CN110912731B - NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology - Google Patents
NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology Download PDFInfo
- Publication number
- CN110912731B CN110912731B CN201911039769.3A CN201911039769A CN110912731B CN 110912731 B CN110912731 B CN 110912731B CN 201911039769 A CN201911039769 A CN 201911039769A CN 110912731 B CN110912731 B CN 110912731B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- dpi
- management
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3055—Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
- G06F11/3093—Configuration details thereof, e.g. installation, enabling, spatial arrangement of the probes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
Abstract
The invention discloses a system and a method for realizing service identification and topology analysis by adopting DPI technology based on NFV, wherein the system comprises a Web Manager management module, a Collector IT module, an Agent probe, a DPDK Capture acquisition module and a DPI module; the distributed Xkernel modules are used for realizing transverse capacity expansion, and the processing capacity of the DPI is greatly improved.
Description
Technical Field
The invention relates to the technical field of electronic information, in particular to a system and a method for realizing service identification and topology analysis by adopting a DPI technology based on NFV.
Background
While the depreciation period of fixed equipment in the communication industry is long and any change is not easy to happen, network technology is faced with two innovations at a time, namely Software Defined Networking (SDN) and Network Function Virtualization (NFV), and in the process of changing networks, the two technologies may depend on each other or be harmoniously collocated if the network technology is successfully changed. Where NFV is a carrier-driven means to virtualize network functions and migrate those functions from a specific device to a general type of server. The aim of NFV delivery is to reduce service deployment costs by reducing proprietary device dependencies, build service features with a more flexible software defined framework, and increase service flexibility. The advent of 5G will undoubtedly accelerate the process of network virtualization, including the need for NFV will also be more stringent. With the arrival of 5G, the network traffic is rapidly increasing, and the network is urgently in need of changing, because the flexibility of the existing network cannot meet the requirements of the whole future industry, the industrial requirements not only are the telecommunication operators, but also include the requirements of each enterprise network, cloud end and OTT, and the virtualization process must be accelerated.
NFV, Network Function Virtualization. By using general purpose hardware such as x86 and virtualization technology, very versatile software processing is carried. Thereby reducing the cost of expensive equipment for the network. The functions of the network equipment can be decoupled through software and hardware and abstracted through functions, so that the functions of the network equipment do not depend on special hardware any more, resources can be fully and flexibly shared, the rapid development and deployment of new services are realized, and automatic deployment, elastic expansion, fault isolation, self-healing and the like are carried out based on actual service requirements.
DPI (deep packet inspection), which is an application layer traffic inspection and control technology based on data packets, performs deep inspection and analysis on different layer information (such as IP address, application layer port, application layer protocol, payload content, etc.) of a data packet, thereby obtaining application layer information of the entire data stream or data packet, and then performs statistical analysis and control on traffic according to a policy defined by the system.
The existing DPI technical solution is mainly realized by hard mining, which needs a large amount of engineering operations, deploys and installs devices for light splitting, convergence, shunt and the like, and cannot collect traffic between different virtual machines of the same physical machine in the NFV platform, so that hard-mining data is incomplete, partial data is lost, and the final analysis result is incomplete.
Hard acquisition refers to that specific hardware, such as an optical splitter, a TAP, an exchange mirror image, and the like, is adopted to implement copy and shunt on physical transmission of a communication network, so as to complete acquisition and convergence of signaling data, and has the following disadvantages:
the collection benefit is not high under small flow:
the light splitting hard acquisition is suitable for large-flow and centralized acquisition, and is low in benefit under the scene of low flow and high distribution. Such as signaling acquisition under MEC.
Incomplete collection:
hard mining is performed on physical transmission equipment, and most of east-west traffic and even north-south traffic under a slice network under an NFV network do not pass through physical hardware, so that hard mining cannot be acquired.
Acquisition cannot be customized:
hard mining light splitting involves large engineering work, is long in time consumption, and is difficult to change once engineering is completed. Fast and flexible custom acquisition cannot be realized.
The post-association difficulty is large:
future IT and CT correlation analysis is a trend of NFV networks, and NFV technology also provides convenience for correlation analysis, but has great correlation difficulty after hard acquisition and MANO data.
Disclosure of Invention
The invention mainly aims to provide a system for realizing service identification and topology analysis by adopting a DPI technology based on NFV, and flexible custom acquisition is realized.
The invention further aims to provide a method for realizing service identification and topology analysis by adopting a DPI technology based on NFV.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a system for realizing service identification and topology analysis by adopting DPI technology based on NFV comprises a Web Manager management module, a Collector IT module, an Agent probe, a DPDK Capture acquisition module and a DPI module, wherein:
the Web Manager management module provides an acquisition management user interface, and comprises a system setting part and an NFV (network file virtualization) management part;
the Collector IT module acquires IT information including related CPUs, memories, disks and networks through API interfaces of the virtual platform, and performs preliminary statistical analysis on the IT information;
the Agent probe acquires related port information on the virtual platform, creates mirror image and tunnel technologies for the acquisition ports and leads related flow to a specified DPI server;
the DPDK Capture acquisition module acquires the flow on the DPI server by utilizing a DPDK high-performance acquisition technology;
and the DPI module completes service identification and topology analysis.
According to the scheme, the flow collection in the NFV cloud platform is realized through the Agent probe technology, and the flow collection can be realized for different virtual machines of the same physical machine besides the flow passing through the network card. This is not achievable with hard acquisition. Data acquisition, IT data, CT data and the like of a designated port can be flexibly realized through a visual management interface. While hard mining can only aggregate the full collection and needs a lot of engineering work in advance. Zero packet loss collection is realized by a DPDK collection module and a DPDK high-performance collection technology; the correlation of IT and CT data is synchronously realized, and more comprehensive multi-layer multi-domain correlation analysis is realized. Hard acquisition can only acquire CT data, and cannot realize acquisition and association of IT data.
Preferably, the system setting in the Web Manager management module includes user management, menu management, organization management, region management, role management and dictionary management, the NFV management includes NOVA management, Neutron management and file management, the Web Manager management module acquires relevant information of the cloud platform, including NOVA and Neutron, collects and analyzes IT relevant information periodically according to business requirements, defines an acquisition port by user according to the business requirements, and then issues a deployment Agent probe to perform data acquisition.
Preferably, the Collector IT module further obtains monitoring data and charging information through the Ceilometer component at the OpenStack platform.
Preferably, the Agent probe module issues an acquisition strategy customized by the Web Manager management module to a designated computer computing node, mirrors the data of a designated port through the mirror function of the vSwitch, and transmits the mirrored data to a designated DPI server for processing through tunnel technologies such as Vxlan establishment.
Preferably, the DPDK Capture module collects data of the virtual network interface card by using a high-performance collection technology of the DPDK, packages the data according to a collection packet standard pcap format, and expands the package on the basis of the pcap so as to quickly trace and locate the data of each data packet.
Preferably, the DPI module comprises an Xkernel module, an Adapter module, a KPI module, and a DbDump module, wherein:
the Xkernel module decodes, associates and backfills a signaling protocol to generate XDR information;
the Adapter module performs corresponding adaptation on the XDR field based on service requirements, including mapping relation processing and multi-field combination processing;
the KPI module performs correlation and business statistical analysis on information including CT, IT and MANO, and outputs a corresponding basic report;
and the DbDump module stores the XDR information and the KPI information in a warehouse and supports various relational databases and Hadoop big data platforms.
Preferably, the Xkernel module decodes, associates and learns the signaling data according to a 3GPP specification and a TCP/IP system protocol specification to generate customized XDR data, supports distributed processing by the Xkernel module design, and reasonably shunts data according to services and quickly and transversely expands the data. The DPI deep detection is very performance-consuming, and the data volume is doubled by ten times or one hundred times under the condition of 5G, so that the module design supports reasonable data distribution according to the service and supports quick transverse expansion, and the whole DPI processing system does not have processing bottleneck in a software layer.
Preferably, the KPI module correlates CT XDR and IT data and performs statistical analysis according to business requirements, the correlation of CT and IT is mainly performed through PORT _ ID, VLAN _ ID, MAC, IP, the correlation also includes multi-layer correlation among Host, VM, VNF, forming a complete network topology structure; and performing statistical analysis of various dimensions on the CT and IT data, wherein the statistical analysis comprises a Host dimension, a VM dimension, a VNF dimension, an MME (mobility management entity) network element dimension, an SGW (serving gateway) network element dimension, an eNodeB (evolved node B) network element dimension and a service dimension, and various performance indexes comprise performance indexes of a TCP (transmission control protocol) class, a HTTP (hyper text transport protocol) class and performance indexes of a UDP (user datagram protocol) class.
Preferably, the data pushed by the Adapter module, the KPI module and the Xkernel module are automatically tabulated and warehoused in various relational databases and Hadoop big data platforms for storage by the DbDump module, and the supported relational databases comprise MySql, PostgreSQL and Oracle; the table structures of various data sources are configured, multi-thread warehousing is configured according to specific service requirements, especially mass XDR data can be parallelly warehoused in batches, and warehousing performance is greatly improved.
The method for realizing the service identification and the topology analysis by adopting the DPI technology based on the NFV is applied to the system for realizing the service identification and the topology analysis by adopting the DPI technology based on the NFV, and comprises the following steps of:
s1: installing and deploying a Web Manager management module and a Collector IT module on a virtual machine Controller server deployed on a cloud platform, and configuring corresponding cloud platform information;
s2: checking all port information in a Web Manager management module, and customizing the ports to be acquired according to business requirements;
s3: checking the information of all the computing nodes in a Collector IT module, and obtaining the IT information comprising a CPU, an internal memory, a disk and a network in a user-defined manner according to the service requirement;
s4: installing and deploying an Agent probe on a computing node server for acquiring CT data;
s5: issuing a port data acquisition instruction through a Web Manager management module interface to acquire data of a designated port;
s6: creating a mirror image of the designated port at the computing node through the OVS, and establishing a corresponding Vxlan tunnel connection;
s7: establishing a corresponding Vxlan tunnel connection on a virtual machine DPI server deployed on a cloud platform, so that data of a specified port is exported to a specified DPI server;
s8: a DPDK Capture acquisition module is deployed on the DPI server, data acquisition is carried out on the Vxlan network port which is just established, and the data acquisition is transmitted to the DPI module;
s9: a DPI module is deployed on a DPI server and receives signaling data sent by a DPDK Capture acquisition module, and an Xkernel module performs signaling decoding, association and learning according to a 3GPP specification and a TCP/IP system protocol specification to generate XDR data;
s10: the Adapter module performs adaptation processing on the XDR according to the service requirement;
s11: the KPI module collects data of the Adapter module and the Collector IT module, performs correlation analysis on the data, and performs statistical analysis on various dimensions and indexes according to service requirements;
s12: and storing the XDR and KPI data into a relational database or a big data platform through a DbDump module for being used by an upper layer application.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
1. the traditional mobile core network uses special hardware equipment, and all traffic can be collected by hard mining. However, under the NFV platform, the collection of the traffic between some virtual machines cannot be realized by hard mining, and the traffic of the part is also very important data.
2. For the slice network of the NFV platform, all services may be a server, in order to collect the traffic, hard mining needs a large amount of engineering operations to be realized, and soft mining can quickly and flexibly realize collection and DPI processing only by software deployment.
3. Under the 5G NFV platform, the hard DPI can only analyze CT data, and the invention can realize the correlation analysis of CT, IT, MANO, Host, VM, VNF and other data, and realize the multilayer multi-domain correlation analysis.
Drawings
Fig. 1 is a system module connection diagram of the present invention.
FIG. 2 is a diagram of a system deployment implementation of the present invention.
FIG. 3 is a schematic flow chart of the method of the present invention.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
for the purpose of better illustrating the present embodiments, certain elements of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product;
it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical solution of the present invention is further described with reference to the drawings and the embodiments.
Example 1
The present embodiment provides a system for implementing service identification and topology analysis by using a DPI technology based on NFV, as shown in fig. 1, including a Web Manager management module, a Collector IT module, an Agent probe, a DPDK Capture acquisition module, and a DPI module, where:
the Web Manager management module provides an acquisition management user interface and comprises a system setting part and an NFV (network file system) management part;
the Collector IT module acquires IT information including related CPUs, memories, disks and networks through API interfaces of the virtual platform, and performs preliminary statistical analysis on the IT information;
the Agent probe acquires related port information on the virtual platform, creates mirror image and tunnel technologies for the acquisition ports, and leads related flow out to a specified DPI server;
the DPDK Capture acquisition module acquires the flow on the DPI server by using a DPDK high-performance acquisition technology;
and the DPI module completes service identification and topology analysis.
The system setting in the Web Manager management module comprises user management, menu management, mechanism management, area management, role management and dictionary management, the NFV management comprises NOVA management, Neutron management and file management, relevant information of the cloud platform, including NOVA and Neutron, is acquired through the Web Manager management module, IT relevant information is regularly collected and analyzed according to business requirements, a collection port is customized according to the business requirements, and then a deployment Agent probe is issued to carry out data collection.
The Collector IT module also obtains monitoring data and charging information through a Ceilometer component on the OpenStack platform.
The Agent probe module issues an acquisition strategy customized by the Web Manager management module to a designated computer computing node, mirrors the data of a designated port through the mirror function of the vSwitch, and transmits the mirrored data to a designated DPI server for processing through tunnel technologies such as Vxlan establishment.
The DPDK Capture acquisition module acquires data of the virtual network card by using a DPDK high-performance acquisition technology, packages the data according to an acquisition package standard pcap format, and expands the package on the basis of the pcap so as to quickly trace and position the data of each data packet.
The DPI module comprises an Xkernel module, an Adapter module, a KPI module and a DbDump module, wherein:
the Xkernel module decodes, associates and backfills a signaling protocol to generate XDR information;
the Adapter module performs corresponding adaptation on XDR fields based on service requirements, wherein the adaptation comprises mapping relation processing and multi-field combination processing;
the KPI module performs correlation and business statistical analysis on information including CT, IT and MANO, and outputs a corresponding basic report;
and the DbDump module stores XDR information and KPI information in a warehouse and supports various relational databases and Hadoop big data platforms.
The Xkernel module decodes, associates and learns the signaling data according to 3GPP specifications and TCP/IP system protocol specifications to generate customized XDR data, supports distributed processing, reasonably distributes data according to services and quickly and transversely expands the data.
The KPI module correlates CT XDR and IT data and performs statistical analysis according to business requirements, the correlation of CT and IT is mainly performed through PORT _ ID, VLAN _ ID, MAC and IP, the correlation also comprises multilayer correlation among Host, VM and VNF, and a complete network topology structure is formed; performing statistical analysis of various dimensions on CT and IT data, wherein the statistical analysis comprises a Host dimension, a VM dimension, a VNF dimension, an MME (mobility management entity) network element dimension, an SGW (serving gateway) network element dimension, an eNodeB (evolved node B) network element dimension and a service dimension, and various performance indexes are counted, and the statistical analysis comprises a TCP (transmission control protocol) performance index, an HTTP (hyper text transport protocol) performance index and a UDP (user datagram protocol) performance index.
The DbDump module automatically creates tables of data pushed by the Adapter module, the KPI module and the Xkernel module and stores the tables in various relational databases and Hadoop big data platforms for storage, and the supported relational databases comprise MySql, PostgreSQL and Oracle; and configuring table structures of various data sources, and configuring multi-thread warehousing according to specific service requirements.
In a specific implementation process, as shown in fig. 2, the system of the present invention is mainly deployed in a virtual machine of a cloud platform, and is mainly divided into two types of server Controller VM and DPI VM, and an Agent probe. The Controller VM is used for managing and controlling the whole acquisition system and comprises a Web Manager management module and a Collector IT module. The DPI VM is used for DPI processing and comprises a DPDK Capture acquisition module and a DPI module. The Agent probe is deployed into a computing node for mirroring and exporting data.
The main steps are as follows:
1. flexible self-defined collection, after receiving a user instruction by a Controller, issuing the instruction to an Agent;
2. the Agent is responsible for establishing a mirror image to lead the flow into a designated Port;
3. the Agent is responsible for establishing a tunnel and importing the flow into a specified DPI VM;
4. acquiring IT monitoring data and charging data from the OpenStack component;
5. decoding, correlating and identifying the flow in a DPI VM to generate an XDR and a statistical KPI;
example 2
This embodiment provides a method for implementing service identification and topology analysis by using a DPI technology based on an NFV, where the method is applied to the system for implementing service identification and topology analysis by using a DPI technology based on an NFV in embodiment 1, as shown in fig. 3, and includes the following steps:
s1: installing and deploying a Web Manager management module and a Collector IT module on a virtual machine Controller server deployed on a cloud platform, and configuring corresponding cloud platform information;
s2: checking all port information in a Web Manager management module, and customizing the ports to be acquired according to business requirements;
s3: checking the information of all the computing nodes in a Collector IT module, and obtaining the IT information comprising a CPU, a memory, a disk and a network in a user-defined mode according to business requirements;
s4: installing and deploying an Agent probe on a computing node server for acquiring CT data;
s5: issuing a port data acquisition instruction through a Web Manager management module interface to acquire data of a designated port;
s6: creating a mirror image of the designated port at the computing node through the OVS, and establishing a corresponding Vxlan tunnel connection;
s7: establishing a corresponding Vxlan tunnel connection on a virtual machine DPI server deployed on a cloud platform, so that data of a specified port is exported to a specified DPI server;
s8: a DPDK Capture acquisition module is deployed on the DPI server, data acquisition is carried out on the Vxlan network port which is just established, and the data acquisition is transmitted to the DPI module;
s9: a DPI module is deployed on a DPI server and receives signaling data sent by a DPDK Capture acquisition module, and an Xkernel module performs signaling decoding, association and learning according to a 3GPP specification and a TCP/IP system protocol specification to generate XDR data;
s10: the Adapter module performs adaptation processing on the XDR according to service requirements;
s11: the KPI module collects data of the Adapter module and the Collector IT module, performs correlation analysis on the data, and performs statistical analysis on various dimensions and indexes according to business requirements;
s12: and storing the XDR and KPI data into a relational database or a big data platform through a DbDump module for being used by an upper layer application.
The same or similar reference numerals correspond to the same or similar parts;
the terms describing positional relationships in the drawings are for illustrative purposes only and should not be construed as limiting the patent;
it should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (8)
1. A system for realizing service identification and topology analysis by adopting DPI technology based on NFV is characterized by comprising a Web Manager management module, a Collector IT module, an Agent probe, a DPDK Capture acquisition module and a DPI module, wherein:
the Web Manager management module provides an acquisition management user interface, and comprises a system setting part and an NFV (network file virtualization) management part;
the Collector IT module acquires IT information including related CPUs, memories, disks and networks through API interfaces of the virtual platform, and performs preliminary statistical analysis on the IT information;
the Agent probe acquires related port information on the virtual platform, creates mirror image and tunnel technologies for the acquisition ports, and leads related flow out to a specified DPI server;
the DPDK Capture acquisition module acquires the flow on the DPI server by using a DPDK high-performance acquisition technology;
the DPI module completes service identification and topology analysis;
the DPI module comprises an Xkernel module, an Adapter module, a KPI module and a DbDump module, wherein:
the Xkernel module decodes, associates and backfills a signaling protocol to generate XDR information;
the Adapter module performs corresponding adaptation on the XDR field based on service requirements, including mapping relation processing and multi-field combination processing;
the KPI module performs correlation and business statistical analysis on information including CT, IT and MANO, and outputs a corresponding basic report;
the DbDump module stores XDR information and KPI information in a warehouse and supports various relational databases and Hadoop big data platforms;
the KPI module associates CT XDR and IT data and performs statistical analysis according to service requirements, wherein the association of CT and IT is mainly performed through PORT _ ID, VLAN _ ID, MAC and IP, and the association also comprises multilayer association among Host, VM and VNF, so as to form a complete network topology structure; and performing statistical analysis of various dimensions on the CT and IT data, wherein the statistical analysis comprises a Host dimension, a VM dimension, a VNF dimension, an MME (mobility management entity) network element dimension, an SGW (serving gateway) network element dimension, an eNodeB (evolved node B) network element dimension and a service dimension, and various performance indexes comprise performance indexes of a TCP (transmission control protocol) class, a HTTP (hyper text transport protocol) class and performance indexes of a UDP (user datagram protocol) class.
2. The system according to claim 1, wherein the system settings in the Web Manager management module include user management, menu management, organization management, region management, role management, and dictionary management, the NFV management includes NOVA management, Neutron management, and file management, the Web Manager management module obtains relevant information of the cloud platform, including NOVA and Neutron, periodically collects and analyzes IT relevant information according to business requirements, defines a collection port according to business requirements, and issues a deployment Agent probe to collect data.
3. The system of claim 1, wherein the Collector IT module further obtains monitoring data and charging information through a Ceilometer component in an OpenStack platform.
4. The system according to claim 1, wherein the Agent probe module issues to the designated computer node through an acquisition policy customized by the Web Manager management module, mirrors the data at the designated port through a mirror function of vSwitch, and transmits the mirrored data to the designated DPI server for processing through a Vxlan tunnel establishment technique.
5. The system according to claim 1, wherein the DPDK Capture module collects data of the virtual network interface card using a high-performance DPDK collection technique, packages the data according to a standard pcap format of a collection packet, and expands the package on the basis of the pcap so as to quickly trace back and locate data of each data packet.
6. The system according to claim 1, wherein the Xkernel module decodes, associates, and learns the signaling data according to 3GPP specifications and TCP/IP system protocol specifications to generate customized XDR data, supports distributed processing, performs reasonable data distribution according to services, and performs rapid lateral expansion.
7. The system according to claim 1, wherein the DbDump module automatically creates tables for data pushed by the Adapter module, the KPI module, and the Xkernel module, and stores the tables in various relational databases and Hadoop big data platforms for storage, and the supported relational databases include MySql, PostgreSQL, Oracle; and configuring table structures of various data sources, and configuring multiple threads for storage according to specific service requirements.
8. A method for implementing service identification and topology analysis by using DPI technology based on NFV, which is applied to the system for implementing service identification and topology analysis by using DPI technology based on NFV according to any one of claims 1 to 7, and comprises the following steps:
s1: installing and deploying a Web Manager management module and a Collector IT module on a virtual machine Controller server deployed on a cloud platform, and configuring corresponding cloud platform information;
s2: checking all port information in a Web Manager management module, and customizing the ports to be acquired according to business requirements;
s3: checking the information of all the computing nodes in a Collector IT module, and obtaining the IT information comprising a CPU, a memory, a disk and a network in a user-defined mode according to business requirements;
s4: installing and deploying an Agent probe on a computing node server for acquiring CT data;
s5: issuing a port data acquisition instruction through a Web Manager management module interface to acquire data of a designated port;
s6: creating a mirror image of an appointed port at a computing node through an OVS (optical virtual system), and establishing a corresponding Vxlan tunnel connection;
s7: establishing a corresponding Vxlan tunnel connection on a virtual machine DPI server deployed on a cloud platform, so that data of a specified port is exported to a specified DPI server;
s8: a DPDK Capture acquisition module is deployed on the DPI server, data acquisition is carried out on the Vxlan network port which is just established, and the data acquisition is transmitted to the DPI module;
s9: a DPI module is deployed on a DPI server and receives signaling data sent by a DPDK Capture acquisition module, and an Xkernel module performs signaling decoding, association and learning according to a 3GPP specification and a TCP/IP system protocol specification to generate XDR data;
s10: the Adapter module performs adaptation processing on the XDR according to the service requirement;
s11: the KPI module collects data of the Adapter module and the Collector IT module, performs correlation analysis on the data, and performs statistical analysis on various dimensions and indexes according to service requirements;
s12: and storing the XDR and KPI data into a relational database or a big data platform through a DbDump module for an upper layer application to use.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911039769.3A CN110912731B (en) | 2019-10-29 | 2019-10-29 | NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911039769.3A CN110912731B (en) | 2019-10-29 | 2019-10-29 | NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110912731A CN110912731A (en) | 2020-03-24 |
| CN110912731B true CN110912731B (en) | 2022-07-26 |
Family
ID=69814670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911039769.3A Active CN110912731B (en) | 2019-10-29 | 2019-10-29 | NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110912731B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113973127B (en) * | 2020-07-24 | 2024-03-19 | 中移(苏州)软件技术有限公司 | Network deployment method, device and storage medium |
| CN113542160A (en) * | 2021-05-27 | 2021-10-22 | 贵州电网有限责任公司 | SDN-based method and system for pulling east-west flow in cloud |
| CN113434252B (en) * | 2021-06-28 | 2023-04-07 | 电子科技大学 | Customized VNF deployment system and method for 5G network function virtualization |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354530A (en) * | 2013-07-18 | 2013-10-16 | 北京启明星辰信息技术股份有限公司 | Virtualization network boundary data flow gathering method and apparatus |
| CN104376005A (en) * | 2013-08-14 | 2015-02-25 | 中国移动通信集团甘肃有限公司 | Method and system for processing user detail lists by software heartbeat mechanism signaling access probe |
| CN105827629A (en) * | 2016-05-04 | 2016-08-03 | 王燕清 | Software definition safety guiding device under cloud computing environment and implementation method thereof |
| CN105897611A (en) * | 2016-06-24 | 2016-08-24 | 武汉绿色网络信息服务有限责任公司 | SDN based system and method for achieving service recognition and traffic scheduling through DPI technology |
| CN106209506A (en) * | 2016-06-30 | 2016-12-07 | 瑞斯康达科技发展股份有限公司 | A kind of virtualization deep-packet detection flow analysis method and system |
| US9979602B1 (en) * | 2014-08-25 | 2018-05-22 | Cisco Technology, Inc. | Network function virtualization infrastructure pod in a network environment |
| CN108234315A (en) * | 2016-12-21 | 2018-06-29 | 青岛祥智电子技术有限公司 | Image network flow control protocol in a kind of virtualized network environment |
| CN108616419A (en) * | 2018-03-30 | 2018-10-02 | 武汉虹旭信息技术有限责任公司 | A kind of packet capture analysis system and its method based on Docker |
| US10110462B1 (en) * | 2016-09-16 | 2018-10-23 | Sprint Communications Company L.P. | False positive protection for Network Function Virtualization (NFV) virtual probe deployment |
| CN109842528A (en) * | 2019-03-19 | 2019-06-04 | 西安交通大学 | A kind of dispositions method of the service function chain based on SDN and NFV |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101703088B1 (en) * | 2015-04-10 | 2017-02-22 | 쿨클라우드(주) | Aggregated routing method based on sdn and system thereof |
| US9742790B2 (en) * | 2015-06-16 | 2017-08-22 | Intel Corporation | Technologies for secure personalization of a security monitoring virtual network function |
-
2019
- 2019-10-29 CN CN201911039769.3A patent/CN110912731B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354530A (en) * | 2013-07-18 | 2013-10-16 | 北京启明星辰信息技术股份有限公司 | Virtualization network boundary data flow gathering method and apparatus |
| CN104376005A (en) * | 2013-08-14 | 2015-02-25 | 中国移动通信集团甘肃有限公司 | Method and system for processing user detail lists by software heartbeat mechanism signaling access probe |
| US9979602B1 (en) * | 2014-08-25 | 2018-05-22 | Cisco Technology, Inc. | Network function virtualization infrastructure pod in a network environment |
| CN105827629A (en) * | 2016-05-04 | 2016-08-03 | 王燕清 | Software definition safety guiding device under cloud computing environment and implementation method thereof |
| CN105897611A (en) * | 2016-06-24 | 2016-08-24 | 武汉绿色网络信息服务有限责任公司 | SDN based system and method for achieving service recognition and traffic scheduling through DPI technology |
| CN106209506A (en) * | 2016-06-30 | 2016-12-07 | 瑞斯康达科技发展股份有限公司 | A kind of virtualization deep-packet detection flow analysis method and system |
| US10110462B1 (en) * | 2016-09-16 | 2018-10-23 | Sprint Communications Company L.P. | False positive protection for Network Function Virtualization (NFV) virtual probe deployment |
| CN108234315A (en) * | 2016-12-21 | 2018-06-29 | 青岛祥智电子技术有限公司 | Image network flow control protocol in a kind of virtualized network environment |
| CN108616419A (en) * | 2018-03-30 | 2018-10-02 | 武汉虹旭信息技术有限责任公司 | A kind of packet capture analysis system and its method based on Docker |
| CN109842528A (en) * | 2019-03-19 | 2019-06-04 | 西安交通大学 | A kind of dispositions method of the service function chain based on SDN and NFV |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110912731A (en) | 2020-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3780502B1 (en) | Underlay-overlay correlation | |
| CN110912731B (en) | NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology | |
| WO2021017301A1 (en) | Management method and apparatus based on kubernetes cluster, and computer-readable storage medium | |
| EP3304816B1 (en) | Interactive hierarchical network chord diagram for application dependency mapping | |
| CN110535831A (en) | Cluster safety management method, device and storage medium based on Kubernetes and network domains | |
| CN105024855B (en) | Distributed type assemblies manage system and method | |
| CN103516802A (en) | Method and device for achieving seamless transference of across heterogeneous virtual switch | |
| CN103546343B (en) | The network traffics methods of exhibiting of network traffic analysis system and system | |
| CN110247784A (en) | The method and apparatus for determining network topology structure | |
| CN114143203A (en) | Kubernetes container network data packet index acquisition method and system based on dynamic service topological mapping | |
| CN110838936B (en) | Power distribution communication network management system and method | |
| Hyun et al. | Real‐time and fine‐grained network monitoring using in‐band network telemetry | |
| CN113867884B (en) | Method and system for computer network and storage medium | |
| CN106612335B (en) | The method of the information exchange and communication of IoT is realized using Docker container | |
| CN109391516A (en) | Realize the cloud third party NMS system of more producer UTN equipment centralized maintenance management | |
| CN106982244A (en) | The method and apparatus that the message mirror of dynamic flow is realized under cloud network environment | |
| US20200201874A1 (en) | Systems and methods for providing dynamically configured responsive storage | |
| CN105227403B (en) | A kind of OpenStack network flow monitoring methods | |
| CN106487598B (en) | The more examples of isomery redundancy Snmp agreements realize system and its implementation | |
| CN110708209B (en) | Virtual machine flow acquisition method and device, electronic equipment and storage medium | |
| US11121946B2 (en) | Capturing packets in a virtual switch | |
| Usman et al. | SmartX Multi‐View Visibility Framework for unified monitoring of SDN‐enabled multisite clouds | |
| CN104917623B (en) | A kind of method and device for realizing SDN network telecommunication management | |
| CN104079440A (en) | Synchronous configuration method of primary equipment and stand-by equipment and SNMP (Simple Network Management Protocol) system | |
| CN104994137B (en) | A kind of method of network readezvous point agency |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |