic control method according to the present invention, where the network traffic control method includes:
step S10, when packet volume alarm information of the target network equipment is detected, acquiring preset configuration information corresponding to the packet volume alarm information;
in this embodiment, the network traffic control device may detect whether there is packet volume alarm information of a target network device in real time, where the target network device is one or more preset network devices that need to perform traffic control, such as a router, a switch, a firewall, and other devices with a network forwarding function. When the packet amount alarm information of the target network device is detected, it indicates that the data packet flowing through the target network device is abnormal, for example, when the target network device is attacked by ddos (distributed denial-of-service attack), the packet amount of the data packet flowing through the target network device is increased rapidly, and at this time, the packet amount alarm is triggered.
When the packet volume alarm information is detected, the preset configuration information corresponding to the packet volume alarm information is firstly acquired. Specifically, as an embodiment, before the step S10, the method may include the steps of: receiving network flow control rule information issued by a foreground application through a NETCONF northbound interface, and storing the network flow control rule information, wherein the network flow control rule information comprises a corresponding relation between packet quantity alarm information and configuration information; step S10 may now be replaced with: and when the packet volume alarm information of the target network equipment is detected, reading the configuration information corresponding to the packet volume alarm information from the stored network flow control rule information.
When the network traffic control rule information is implemented specifically, a network engineer can configure network traffic control rule information based on the foreground application, the network traffic control rule information includes a corresponding relationship between packet warning information and configuration information, then the foreground application issues the network traffic control rule information to the network traffic control device through the NETCONF northbound interface, and the network traffic control device stores the network traffic control rule information when receiving the network traffic control rule information issued by the foreground application. And subsequently, when the network flow control equipment detects the packet volume alarm information of the target network equipment, the configuration information corresponding to the detected packet volume alarm information can be read from the stored network flow control rule information.
It should be noted that, a network engineer may flexibly configure and modify the network traffic control rule information based on a foreground application, and when the network traffic control rule information is changed, the foreground application may notify the network traffic control device by using the NETCONF northbound interface, so that the network traffic control device updates the locally stored network traffic control rule information.
Step S20, packaging the configuration information into a remote procedure call rpc message based on NETCONF protocol;
after the configuration information corresponding to the current packet volume alarm information is acquired, the configuration information is packaged into a remote procedure call rpc message based on a NETCONF protocol. For ease of understanding, the contents and principles of the NETCONF protocol are now described as follows:
NETCONF is a network device communication protocol that is now widely supported by network device manufacturers. The NETCONF protocol adopts a layered design structure, and is similar to an Open System Interconnection (OSI) network model, in which a lower layer provides services for an upper layer, and each layer encapsulates a certain function. The NETCONF protocol is internally divided into 4 layers, namely a safety communication layer, a message layer, an operation layer and a content layer from bottom to top.
A secure communication layer: the layer provides a secure communication channel between the server and the client, and the secure communication channel is the lowest definition in the NETCONF protocol and is the layer supported by the network equipment firstly. When the NETCONF protocol used in the scheme is used for communication, the connected network equipment uses a library of SSH (Secure Shell) to complete the communication of a bottom layer.
And a message layer: NETCONF uses the rpc (Remote Procedure Call) mechanism. Here, some simple rpc messages are defined, which are implemented by XML (Extensible Markup Language) tags. Such as < rpc > \\ < rpc-reply >.
Operation layer: this layer is also based on XML markup. RFC6241 defines the following method: the document of the traditional Cisco nexus device supports the < get > \ < get-config > \ < exit-config > \\\ \ lock \ unlock \ close-session.
Content layer: the content layer describes the configuration data involved in network management, and since the NETCONF content layer is the only non-standardized layer, and there is no standard NETCONF data modeling language and data model, the configuration data for each manufacturer's device may not be the same.
Essentially, the netconf protocol transports an rpc message, these rpc messages are implemented via XML (Extensible Markup Language) tags. In this embodiment, the process of encapsulating, by the network flow control device, the preset configuration information corresponding to the packet volume alarm information into the NETCONF protocol-based remote procedure call rpc message may be: firstly, establishing a netconf model according to configuration information, wherein the netconf model is used for describing data which are strongly related to network equipment, such as equipment configuration operation states and the like, and the netconf model of each equipment is described by using a YANG language (a data structure language); then, an XML tag is written according to the established netconf model, and then, a rpc message is generated according to the XML tag.
NETCONF has significant advantages over CLI: the number of interactions is reduced, the operation is performed on the configuration data of the whole system, and a filtering function is defined. Moreover, the configuration mode uses XML coding, so that the system compatibility and the programmability are greatly enhanced, and the system has strong expandability.
Step S30, sending the rpc message to the target network device, so that the target network device executes a corresponding network traffic control emergency operation according to the rpc message.
In this step, the target network device supports the NETCONF protocol. The network traffic control device issues the rpc message to the target network device, and since the rpc message encapsulates the configuration information, the network device can perform a network traffic control emergency operation corresponding to the configuration information therein after receiving the rpc message, where the network traffic control emergency operation includes, but is not limited to, closing a port of the target network device, setting an access control list, bypassing a firewall, refreshing a virtual private network, and the like.
In addition, in the embodiment of the present invention, the method further includes: when the configuration of the switch needs to be changed, the network flow control equipment changes the configuration of the target network equipment through a NETCONF protocol, so that the centralized control of the whole network packet flow is realized.
In the embodiment, the NETCONF protocol is adopted to carry out control interaction between the network flow control equipment and the target network equipment, so that the interaction times are reduced, compared with the traditional multi-interaction CLI mode, the implementation is more efficient and stable, the existing network architecture of a bank does not need to be changed in a large scale, the routing protocol directly related to production does not need to be changed, and the labor and material cost is saved; in addition, the corresponding relation between the packet volume alarm information and the configuration information can be flexibly set, so that accurate flow control can be realized according to the corresponding relation. Therefore, the embodiment realizes the high-efficiency, accurate, stable and low-cost flow control of the network equipment under the bank infrastructure.
Further, a first embodiment of the network traffic control method of the present invention provides a second embodiment of the network traffic control method of the present invention. In this embodiment, before the step S10, the method may further include: acquiring packet quantity information of data packets flowing through target network equipment, which is acquired by packet quantity acquisition equipment; analyzing the packet quantity information, and judging whether the packet quantity information meets a preset packet quantity alarm condition; and if so, generating packet volume alarm information of the target network equipment.
In this embodiment, the packet amount information of the data packet flowing through the target network device may be collected by the packet amount collection device, and then the collected packet amount information is sent to the network traffic control device by the packet amount collection device.
The network flow control equipment acquires the packet quantity information of the data packets flowing through the target network equipment, which is acquired by the packet quantity acquisition equipment, and then judges whether the packet quantity information meets a preset packet quantity alarm condition, if so, the packet quantity alarm information is generated. The packet amount alarm condition may be flexibly set, for example, the packet amount of a single network device port exceeds a preset threshold, or the total packet amount of a plurality of network device ports exceeds a preset threshold, and the like. It should be noted that the packet amount collecting device may be optionally embedded in the network flow control device, or may be an external device of the network flow control device. In order to improve the flexibility of network flow control, the packet quantity acquisition device is preferably an external device of the network flow control device.
Further, the step S30 may include: and sending the rpc message to the target network equipment through a preset NETCONF southbound interface so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message, wherein the network flow control emergency operation comprises one or more of closing a target network equipment port, setting an access control list, bypassing a firewall and refreshing a virtual private network.
The NETCONF southbound interface is an interface provided by a NETCONF protocol and used for managing other manufacturer network managers or equipment, the network flow control equipment analyzes the flow monitoring result and then determines corresponding emergency operation, and corresponding rpc messages are issued through the NETCONF southbound interface, so that the whole network flow is scheduled.
For example, a network engineer configures a rule in the foreground application: when the packet volume of a certain port of the switch reaches an abnormal value, the down operation of the port is automatically executed. The foreground application informs the network flow control equipment by using a NETCONF northbound interface; and then the network flow control equipment receives an sflow monitoring module (the sflow monitoring module is used for monitoring the target network equipment, the packet quantity acquisition equipment is embedded in the sflow monitoring module, the packet quantity acquisition equipment is used for acquiring the packet quantity information of the data packet flowing through the target network equipment and transmitting the packet quantity information to the network flow control equipment), and if the packet quantity of the port reaches an abnormal value, the execution operation is triggered, the execution operation is realized by issuing rpc through a southbound interface, at the moment, the port of the target network equipment is immediately closed, and the abnormal packet is immediately discarded.
Further, the step of sending the rpc message to the target network device through a preset NETCONF southbound interface may include: and when a plurality of target network devices exist, the rpc message is sent to the target network devices in parallel through a preset NETCONF southbound interface.
For example, in practical applications, operations corresponding to avoiding ddos attacks in a real production network are often large-scale operations, and not only one port is closed, but a plurality of operations are performed on a plurality of devices, for this reason, a network flow control device may encapsulate the operations into rpc based on a NETCONF protocol, and then concurrently issue configurations to a plurality of target network devices supporting the NETCONF through a preset NETCONF southbound interface, specifically, concurrently issue configurations through multiple threads.
Compared with a CLI mode, the issuing mode is more stable, the CLI needs to interact for many times, and the condition that the connection relation between the controller and the equipment is unstable after a certain instruction is executed midway is existed in the instruction issuing, so that the condition can influence the complete realization of the operation and is very dangerous; rpc, the flow only needs to be sent once, so the risk of this situation can be avoided by only confirming the connectivity of the network traffic control device and the target network device at the beginning.
The invention also provides a network flow control device. The network flow control device of the present invention comprises:
the configuration information acquisition module is used for acquiring preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network equipment is detected;
the packaging module is used for packaging the configuration information into a NETCONF protocol-based remote procedure call rpc message;
and the issuing module is used for issuing the rpc message to the target network equipment so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message.
Further, the network flow control apparatus further includes:
the packet quantity information acquisition module is used for acquiring the packet quantity information of the data packets which flow through the target network equipment and are acquired by the packet quantity acquisition equipment;
the judging module is used for analyzing the packet quantity information and judging whether the packet quantity information meets a preset packet quantity warning condition or not;
and the alarm module is used for generating the packet volume alarm information of the target network equipment if the packet volume information meets a preset packet volume alarm condition.
Further, the issuing module is further configured to issue the rpc message to the target network device through a preset NETCONF southbound interface, so that the target network device executes a corresponding network traffic control emergency operation according to the rpc message, where the network traffic control emergency operation includes one or more of closing a port of the target network device, setting an access control list, bypassing a firewall, and refreshing a virtual private network.
Further, the issuing module is further configured to, when multiple target network devices exist, issue the rpc message to the multiple target network devices in parallel through a preset NETCONF southbound interface.
Further, the network flow control apparatus further includes:
the receiving module is used for receiving network flow control rule information issued by a foreground application through a NETCONF northbound interface and storing the network flow control rule information, wherein the network flow control rule information comprises a corresponding relation between packet warning information and configuration information;
the configuration information obtaining module is further configured to, when packet volume alarm information of a target network device is detected, read configuration information corresponding to the packet volume alarm information from the stored network flow control rule information.
The method implemented by each program module can refer to the embodiment of the network traffic control method of the present invention, and is not described herein again.
The invention also provides a network flow control system.
In the embodiment of the network flow control system, the system comprises network flow control equipment and packet volume acquisition equipment; wherein,
the network traffic control device is the network traffic control device described in the above embodiment;
the packet quantity acquisition device is used for acquiring packet quantity information of data packets flowing through the target network device and sending the acquired packet quantity information to the network flow control device.
In an embodiment, the packet quantity collecting device may be an sFlow collector that uses an sFlow protocol, where the sFlow collector is configured to receive traffic data of a port of the target network device forwarded by an sFlow proxy, and the sFlow proxy is embedded in the target network device and configured to collect first traffic data of the port of the target network device; and analyzing the first flow data to obtain the packet volume information of the data packets flowing through the target network equipment.
For ease of understanding, the sFlow technique is now described as follows:
sFlow, an abbreviation for traffic sampling (english) is an industry specification for measuring OSI model layer two packets. sFlow is based on the standard latest network export protocol (RFC3176) and can solve many problems faced by current network managers. By embedding sFlow technology into network router and switch ASIC chips, this specification provides a method: the information of the network packet is obtained in a sampling mode, so that network management personnel can know the operation condition of the network.
Unlike those solutions that require mirror ports or network bypasses to monitor the traffic, in sFlow solutions not every packet is sent to the collector. The sFlow provides two sampling modes for a user to analyze the network Flow conditions from different angles, namely Flow sampling and Counter sampling.
The Flow sampling is a process that the device performs sampling analysis on the message according to a specific sampling direction and a sampling comparison on a designated port, and sends an analysis result to the Collector device through the sFlow message. The main information in the Flow sampling message includes some basic information of the original message, such as a destination IP, a source IP, and the like. The Counter sampling is a process of periodically acquiring flow statistics on an interface by an sFlow Agent device and sending the statistical information to a collector through an sFlow message. The Counter sample message contains some statistics. Furthermore, sFlow can also monitor the entire switch or only some of its ports using different sampling rates, which ensures flexibility in designing management solutions.
The sFlow can establish a standard (a threshold can be configured) used by a normal network, and when the network activity is found to be obviously deviated from the standard, alarm information is sent out, so that access strategy damage and intrusion phenomena can be effectively identified.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating packet quantity collection and report performed by an sFlow collector in the embodiment of the present invention. The invention uses the idea of SDN (Software Defined Network) central control under the basic Network architecture of the bank, the control management layer in FIG. 3 is used as the SDN control layer, the switch is used as the SDN forwarding layer, the packet quantity acquisition equipment is separated from the control management layer and is used for realizing the acquisition of the packet quantity information of the switch and reporting the acquired packet quantity information to the control management layer, and when the control management layer detects the packet quantity alarm information, rpc information is issued to the router, so that the router executes the corresponding Network flow control emergency operation. Specifically, the packet volume acquisition devices based on the sFlow technology are divided into two categories: sFlow proxy and sFlow collector. In this embodiment, the sFlow collector receives flow data of a port of a target network device forwarded by the sFlow proxy, where the sFlow proxy can be embedded in an ASIC chip of a network routing and switching device, and can monitor the entire network comprehensively without purchasing additional probes and bypasses, the sFlow proxy collects the flow of each port on the target network device and forms an sFlow data packet, and then forwards the flow data of the sFlow data packet to the sFlow collector, and the sFlow collector analyzes the data packet, so as to obtain packet volume information of the data packet flowing through the target network device.
In another embodiment, the packet amount collecting device may be an SNMP collector using a simple network protocol SNMP (simple network Management protocol), where the SNMP collector is configured to query, according to a preset object identifier ODI, traffic data of a port of the target network device from an SNMP agent, and the SNMP agent is embedded in the target network device and configured to collect second traffic data of the port of the target network device; and analyzing the second flow data to obtain the packet volume information of the data packets flowing through the target network equipment. In this embodiment, the second flow rate data is the same data as the first flow rate data.
For ease of understanding, the SNMP technique is now described as follows:
SNMP is a network management standard based on the TCP/IP protocol suite, a standard protocol for managing network nodes (e.g., firewalls, servers, workstations, routers, switches, etc.) in an IP network. The protocol consists of a set of standards for network management, including an application layer protocol (application layer protocol), a database model (database schema), and a set of resource objects. The protocol can support a network management system to monitor devices connected to the network for any regulatory concerns.
A MIB (Management Information Base) is a collection of objects that represents resources and devices that can be managed in a network. Each object is essentially a data variable that represents information about an aspect of the object being managed. OID (Object Identifier), is a key value with unique identification provided by SNMP agent. The MIB also provides a mapping of digitized OIDs to readable text. There are many implementations of SNMP based network management tools. The simplest method is that a certain server installs a net-SNMP to an SNMP agent for network collection and then reporting.
In this embodiment, the SNMP collector receives traffic data of a port of a target network device forwarded by the SNMP agent, where the SNMP agent can be embedded in an ASIC chip of the network routing and switching device, the SNMP agent collects the traffic data of the port of the target network device and then forwards the traffic data to the SNMP collector, and the SNMP collector analyzes the traffic data to obtain packet size information of a packet flowing through the target network device.
It should be noted that, unlike sFlow, SNMP has a single function, and the collected traffic information is only simple port out and in traffic statistical information, and cannot be used for deep traffic analysis, which is not beneficial to the network traffic control device to perform more extensive function design.
In addition, the method for performing network traffic control by the network traffic control device in this embodiment may refer to each embodiment of the network traffic control method, which is not described herein again.
The network flow control system provided by this embodiment monitors the port flow of the network device under the bank infrastructure by using a data stream acquisition technology, and then performs network flow control emergency operation on the network device under the bank infrastructure based on the NETCONF protocol, thereby achieving efficient, accurate, stable and low-cost flow control of the network device under the bank infrastructure.
The invention also provides a storage medium.
The storage medium of the present invention stores a network traffic control program, and the network traffic control program implements the steps of the network traffic control method described above when executed by a processor.
The method implemented when the network traffic control program running on the processor is executed may refer to each embodiment of the network traffic control method of the present invention, and details are not described here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (11)

1. A network flow control method is characterized by comprising the following steps:
when packet volume alarm information of target network equipment is detected, acquiring preset configuration information corresponding to the packet volume alarm information;
encapsulating the configuration information into a NETCONF protocol-based remote procedure call rpc message;
and sending the rpc message to the target network equipment so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message.
2. The method as claimed in claim 1, wherein before the step of obtaining the configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected, the method further comprises:
acquiring packet quantity information of data packets flowing through target network equipment, which is acquired by packet quantity acquisition equipment;
analyzing the packet quantity information, and judging whether the packet quantity information meets a preset packet quantity alarm condition;
and if so, generating packet volume alarm information of the target network equipment.
3. The method of claim 1 or 2, wherein the step of sending the rpc message to the target network device to enable the target network device to perform the corresponding network traffic control emergency operation according to the rpc message comprises:
and sending the rpc message to the target network equipment through a preset NETCONF southbound interface so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message, wherein the network flow control emergency operation comprises one or more of closing a target network equipment port, setting an access control list, bypassing a firewall and refreshing a virtual private network.
4. The method according to claim 3, wherein the step of sending the rpc message to the target network device through a preset NETCONF southbound interface comprises:
and when a plurality of target network devices exist, the rpc message is sent to the target network devices in parallel through a preset NETCONF southbound interface.
5. The method as claimed in claim 1, wherein before the step of obtaining the configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected, the method further comprises:
receiving network flow control rule information issued by a foreground application through a NETCONF northbound interface, and storing the network flow control rule information, wherein the network flow control rule information comprises a corresponding relation between packet quantity alarm information and configuration information;
the step of acquiring preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network device is detected comprises:
and when the packet volume alarm information of the target network equipment is detected, reading the configuration information corresponding to the packet volume alarm information from the stored network flow control rule information.
6. A network flow control device, comprising:
the configuration information acquisition module is used for acquiring preset configuration information corresponding to the packet volume alarm information when the packet volume alarm information of the target network equipment is detected;
the packaging module is used for packaging the configuration information into a NETCONF protocol-based remote procedure call rpc message;
and the issuing module is used for issuing the rpc message to the target network equipment so that the target network equipment executes corresponding network flow control emergency operation according to the rpc message.
7. A network traffic control device, characterized in that the network traffic control device comprises: memory, a processor and a network flow control program stored on the memory and executable on the processor, the network flow control program when executed by the processor implementing the steps of the network flow control method according to any of claims 1 to 5.
8. A network flow control system comprises a network flow control device and a packet quantity acquisition device; wherein,
the network traffic control device is the network traffic control device of claim 7;
the packet quantity acquisition device is used for acquiring packet quantity information of data packets flowing through the target network device and sending the acquired packet quantity information to the network flow control device.
9. The network flow control system according to claim 8, wherein the packet quantity collecting device is an sFlow collector using an sFlow protocol, the sFlow collector is configured to,
receiving flow data of the target network equipment port forwarded by an sFlow agent, wherein the sFlow agent is embedded in the target network equipment and is used for acquiring first flow data of the target network equipment port;
and analyzing the first flow data to obtain the packet volume information of the data packets flowing through the target network equipment.
10. The network flow control system of claim 8, wherein the packet volume collecting device is an SNMP collector using a simple network protocol (SNMP), the SNMP collector is configured to,
inquiring the flow data of the target network equipment port from an SNMP agent according to a preset object identifier (ODI), wherein the SNMP agent is embedded in the target network equipment and is used for acquiring second flow data of the target network equipment port;
and analyzing the second flow data to obtain the packet volume information of the data packets flowing through the target network equipment.
11. A storage medium having stored thereon a network traffic control program which, when executed by a processor, implements the steps of the network traffic control method according to any one of claims 1 to 5.
CN201811483441.6A 2018-12-05 2018-12-05 Network flow control method, device, equipment, system and storage medium Active CN109547257B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811483441.6A CN109547257B (en) 2018-12-05 2018-12-05 Network flow control method, device, equipment, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811483441.6A CN109547257B (en) 2018-12-05 2018-12-05 Network flow control method, device, equipment, system and storage medium

Publications (2)

Publication Number Publication Date
CN109547257A true CN109547257A (en) 2019-03-29
CN109547257B CN109547257B (en) 2022-08-12

Family

ID=65852941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811483441.6A Active CN109547257B (en) 2018-12-05 2018-12-05 Network flow control method, device, equipment, system and storage medium

Country Status (1)

Country Link
CN (1) CN109547257B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430100A (en) * 2019-08-27 2019-11-08 中国工商银行股份有限公司 Network connectivty detection method and device
CN113472674A (en) * 2021-07-12 2021-10-01 多点生活(成都)科技有限公司 Flow control method and device, storage medium and electronic equipment
CN115514686A (en) * 2021-06-23 2022-12-23 深信服科技股份有限公司 Flow acquisition method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387043A (en) * 2011-12-07 2012-03-21 深圳市同洲视讯传媒有限公司 Alarm analysis method, workstation and system based on simple network management protocol
CN103281197A (en) * 2013-04-08 2013-09-04 浙江工商大学 ForCES configuration method based on NETCONF
CN105281981A (en) * 2015-11-04 2016-01-27 北京百度网讯科技有限公司 Data traffic monitoring method and device for network service
US20160380874A1 (en) * 2014-03-27 2016-12-29 Nicira, Inc. Packet tracing in a software-defined networking environment
CN106921666A (en) * 2017-03-06 2017-07-04 中山大学 A kind of ddos attack system of defense and method based on Synergy
CN107786350A (en) * 2016-08-24 2018-03-09 华为技术有限公司 A kind of method, apparatus and the network equipment of the configuration of dispatching from the factory for recovering the network equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387043A (en) * 2011-12-07 2012-03-21 深圳市同洲视讯传媒有限公司 Alarm analysis method, workstation and system based on simple network management protocol
CN103281197A (en) * 2013-04-08 2013-09-04 浙江工商大学 ForCES configuration method based on NETCONF
US20160380874A1 (en) * 2014-03-27 2016-12-29 Nicira, Inc. Packet tracing in a software-defined networking environment
CN105281981A (en) * 2015-11-04 2016-01-27 北京百度网讯科技有限公司 Data traffic monitoring method and device for network service
CN107786350A (en) * 2016-08-24 2018-03-09 华为技术有限公司 A kind of method, apparatus and the network equipment of the configuration of dispatching from the factory for recovering the network equipment
CN106921666A (en) * 2017-03-06 2017-07-04 中山大学 A kind of ddos attack system of defense and method based on Synergy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
程东亮: "基于SDN技术实现人民银行智能骨干网的应用研究", 《软件研发与应用》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430100A (en) * 2019-08-27 2019-11-08 中国工商银行股份有限公司 Network connectivty detection method and device
CN115514686A (en) * 2021-06-23 2022-12-23 深信服科技股份有限公司 Flow acquisition method and device, electronic equipment and storage medium
CN113472674A (en) * 2021-07-12 2021-10-01 多点生活(成都)科技有限公司 Flow control method and device, storage medium and electronic equipment
CN113472674B (en) * 2021-07-12 2024-05-24 多点生活(成都)科技有限公司 Flow control method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN109547257B (en) 2022-08-12

Similar Documents

Publication Publication Date Title
CN109547257B (en) Network flow control method, device, equipment, system and storage medium
CN103516543B (en) Filtering in device management protocol inquiry
EP3560229B1 (en) Assurance framework for cp and dp slices
EP4113941A1 (en) Topology-based graphical user interface for network management systems
EP3051750B1 (en) Collection adaptor management method and system
CN103023702A (en) Method for processing batched management information bases (MIB)
Kukliński Programmable management framework for evolved SDN
CN101110698A (en) Trap analyzing and preprocessing system and method thereof
US10554625B2 (en) Integrated PCS functional competency assessment
US20240022537A1 (en) Edge device for source identification using source identifier
US11811601B2 (en) Predictive pipeline analytics for a network management system
US11729075B1 (en) Time series data collection for a network management system
CN108933707B (en) Safety monitoring system and method for industrial network
KR102180038B1 (en) Wan node apparatus in tactical mesh network environment
Matoušek et al. Unified SNMP interface for iot monitoring
WO2020005475A1 (en) Controlling communications between a plant network and a business network
EP4113942A1 (en) Network segmentation for network management graphical user interfaces
US20240275707A1 (en) Anomaly detection for network devices using intent-based analytics
EP4395254A1 (en) Query mechanism for a network management system
Ghoreishi Takantapeh INNOVATIVE MONITORING SYSTEMS AND PROTOCOLS FOR WIRELESS NETWORKS AND WIRELESS SENSOR NETWORKS
US20240243963A1 (en) Replay of analytics for a network management system
CN118337402A (en) Data stream processing method and device based on software defined network
CN116582424A (en) Switch configuration method and device, storage medium and electronic equipment
Yu et al. MLPing: Real-Time Proactive Fault Detection and Alarm for Large-Scale Distributed IDC Network
Yusuff Network Monitoring: Using Nagios as an example tool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant