CN110943867A - System and method for deducing application architecture information through network relationship - Google Patents
System and method for deducing application architecture information through network relationship Download PDFInfo
- Publication number
- CN110943867A CN110943867A CN201911233224.6A CN201911233224A CN110943867A CN 110943867 A CN110943867 A CN 110943867A CN 201911233224 A CN201911233224 A CN 201911233224A CN 110943867 A CN110943867 A CN 110943867A
- Authority
- CN
- China
- Prior art keywords
- information
- address
- application
- network
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2475—Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to the technical field of architecture maintenance of application operation and maintenance, in particular to a system and a method for deducing application architecture information through network relationship, which is characterized by comprising the following steps: s1, detecting network flow which really occurs in an environment; s2, extracting the address information of a source and a destination in the network packet, S3, searching an application example according to the address information, and S4, extracting the relevant information of the example, wherein the method has the advantages that: compared with the traditional manual registration and maintenance application architecture, the method can ensure the information to be updated in time and ensure the integrity and correctness of the information; compared with automatic information acquisition based on Agent, the method can maintain the stock application framework which has long run and can not be traced, and can effectively solve the problem of relation information collection between applications.
Description
Technical Field
The invention relates to the technical field of architecture maintenance of application operation and maintenance, in particular to a system and a method for deducing application architecture information through network relationship.
Background
In the information age, the distributed service architecture leads to rapid increase of information complexity, and brings greater complexity to the availability operation and maintenance work. The problem of complexity is solved by clearly combing out application architecture information or establishing an application CMDB. Currently, a common way to maintain application architecture information is manual registration and Agent-based configuration acquisition.
The manual registration maintenance application architecture is a conventional method, but it is difficult to ensure timely update of information and integrity and correctness of information. With the development of automation technology, Agent-based information automatic acquisition technology is gradually used to construct the CMDB. The Agent-based information acquisition has a good effect on the construction of hardware network information due to the relatively high standardization degree of hardware facilities, but has certain difficulty in the information collection of an application architecture. On the basis of Agent acquisition, information such as catalogs and versions of applications needs to be configured in advance, on one hand, stock application architecture information which has long run and cannot be traced is difficult to maintain, on the other hand, only information of the applications can be collected, and the problem of relation information collection among the applications cannot be effectively solved. In a service scene, a traditional single application is often developed into a distributed form with hundreds of service instances, and no matter manual maintenance or Agent collection is adopted for information maintenance based on a preset condition, application architecture information cannot be well maintained.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a system and a method for deducing application architecture information through a network relationship, which can find missing and error information in time and improve CMDB establishment.
In order to achieve the above object, a method for deriving application architecture information through network relationship is designed, which is characterized by comprising the following steps:
s1, detecting network flow which really occurs in an environment;
s2, extracting source and destination address information in the network packet;
s3, searching an application example according to the address information;
and S4, extracting the instance related information.
The method comprises the following steps:
(1) address extraction phase
The interception network flow extracts the address of the data packet, wherein the TCP and the UDP are processed by different behaviors:
step 001: extracting source end and destination end address information in a TCP network packet, wherein the source end and destination end address information mainly comprises IP addresses and port information;
step 002: extracting destination end address information in a UDP network packet, wherein the destination end address information mainly comprises an IP address and port information, judging whether a source end address is included after extraction, if the source end address information exists, further extracting the source end address, and if not, entering a stage to be detected;
step 003: extracting source end address information in a UDP network packet;
(2) stage under inspection
Comprises judging the address to be checked, if the relevant application information is known, then no check is needed, otherwise, putting the address to be checked into the queue and taking it out of the queue,
step 101: putting the address to be detected into a detection queue;
step 102: the checking program takes out the address to be checked from the queue to be checked;
(3) detection phase
The address to be detected is detected to match the application information, the detection of the address information is detected through an operating system management process or is called by a resource management platform API,
step 201: according to the address information, communicating a detection program of a host where the address is located, and sending the address information to an Agent, wherein the Agent distinguishes whether to obtain detailed address information through an operating system or a resource management platform according to a resource management model;
step 202: the Agent acquires the application process information using the address by calling an operating system related interface;
step 203: inquiring an application information base according to the application process information;
step 204: if the result is not inquired, the process description information is used as application information;
(4) stage of recording results
And processing the detection result, and recording the obtained information into an application information base, wherein the new record can take effect formally after a certain approval process.
The method steps further comprise
Step 205, if the resource is managed by the resource management platform, converting the process information into task information which can be identified by the platform, and acquiring application detailed information according to the platform task information;
and step 206, acquiring application detailed information according to the platform task information.
The system for deducing application architecture information through network relationship is characterized by comprising a network packet analysis module, a queue analysis module and a network packet analysis module, wherein the network packet analysis module is used for acquiring network flow, extracting address information and putting the address information into a queue to be detected according to requirements after repeated judgment;
the inspection module acquires address information from the queue to be inspected and judges or inspects the address information;
the application information base is used for counting the acquired information.
The network packet analysis module comprises a network interception module and a cache, wherein the network interception module intercepts the mirror flow of the network card and the switch to obtain a data packet, the address information of a source and a destination is extracted, the cache is an address base based on an efficient search algorithm, the address base is application information which is identified in an application information base, and in the process of program operation, each address is identified and added into the cache to avoid repeated detection.
The checking module comprises an execution module and a scheduling module, the execution module acquires process information using an address on host equipment according to the address information to be detected, after the process information is acquired, different acquiring application modes are distinguished according to whether the equipment is a resource management platform admission machine, for a non-admission machine, a starting program path and a name of the process are directly used as application identifiers, for the resource management platform admission machine, the process is required to be converted into corresponding task identifiers, and accurate application information is further acquired from the platform according to the task identifiers; the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
Compared with the prior art, the invention has the advantages that:
1. compared with the traditional manual registration and maintenance application architecture, the method can ensure the information to be updated in time and ensure the integrity and correctness of the information;
2. compared with automatic information acquisition based on Agent, the method can maintain the stock application framework which has long run and can not be traced, and can effectively solve the problem of relation information collection between applications.
Drawings
FIG. 1 is a schematic view of the present invention;
FIG. 2 is a flow chart of the processing logic of the present invention.
Detailed Description
The technical scheme of the invention is clearly and completely described below by combining the attached drawings in the embodiment of the invention. The invention mainly comprises four parts: the system comprises a network packet analysis program, a queue to be detected, a detection program and an application information base. It is obvious that the described embodiments are only a few examples of the invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, belong to the scope of the present invention.
The network packet analysis program can efficiently analyze network traffic, and a core module of the network packet analysis program comprises:
1. network interception program: and intercepting the mirror flow of the network card and the exchanger to obtain a data packet, and extracting the address information of the source and the destination.
2. Caching: the cache is an address base based on an efficient search algorithm, and the address base is the application information which is identified in the application information base. When the program is started, the application information base is loaded, every address is identified in the running process of the program, the address is added into the cache, repeated detection is avoided, and the cache can be placed locally or stored remotely as a shared cache according to performance requirements.
The invention provides for coupling network packet analysis and detection procedures via a queue of pending messages. And the packet analysis program removes the duplicate of the extracted unidentified address and sends the unidentified address to the message queue, and the detection program acquires the detection task from the message queue for asynchronous processing.
And after the detection program subscribes to the address, starting detection work. The detection program is structurally divided into two layers: scheduling and executing, wherein the subscribing to the address information is completed by the scheduling module.
An execution module: according to the address information to be detected, process information using the address is obtained on the equipment such as the host computer, and the process information is generally operated on the same equipment indicated by the address to be detected. Firstly, finding out a corresponding process ID (such as lsof, ps command and the like) according to the port number of the address, and further acquiring the detailed information of the process ID.
After the process information is acquired, different acquisition application modes can be distinguished according to whether the equipment is a resource management platform nanotube machine or not. For a non-managed machine, the path and name of the starting program of the process are directly used as application identification. For the resource platform hosting device, the process needs to be converted into a corresponding task identifier (such as docker id), and accurate application information is further retrieved from the platform according to the task identifier.
A scheduling module: the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
The application information base is an application CMDB form or CMDB containing hardware information at the same time, and maintains different components of the application and the association relation of the components. Meanwhile, an API for query and management is provided externally.
Claims (6)
1. A method for deducing application architecture information through network relationship is characterized in that the method comprises the following steps:
s1, detecting network flow which really occurs in an environment;
s2, extracting source and destination address information in the network packet;
s3, searching an application example according to the address information;
and S4, extracting the instance related information.
2. A method for deriving application architecture information via network relations as claimed in claim 1, characterized in that the method steps are as follows:
(1) address extraction phase
The interception network flow extracts the address of the data packet, wherein the TCP and the UDP are processed by different behaviors:
step 001: extracting source end and destination end address information in a TCP network packet, wherein the source end and destination end address information mainly comprises IP addresses and port information;
step 002: extracting destination end address information in a UDP network packet, wherein the destination end address information mainly comprises an IP address and port information, judging whether a source end address is included after extraction, if the source end address information exists, further extracting the source end address, and if not, entering a stage to be detected;
step 003: extracting source end address information in a UDP network packet;
(2) stage under inspection
Comprises judging the address to be checked, if the relevant application information is known, then no check is needed, otherwise, putting the address to be checked into the queue and taking it out of the queue,
step 101: putting the address to be detected into a detection queue;
step 102: the checking program takes out the address to be checked from the queue to be checked;
(3) detection phase
The address to be detected is detected to match the application information, the detection of the address information is detected through an operating system management process or is called by a resource management platform API,
step 201: according to the address information, communicating a detection program of a host where the address is located, and sending the address information to an Agent, wherein the Agent distinguishes whether to obtain detailed address information through an operating system or a resource management platform according to a resource management model;
step 202: the Agent acquires the application process information using the address by calling an operating system related interface;
step 203: inquiring an application information base according to the application process information;
step 204: if the result is not inquired, the process description information is used as application information;
(4) stage of recording results
And processing the detection result, and recording the obtained information into an application information base, wherein the new record can take effect formally after a certain approval process.
3. The method of claim 2, wherein the method steps further comprise deriving application architecture information via network relationships
Step 205, if the resource is managed by the resource management platform, converting the process information into task information which can be identified by the platform, and acquiring application detailed information according to the platform task information;
and step 206, acquiring application detailed information according to the platform task information.
4. A system for deducing application architecture information through network relationship is characterized by comprising
The network packet analysis module is used for acquiring network flow, extracting address information, and putting the network flow into a queue to be detected according to the requirement after repeated judgment;
the inspection module acquires address information from the queue to be inspected and judges or inspects the address information;
the application information base is used for counting the acquired information.
5. The system according to claim 4, wherein the network packet analysis module comprises a network snooping module and a cache, the network snooping module snoops the mirror traffic of the network card and the switch, acquires the data packet, extracts the address information of the source destination, and the cache is an address base based on an efficient lookup algorithm, the address base is the application information already identified in the application information base, and each address identified in the program running process is added to the cache to avoid duplicate detection.
6. The system according to claim 4, wherein the inspection module includes an execution module and a scheduling module, the execution module obtains process information using the address on the host device according to the address information to be inspected, after the process information is obtained, different obtaining application modes are distinguished according to whether the device is a resource management platform hosting machine, for a non-hosting machine, a starting program path and a name of the process are directly used as application identifiers, for the resource management platform hosting device, the process needs to be converted into corresponding task identifiers, and accurate application information is further obtained from the platform according to the task identifiers; the scheduling module identifies which execution module needs to execute the monitoring task according to the address to be detected, and sends the monitoring task to the execution module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911233224.6A CN110943867B (en) | 2019-12-05 | 2019-12-05 | System and method for deducing application architecture information through network relationship |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911233224.6A CN110943867B (en) | 2019-12-05 | 2019-12-05 | System and method for deducing application architecture information through network relationship |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110943867A true CN110943867A (en) | 2020-03-31 |
CN110943867B CN110943867B (en) | 2022-08-16 |
Family
ID=69909538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911233224.6A Active CN110943867B (en) | 2019-12-05 | 2019-12-05 | System and method for deducing application architecture information through network relationship |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110943867B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107911466A (en) * | 2017-11-29 | 2018-04-13 | 北京安华金和科技有限公司 | A kind of association method under multi-layer framework |
CN108205569A (en) * | 2016-12-19 | 2018-06-26 | 中国移动通信集团山西有限公司 | For updating the method and apparatus of configuration management database |
CN108234356A (en) * | 2017-11-29 | 2018-06-29 | 中电科华云信息技术有限公司 | Optimization application resource Distribution Strategy based on application relational network |
CN109189650A (en) * | 2018-08-21 | 2019-01-11 | 贵州电网有限责任公司 | A kind of operation system topological diagram of IT operational system shows method |
CN109218080A (en) * | 2018-08-21 | 2019-01-15 | 平安科技(深圳)有限公司 | A kind of method, monitoring system and the terminal device of automatic drafting network topology architecture |
US20190081861A1 (en) * | 2017-09-14 | 2019-03-14 | E.S.I. Software Ltd. | System and method for determining information technology component dependencies in enterprise applications by analyzing configuration data |
CN110086682A (en) * | 2019-05-22 | 2019-08-02 | 四川新网银行股份有限公司 | Service link call relation view and failure root based on TCP are because of localization method |
-
2019
- 2019-12-05 CN CN201911233224.6A patent/CN110943867B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108205569A (en) * | 2016-12-19 | 2018-06-26 | 中国移动通信集团山西有限公司 | For updating the method and apparatus of configuration management database |
US20190081861A1 (en) * | 2017-09-14 | 2019-03-14 | E.S.I. Software Ltd. | System and method for determining information technology component dependencies in enterprise applications by analyzing configuration data |
CN107911466A (en) * | 2017-11-29 | 2018-04-13 | 北京安华金和科技有限公司 | A kind of association method under multi-layer framework |
CN108234356A (en) * | 2017-11-29 | 2018-06-29 | 中电科华云信息技术有限公司 | Optimization application resource Distribution Strategy based on application relational network |
CN109189650A (en) * | 2018-08-21 | 2019-01-11 | 贵州电网有限责任公司 | A kind of operation system topological diagram of IT operational system shows method |
CN109218080A (en) * | 2018-08-21 | 2019-01-15 | 平安科技(深圳)有限公司 | A kind of method, monitoring system and the terminal device of automatic drafting network topology architecture |
CN110086682A (en) * | 2019-05-22 | 2019-08-02 | 四川新网银行股份有限公司 | Service link call relation view and failure root based on TCP are because of localization method |
Also Published As
Publication number | Publication date |
---|---|
CN110943867B (en) | 2022-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108200111B (en) | Resource configuration information updating method and device and resource interface equipment | |
CN110716842B (en) | Cluster fault detection method and device | |
CN112269718B (en) | Service system fault analysis method and device | |
WO2019001312A1 (en) | Method and apparatus for realizing alarm association, and computer readable storage medium | |
CN107066390A (en) | A kind of Dram leakage detection method and system | |
CN113242157B (en) | Centralized data quality monitoring method under distributed processing environment | |
CN107347016B (en) | Signaling flow model identification method and abnormal signaling flow identification method | |
CN107870850A (en) | A kind of efficient the Internet, applications log system | |
GB2569678A (en) | Automation of SQL tuning method and system using statistic SQL pattern analysis | |
CN108429747A (en) | A kind of extensive Web server information collecting method | |
CN110943867B (en) | System and method for deducing application architecture information through network relationship | |
CN108228417B (en) | Internet of vehicles log processing method and device | |
CN105207829B (en) | Intrusion detection data processing method, device and system | |
CN113641742A (en) | Data extraction method, device, equipment and storage medium | |
CN103475531A (en) | Abnormity processing method, automatic inspection console and knowledge base system | |
US8429458B2 (en) | Method and apparatus for system analysis | |
CN112182065A (en) | Asset management system and method based on automatic acquisition and multi-source import | |
US7363615B2 (en) | Stack-based callbacks for diagnostic data generation | |
CN114629786A (en) | Log real-time analysis method, device, storage medium and system | |
CN113572628A (en) | Data association method and device, computing equipment and computer storage medium | |
EP2533153B1 (en) | Unit for managing messages indicating event situations of monitored objects | |
US8930369B2 (en) | Information processing apparatus, message classifying method and non-transitory medium for associating series of transactions | |
CN110620682A (en) | Resource information acquisition method and device, storage medium and terminal | |
JP4286594B2 (en) | Fault analysis data collection device and method | |
CN115766278B (en) | Firewall policy generation method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |