CN110380938A - A kind of multidimensional converged network monitoring method based on programmable model - Google Patents

A kind of multidimensional converged network monitoring method based on programmable model Download PDF

Info

Publication number
CN110380938A
CN110380938A CN201910724601.XA CN201910724601A CN110380938A CN 110380938 A CN110380938 A CN 110380938A CN 201910724601 A CN201910724601 A CN 201910724601A CN 110380938 A CN110380938 A CN 110380938A
Authority
CN
China
Prior art keywords
model
network
data
packet
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910724601.XA
Other languages
Chinese (zh)
Inventor
莫皓颖
周继华
户江民
董帅
曾康娟
彭湖
赵涛
彭汝凤
张伟
陈柯
吉蓬荣
王均春
徐乐勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Jinmei Communication Co Ltd
Original Assignee
Chongqing Jinmei Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Jinmei Communication Co Ltd filed Critical Chongqing Jinmei Communication Co Ltd
Priority to CN201910724601.XA priority Critical patent/CN110380938A/en
Publication of CN110380938A publication Critical patent/CN110380938A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/14Arrangements for monitoring or testing data switching networks using software, i.e. software packages

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The multidimensional converged network monitoring method based on programmable model that the invention discloses a kind of, mainly by being pre-processed in route exchange device to the network information, reduce its IP packet size transmitted between network monitoring software, and meets the identification demand of business model message again;By to form model to customized be programmed of IP packet full word section, user is met to the customization demand of network monitor business datum;The monitoring result of business model is merged with IP-based such as network node monitoring results by network identity feature, it realizes at IP data monitoring visual angle it can be found that contained business model information, business model monitoring can contain the IP data monitoring information monitored under visual angle, realize the network monitor analysis under different angle.

Description

A kind of multidimensional converged network monitoring method based on programmable model
Technical field
The present invention relates to a kind of network monitoring method more particularly to a kind of multidimensional converged network prisons based on programmable model Survey method.
Background technique
With the expansion of network size, also rapid growth, the information are record and reflection network condition to network information Important carrier, by the monitoring to the network information, the state and performance data of available network, thus effectively in network There are the problem of rectified and improved in time.In recent years, many large-scale research project groups are goed deep into terms of the monitoring of network state Research, wherein the scientist that more famous project includes UC Berkeley is up to three months twice to what Internet was carried out Extensive monitoring, improved international network measuring table (National Internet Measurement Infrastructure, NIMI) it is widely applied by many countries.
Currently, we contact there are mainly three types of more network monitoring methods, one is use ICMP agreement by pair Destination host carries out continuity testing to monitor the connected state information with destination host;Another is set by route switching Standby built-in software is monitored analysis, and switching equipment is presented by the way of specialized management software or WEB access equipment Monitoring data;There are also one is by configuring routing policy on route exchange device, will be replicated by the IP packet of the equipment Mirror image is simultaneously forwarded on specified purpose computer, and purpose computer is by monitoring network interface card, to realize the monitoring to the network information.
The third monitoring method in summary, mainly by carrying out crawl analysis to the network information, wherein analyze Process needs to establish discharge model, and common Monitoring System Model is typically designed as coming by each field type of network message IP stem Statistical analysis and carries out visual to present various for data protocol type, port numbers, the network data of specified IP address Change and presents.But in the epoch of current big data, mass data, it is using the method that the field type of IP stem carrys out classification analysis Compare macroscopical, can not be analyzed for specific network service, often some important type of service data deposit in IP The data portion of message.It would therefore be desirable to be modeled to the feature of IP packet data portion, can effectively distinguish each Kind network service information.For example, when user needs to distinguish user is transmitted in nearest 1 minute Big Dipper short message data in network In communication flows, then we just need to model IP operation.
In network information monitoring, the touching originator of grabbed network traffic data is corresponded to, often some specific business Object, for the data traffic of this type, producer is usually to be identified by IP, and user is often indifferent to IP, and closes The heart is the specific object for triggering this kind of flow, so the object should be shown with its identity information.For some object, It specifically produces any service traffics in a network, and for the flow monitoring information of some business, it specifically has in a network Which object is triggering and user is of concern, these monitoring Analysis perspectives are some different monitoring latitudes.
For above-mentioned accurately network monitor, there is not complete solution to realize at present.Therefore it needs to develop A kind of monitoring method of high efficient and flexible, the programmable and multi-angle of view information visuallization of Lai Shixian Network Monitoring Model are presented.
Summary of the invention
Aiming at the problem that background technique proposes, the present invention devises a kind of multidimensional converged network prison based on programmable model Survey method mainly realizes the pre-processing to network data message by the way that monitor agent is arranged at route exchange device, so Afterwards by processed data message forwarding to network monitoring software, this process reduces between route exchange device and inspection software Interactive data volume;By the programmable monitoring model in the customized generation in monitoring side, full word section mould can be carried out to IP packet Type matching;It is interrelated to information progress by network identity feature, it realizes from various dimensions such as node, business models to network Monitoring in all directions is carried out to present.It is mainly comprised the processes of
Step 1: be programmed according to actual demand to network traffic model, one or more groups of IP byte locations and right are set Answer the model matrix of position data value;
Step 2: formulating monitoring business model by network monitoring software, business model is sent out by network protocol after the completion of formulating It is sent in route exchange device;
Step 3: the network data that route exchange device crawl is generated by the network-side of the equipment;
Step 4: route exchange device carries out business model matching to the IP packet grabbed, matches and meet business model IP packet, duplication matches consistent IP packet, and its data portion is assigned a value of model name;Duplication is not matched to the IP of model Message, and the content of its IP data portion is assigned a value of sky;
Step 5: the IP packet of duplication is forwarded to network monitoring software;
Step 6: the identity characteristic (MAC/IP) using IP packet identifies, node and business model information is interrelated.
The method have the benefit that: by being pre-processed in route exchange device to the network information, reduce The IP packet size transmitted between network monitoring software, and meet the identification demand of business model message again;By right The customized model programming of IP packet full word section, meets customization of the user to network monitor business datum part monitoring content Monitoring requirements;The monitoring result of business model and network node etc. are merged based on IP by network identity feature, realized At IP data monitoring visual angle it can be found that contained business model information, it can contain under business model monitoring visual angle and be monitored IP data monitoring information, realize under different angle data monitoring analysis.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes a part of the present patent application, The embodiment of the present invention and explanation are used to introduce the present invention, do not constitute improper limitations of the present invention, in the accompanying drawings:
Attached drawing 1, typical structure according to an embodiment of the present invention and information flow chart;
Attached drawing 2, network traffic model structural map according to an embodiment of the present invention;
Attached drawing 3, network monitor factorage flow chart according to an embodiment of the present invention;
Attached drawing 4, network monitor information multidimensional according to an embodiment of the present invention merge schematic diagram.
Specific embodiment
In an embodiment of the present invention, it contains a kind of by pre-processing IP packet data portion in route exchange device Divide content, the information content transmitted in compression network monitoring of software and route exchange device;Contain the programming of a kind of pair of model Change method can neatly be programmed model, meet different user to the customization demand of business monitoring model;It contains A kind of various dimensions convergence analysis method can merge the monitoring data of the monitoring data of network traffic model and node, The Analysis of Network Information for carrying out multidimensional is presented, and allows the more intuitive comprehensive awareness network of user.
The typical structure and information flow chart of the embodiment of the present invention are as shown in Fig. 1, are set by network monitoring software, route switching In monitoring system of the standby, network by Ethernet interconnection composition, monitor agent software is increased in route exchange device newly, to realize Data processing and forwarding are carried out to IP packet in data link layer.Its information flow mainly has the following steps:
Step 1: formulating monitoring business model by network monitoring software, business model is sent out by network protocol after the completion of formulating It is sent in route exchange device;
Step 2: the network data that route exchange device crawl is generated by the network-side of the equipment;
Step 3: route switching is monitored business model matching to the IP packet grabbed, matches and meet business model IP packet, duplication matches consistent IP packet, and its data portion is assigned a value of model name;Duplication is not matched to the IP of model Message, and the content of its IP data portion is assigned a value of sky;
Step 4: the IP packet of duplication is forwarded to network monitoring software;
Step 5: network monitoring software is for statistical analysis according to the IP packet that route exchange device is sent.
By above five steps, the overall process that network data grabs analysis may be implemented, in this process, network prison Survey the monitor agent that the business model of formulation is sent to route exchange device by software, in order to reduce route exchange device Duplication forwarding to the size of the IP packet statisticallyd analyze.Monitor agent built in route exchange device operates mainly in data Link layer, the network data that route exchange device is received carry out place's business model matching and forward process, the mould in the layer Type does not influence original data forwarding strategy.
The network traffic model construction of the embodiment of the present invention is as shown in Fig. 2, according to the IP for the network service for preparing monitoring Message characteristic corresponds to byte location to IP packet and corresponding field value is configured, and can be multiple groups monitor value, addition setting The building of monitoring business model is completed afterwards.For example, one TCP flow amount model of customization: preceding 14 bytes of message are MAC headers Information, total length are 14 bytes, and the protocol type of the 24th byte of message is set as 6;47th byte and the 48th in message A byte stores source port number information;49th byte and the 50th byte store destination port information;The 51-54 byte is deposited Put message segment serial number information;The 55-58 byte stores confirmation information, i.e. expectation receives the first of the next message segment of other side The serial number of a data byte;The 59-60 byte stores data offset information and urgent URG etc.;The 61-62 byte stores window Message breath allows sender that its foundation for sending window is arranged as recipient;The 63-64 byte storage verification and;65-66 A byte stores urgent pointer information;67-70 byte stores option information and filling information.By to above-mentioned described Corresponding data value is assigned at field location can construct a TCP traffic model.Similarly, by the way that one or more groups of need are arranged The value of the field location and respective field position to be monitored, so that it may the model programming of monitoring network business required for realizing.
The network monitor factorage process of the embodiment of the present invention is as shown in Fig. 3, the monitoring generation in route exchange device After reason software receives business model, start in the network data for receiving and processing facility data link layer, main processes It is as follows:
1. obtaining and parsing network message;
2. judge whether message length is less than IP byte maximum position value in model, enter step 5 if being less than, if not less than into Enter step 3;
3. judging whether message has matched network model, 5 are entered step if not, if entering step 4;
4. by the data portion of model name assignment to the IP packet;
5. the data portion of IP packet is emptied;
6. forwarding the packet to network monitor end.
The network monitor information multidimensional fusion signal of present example as shown in Fig. 4, common meshed network monitoring and Business model network monitor is separation, is unfavorable for analyzing comprehensively.It is identified and is matched by network identity (MAC/IP), by node net Network monitoring is mutually merged with business model monitoring information, covers the information of two kinds of monitoring dimensions mutually.Realize this mesh , the first step is business object corresponding to the single model flow of analysis, the IP packet for meeting the model is first looked for, to the report (MAC/IP) of text is identified, and is gone matched node, is detected all nodes navigated in real time under single model.Second step is analysis There is which business below each node, and select the business covered in real time in business model according to (MAC/IP) mark, will save In point information fusion model view.Described refers to that the matching process was counted by some cycles and nearlyr time in real time , interior all data such as per second are primary analysis object, and the result analyzed next time makees the data in following one-second period To analyze object.

Claims (7)

1. a kind of multidimensional converged network monitoring method based on programmable model, it is characterised in that: realize and set in route switching Standby middle setting monitor agent, for being pre-processed to network data message, and will treated data message forwarding to net Network monitoring of software reduces the data volume interacted between route exchange device and inspection software;By in the customized life in monitoring side At programmable monitoring model, full word section Model Matching can be carried out to IP packet;By network identity feature to section detected Point and business model data are interrelated, realize and present from various dimensions such as node, business models to network monitoring data, It is mainly comprised the processes of
Step 1: be programmed according to actual demand to network traffic model, one or more groups of IP byte locations and right are set Answer the model matrix of position data value;
Step 2: formulating monitoring business model by network monitoring software, business model is sent out by network protocol after the completion of formulating It is sent in route exchange device;
Step 3: route exchange device crawl passes through the network data of the equipment;
Step 4: route exchange device carries out business model matching to the IP packet grabbed, matches and meet business model IP packet, duplication matches consistent IP packet, and its data portion is assigned a value of model name, and duplication is not matched to the IP of model Message, and the content of its IP data portion is assigned a value of sky;
Step 5: the IP packet of duplication is forwarded to network monitoring software;
Step 6: the identity characteristic (MAC/IP) using IP packet identifies, node and business model information is interrelated.
2. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: Increase monitor agent software in route exchange device newly, work will be reported in data link layer to by the IP of route exchange device Text carries out data processing and the business model of formulation is sent to the monitoring generation of route exchange device by forwarding, network monitoring software Reason.
3. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: Business model is a kind of matrix form, and corresponding each group of data mainly include specified IP packet field location and corresponding position Value.
4. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: Model matrix is looped through, the numerical value of the maximum value of field location and maximum N in model are found out;To the message received Data length is analyzed, and replicates IP report if the maximum value N of field location in model is greater than the length for receiving message Its data portion is assigned a value of sky by text.
5. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: IP packet for being matched to business model then replicates the message, and the data portion of its IP packet is assigned a value of model name;It is multiple Its data portion is assigned a value of sky by the IP packet that system is not matched to model.
6. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: Treated IP packet is transmitted to network monitoring software by the monitor agent software of route exchange device.
7. a kind of multidimensional converged network monitoring method based on programmable model according to claim 1, it is characterised in that: Nodal information is matched in business model information by network identity, business model information is matched to section by network identity In point information, realize that the network information of multi-angle full view is presented.
CN201910724601.XA 2019-08-07 2019-08-07 A kind of multidimensional converged network monitoring method based on programmable model Pending CN110380938A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910724601.XA CN110380938A (en) 2019-08-07 2019-08-07 A kind of multidimensional converged network monitoring method based on programmable model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910724601.XA CN110380938A (en) 2019-08-07 2019-08-07 A kind of multidimensional converged network monitoring method based on programmable model

Publications (1)

Publication Number Publication Date
CN110380938A true CN110380938A (en) 2019-10-25

Family

ID=68258252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910724601.XA Pending CN110380938A (en) 2019-08-07 2019-08-07 A kind of multidimensional converged network monitoring method based on programmable model

Country Status (1)

Country Link
CN (1) CN110380938A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582462A (en) * 2023-07-14 2023-08-11 浪潮通信信息系统有限公司 Converged service monitoring method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626323A (en) * 2009-07-23 2010-01-13 中兴通讯股份有限公司 Method and device for monitoring network data flow
CN103595576A (en) * 2013-10-31 2014-02-19 赛尔网络有限公司 Interconnection port ICP flow statistical system and method based on content provider identifications
CN106656627A (en) * 2017-01-09 2017-05-10 周向军 Performance monitoring and fault positioning method based on service
CN106850337A (en) * 2016-12-29 2017-06-13 中兴通讯股份有限公司 A kind of network quality detection method and device
CN107404421A (en) * 2017-09-18 2017-11-28 赛尔网络有限公司 Flow monitoring, monitoring and managing method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626323A (en) * 2009-07-23 2010-01-13 中兴通讯股份有限公司 Method and device for monitoring network data flow
CN103595576A (en) * 2013-10-31 2014-02-19 赛尔网络有限公司 Interconnection port ICP flow statistical system and method based on content provider identifications
CN106850337A (en) * 2016-12-29 2017-06-13 中兴通讯股份有限公司 A kind of network quality detection method and device
CN106656627A (en) * 2017-01-09 2017-05-10 周向军 Performance monitoring and fault positioning method based on service
CN107404421A (en) * 2017-09-18 2017-11-28 赛尔网络有限公司 Flow monitoring, monitoring and managing method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582462A (en) * 2023-07-14 2023-08-11 浪潮通信信息系统有限公司 Converged service monitoring method and device
CN116582462B (en) * 2023-07-14 2023-09-22 浪潮通信信息系统有限公司 Converged service monitoring method and device

Similar Documents

Publication Publication Date Title
US8582466B2 (en) Flow statistics aggregation
CN106100999B (en) Image network flow control methods in a kind of virtualized network environment
JP5238769B2 (en) Method and apparatus for monitoring traffic in a network
US20060165003A1 (en) Method and apparatus for monitoring data routing over a network
US20130329572A1 (en) Misdirected packet statistics collection and analysis
US20030005145A1 (en) Network service assurance with comparison of flow activity captured outside of a service network with flow activity captured in or at an interface of a service network
CN104717150B (en) Switch and packet discarding method
JPH07312594A (en) Method and architecture for collecting information,system and method for controlling data communication network
JPH06291765A (en) Generating method for event-driven interface and event vector
CN108400909A (en) A kind of flow statistical method, device, terminal device and storage medium
CN107147535A (en) A kind of distributed network measurement data statistical analysis technique
CN110855493A (en) Application topological graph drawing device for mixed environment
CN115297007A (en) Construction method and system of network space asset information map for cooperative network
CN105827474A (en) Network monitoring method, data packet filtering method and data packet filtering device
CN110380938A (en) A kind of multidimensional converged network monitoring method based on programmable model
CN113037542B (en) Cloud network topology construction method based on software defined network
CN110071843A (en) A kind of Fault Locating Method and device based on flow path analysis
CN108494625A (en) A kind of analysis system on network performance evaluation
CN113328956A (en) Message processing method and device
CN106209680A (en) Information processor and method
CN107181701A (en) The collection method and device of CGI data
EP2854340B1 (en) Misdirected packet statistics collection and analysis
Kristol et al. A polynomial algorithm for gateway generation from formal specifications
CN116996392B (en) Flow path reconstruction method and system based on weighted directed graph algorithm
US6977936B1 (en) Service detail records for layered communications protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20191025

WD01 Invention patent application deemed withdrawn after publication