CN110417612A - A kind of Network Traffic Monitoring System and method based on network element - Google Patents
A kind of Network Traffic Monitoring System and method based on network element Download PDFInfo
- Publication number
- CN110417612A CN110417612A CN201910502802.5A CN201910502802A CN110417612A CN 110417612 A CN110417612 A CN 110417612A CN 201910502802 A CN201910502802 A CN 201910502802A CN 110417612 A CN110417612 A CN 110417612A
- Authority
- CN
- China
- Prior art keywords
- network
- message
- service
- network element
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
Abstract
The present invention provides a kind of monitoring system based on network element, comprising: service source side data library, network element, network monitor server, operating terminal, monitor database.The present invention provides a kind of monitoring method based on network element, comprising: obtains service traffics to be measured and carries out the processing of service traffics, the local data base of all network elements of network monitor server access acquires information and analyzes, monitors.The present invention is acquired by network central server to the whole network monitoring data and comprehensive analysis, can be automatically positioned the abort situation of outgoing packet packet loss or error code with transmitting path, transmit process of the ex-post analysis service message in network-wide basis, precision is high;The real-time tracking to service message can also be started, issue alarm in real time in message packet loss;A variety of statistical data can also be provided.
Description
Technical field
The invention belongs to network service process field, in particular to a kind of Network Traffic Monitoring System and side based on network element
Method.
Background technique
With the extensive use of network technology, the Rapid Expansion of network size, the pressure of network O&M is increasingly highlighted.How
Analysis report is quickly monitored and made to network state, is to exclude network failure, optimization network structure, reduce operating cost
It is effective according to one of.
In addition, the requirement to network reliability is relatively high, to key business in the trade Special Networks such as track traffic communication
The tracking and monitoring of message grade need to be reached, to issue alarm and quick positioning failure to failure, improve the reliability of key business
And availability.
The demand mainly passes through network service traffic monitoring technology and realizes.Network service traffic monitoring technology is network prison
One of survey technology refers to and is monitored statistics, comprehensive analysis etc. for the specific service message of network.
In existing network service traffic monitoring technology, main implementation includes:
(1) nodes such as gateway filtering crawl service message information is set.It is inserted into other hardware or node in a network, to
Filter analysis the information such as message flow on the link.
(2) crawl analysis is carried out from network element node device port mirror image or pass-through service message to monitoring device.By net
Message on first node is copied to by image feature carries out collection analysis in other monitoring devices.
It is above-mentioned to need to be equipped with additional monitoring hardware facility in the prior art, and if only network is local or certain nets
It is equipped with monitoring hardware facility at element device, can only obtain area monitoring's information, whole network business fortune can not be held on the whole
Row situation.In addition, when obtaining business monitoring information simultaneously from the whole network many places, if carrying out comprehensive point to data in a manual manner
Analysis, will become highly difficult when Internet traffic is huge or even cannot achieve.
Summary of the invention
In view of the above-mentioned problems, the present invention provides a kind of Network Traffic Monitoring System based on network element, the monitoring system packet
It includes:
Service source side data library, service source side data library are used for record traffic source information;
Network element, the network element is for being acquired service traffics to be measured, handling;
Network monitor server, the network monitor server are connect by network with the network element, described for acquiring
Network elements monitors information, and carry out comprehensive analysis;
Operating terminal, the operating terminal connect network monitor server;
Monitor database, the monitor database connect network monitor server, are used for storage service information.
Further, the network element includes:
Backboard ethernet channel, for carrying out the transmission of data on flows;
Switching Module, the Switching Module connects the backboard ethernet channel, and the Switching Module is for obtaining stream
Information is measured, and carries out service traffics and filters out;
High speed processing module, the high speed processing module are connected by the backboard ethernet channel and the Switching Module
It connects, and the high speed processing module is filtered out for carrying out service traffics, a record entry is formed to each data message, is gone forward side by side
Row message extraction process;
Memory module is interconnected between the memory module and high speed processing module by the backboard ethernet channel;Institute
Stating memory module includes local data base, and the local data base stores service traffics;
Main control module is interconnected between the main control module and the memory module by the backboard ethernet channel;Institute
Main control module is stated for being managed to local data base, and provides local data base external inquiry/operation interface.
Further, the Switching Module includes the network port and mirror port.
Further, the Switching Module is connect by mirror port with the backboard ethernet channel.
Further, the network port is used to interconnect network consisting environment with network link.
Further, the network monitor server include message grade tracking and fault automatic location unit, Alarm Unit,
Monitoring information statistic unit.
The present invention provides a kind of Network Traffic Monitoring method based on network element, and the network element configuration has Switching Module, high speed
Processing module, memory module, main control module;The monitoring method includes:
It obtains service traffics to be measured and carries out the processing of service traffics, comprising:
Switching Module to service duplication to be measured, be mirrored on mirror port;
Service traffics to be measured are filtered out;
High speed processing module handles the message filtered out, forms a local database record item to each message
Mesh;
Data-base recording entry is transmitted by backboard Ethernet and stores the memory module of network element by high speed processing module
In;
Main control module connection, the local data base for managing memory module;
The local data base of all network elements of network monitor server access acquires information and analyzes, monitors;Include:
When having the message of missing to the transmission of business source, fault automatic location is triggered;
When carrying out periodical real-time monitoring to key business, alarm movement is triggered in failure;
When carrying out statistical information to service traffics to be measured, triggering inquiry and statistics movement.
Further, the service traffics to be measured are filtered out including being filtered out by Switching Module or by high speed processing mould
Block is filtered out.
Further, the Switching Module filter out include:
The configuration forwarding flow table on the Switching Module for supporting SDN function and Openflow1.0 agreement;
Judge whether service message is identical as predetermined information on the network port:
It then copies on mirror port if they are the same, and the copy of service message is switched in high speed processing module;
Service message is abandoned if not identical.
It is further, described that filter out by high speed processing module held when Switching Module does not execute and filters out function
Row.
Further, the high speed processing module is filtered out including will be not belonging in business to be monitored according to predetermined information
The packet loss of predetermined information.
Further, the predetermined information includes ID number, IP address, VLAN tag, one or more in type of service
It is a.
Further, the record entry includes essential content and optional content, wherein essential content includes: arrival time
Stamp, traffic ID number, this NE ID number;Optional content includes: the IP address of message, message length, the original report of business datum
Text.
Further, the high speed processing module, which handle to the message filtered out, includes:
For essential content, its cryptographic Hash is calculated after extracting original service data to the data message that mirror image comes;
For optional content, original service data content is parsed to the data message that mirror image comes, and extract optional content
Information.
Further, the triggering fault automatic location includes the following steps:
Network monitor server obtains the original message of missing message from business source database application, and calculates its Hash
Value;
Network monitor server inquires the missing message cryptographic Hash of the traffic ID item now on each network element local data base,
Obtain NE ID and corresponding timestamp that missing message once occurred;
The transmitting path for lacking message is according to time sequence listed, is with the business transmitting path comparison check in user's planning
It is no consistent, and missing message is confirmed in period, network element, to be automatically positioned out the fault bit in missing message transmit process
It sets.
Further, the triggering alarm movement in failure includes the following steps:
Network monitor server is periodically from the record entry of each network element inquiry specified services, i.e. unlatching real-time query;
Service message cryptographic Hash of network monitor server real time contrast each network element record, when monitoring that message transmissions have
When the case where midway packet loss, that is, after will appear the corresponding network element of message arrival, no longer there is the message cryptographic Hash in subsequent network element,
Alarm is then issued the user with, and illustrates corresponding NE ID, timestamp before message packet loss.
Further, the triggering inquiry and statistics movement include the following steps:
User is in operating terminal input inquiry measurement type, and network monitor server is according to the condition in each network element local number
According to inquiring corresponding monitoring data on library;
Network monitor server is according to above-mentioned query result, it is possible to provide following statistical information: transmission delay calculates, averagely prolongs
Statistics, packet loss statistics and packet size distribution statistics late.
Further, one of segment type, traffic ID type, IP address type or more when the measurement type includes
Kind.
The present invention is acquired by network central server to the whole network monitoring data and comprehensive analysis, can be with ex-post analysis
Transmitting path, transmit process of the service message in network-wide basis are automatically positioned the abort situation of outgoing packet packet loss or error code, essence
Degree is high;The real-time tracking to service message can also be started, issue alarm in real time in message packet loss;A variety of statistical numbers can also be provided
According to.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Pointed structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 shows the system diagram of the embodiment of the present invention;
Fig. 2 shows the network element structural schematic diagrams of the embodiment of the present invention;
Fig. 3 shows the monitoring method schematic diagram of the embodiment of the present invention;
Fig. 4 shows the flow chart of high speed processing resume module of the invention;
Fig. 5 shows the network monitor server operation schematic diagram of the embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical solution in the embodiment of the present invention clearly and completely illustrated, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
The present invention provides a kind of Network Traffic Monitoring System based on network element, and Fig. 1 shows the system of the embodiment of the present invention
Figure;As shown in Figure 1, shown monitoring system includes: service source side data library, network element, network monitor server, operating terminal and prison
Measured data library, in which:
Service source side data library, service source side data library are used for storage service source information.
Network element, the network element is for being acquired service traffics to be measured, handling;
Specifically, Fig. 2 shows the network element structural schematic diagrams of the embodiment of the present invention.Dotted line represents backboard ether Netcom in figure
Road, small box represent the interface of each module and backboard;As shown in Figure 2;The network element includes: Switching Module, main control module, and institute
Stating Switching Module includes the network port and mirror port, the network port network link interconnected set networking on the Switching Module
Network environment, the main control module are responsible for managing Switching Module and network element other parts etc..The network element further includes high speed processing mould
Block, memory module, backboard ethernet channel;Wherein, the Switching Module passes through respective mirror port respectively and is connected to backboard
On ethernet channel, it is connected in high speed processing module;Between the high speed processing module and memory module by backboard with
Too Netcom road interconnects, and interconnects between the memory module and main control module also by backboard ethernet channel, the memory module
Including local data base.
Network monitor server, the network monitor server are connect by network with the network element, described for acquiring
Network elements monitors information, and carry out comprehensive analysis;Network monitor server includes the tracking of message grade and fault automatic location unit, accuses
Alert unit, monitoring information statistic unit.
Operating terminal, the operating terminal connect network monitor server.
Monitor database, the monitor database connect network monitor server, are used for storage service monitoring information.
Fig. 3 shows the monitoring method schematic diagram of the embodiment of the present invention.As shown in figure 3, shown monitoring method includes,
Step 1: obtaining service traffics to be measured and carries out the processing of service traffics, comprising:
1, Switching Module to service duplication to be measured, be mirrored on mirror port;
2, service traffics to be measured are filtered out;Including by Switching Module service traffics are filtered out and are passed through with high speed
Processing module filters out service traffics;
It is filtered out specifically, the present invention preferably carries out flow by Switching Module;When filtering out, have Switching Module according to IP
The ability of mirror image again after certain features such as address or VLAN tag filter out predetermined information;Business to be monitored is first filtered out into mirror image again
On its message copy to mirror port, effective message is only oriented to high speed processing module in this way, can reduce backboard ether Netcom
The bandwidth pressure in road, and reduce the subsequent processing pressure of high speed processing module.Illustratively, it is interchange mode that the flow, which filters out,
Whether root tuber is identical as the information such as preset IP address or VLAN tag according to flow information, if they are the same filters out particular flow rate business
Mirror image again afterwards, such as preset IP address are 192.168.11.23, and Switching Module is receiving the business to be measured on the network port
Afterwards, whether the IP address for judging business to be measured is 192.168.11.23;If then being filtered out, if otherwise abandoning.
The present invention by support SDN (Software Defined Network, software defined network) function and
The Switching Module of Openflow1.0 agreement can then make to meet predetermined letter on only port by way of configuring forwarding flow table
The message of breath is just mirrored on other ports.
Illustratively, it is assumed that on network element x, the network port 1 (port numbering 1) of the business to be monitored from Switching Module 1
Into, then from the network port 2 (port numbering 2) sending, the VLAN tag which uses is 10;In order to will be in port 1
Business to be monitored filters out again on its message copy of mirror image to the mirror port 1 (port numbering 3) of Switching Module 1, should configure such as
Lower Openflow flow table:
The business to be monitored of table 1 filters out the Openflow list item example for doing Port Mirroring
Upper table (1) is by carrying multiple " action " fields, so that meeting the business report that from port 1 and VLAN tag is 10
Text is output to the network port 1 and mirror port 1 simultaneously, realizes the Port Mirroring for just filtering out business to be monitored.
You need to add is that, the configuration of each network element Switching Module should uniformly be handed down to each net by network monitor server simultaneously
Member, ID number, IP address, VLAN tag, type of service including business to be monitored etc. do not need user and log in each network element one by one
It is configured.
If Switching Module does not have specific transactions are filtered out according to certain features after mirror image again ability, pass through high speed
Processing module carries out filtering out for service traffics;Specifically, directly by all message mirrors of the network port where business to be monitored
On its copy to mirror port, then it is responsible for by high speed processing module whether predetermined with IP address or VLAN tag according to message
Information is identical;By packet loss if not identical, next step operation is carried out if belonging to.
3, high speed processing module handles the message not filtered out, and forms a local data base note to each message
Record entry;
Specifically, the high speed processing module handles service traffics, a local number is formed for each message
Entry is recorded according to library;Local database record entry includes essential content and optional content, and essential content includes: arrival time
Stamp, traffic ID number, this NE ID number calculate its cryptographic Hash after extracting original service data in message;Optional content
It include: the IP address of message, message length, business datum original message etc., parsing original service data content, which extracts correlation, to be believed
Breath.
The essential content of local database record is subsequently used for providing message grade tracking and monitoring function, and essential content stores
Amount, calculation amount are smaller, can significantly amount of compressed data size, and Kazakhstan after using Hash value calculating method to original service data
The format and length of uncommon value are fixed, and are easily handled.Illustratively, cryptographic Hash, which calculates, uses MD5 Message Digest 5 (MD5
Message-Digest Algorithm), but not limited to this, the hash function of SHA-1, SHA-256 illustratively also can be used
Algorithm calculates.High speed processing module realized using FPGA, but not limited to this, illustratively, the mode of ASIC also can be used
It realizes.
The optional content of local database record is subsequently used for providing more comprehensive inquiry statistical functions.Illustratively, may be used
IP filtering inquiry is carried out to record according to IP address.Illustratively, if business to be monitored is the column in rail traffic communication network
Vehicle controls business, and after parsing original service data content according to related protocol, extractable relevant information includes: Train Control ground
Communication handshake process, ground routine are issued to onboard program between program and onboard program mobile authorization, onboard program are to the ground
Position report, service alarm that program issues etc. can carry out statistical query according to information is extracted.
Fig. 4 shows the flow chart of high speed processing resume module of the invention.As shown in figure 4,
Firstly, high speed processing module obtains the data message that mirror image comes;
Secondly, being directed to each message, essential content: arrival time stamp, traffic ID number, this NE ID number is recorded, and right
The original service data of carrying calculate cryptographic Hash;
Illustratively, cryptographic Hash, which calculates, uses MD5 Message Digest 5, regardless of original service data length is how many, meter
Calculate the hashed value that result is 128 (16 byte);But not limited to this, dissipating for SHA-1, SHA-256 illustratively also can be used
Array function algorithm calculates, and calculated result is the hashed value of regular length, and SHA-1 arithmetic result is 160 hashed values, SHA-
256 arithmetic results are 256 hashed values.
For each message, optional content: IP address, message length, original service data is recorded;
Illustratively, it if business is that rail transit train controls business, is extracted according to message format protocol analysis: train control
Mobile authorization, the onboard program that communication handshake process, ground routine are issued to onboard program between ground routine and onboard program processed
Position report, the service alarm of program sending to the ground;This three steps, simply by the presence of being handled parallel.
Finally, recording entry using essential content, optional content (if any) constructs database, it is stored in local data base.
You need to add is that if Switching Module do not have specific transactions are filtered out according to certain features after mirror image again energy
Power, then for high speed processing module after obtaining data, high speed processing module filters out business to be monitored according to IP address or VLAN tag,
It is then directed to each message, records essential content: arrival time stamp, traffic ID number, this NE ID number, and to the original of carrying
Business datum calculates cryptographic Hash;For each message, optional content: IP address, message length, original service data is recorded;If industry
Business is that rail transit train controls business, is extracted according to message format protocol analysis: Train Control ground routine and onboard program
Between communication handshake process, ground routine issued to onboard program mobile authorization, the onboard program position that program issues to the ground
Report, service alarm;This three steps, simply by the presence of being handled parallel.Finally, (such as using essential content, optional content
Have) constructs database record entry, is stored in local data base.
Each column name of local database record entry and format sample are as follows:
Each column name of table (2) local database record entry and format sample
When can be seen that local database record program recording by table (2), the arrival time stamp in essential content is being recorded
The format of use is Yyyy-mm-dd hh:mm:ss, illustratively, 2019-04-0120:08:32, the traffic ID of essential content
The format that number uses is number, and illustratively, traffic ID number is 18.
4, data-base recording entry is transmitted by backboard Ethernet and is stored in memory module by high speed processing module;I.e.
It stores data in local data base.
5, main control module connection, management local data base;Specifically, main control module is mainly responsible for the sheet in memory module
Ground database is managed, and provides local data base external inquiry/operation interface, network monitor server and local data
The external inquiry in library/operation interface connection, the local data base of each network element device can be accessed by central site network monitoring server,
And then each network elements monitors information can be acquired, realization is checked to information and comprehensive analysis.Illustratively, network element and corresponding
Network interconnection form whole network, network monitor server may have access to the local data base of network element by network itself, into
And it can achieve and information is checked and comprehensive analysis.
Step 2: the local data base of all network elements of network monitor server access acquires information and analyzes, monitors;Packet
It includes:
1, when having the message of missing to the transmission of business source, fault automatic location is triggered;
2, when carrying out periodical real-time monitoring to key business, alarm movement is triggered in failure;
3, when carrying out statistical information to service traffics to be measured, triggering inquiry and statistics movement.
Specifically, network monitor server may have access to the local data base of all network elements by network itself, it is responsible for adopting
Collect each network elements monitors information and carry out comprehensive analysis, provides various network services monitoring function, including the tracking of message grade and failure are certainly
Dynamic positioning function, alarm function, monitoring information statistical function etc..
Fig. 5 shows the network monitor server operation schematic diagram of the embodiment of the present invention.As shown in figure 5, network monitor takes
Business device can provide a variety of monitoring policies by configuring, comprising:
Service message to be monitored loses event of failure triggering;
Cyclic check triggering;
On-demand querying triggering.
The corresponding concrete function realization of above-mentioned several monitoring policies is described as follows:
1, when having the message of missing to the transmission of business source, fault automatic location is triggered;
Specifically, issuing event of failure when business purpose, which flanks receiving text, has missing compared to business source transmission message
Trigger signal, triggering fault automatic location movement, is realized as follows:
1.1, network monitor server obtains the original message of the missing message from business source database application, and calculates
Its cryptographic Hash;
1.2, network monitor server inquires the message Hash of the traffic ID item now on each network element local data base
Value, obtains the NE ID and corresponding timestamp that the message once occurred;
1.3, the business in the transmitting path (by way of NE ID list) for according to time sequence listing the message, with user's planning
Whether transmitting path comparison check is consistent, and confirms that the message is lost period in which, which network element, to be automatically positioned
Abort situation in the message transmit process out.
2, periodical real-time monitoring is carried out to key business, alarm movement is triggered in failure;
Specified according to user, network monitor server can open periodical real-time monitoring, monitoring for certain key businesses
Triggering alarm movement when to failure, is realized as follows:
2.1, network monitor server is opened and is looked into real time periodically from the record entry of each network element inquiry specified services
It askes;
2.2, service message cryptographic Hash of each network element of network monitor server real time contrast record, when monitoring that message passes
Defeated when having the case where midway packet loss, after as some message reaches some network element, no longer there is the message Hash in subsequent network element
Value, then issue the user with alarm, and illustrate corresponding NE ID, timestamp before message packet loss.
3, when carrying out statistical information to service traffics to be measured, triggering inquiry and statistics movement;
When user needs according to condition or index inquires business associated statistical information to be monitored, triggering inquiry and statistics movement,
It realizes as follows:
3.1, user is in operating terminal input inquiry measurement type, such as period, traffic ID, IP address etc., network monitor
Server inquires corresponding monitoring data on each network element local data base according to the condition;
3.2, network monitor server is according to above-mentioned query result, it is possible to provide following statistical information:
Transmission delay calculates, average retardation counts: since record entry all having times of message are stabbed, passing through and compares cryptographic Hash
After identifying same message, its record strip object time on certain two network element is taken to stab, the message can be obtained in the two nets by subtracting each other
Transmission delay between member.It calculates in the period between certain two network element after the transmission delay of multiple messages, can calculate between two network elements
The average retardation of message transmissions.
Packet loss statistics:, can by comparing all message cryptographic Hash of certain two network element local data base within the period
The message loss situation in the period between the two network elements is counted, message loss quantity can obtain packet loss divided by the period duration.
Packet size distribution statistics: the message length of all messages in the period, statistics available difference are inquired some network element
The frequency of occurrences distribution situation of the message of length.
The present invention had both met the network communicating function of original network element device by design network element device new construction, its own
Can have the ability of network service tracking and monitoring again;In method of the invention, business to be monitored by way of network element in configure, will
Its message copy of the business mirror image, which is transmitted in high speed processing module, to be handled;Before mirror image or after mirror image, according to IP address or
Certain features such as VLAN tag filter out specific transactions;The high speed processing module of each network element forms one for the message of each mirror image
Local database record entry is simultaneously stored in the memory module of network element;Each network elements monitors information of network monitor collection of server
Comprehensive analysis is carried out, the tracking of message grade and fault automatic location function, monitoring information statistical function, alarm function etc. are provided.
Although the present invention is described in detail referring to the foregoing embodiments, those skilled in the art should manage
Solution: it is still possible to modify the technical solutions described in the foregoing embodiments, or to part of technical characteristic into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The spirit and scope of scheme.
Claims (18)
1. a kind of Network Traffic Monitoring System based on network element, which is characterized in that the monitoring system includes:
Service source side data library, service source side data library are used for record traffic source information;
Network element, the network element is for being acquired service traffics to be measured, handling;
Network monitor server, the network monitor server is connect by network with the network element, for acquiring the network element
Monitoring information, and carry out comprehensive analysis;
Operating terminal, the operating terminal connect network monitor server;
Monitor database, the monitor database connect network monitor server, are used for storage service information.
2. monitoring system according to claim 1, it is characterised in that: the network element includes:
Backboard ethernet channel, for carrying out the transmission of data on flows;
Switching Module, the Switching Module connects the backboard ethernet channel, and the Switching Module is for obtaining flow letter
Breath, and carry out service traffics and filter out;
High speed processing module, the high speed processing module are connect by the backboard ethernet channel with the Switching Module, and
The high speed processing module is filtered out for carrying out service traffics, forms a record entry to each data message, and reported
Literary extraction process;
Memory module is interconnected between the memory module and high speed processing module by the backboard ethernet channel;It is described to deposit
Storing up module includes local data base, and the local data base stores service traffics;
Main control module is interconnected between the main control module and the memory module by the backboard ethernet channel;The master
Control module provides local data base external inquiry/operation interface for being managed to local data base.
3. monitoring system according to claim 2, it is characterised in that: the Switching Module includes the network port and mirror image end
Mouthful.
4. monitoring system according to claim 3, which is characterized in that the Switching Module passes through mirror port and the back
The connection of plate ethernet channel.
5. monitoring system according to claim 3, which is characterized in that the network port is used for and network link interconnected set
At network environment.
6. monitoring system described in -5 any one according to claim 1, it is characterised in that: the network monitor server includes
The tracking of message grade and fault automatic location unit, Alarm Unit, monitoring information statistic unit.
7. a kind of Network Traffic Monitoring method based on network element, the network element configuration has Switching Module, high speed processing module, storage
Module, main control module;It is characterized in that, the monitoring method includes:
It obtains service traffics to be measured and carries out the processing of service traffics, comprising:
Switching Module to service duplication to be measured, be mirrored on mirror port;
Service traffics to be measured are filtered out;
High speed processing module handles the message filtered out, forms a local database record entry to each message;
Data-base recording entry is transmitted and is stored in the memory module of network element by backboard Ethernet by high speed processing module;
Main control module connection, the local data base for managing memory module;
The local data base of all network elements of network monitor server access acquires information and analyzes, monitors;Include:
When having the message of missing to the transmission of business source, fault automatic location is triggered;
When carrying out periodical real-time monitoring to key business, alarm movement is triggered in failure;
When carrying out statistical information to service traffics to be measured, triggering inquiry and statistics movement.
8. monitoring method according to claim 7, it is characterised in that: the service traffics to be measured are filtered out including passing through exchange
Module is filtered out or is filtered out by high speed processing module.
9. monitoring method according to claim 8, which is characterized in that the Switching Module filter out include:
The configuration forwarding flow table on the Switching Module for supporting SDN function and Openflow1.0 agreement;
Judge whether service message is identical as predetermined information on the network port:
It then copies on mirror port if they are the same, and the copy of service message is switched in high speed processing module;
Service message is abandoned if not identical.
10. monitoring method according to claim 7, which is characterized in that it is described filter out by high speed processing module be
The execution when Switching Module does not execute and filters out function.
11. monitoring method according to claim 10, which is characterized in that the high speed processing module is filtered out including basis
Predetermined information will be not belonging to the packet loss of predetermined information in business to be monitored.
12. monitoring method according to claim 11, it is characterised in that: the predetermined information include ID number, IP address,
One or more of VLAN tag, type of service.
13. according to any monitoring method of claim 7-12, it is characterised in that: the record entry includes essential content
With optional content, wherein essential content includes: arrival time stamp, traffic ID is numbered, this NE ID number;Optional content includes:
The IP address of message, message length, business datum original message.
14. monitoring method according to claim 13, it is characterised in that: the high speed processing module to the message filtered out into
Row is handled
For essential content, its cryptographic Hash is calculated after extracting original service data to the data message that mirror image comes;
For optional content, original service data content is parsed to the data message that mirror image comes, and extract the letter of optional content
Breath.
15. according to monitoring method described in claim 7-12 any one, it is characterised in that: the triggering fault automatic location
Include the following steps:
Network monitor server obtains the original message of missing message from business source database application, and calculates its cryptographic Hash;
Network monitor server inquires the missing message cryptographic Hash of the traffic ID item now on each network element local data base, obtains
The NE ID and corresponding timestamp that missing message once occurred;
According to time sequence list missing message transmitting path, with user planning in the business transmitting path comparison check whether one
The period of cause and confirmation message missing, network element, to be automatically positioned out the abort situation in missing message transmit process.
16. according to monitoring method described in claim 7-12 any one, it is characterised in that: described to trigger alarm in failure
Movement includes the following steps:
Network monitor server is periodically from the record entry of each network element inquiry specified services, i.e. unlatching real-time query;
Service message cryptographic Hash of network monitor server real time contrast each network element record, when monitoring that message transmissions have midway
When the case where packet loss, that is, will appear after message reaches corresponding network element, no longer there is the message cryptographic Hash in subsequent network element, then to
User issues alarm, and illustrates corresponding NE ID, timestamp before message packet loss.
17. according to monitoring method described in claim 7-12 any one, it is characterised in that: the triggering inquiry and statistics are dynamic
Work includes the following steps:
User is in operating terminal input inquiry measurement type, and network monitor server is according to the condition in each network element local data base
The upper corresponding monitoring data of inquiry;
Network monitor server is according to above-mentioned query result, it is possible to provide following statistical information: transmission delay calculates, average retardation is united
Meter, packet loss statistics and packet size distribution statistics.
18. monitoring method according to claim 17, it is characterised in that: segment type, business when the measurement type includes
One or more of ID type, IP address type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910502802.5A CN110417612B (en) | 2019-06-11 | 2019-06-11 | Network flow monitoring system and method based on network elements |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910502802.5A CN110417612B (en) | 2019-06-11 | 2019-06-11 | Network flow monitoring system and method based on network elements |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110417612A true CN110417612A (en) | 2019-11-05 |
| CN110417612B CN110417612B (en) | 2021-05-28 |
Family
ID=68358977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910502802.5A Active CN110417612B (en) | 2019-06-11 | 2019-06-11 | Network flow monitoring system and method based on network elements |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110417612B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110913418A (en) * | 2019-11-27 | 2020-03-24 | 武汉烽合智达信息技术有限责任公司 | Method and system for early warning and positioning of rail transit communication fault |
| CN111241098A (en) * | 2020-01-09 | 2020-06-05 | 佛山科学技术学院 | Industrial fault data response method and device |
| CN111884881A (en) * | 2020-07-28 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Monitoring method, device and system for Ethernet switching network and switch |
| CN112904758A (en) * | 2021-01-14 | 2021-06-04 | 北京经纬恒润科技股份有限公司 | Data return link state monitoring method and system based on unmanned vehicle |
| CN113347036A (en) * | 2021-06-04 | 2021-09-03 | 上海天旦网络科技发展有限公司 | Method and system for realizing cloud environment bypass monitoring by utilizing public cloud storage |
| CN113660182A (en) * | 2021-08-13 | 2021-11-16 | 上海电信科技发展有限公司 | Data processing method and system of flow mirror image |
| CN113765720A (en) * | 2021-09-09 | 2021-12-07 | 国网湖南省电力有限公司 | Service interaction feature extraction method based on electric power communication network flow |
| CN113810229A (en) * | 2021-09-16 | 2021-12-17 | 烽火通信科技股份有限公司 | IOAM quality performance data analysis method and device based on time sequence scheduling |
| WO2022022404A1 (en) * | 2020-07-30 | 2022-02-03 | 阿里巴巴集团控股有限公司 | Network data processing system and method, network element device and server |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345581A (en) * | 2007-07-13 | 2009-01-14 | 华为技术有限公司 | Fault location method and system for passive optical network |
| CN101493779A (en) * | 2009-02-27 | 2009-07-29 | 中国工商银行股份有限公司 | Remote terminal control method |
| CN102407867A (en) * | 2011-08-09 | 2012-04-11 | 河南辉煌科技股份有限公司 | Urban rail transit signal maintenance supporting system |
| CN103729990A (en) * | 2013-10-30 | 2014-04-16 | 国家电网公司 | On-line cable line monitoring system based on all-in-one sensor |
| CN104735116A (en) * | 2013-12-24 | 2015-06-24 | 中国移动通信集团公司 | Monitoring data obtaining method, device and system |
| CN104735706A (en) * | 2013-12-23 | 2015-06-24 | 中国移动通信集团浙江有限公司 | Internet of Things terminal fault diagnosis method and device |
| CN205123775U (en) * | 2015-11-25 | 2016-03-30 | 中国船舶工业集团公司第七〇八研究所 | Network switching device with data diagnosis and memory function |
| CN105868435A (en) * | 2015-09-09 | 2016-08-17 | 辽宁邮电规划设计院有限公司 | Efficient control method for realizing optical network construction on basis of linear correlation analysis |
| CN106411609A (en) * | 2016-11-08 | 2017-02-15 | 上海新炬网络信息技术有限公司 | IT software and hardware running state monitoring system |
| CN106453299A (en) * | 2016-09-30 | 2017-02-22 | 北京奇虎科技有限公司 | Network security monitoring method and device, and cloud WEB application firewall |
| CN107820270A (en) * | 2017-11-16 | 2018-03-20 | 北京全路通信信号研究设计院集团有限公司 | A kind of GPRS interface monitor systems based on GSM R networks |
| WO2019094839A1 (en) * | 2017-11-10 | 2019-05-16 | Twitter, Inc. | Detecting sources of computer network failures |
-
2019
- 2019-06-11 CN CN201910502802.5A patent/CN110417612B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345581A (en) * | 2007-07-13 | 2009-01-14 | 华为技术有限公司 | Fault location method and system for passive optical network |
| CN101493779A (en) * | 2009-02-27 | 2009-07-29 | 中国工商银行股份有限公司 | Remote terminal control method |
| CN102407867A (en) * | 2011-08-09 | 2012-04-11 | 河南辉煌科技股份有限公司 | Urban rail transit signal maintenance supporting system |
| CN103729990A (en) * | 2013-10-30 | 2014-04-16 | 国家电网公司 | On-line cable line monitoring system based on all-in-one sensor |
| CN104735706A (en) * | 2013-12-23 | 2015-06-24 | 中国移动通信集团浙江有限公司 | Internet of Things terminal fault diagnosis method and device |
| CN104735116A (en) * | 2013-12-24 | 2015-06-24 | 中国移动通信集团公司 | Monitoring data obtaining method, device and system |
| CN105868435A (en) * | 2015-09-09 | 2016-08-17 | 辽宁邮电规划设计院有限公司 | Efficient control method for realizing optical network construction on basis of linear correlation analysis |
| CN205123775U (en) * | 2015-11-25 | 2016-03-30 | 中国船舶工业集团公司第七〇八研究所 | Network switching device with data diagnosis and memory function |
| CN106453299A (en) * | 2016-09-30 | 2017-02-22 | 北京奇虎科技有限公司 | Network security monitoring method and device, and cloud WEB application firewall |
| CN106411609A (en) * | 2016-11-08 | 2017-02-15 | 上海新炬网络信息技术有限公司 | IT software and hardware running state monitoring system |
| WO2019094839A1 (en) * | 2017-11-10 | 2019-05-16 | Twitter, Inc. | Detecting sources of computer network failures |
| CN107820270A (en) * | 2017-11-16 | 2018-03-20 | 北京全路通信信号研究设计院集团有限公司 | A kind of GPRS interface monitor systems based on GSM R networks |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110913418A (en) * | 2019-11-27 | 2020-03-24 | 武汉烽合智达信息技术有限责任公司 | Method and system for early warning and positioning of rail transit communication fault |
| CN111241098A (en) * | 2020-01-09 | 2020-06-05 | 佛山科学技术学院 | Industrial fault data response method and device |
| CN111884881A (en) * | 2020-07-28 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Monitoring method, device and system for Ethernet switching network and switch |
| CN111884881B (en) * | 2020-07-28 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Monitoring method, device and system for Ethernet switching network and switch |
| WO2022022404A1 (en) * | 2020-07-30 | 2022-02-03 | 阿里巴巴集团控股有限公司 | Network data processing system and method, network element device and server |
| CN112904758A (en) * | 2021-01-14 | 2021-06-04 | 北京经纬恒润科技股份有限公司 | Data return link state monitoring method and system based on unmanned vehicle |
| CN112904758B (en) * | 2021-01-14 | 2022-04-26 | 北京经纬恒润科技股份有限公司 | Data return link state monitoring method and system based on unmanned vehicle |
| CN113347036A (en) * | 2021-06-04 | 2021-09-03 | 上海天旦网络科技发展有限公司 | Method and system for realizing cloud environment bypass monitoring by utilizing public cloud storage |
| CN113660182A (en) * | 2021-08-13 | 2021-11-16 | 上海电信科技发展有限公司 | Data processing method and system of flow mirror image |
| CN113765720A (en) * | 2021-09-09 | 2021-12-07 | 国网湖南省电力有限公司 | Service interaction feature extraction method based on electric power communication network flow |
| CN113765720B (en) * | 2021-09-09 | 2023-10-24 | 国网湖南省电力有限公司 | Service interaction feature extraction method based on power communication network flow |
| CN113810229A (en) * | 2021-09-16 | 2021-12-17 | 烽火通信科技股份有限公司 | IOAM quality performance data analysis method and device based on time sequence scheduling |
| CN113810229B (en) * | 2021-09-16 | 2023-12-05 | 烽火通信科技股份有限公司 | IOAM quality performance data analysis method and device based on time schedule |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110417612B (en) | 2021-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110417612A (en) | A kind of Network Traffic Monitoring System and method based on network element | |
| US7895158B2 (en) | Data logging in content routed networks | |
| US7313141B2 (en) | Packet sequence number network monitoring system | |
| US7925727B2 (en) | Method and apparatus for efficient communication of management data in a telecommunications network | |
| US7483379B2 (en) | Passive network monitoring system | |
| KR101123020B1 (en) | High-speed traffic measurement and analysis methodologies and protocols | |
| US6836466B1 (en) | Method and system for measuring IP performance metrics | |
| JP5840788B2 (en) | Method, apparatus and communication network for root cause analysis | |
| US7617314B1 (en) | HyperLock technique for high-speed network data monitoring | |
| CN111752795A (en) | Full-process monitoring alarm platform and method thereof | |
| CN110401642A (en) | A kind of acquisition of industry control flow and protocol analysis method | |
| CN108028775A (en) | Operations, Administration and Maintenance in trigger-type band in network environment | |
| CN106059830B (en) | Automatic analysis method for traffic performance of PTN (packet transport network) ring network | |
| CN102158360A (en) | Network fault self-diagnosis method based on causal relationship positioning of time factors | |
| US20060230309A1 (en) | System for remote fault management in a wireless network | |
| US8483091B1 (en) | Automatic displaying of alarms in a communications network | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN1901484B (en) | Measurement system and method of measuring a transit metric | |
| CN110838949A (en) | Network flow log recording method and device | |
| US7796500B1 (en) | Automated determination of service impacting events in a communications network | |
| CN100568825C (en) | Monitor service method for quality, system and assembly and computer product in the telecommunications network | |
| US7701843B1 (en) | Intelligent-topology-driven alarm placement | |
| US8015278B1 (en) | Automating alarm handling in a communications network using network-generated tickets and customer-generated tickets | |
| US11609835B1 (en) | Evaluating machine and process performance in distributed system | |
| US7986639B1 (en) | Topology management of a communications network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |