CN110943867A - System and method for deducing application architecture information through network relationship - Google Patents

System and method for deducing application architecture information through network relationship Download PDF

Info

Publication number
CN110943867A
CN110943867A CN201911233224.6A CN201911233224A CN110943867A CN 110943867 A CN110943867 A CN 110943867A CN 201911233224 A CN201911233224 A CN 201911233224A CN 110943867 A CN110943867 A CN 110943867A
Authority
CN
China
Prior art keywords
information
address
application
network
address information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911233224.6A
Other languages
Chinese (zh)
Other versions
CN110943867B (en
Inventor
黄成�
王泊
高强
宫珂
楼晓鸿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Stock Exchange Technology Co Ltd
Original Assignee
Shanghai Stock Exchange Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Stock Exchange Technology Co Ltd filed Critical Shanghai Stock Exchange Technology Co Ltd
Priority to CN201911233224.6A priority Critical patent/CN110943867B/en
Publication of CN110943867A publication Critical patent/CN110943867A/en
Application granted granted Critical
Publication of CN110943867B publication Critical patent/CN110943867B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention relates to the technical field of architecture maintenance of application operation and maintenance, in particular to a system and a method for deducing application architecture information through network relationship, which is characterized by comprising the following steps: s1, detecting network flow which really occurs in an environment; s2, extracting the address information of a source and a destination in the network packet, S3, searching an application example according to the address information, and S4, extracting the relevant information of the example, wherein the method has the advantages that: compared with the traditional manual registration and maintenance application architecture, the method can ensure the information to be updated in time and ensure the integrity and correctness of the information; compared with automatic information acquisition based on Agent, the method can maintain the stock application framework which has long run and can not be traced, and can effectively solve the problem of relation information collection between applications.

Description

System and method for deducing application architecture information through network relationship
Technical Field
The invention relates to the technical field of architecture maintenance of application operation and maintenance, in particular to a system and a method for deducing application architecture information through network relationship.
Background
In the information age, the distributed service architecture leads to rapid increase of information complexity, and brings greater complexity to the availability operation and maintenance work. The problem of complexity is solved by clearly combing out application architecture information or establishing an application CMDB. Currently, a common way to maintain application architecture information is manual registration and Agent-based configuration acquisition.
The manual registration maintenance application architecture is a conventional method, but it is difficult to ensure timely update of information and integrity and correctness of information. With the development of automation technology, Agent-based information automatic acquisition technology is gradually used to construct the CMDB. The Agent-based information acquisition has a good effect on the construction of hardware network information due to the relatively high standardization degree of hardware facilities, but has certain difficulty in the information collection of an application architecture. On the basis of Agent acquisition, information such as catalogs and versions of applications needs to be configured in advance, on one hand, stock application architecture information which has long run and cannot be traced is difficult to maintain, on the other hand, only information of the applications can be collected, and the problem of relation information collection among the applications cannot be effectively solved. In a service scene, a traditional single application is often developed into a distributed form with hundreds of service instances, and no matter manual maintenance or Agent collection is adopted for information maintenance based on a preset condition, application architecture information cannot be well maintained.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a system and a method for deducing application architecture information through a network relationship, which can find missing and error information in time and improve CMDB establishment.
In order to achieve the above object, a method for deriving application architecture information through network relationship is designed, which is characterized by comprising the following steps:
s1, detecting network flow which really occurs in an environment;
s2, extracting source and destination address information in the network packet;
s3, searching an application example according to the address information;
and S4, extracting the instance related information.
The method comprises the following steps:
(1) address extraction phase
The interception network flow extracts the address of the data packet, wherein the TCP and the UDP are processed by different behaviors:
step 001: extracting source end and destination end address information in a TCP network packet, wherein the source end and destination end address information mainly comprises IP addresses and port information;
step 002: extracting destination end address information in a UDP network packet, wherein the destination end address information mainly comprises an IP address and port information, judging whether a source end address is included after extraction, if the source end address information exists, further extracting the source end address, and if not, entering a stage to be detected;
step 003: extracting source end address information in a UDP network packet;
(2) stage under inspection
Comprises judging the address to be checked, if the relevant application information is known, then no check is needed, otherwise, putting the address to be checked into the queue and taking it out of the queue,
step 101: putting the address to be detected into a detection queue;
step 102: the checking program takes out the address to be checked from the queue to be checked;
(3) detection phase
The address to be detected is detected to match the application information, the detection of the address information is detected through an operating system management process or is called by a resource management platform API,
step 201: according to the address information, communicating a detection program of a host where the address is located, and sending the address information to an Agent, wherein the Agent distinguishes whether to obtain detailed address information through an operating system or a resource management platform according to a resource management model;
step 202: the Agent acquires the application process information using the address by calling an operating system related interface;
step 203: inquiring an application information base according to the application process information;
step 204: if the result is not inquired, the process description information is used as application information;
(4) stage of recording results
And processing the detection result, and recording the obtained information into an application information base, wherein the new record can take effect formally after a certain approval process.
The method steps further comprise
Step 205, if the resource is managed by the resource management platform, converting the process information into task information which can be identified by the platform, and acquiring application detailed information according to the platform task information;
and step 206, acquiring application detailed information according to the platform task information.
The system for deducing application architecture information through network relationship is characterized by comprising a network packet analysis module, a queue analysis module and a network packet analysis module, wherein the network packet analysis module is used for acquiring network flow, extracting address information and putting the address information into a queue to be detected according to requirements after repeated judgment;
the inspection module acquires address information from the queue to be inspected and judges or inspects the address information;
the application information base is used for counting the acquired information.
The network packet analysis module comprises a network interception module and a cache, wherein the network interception module intercepts the mirror flow of the network card and the switch to obtain a data packet, the address information of a source and a destination is extracted, the cache is an address base based on an efficient search algorithm, the address base is application information which is identified in an application information base, and in the process of program operation, each address is identified and added into the cache to avoid repeated detection.
The checking module comprises an execution module and a scheduling module, the execution module acquires process information using an address on host equipment according to the address information to be detected, after the process information is acquired, different acquiring application modes are distinguished according to whether the equipment is a resource management platform admission machine, for a non-admission machine, a starting program path and a name of the process are directly used as application identifiers, for the resource management platform admission machine, the process is required to be converted into corresponding task identifiers, and accurate application information is further acquired from the platform according to the task identifiers; the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
Compared with the prior art, the invention has the advantages that:
1. compared with the traditional manual registration and maintenance application architecture, the method can ensure the information to be updated in time and ensure the integrity and correctness of the information;
2. compared with automatic information acquisition based on Agent, the method can maintain the stock application framework which has long run and can not be traced, and can effectively solve the problem of relation information collection between applications.
Drawings
FIG. 1 is a schematic view of the present invention;
FIG. 2 is a flow chart of the processing logic of the present invention.
Detailed Description
The technical scheme of the invention is clearly and completely described below by combining the attached drawings in the embodiment of the invention. The invention mainly comprises four parts: the system comprises a network packet analysis program, a queue to be detected, a detection program and an application information base. It is obvious that the described embodiments are only a few examples of the invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, belong to the scope of the present invention.
The network packet analysis program can efficiently analyze network traffic, and a core module of the network packet analysis program comprises:
1. network interception program: and intercepting the mirror flow of the network card and the exchanger to obtain a data packet, and extracting the address information of the source and the destination.
2. Caching: the cache is an address base based on an efficient search algorithm, and the address base is the application information which is identified in the application information base. When the program is started, the application information base is loaded, every address is identified in the running process of the program, the address is added into the cache, repeated detection is avoided, and the cache can be placed locally or stored remotely as a shared cache according to performance requirements.
The invention provides for coupling network packet analysis and detection procedures via a queue of pending messages. And the packet analysis program removes the duplicate of the extracted unidentified address and sends the unidentified address to the message queue, and the detection program acquires the detection task from the message queue for asynchronous processing.
And after the detection program subscribes to the address, starting detection work. The detection program is structurally divided into two layers: scheduling and executing, wherein the subscribing to the address information is completed by the scheduling module.
An execution module: according to the address information to be detected, process information using the address is obtained on the equipment such as the host computer, and the process information is generally operated on the same equipment indicated by the address to be detected. Firstly, finding out a corresponding process ID (such as lsof, ps command and the like) according to the port number of the address, and further acquiring the detailed information of the process ID.
After the process information is acquired, different acquisition application modes can be distinguished according to whether the equipment is a resource management platform nanotube machine or not. For a non-managed machine, the path and name of the starting program of the process are directly used as application identification. For the resource platform hosting device, the process needs to be converted into a corresponding task identifier (such as docker id), and accurate application information is further retrieved from the platform according to the task identifier.
A scheduling module: the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
The application information base is an application CMDB form or CMDB containing hardware information at the same time, and maintains different components of the application and the association relation of the components. Meanwhile, an API for query and management is provided externally.

Claims (6)

1. A method for deducing application architecture information through network relationship is characterized in that the method comprises the following steps:
s1, detecting network flow which really occurs in an environment;
s2, extracting source and destination address information in the network packet;
s3, searching an application example according to the address information;
and S4, extracting the instance related information.
2. A method for deriving application architecture information via network relations as claimed in claim 1, characterized in that the method steps are as follows:
(1) address extraction phase
The interception network flow extracts the address of the data packet, wherein the TCP and the UDP are processed by different behaviors:
step 001: extracting source end and destination end address information in a TCP network packet, wherein the source end and destination end address information mainly comprises IP addresses and port information;
step 002: extracting destination end address information in a UDP network packet, wherein the destination end address information mainly comprises an IP address and port information, judging whether a source end address is included after extraction, if the source end address information exists, further extracting the source end address, and if not, entering a stage to be detected;
step 003: extracting source end address information in a UDP network packet;
(2) stage under inspection
Comprises judging the address to be checked, if the relevant application information is known, then no check is needed, otherwise, putting the address to be checked into the queue and taking it out of the queue,
step 101: putting the address to be detected into a detection queue;
step 102: the checking program takes out the address to be checked from the queue to be checked;
(3) detection phase
The address to be detected is detected to match the application information, the detection of the address information is detected through an operating system management process or is called by a resource management platform API,
step 201: according to the address information, communicating a detection program of a host where the address is located, and sending the address information to an Agent, wherein the Agent distinguishes whether to obtain detailed address information through an operating system or a resource management platform according to a resource management model;
step 202: the Agent acquires the application process information using the address by calling an operating system related interface;
step 203: inquiring an application information base according to the application process information;
step 204: if the result is not inquired, the process description information is used as application information;
(4) stage of recording results
And processing the detection result, and recording the obtained information into an application information base, wherein the new record can take effect formally after a certain approval process.
3. The method of claim 2, wherein the method steps further comprise deriving application architecture information via network relationships
Step 205, if the resource is managed by the resource management platform, converting the process information into task information which can be identified by the platform, and acquiring application detailed information according to the platform task information;
and step 206, acquiring application detailed information according to the platform task information.
4. A system for deducing application architecture information through network relationship is characterized by comprising
The network packet analysis module is used for acquiring network flow, extracting address information, and putting the network flow into a queue to be detected according to the requirement after repeated judgment;
the inspection module acquires address information from the queue to be inspected and judges or inspects the address information;
the application information base is used for counting the acquired information.
5. The system according to claim 4, wherein the network packet analysis module comprises a network snooping module and a cache, the network snooping module snoops the mirror traffic of the network card and the switch, acquires the data packet, extracts the address information of the source destination, and the cache is an address base based on an efficient lookup algorithm, the address base is the application information already identified in the application information base, and each address identified in the program running process is added to the cache to avoid duplicate detection.
6. The system according to claim 4, wherein the inspection module includes an execution module and a scheduling module, the execution module obtains process information using the address on the host device according to the address information to be inspected, after the process information is obtained, different obtaining application modes are distinguished according to whether the device is a resource management platform hosting machine, for a non-hosting machine, a starting program path and a name of the process are directly used as application identifiers, for the resource management platform hosting device, the process needs to be converted into corresponding task identifiers, and accurate application information is further obtained from the platform according to the task identifiers; the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
CN201911233224.6A 2019-12-05 2019-12-05 System and method for deducing application architecture information through network relationship Active CN110943867B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911233224.6A CN110943867B (en) 2019-12-05 2019-12-05 System and method for deducing application architecture information through network relationship

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911233224.6A CN110943867B (en) 2019-12-05 2019-12-05 System and method for deducing application architecture information through network relationship

Publications (2)

Publication Number Publication Date
CN110943867A true CN110943867A (en) 2020-03-31
CN110943867B CN110943867B (en) 2022-08-16

Family

ID=69909538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911233224.6A Active CN110943867B (en) 2019-12-05 2019-12-05 System and method for deducing application architecture information through network relationship

Country Status (1)

Country Link
CN (1) CN110943867B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911466A (en) * 2017-11-29 2018-04-13 北京安华金和科技有限公司 A kind of association method under multi-layer framework
CN108205569A (en) * 2016-12-19 2018-06-26 中国移动通信集团山西有限公司 For updating the method and apparatus of configuration management database
CN108234356A (en) * 2017-11-29 2018-06-29 中电科华云信息技术有限公司 Optimization application resource Distribution Strategy based on application relational network
CN109189650A (en) * 2018-08-21 2019-01-11 贵州电网有限责任公司 A kind of operation system topological diagram of IT operational system shows method
CN109218080A (en) * 2018-08-21 2019-01-15 平安科技(深圳)有限公司 A kind of method, monitoring system and the terminal device of automatic drafting network topology architecture
US20190081861A1 (en) * 2017-09-14 2019-03-14 E.S.I. Software Ltd. System and method for determining information technology component dependencies in enterprise applications by analyzing configuration data
CN110086682A (en) * 2019-05-22 2019-08-02 四川新网银行股份有限公司 Service link call relation view and failure root based on TCP are because of localization method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108205569A (en) * 2016-12-19 2018-06-26 中国移动通信集团山西有限公司 For updating the method and apparatus of configuration management database
US20190081861A1 (en) * 2017-09-14 2019-03-14 E.S.I. Software Ltd. System and method for determining information technology component dependencies in enterprise applications by analyzing configuration data
CN107911466A (en) * 2017-11-29 2018-04-13 北京安华金和科技有限公司 A kind of association method under multi-layer framework
CN108234356A (en) * 2017-11-29 2018-06-29 中电科华云信息技术有限公司 Optimization application resource Distribution Strategy based on application relational network
CN109189650A (en) * 2018-08-21 2019-01-11 贵州电网有限责任公司 A kind of operation system topological diagram of IT operational system shows method
CN109218080A (en) * 2018-08-21 2019-01-15 平安科技(深圳)有限公司 A kind of method, monitoring system and the terminal device of automatic drafting network topology architecture
CN110086682A (en) * 2019-05-22 2019-08-02 四川新网银行股份有限公司 Service link call relation view and failure root based on TCP are because of localization method

Also Published As

Publication number Publication date
CN110943867B (en) 2022-08-16

Similar Documents

Publication Publication Date Title
CN108200111B (en) Resource configuration information updating method and device and resource interface equipment
CN110716842B (en) Cluster fault detection method and device
CN112269718B (en) Service system fault analysis method and device
WO2019001312A1 (en) Method and apparatus for realizing alarm association, and computer readable storage medium
CN107066390A (en) A kind of Dram leakage detection method and system
CN113242157B (en) Centralized data quality monitoring method under distributed processing environment
CN107347016B (en) Signaling flow model identification method and abnormal signaling flow identification method
CN107870850A (en) A kind of efficient the Internet, applications log system
GB2569678A (en) Automation of SQL tuning method and system using statistic SQL pattern analysis
CN108429747A (en) A kind of extensive Web server information collecting method
CN110943867B (en) System and method for deducing application architecture information through network relationship
CN108228417B (en) Internet of vehicles log processing method and device
CN105207829B (en) Intrusion detection data processing method, device and system
CN113641742A (en) Data extraction method, device, equipment and storage medium
CN103475531A (en) Abnormity processing method, automatic inspection console and knowledge base system
US8429458B2 (en) Method and apparatus for system analysis
CN112182065A (en) Asset management system and method based on automatic acquisition and multi-source import
US7363615B2 (en) Stack-based callbacks for diagnostic data generation
CN114629786A (en) Log real-time analysis method, device, storage medium and system
CN113572628A (en) Data association method and device, computing equipment and computer storage medium
EP2533153B1 (en) Unit for managing messages indicating event situations of monitored objects
US8930369B2 (en) Information processing apparatus, message classifying method and non-transitory medium for associating series of transactions
CN110620682A (en) Resource information acquisition method and device, storage medium and terminal
JP4286594B2 (en) Fault analysis data collection device and method
CN115766278B (en) Firewall policy generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant