CN110855424A - Method and device for synthesizing asymmetric flow xDR in DPI field - Google Patents

Method and device for synthesizing asymmetric flow xDR in DPI field Download PDF

Info

Publication number
CN110855424A
CN110855424A CN201910968707.4A CN201910968707A CN110855424A CN 110855424 A CN110855424 A CN 110855424A CN 201910968707 A CN201910968707 A CN 201910968707A CN 110855424 A CN110855424 A CN 110855424A
Authority
CN
China
Prior art keywords
call ticket
server
synthesis server
updating
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910968707.4A
Other languages
Chinese (zh)
Other versions
CN110855424B (en
Inventor
黄察夫
叶志钢
黄华桥
程波
谭国权
李明栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Greenet Information Service Co Ltd
Original Assignee
Wuhan Greenet Information Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Greenet Information Service Co Ltd filed Critical Wuhan Greenet Information Service Co Ltd
Priority to CN201910968707.4A priority Critical patent/CN110855424B/en
Publication of CN110855424A publication Critical patent/CN110855424A/en
Application granted granted Critical
Publication of CN110855424B publication Critical patent/CN110855424B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/41Flow control; Congestion control by acting on aggregated flows or links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of DPI, and provides a method and a device for synthesizing asymmetric flow xDR in the field of DPI. The method comprises the steps of generating a message abstract which can be used for determining the uplink flow and the downlink flow of the same session according to one or more items in the five-element group data; determining the total number N of synthesis servers capable of providing the call ticket synthesis service currently; and each DPI device sends the uplink flow and/or the downlink flow stored by the DPI device to a target call ticket synthesis server appointed by the distribution strategy according to the same preset distribution strategy. After the uplink and downlink flows of the session in the network are processed by the DPI equipment loaded in different machine rooms, the DPI equipment can synthesize accurate and complete xDR call ticket records and provide the xDR call ticket records to an upper application big data analysis platform to ensure the accuracy of the platform analysis result, and meanwhile, the xDR call ticket quantity generated by asymmetric flow is reduced, and the processing pressure of the upper big data platform is reduced.

Description

Method and device for synthesizing asymmetric flow xDR in DPI field
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of DPI, in particular to a method and a device for synthesizing asymmetric flow xDR in the field of DPI.
[ background of the invention ]
In the field of Deep Packet Inspection (DPI) technology, different operators and networks, DPI devices are currently deployed at places such as an Internet Data Center (Internet Data Center, abbreviated as IDC) machine room outlet, a mobile network outlet, a metropolitan area network outlet, and the like. DPI needs to collect and parse the passing traffic at these egress points and generate xDR (all called: X delayed Record) tickets, and a typical system architecture thereof is shown in fig. 1.
In practical application, DPI devices are divided into a splitter, a front-end processor, and an xDR server according to different services. The shunt is used for load shunting of the accessed flow, and simultaneously ensuring that the flow of the same session can be loaded to the same front-end processor/xDR server to complete processing; the front-end processor is a core device of the DPI, and mainly completes the preprocessing of original flow, including the identification, analysis, statistics and the like of the application of the flow, such as the identification of http session, the acquisition of corresponding url, the statistics of the total flow of the request and the reply of the session and the like; the xDR server mainly generates xDR tickets for different final applications, such as http tickets, DNS tickets, ftp tickets, email tickets, and the like. The identification of the application from the flow access to the xDR call ticket generation process is key, the front-end processor can identify the corresponding application such as http video, qq, WeChat, love skill and the like according to the uplink flow or downlink flow of a certain session and generate corresponding session information to be transmitted to the xDR server, and the xDR server generates the xDR call ticket corresponding to the application according to the session information.
Although in the same machine room, the flow of the same session can be guaranteed to be converged to the same DPI front-end processor for processing after passing through the front-end splitter, and the same session information data is converged to the xDR server through the rear-end splitter to generate an xDR call ticket. However, in the actual application at present, the upstream traffic and the downstream traffic of many sessions, especially IPv6 sessions, are loaded to different rooms, as shown in fig. 2.
The uplink traffic of one email session is loaded to the machine room A, and the downlink traffic is loaded to the machine room B. The machine room A identifies the application of the email through the uplink flow and outputs an xDR call ticket of the email; and the machine room B cannot identify the application of the email through downlink flow, the final output is an xDR call ticket of unknown application, and the final transmission to an application big data platform for analysis can cause a plurality of problems: firstly, inaccuracy of an applied analysis data source leads to large deviation of a final analysis result; second, only one call ticket needs to be output for one session after the uplink and downlink traffic are separated, and two call tickets are output at present, so that the performance burden of an upper application big data analysis platform is greatly increased. And if the traffic of one computer room is converged to another computer room, the existing problem can be solved, but the traffic needs larger bandwidth resources (100G or even TB level), and the traffic is basically not feasible.
In view of the above, overcoming the drawbacks of the prior art is an urgent problem in the art.
[ summary of the invention ]
The technical problem to be solved by the invention is to provide a method for synthesizing asymmetric flow xDR in the field of DPI.
The invention further aims to solve the technical problem of providing a method for synthesizing asymmetric flow xDR in the field of DPI.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for synthesizing asymmetric traffic xDR in the field of DPI, including:
generating a message abstract which can be used for determining the uplink flow and the downlink flow of the same session according to one or more items in the five-element group data;
determining the total number N of synthesis servers capable of providing the call ticket synthesis service currently;
each DPI device sends uplink flow and/or downlink flow stored by the DPI device to a target call ticket synthesis server appointed by a preset same distribution strategy;
and the distribution strategy comprises a method for appointing a target call bill synthesis server for each DPI device according to the message abstract and the total number N of the synthesis servers.
Preferably, the generating a message digest that can be used to determine the uplink traffic and the downlink traffic of the same session according to one or more of the five-tuple data specifically includes:
obtaining the message digest through a HASH algorithm according to a source IP, a destination IP, a source port and a destination port in the five-tuple; alternatively, the first and second electrodes may be,
obtaining the message digest through a HASH algorithm according to a source IP, a destination IP, a source port, a destination port and a protocol in the five-tuple; alternatively, the first and second electrodes may be,
and obtaining the message digest through a HASH algorithm according to the source IP and the destination IP in the quintuple.
Preferably, the HASH algorithm comprises:
MD4, MD5 and/or SHA-1.
Preferably, the allocation policy includes a method for specifying a target ticket synthesizing server for each DPI device according to the message digest and the total number N of synthesizing servers, and specifically includes:
when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server; alternatively, the first and second electrodes may be,
and acquiring a distribution interval of the message summaries obtained by statistics, carrying out interval division on the distribution interval according to the total number N, and determining a target call bill synthesis server according to the distribution interval to which the generated message summaries belong.
Preferably, if the mth ticket composition server is to perform offline maintenance, the method further includes:
the ticket synthesis server management unit sends a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
the call ticket synthesis server management unit is used for acquiring the uplink traffic and/or the downlink traffic which is acquired by the mth call ticket synthesis server from the mth call ticket synthesis server;
and the call ticket synthesis server management unit is used for acquiring the uplink traffic and/or the downlink traffic which is acquired from the mth call ticket synthesis server according to the updated distribution strategy and forwarding the uplink traffic and/or the downlink traffic to the target call ticket synthesis server appointed by the updated distribution strategy.
Preferably, if an N +1 th call ticket synthesizing server is to be added in the call ticket synthesizing server group, the method includes:
the ticket synthesis server management unit sends a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
the ticket synthesis server management unit is used for simultaneously sending the distribution strategy before updating and the distribution strategy after updating to the (N + 1) th ticket synthesis server;
and in a preset time after the call ticket is on line, if the obtained uplink flow or downlink flow cannot form a complete call ticket by the N +1 th call ticket synthesis server, forwarding the corresponding uplink flow or downlink flow to a target call ticket synthesis server executed by the distribution strategy before updating according to the distribution strategy before updating.
In a second aspect, the present invention further provides a method for asymmetric traffic xDR synthesis in the DPI field, wherein if an mth call ticket synthesis server in a call ticket synthesis server group is to perform offline maintenance, the system includes:
sending a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
acquiring the uplink flow and/or the downlink flow acquired by the mth call ticket synthesis server from the mth call ticket synthesis server;
and according to the updated distribution strategy, the uplink flow and/or the downlink flow which are/is obtained from the mth call ticket synthesis server are/is forwarded to the target call ticket synthesis server appointed by the updated distribution strategy.
Preferably, the allocation policy includes:
when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server; alternatively, the first and second electrodes may be,
and acquiring a distribution interval of the message summaries obtained by statistics, carrying out interval division on the distribution interval according to the total number N, and determining a target call bill synthesis server according to the distribution interval to which the generated message summaries belong.
Preferably, if an N +1 th call ticket synthesizing server is to be added in the call ticket synthesizing server group, the method further comprises:
sending a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
simultaneously sending an updated distribution strategy and an updated distribution strategy to the (N + 1) th call ticket synthesis server;
and in a preset time after the call ticket is on line, if the obtained uplink flow or downlink flow cannot form a complete call ticket by the N +1 th call ticket synthesis server, forwarding the corresponding uplink flow or downlink flow to a target call ticket synthesis server executed by the distribution strategy before updating according to the distribution strategy before updating.
In a third aspect, the present invention further provides a method for synthesizing asymmetric traffic xDR in the DPI field, which is used to implement the method for synthesizing asymmetric traffic xDR in the DPI field in the first aspect, and the apparatus includes:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being programmed to perform a DPI domain asymmetric traffic xDR synthesis method according to the first aspect.
In a fourth aspect, the present invention further provides a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, where the computer-executable instructions are executed by one or more processors, and are configured to perform the method for asymmetric traffic xDR synthesis in DPI field according to the first aspect.
After the uplink and downlink flows of the session in the network are processed by the DPI equipment loaded in different machine rooms, the DPI equipment can synthesize accurate and complete xDR call ticket records and provide the xDR call ticket records to an upper application big data analysis platform to ensure the accuracy of the platform analysis result, and meanwhile, the xDR call ticket quantity generated by asymmetric flow is reduced, and the processing pressure of the upper big data platform is reduced. Especially, under the condition that the composition server is provided with a plurality of groups, the problem that the upstream and downstream telephone bills of the same conversation are distributed to different composition servers is effectively improved. And the problem of low efficiency of reducing the ticket (for example, only uplink traffic or only downlink traffic) by using an interactive mode between synthesis servers in the prior art is solved.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a diagram illustrating a conventional DPI and xDR server deployment relationship according to an embodiment of the present invention;
fig. 2 is a diagram of an existing simplest architecture of a flow xDR forwarding system in the DPI domain according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for synthesizing asymmetric traffic xDR in the DPI field according to an embodiment of the present invention;
fig. 4 is a system architecture diagram of asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 5 is a flowchart of another method for asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 6 is a flowchart of another method for asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 7 is a flowchart of another method for asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 8 is a flowchart of another method for asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 9 is a flowchart of another method for asymmetric traffic xDR synthesis in the DPI field according to an embodiment of the present invention;
fig. 10 is a structural diagram of another asymmetric flow xDR synthesizing apparatus in the DPI field according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, the terms "inner", "outer", "longitudinal", "lateral", "upper", "lower", "top", "bottom", and the like indicate orientations or positional relationships based on those shown in the drawings, and are for convenience only to describe the present invention without requiring the present invention to be necessarily constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
In each embodiment of the present invention, an xDR ticket refers to records of some key information fields of traffic in networks such as a mobile network and a fixed network, for example, one or more xDR records may be generated when a certain user accesses a certain website.
The homologous and homoclinic refers to that in the process of processing network traffic, a request and response traffic of a call back (for example, an http request) can be guaranteed to be converged into the same DPI device for processing.
A quintuple: the identifier in the network flow is the basis of the same session, and mainly comprises a source IP, a destination IP, a source port, a destination port and a protocol.
Asymmetric flow rate: the flow rate of uplink and downlink in the network is not processed by the same machine room; for example, a certain machine room only processes single uplink traffic, and a certain machine room only processes single downlink traffic.
Asymmetric xDR call ticket: refers to an xDR call ticket which is generated after processing asymmetric traffic and only has uplink traffic or only has downlink traffic.
As shown in fig. 4, a call ticket composition server group is added on the basis of the original deployment scheme. The call ticket synthesis server group synthesizes the xDR call tickets of single uplink or single downlink flow, and finally generates complete xDR call tickets. The core of the scheme is that the DPI equipment needs to increase the capacity of the asymmetric call tickets, and the asymmetric call tickets of the same session can be guaranteed to be converged on the same call ticket synthesis server at the same time.
The main logic principle of reporting xDR session by DPI equipment is as follows:
when the DPI equipment processes conversation flow to generate a call ticket, the DPI equipment judges whether the xDR call ticket is a symmetrical call ticket (with uplink and downlink flow) or not, if so, the xDR call ticket is directly sent to a big data analysis platform for use, and if not, the xDR call ticket is sent to a call ticket synthesis server for synthesis. The selection of the destination composition server algorithm is as follows:
1. supposing that N call ticket synthesizing servers are provided, and the IP corresponding to each server is IP1、IP2、IP3…IPN(ii) a N is a natural number;
2. when selecting the call ticket synthesizing server, a key is hashed according to the quintuple of the asymmetric xDR;
3. using the calculated key to perform key% m operation to obtain n, IPnThe IP of the composition server to which the asymmetric xDR is to be sent;
4. according to two computer rooms, the flow rate of each computer room access is 500G, 70% of asymmetric flow rate exists, the quantity of the generated xDR call ticket is 216TB, wherein 70% of xDR call tickets have problems, and the xDR call ticket with 75.6TB is an extra call ticket generated due to the asymmetric flow rate. If the scheme is used, 75.6TB is reduced when the data is generated every day, the performance loss caused by an upper-layer big data analysis platform is reduced by about 35 percent, and the completeness of the uplink and downlink flow of the xDR call ticket is ensured.
The technical features mentioned in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1:
the embodiment 1 of the present invention provides a method for synthesizing asymmetric traffic xDR in the field of DPI, where an execution main body in the embodiment of the present invention may be in various forms, and may be a method that directly runs the execution method process in a machine room as shown in fig. 2; or a host can be set up separately as shown in fig. 4, which includes a plurality of agents of the corresponding call ticket synthesizing server group in the call ticket synthesizing server architecture, and is specially used for receiving call tickets from each machine room, and determining the specific synthesizing server object to be forwarded by the corresponding call ticket after the method is executed according to the embodiment of the present invention. As shown in fig. 3, the method according to the embodiment of the present invention includes:
in step 201, a message digest that can be used to determine the uplink traffic and the downlink traffic of the same session is generated according to one or more items of the five-tuple data.
In this embodiment of the present invention, the generating of the message digest that can be used to determine the uplink traffic and the downlink traffic of the same session according to one or more of the five-tuple data typically includes:
and in the first mode, the message digest is obtained through a HASH algorithm according to a source IP, a destination IP, a source port and a destination port in the five-tuple.
And secondly, obtaining the message digest through a HASH algorithm according to a source IP, a destination IP, a source port, a destination port and a protocol in the five-tuple.
And thirdly, obtaining the message digest through a HASH algorithm according to the source IP and the destination IP in the quintuple.
The three modes have little influence on final processing, and in consideration of calculation efficiency, the calculation time spent by the first mode is shorter, and the first mode is enough to satisfy the function of distinguishing call bills.
In step 202, the total number N of synthesis servers that can currently provide the ticket synthesis service is determined.
The determining action may be pre-stored in the execution agent of the embodiment of the present invention, or may be obtained from an object that manages the number of composition servers after the execution agent of the embodiment of the present invention is started; such as the agent introduced at the beginning of the embodiment of the present invention; alternatively, maintenance is performed by a big data analysis platform as shown in FIG. 4. Further, if the total number of synthesis servers is maintained by a separate third party (for example, an agent or a big data analysis platform), it is preferable that, when the corresponding third party determines that the total number of synthesis servers changes, an update request is directly sent to run the main body of the embodiment of the method of the present invention, so that the main body updates the total number N of locally stored or acquired synthesis servers.
In step 203, each DPI device sends uplink traffic and/or downlink traffic stored in itself to a target ticket synthesizing server specified by a preset same distribution policy;
and the distribution strategy comprises a method for appointing a target call bill synthesis server for each DPI device according to the message abstract and the total number N of the synthesis servers.
According to the embodiment of the invention, after the uplink and downlink flows of the session in the network are processed by the DPI equipment loaded in different machine rooms, the DPI equipment can synthesize accurate and complete xDR call ticket records and provide the xDR call ticket records to the upper application big data analysis platform to ensure the accuracy of the platform analysis result, and meanwhile, the xDR call ticket amount generated by asymmetric flow is reduced, and the processing pressure of the upper big data platform is reduced. Especially, under the condition that the call ticket synthesizing server is provided with a plurality of groups, the problem that the upstream call ticket and the downstream call ticket of the same conversation are distributed to different call ticket synthesizing servers is effectively solved. And the problem of low efficiency of reducing the call ticket (for example, only uplink traffic or only downlink traffic) by using an interactive mode between call ticket synthesis servers in the prior art is solved.
With reference to the embodiment of the present invention, the HASH algorithm adopted in the step 201 in three ways may specifically include: any one or more of MD4, MD5 and SHA-1. Where MD4(RFC 1320) is designed by MIT in 1990 by Ronald l.rivest, and MD is an abbreviation for Message Digest. It is suitable for high-speed software implementation on 32-bit word-length processors-it is implemented based on bit manipulation of 32-bit operands. MD5(RFC 1321) is a modified version of MD4 by Rivest in 1991, which is still grouped with 512 bits for input, whose output is a concatenation of 4 32-bit words, the same as MD 4; MD5 is more complex than MD4 and slower than MD4, but safer and better at resisting analysis and resisting differentiation. SHA1 is designed by NIST NSA for use with DSA, and it produces hash values of 160 bits in length for inputs of length less than 2^64, thus being more resistant to exhaustion (brute-force); SHA-1 was designed based on the same principles as MD4 and mimics this algorithm.
In step 203 of the embodiment of the present invention, a method is involved in which the allocation policy includes a method for specifying a target ticket composition server for each DPI device according to the message digest and the total number N of composition servers. Based on the difference of specific implementation scenes, the invention provides the following two feasible implementation modes, specifically:
and in the mode 1, when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server.
Mode 1 is the preferred implementation of the embodiments of the present invention, and is simple to implement in a stepwise manner, and is found to be higher in terms of distribution uniformity during a particular operation. However, since one round of the remainder operation is performed, the calculation occupies more resources than the method 2.
And 2, acquiring the statistical distribution interval of the obtained message summaries, dividing the distribution interval according to the total number N, and determining a target call bill synthesis server according to the generated distribution interval to which the message summaries belong.
The simple understanding of the mode 2 is that a message digest (a HASH value obtained by calculation) is used as a natural number, an area range is defined according to bytes occupied by the parameter, the area range is signed and seat-entered to each call ticket synthesis server in a distribution interval mode, and the examples are simply carried out by using parameter values: and if the distribution interval is [1000,2000] and is used as the distribution interval of the call ticket synthesis server 1, correspondingly calculating the message digest value of a certain call ticket to be 1500, and correspondingly assigning the message digest value to the call ticket synthesis server 1 for xDR synthesis. Compared with the mode 1, the mode 2 has higher efficiency and is suitable for the condition that a large amount of data is to be processed.
Therefore, there is a preferred implementation manner, that is, a total service amount threshold is set according to the total service amount of the current call ticket, if the total service amount threshold is lower than the total service amount threshold, the above-mentioned manner 1 is adopted, the resource occupation share rate of each call ticket server is improved, and if the total service amount threshold is higher than the total service amount threshold, the above-mentioned manner 2 is adopted, the calculation resource occupation of the execution main body in the embodiment of the present invention is reduced, so that the adaptability of the whole scheme is improved.
In the process of describing the method process of the embodiment of the present invention, the problems of a failure, a drop, an update, etc. of the ticket composition server may occur, so if the mth ticket composition server needs to perform offline maintenance (the mth ticket composition server belongs to one of the original N ticket composition servers), as shown in fig. 5, the method further includes:
in step 301, a ticket composition server management unit (which may be understood as an expression form of the above agent, but may also be implemented as a unit that any main body divides a part of resources, operates the management unit as the above ticket composition server, and determines whether it is working normally by receiving heartbeat messages of each ticket composition server), and sends a request message for updating an allocation policy to each DPI device; the request message for updating the distribution strategy comprises the steps of updating the call ticket synthesis server and the number mapping relation, or sending the updated call ticket synthesis server and the area division mapping relation.
In step 302, the ticket composition server management unit obtains the uplink traffic and/or the downlink traffic that it has obtained from the mth ticket composition server.
The method is explained based on a normal maintenance process, namely, the mth call ticket synthesis server reports a request to a call ticket synthesis server management unit, and on the basis, the call ticket synthesis server management unit can naturally acquire the acquired uplink flow and/or downlink flow from the mth call ticket synthesis server after receiving the request to maintain and report the mth call ticket synthesis server.
In step 303, the ticket composition server management unit, according to the updated distribution policy, forwards the uplink traffic and/or the downlink traffic that has been obtained from the mth ticket composition server to the destination ticket composition server specified by the updated distribution policy.
The target call ticket synthesis server specified by the updated distribution strategy refers to that after the mapping relation is updated, the Hash value of each uplink flow and/or downlink flow is newly calculated according to the acquired uplink flow and/or downlink flow obtained from the mth call ticket synthesis server, and is sent to the corresponding target call ticket synthesis server. For example: obtaining a value 4 of a certain downlink flow in the obtained uplink flow and/or downlink flow from the mth call ticket synthesis server according to the mode 1 (4 represents a mapping value under the normal work of the mth call ticket synthesis server, so that the mth call ticket synthesis server is historically distributed to the mth call ticket synthesis server); at this time, the value calculated by using the updated mapping relationship and according to the mode 1 may be 5, and at this time, the updated mapping relationship is forwarded to the call ticket synthesizing server (also described as the destination call ticket synthesizing server in this embodiment) having the mapping relationship with 5.
The step 301 and the step 303 of the embodiment of the present invention ensure that the effective continuation of the method process can be completed under the condition that the data is still ensured not to be lost when the emergency occurs in the ticket synthesizing server.
The above has described the situation that the mth call ticket synthesis server needs to perform offline maintenance through the method process shown in fig. 5, and here, the embodiment of the present invention will be further combined to explain the corresponding method implementation process when the (N + 1) th call ticket synthesis server needs to be added in the call ticket synthesis server group. As shown in fig. 6, the method further comprises:
in step 401, the ticket composition server management unit sends a request message for updating the distribution policy to each DPI device; the request message for updating the distribution strategy comprises the steps of updating the call ticket synthesis server and the number mapping relation, or sending the updated call ticket synthesis server and the area division mapping relation.
In step 402, the ticket composition server management unit sends the distribution policy before updating and the distribution policy after updating to the N +1 th ticket composition server at the same time;
in step 403, within a preset time after the call is on-line, if the N +1 th call ticket synthesizing server obtains an uplink traffic or a downlink traffic that cannot form a complete call ticket, the corresponding uplink traffic or downlink traffic is forwarded to the destination call ticket synthesizing server executed by the pre-update distribution policy according to the pre-update distribution policy. The preset time may be determined according to a maximum time required for a single session completion history.
Example 2:
corresponding to embodiment 1, the embodiment of the present invention is a method for a direct station to explain on the side of a call ticket server for managing and maintaining, and how to implement a method procedure when an mth call ticket composition server in a call ticket composition server group needs to perform offline maintenance, as shown in fig. 7, the method includes:
in step 501, a request message for updating the distribution policy is sent to each DPI device; the request message for updating the distribution strategy comprises the steps of updating the call ticket synthesis server and the number mapping relation, or sending the updated call ticket synthesis server and the area division mapping relation.
In step 502, the obtained uplink traffic and/or downlink traffic is obtained from the mth call ticket synthesis server.
The method is explained based on a normal maintenance process, namely, the mth call ticket synthesis server reports a request to a call ticket synthesis server management unit, and on the basis, the call ticket synthesis server management unit can naturally acquire the acquired uplink flow and/or downlink flow from the mth call ticket synthesis server after receiving the request to maintain and report the mth call ticket synthesis server.
In step 503, according to the updated distribution strategy, the uplink traffic and/or the downlink traffic that has been obtained from the mth call ticket composition server is obtained, and forwarded to the destination call ticket composition server specified by the updated distribution strategy.
The target call ticket synthesis server specified by the updated distribution strategy refers to that after the mapping relation is updated, the Hash value of each uplink flow and/or downlink flow is newly calculated according to the acquired uplink flow and/or downlink flow obtained from the mth call ticket synthesis server, and is sent to the corresponding target call ticket synthesis server. For example: obtaining a value 4 of a certain downlink flow in the obtained uplink flow and/or downlink flow from the mth call ticket synthesis server according to the mode 1 (4 represents a mapping value under the normal work of the mth call ticket synthesis server, so that the mth call ticket synthesis server is historically distributed to the mth call ticket synthesis server); at this time, the value calculated by using the updated mapping relationship and according to the mode 1 may be 5, and at this time, the updated mapping relationship is forwarded to the call ticket synthesizing server (also described as the destination call ticket synthesizing server in this embodiment) having the mapping relationship with 5.
The embodiment of the invention ensures that the method process can be effectively continued under the condition of still ensuring no data loss under the condition that the emergency occurs in the ticket synthesizing server.
With reference to the embodiment of the present invention, preferably, the allocation policy includes:
when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server; alternatively, the first and second electrodes may be,
and acquiring a distribution interval of the message summaries obtained by statistics, carrying out interval division on the distribution interval according to the total number N, and determining a target call bill synthesis server according to the distribution interval to which the generated message summaries belong.
Based on the embodiment of the invention, if an N +1 th call ticket synthesizing server is to be added in the call ticket synthesizing server group, as shown in fig. 8, the method further comprises:
in step 601, a request message for updating the distribution policy is sent to each DPI device; the request message for updating the distribution strategy comprises the steps of updating the call ticket synthesis server and the number mapping relation, or sending the updated call ticket synthesis server and the area division mapping relation.
In step 602, the pre-update distribution policy and the post-update distribution policy are simultaneously sent to the N +1 th ticket composition server.
In step 603, within a preset time after the call is on-line, if the N +1 th call ticket synthesis server obtains the uplink traffic or the downlink traffic that cannot form a complete call ticket, the corresponding uplink traffic or the downlink traffic is forwarded to the destination call ticket synthesis server executed by the pre-update distribution policy according to the pre-update distribution policy.
Example 3:
from a higher perspective, the embodiment of the present invention shows how the method processes of the embodiments 1 and 2 of the present invention are embedded and implemented in the whole system architecture. Taking the system architecture shown in fig. 4 as an example, as shown in fig. 9, the method includes
In step 701, an xDR ticket is reported.
In step 702, a determination is made as to whether the xDR ticket is a symmetric ticket, i.e., whether both the uplink and downlink data are available. If the determination result is yes, go to step 703; if the determination result is "no", step 704 is executed.
In step 703, the symmetric xDR ticket is sent to the final application big data analysis platform. And ending the xDR call ticket sending process in the current round.
In step 704, the method for selecting a target call ticket synthesis server provided in embodiment 1 of the present invention is executed. The method process of the embodiment 2 can be executed in parallel in the method process of the embodiment of the invention, and seamless rail connection can be realized.
In step 705, the asymmetric xDR is sent to the destination call ticket composition server, and after the destination call ticket composition server combines the symmetric xDR call tickets, the symmetric xDR call tickets are sent to the final big data platform. And ending the xDR call ticket sending process in the current round.
Example 4:
fig. 10 is a schematic diagram of an architecture of an asymmetric traffic xDR synthesizing apparatus in the DPI field according to an embodiment of the present invention. The asymmetric flow xDR synthesizing apparatus in DPI field of the present embodiment includes one or more processors 21 and a memory 22. In fig. 10, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 10 illustrates the connection by a bus as an example.
The memory 22 is used as a non-volatile computer-readable storage medium for storing a non-volatile software program and a non-volatile computer-executable program, such as the asymmetric traffic xDR synthesis method in the DPI field in embodiment 1. The processor 21 executes a DPI domain asymmetric traffic xDR synthesizing method by running a non-volatile software program and instructions stored in the memory 22.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules stored in the memory 22, when executed by the one or more processors 21, perform a DPI domain asymmetric traffic xDR synthesis method of embodiment 1, for example, perform the steps illustrated in fig. 5-9 described above.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A method for synthesizing asymmetric flow xDR in DPI field is characterized in that the method comprises the following steps:
generating a message abstract which can be used for determining the uplink flow and the downlink flow of the same session according to one or more items in the five-element group data;
determining the total number N of synthesis servers capable of providing the call ticket synthesis service currently;
each DPI device sends uplink flow and/or downlink flow stored by the DPI device to a target call ticket synthesis server appointed by a preset same distribution strategy;
and the distribution strategy comprises a method for appointing a target call bill synthesis server for each DPI device according to the message abstract and the total number N of the synthesis servers.
2. The method according to claim 1, wherein the generating a message digest that can be used to determine the uplink traffic and the downlink traffic of the same session according to one or more of the quintuple data includes:
obtaining the message digest through a HASH algorithm according to a source IP, a destination IP, a source port and a destination port in the five-tuple; alternatively, the first and second electrodes may be,
obtaining the message digest through a HASH algorithm according to a source IP, a destination IP, a source port, a destination port and a protocol in the five-tuple; alternatively, the first and second electrodes may be,
and obtaining the message digest through a HASH algorithm according to the source IP and the destination IP in the quintuple.
3. The method of claim 2, wherein the HASH algorithm comprises:
MD4, MD5 and/or SHA-1.
4. The method for synthesizing asymmetric traffic xDR in DPI field according to claim 1, wherein the distribution policy includes a method for assigning a target ticket synthesis server to each DPI device according to the message digest and the total number N of synthesis servers, which specifically comprises:
when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server; alternatively, the first and second electrodes may be,
and acquiring a distribution interval of the message summaries obtained by statistics, carrying out interval division on the distribution interval according to the total number N, and determining a target call bill synthesis server according to the distribution interval to which the generated message summaries belong.
5. The method of claim 4, wherein if the mth ticket composition server is to be maintained offline, the method further comprises:
the ticket synthesis server management unit sends a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
the call ticket synthesis server management unit is used for acquiring the uplink traffic and/or the downlink traffic which is acquired by the mth call ticket synthesis server from the mth call ticket synthesis server;
and the call ticket synthesis server management unit is used for acquiring the uplink traffic and/or the downlink traffic which is acquired from the mth call ticket synthesis server according to the updated distribution strategy and forwarding the uplink traffic and/or the downlink traffic to the target call ticket synthesis server appointed by the updated distribution strategy.
6. The method of claim 4, wherein if a new N +1 th call ticket composition server is to be added to the call ticket composition server group, the method comprises:
the ticket synthesis server management unit sends a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
the ticket synthesis server management unit is used for simultaneously sending the distribution strategy before updating and the distribution strategy after updating to the (N + 1) th ticket synthesis server;
and in a preset time after the call ticket is on line, if the obtained uplink flow or downlink flow cannot form a complete call ticket by the N +1 th call ticket synthesis server, forwarding the corresponding uplink flow or downlink flow to a target call ticket synthesis server executed by the distribution strategy before updating according to the distribution strategy before updating.
7. A method for synthesizing asymmetric flow xDR in DPI field is characterized in that if the m-th call ticket synthesizing server in the call ticket synthesizing server group needs to be maintained off line, the system includes:
sending a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
acquiring the uplink flow and/or the downlink flow acquired by the mth call ticket synthesis server from the mth call ticket synthesis server;
and according to the updated distribution strategy, the uplink flow and/or the downlink flow which are/is obtained from the mth call ticket synthesis server are/is forwarded to the target call ticket synthesis server appointed by the updated distribution strategy.
8. The method of claim 7, wherein the distribution strategy comprises:
when each call ticket synthesis server is numbered with 0,1, …, N, directly carrying out complementation operation with the total number N according to the message abstract to obtain the number of the target call ticket synthesis server; alternatively, the first and second electrodes may be,
and acquiring a distribution interval of the message summaries obtained by statistics, carrying out interval division on the distribution interval according to the total number N, and determining a target call bill synthesis server according to the distribution interval to which the generated message summaries belong.
9. The method of claim 7, wherein if an N +1 th call ticket composition server is to be added to the call ticket composition server group, the method further comprises:
sending a request message for updating the distribution strategy to each DPI device; wherein, the request message for updating the distribution strategy comprises updating the call ticket synthesis server and the number mapping relation, or sending the updating call ticket synthesis server and the area division mapping relation;
simultaneously sending an updated distribution strategy and an updated distribution strategy to the (N + 1) th call ticket synthesis server;
and in a preset time after the call ticket is on line, if the obtained uplink flow or downlink flow cannot form a complete call ticket by the N +1 th call ticket synthesis server, forwarding the corresponding uplink flow or downlink flow to a target call ticket synthesis server executed by the distribution strategy before updating according to the distribution strategy before updating.
10. A device for asymmetric flow xDR synthesis in DPI field is characterized in that the device comprises:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor and programmed to perform the method of DPI domain asymmetric traffic xDR synthesis of any of claims 1-9.
CN201910968707.4A 2019-10-12 2019-10-12 Method and device for synthesizing asymmetric flow xDR in DPI field Active CN110855424B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910968707.4A CN110855424B (en) 2019-10-12 2019-10-12 Method and device for synthesizing asymmetric flow xDR in DPI field

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910968707.4A CN110855424B (en) 2019-10-12 2019-10-12 Method and device for synthesizing asymmetric flow xDR in DPI field

Publications (2)

Publication Number Publication Date
CN110855424A true CN110855424A (en) 2020-02-28
CN110855424B CN110855424B (en) 2023-04-07

Family

ID=69597428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910968707.4A Active CN110855424B (en) 2019-10-12 2019-10-12 Method and device for synthesizing asymmetric flow xDR in DPI field

Country Status (1)

Country Link
CN (1) CN110855424B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114301960A (en) * 2021-12-15 2022-04-08 山石网科通信技术股份有限公司 Processing method and device for asymmetric flow of cluster, electronic equipment and storage medium
WO2023024951A1 (en) * 2021-08-23 2023-03-02 中兴通讯股份有限公司 Signaling collection monitoring system and method, and network device and storage medium
WO2024046464A1 (en) * 2022-09-02 2024-03-07 中兴通讯股份有限公司 Xdr generation method and device, and computer readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170019316A1 (en) * 2010-08-22 2017-01-19 Qwilt, Inc. System and method for caching popular content respective of a content strong server in an asymmetrical routing topology
CN106941517A (en) * 2017-02-10 2017-07-11 北京浩瀚深度信息技术股份有限公司 Five-tuple ticket synthetic method and device under a kind of asymmetric condition
CN108206788A (en) * 2016-12-16 2018-06-26 中国移动通信有限公司研究院 The business recognition method and relevant device of a kind of flow
CN108282412A (en) * 2018-01-19 2018-07-13 世纪龙信息网络有限责任公司 Network shunt method, apparatus, system and computer equipment
CN108683598A (en) * 2018-04-20 2018-10-19 武汉绿色网络信息服务有限责任公司 A kind of asymmetrical network flow processing method and processing unit

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170019316A1 (en) * 2010-08-22 2017-01-19 Qwilt, Inc. System and method for caching popular content respective of a content strong server in an asymmetrical routing topology
CN108206788A (en) * 2016-12-16 2018-06-26 中国移动通信有限公司研究院 The business recognition method and relevant device of a kind of flow
CN106941517A (en) * 2017-02-10 2017-07-11 北京浩瀚深度信息技术股份有限公司 Five-tuple ticket synthetic method and device under a kind of asymmetric condition
CN108282412A (en) * 2018-01-19 2018-07-13 世纪龙信息网络有限责任公司 Network shunt method, apparatus, system and computer equipment
CN108683598A (en) * 2018-04-20 2018-10-19 武汉绿色网络信息服务有限责任公司 A kind of asymmetrical network flow processing method and processing unit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
潘洁、高峰等: "基于DPI不对称流量的同源同宿解决方案", 《电信科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023024951A1 (en) * 2021-08-23 2023-03-02 中兴通讯股份有限公司 Signaling collection monitoring system and method, and network device and storage medium
CN114301960A (en) * 2021-12-15 2022-04-08 山石网科通信技术股份有限公司 Processing method and device for asymmetric flow of cluster, electronic equipment and storage medium
CN114301960B (en) * 2021-12-15 2024-03-15 山石网科通信技术股份有限公司 Processing method and device for cluster asymmetric traffic, electronic equipment and storage medium
WO2024046464A1 (en) * 2022-09-02 2024-03-07 中兴通讯股份有限公司 Xdr generation method and device, and computer readable medium

Also Published As

Publication number Publication date
CN110855424B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN110855424B (en) Method and device for synthesizing asymmetric flow xDR in DPI field
CN110463141B (en) Communication method, device and system
CN110326345B (en) Method, device and system for configuring network slice
CN108418766B (en) Bandwidth control method, device and system
CN110730478B (en) Slice association method, device, end-to-end slice organizer and storage medium
US11418385B2 (en) Network alarm method, device, system and terminal
CN109391498A (en) The management method and the network equipment of networking component
CN109756566B (en) Block chain based data storage method, related equipment and storage medium
CN106789625A (en) A kind of loop detecting method and device
US20240106751A1 (en) Method and apparatus for processing detnet data packet
CN112104568B (en) Data transmission control method and gateway
US20170310493A1 (en) Network entity and service policy management method
CN110086837A (en) A kind of transmission control method of message, equipment and computer readable storage medium
CN110012076B (en) Connection establishing method and device
US20080137654A1 (en) Method of managing signaling message in path-based signaled paths to mpls-enabled core network
CN105429936B (en) Private network router memory storage resource malice, which occupies, resists method and device
CN113938814B (en) Service scheduling method, UPF, system and medium of content distribution network
CN109787911A (en) Method, control face entity and the transponder of load balancing
CN107682265B (en) Message routing method and device of payment system
CN109347766A (en) A kind of method and device of scheduling of resource
CN106936606A (en) Service implementation method and system and arranging service equipment
CN108781215B (en) Network service implementation method, service controller and communication system
Pan et al. Orchestrating probabilistic in-band network telemetry for network monitoring
CN101175038A (en) Data stream information transmission method, communication system and equipment
CN116781732A (en) Routing method, system and node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant