CN111600746B - Network fault positioning method, device and equipment - Google Patents

Network fault positioning method, device and equipment Download PDF

Info

Publication number
CN111600746B
CN111600746B CN202010296029.4A CN202010296029A CN111600746B CN 111600746 B CN111600746 B CN 111600746B CN 202010296029 A CN202010296029 A CN 202010296029A CN 111600746 B CN111600746 B CN 111600746B
Authority
CN
China
Prior art keywords
network
information
fault
data
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010296029.4A
Other languages
Chinese (zh)
Other versions
CN111600746A (en
Inventor
胡灵杰
邱春武
李源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sina Technology China Co Ltd
Original Assignee
Sina Technology China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sina Technology China Co Ltd filed Critical Sina Technology China Co Ltd
Priority to CN202010296029.4A priority Critical patent/CN111600746B/en
Publication of CN111600746A publication Critical patent/CN111600746A/en
Application granted granted Critical
Publication of CN111600746B publication Critical patent/CN111600746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • H04L41/065Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis involving logical or physical relationship, e.g. grouping and hierarchies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

One or more embodiments of the specification disclose a network fault location method, device and equipment. The method comprises the following steps: when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment; generating a network topology map corresponding to the first network equipment according to the network connection relation information; acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device; and associating the fault record information to the network topology map. The technical scheme can inquire and position the historical network fault and realize the return of the network fault.

Description

Network fault positioning method, device and equipment
Technical Field
The present disclosure relates to the field of communications, and in particular, to a method, an apparatus, and a device for locating a network fault.
Background
Network topology refers to the physical layout of transmission media interconnecting various devices within a communication network, including servers, switches, bridges, end hosts, etc. The network topology technology can acquire and maintain the existence information of the network nodes and the connection relation information between the network nodes, and provide a network topology map of the whole network on the basis of the existence information and the connection relation information.
Because the duration of the network fault is short, the network fault needs to be recovered for positioning and analyzing the network fault, namely, all network faults occurring in the historical time period are inquired. The existing network topology technology can only inquire a network topology graph and does not support historical network fault inquiry, so that network faults cannot be positioned.
Disclosure of Invention
One or more embodiments of the present disclosure provide a method, an apparatus, and a device for locating a network fault, so as to solve the problem that the existing network topology does not support historical network fault query and cannot locate a network fault.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
in one aspect, one or more embodiments of the present specification provide a network fault location method including: when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment; generating a network topology map corresponding to the first network equipment according to the network connection relation information; acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device; and associating the fault record information to the network topology map.
In another aspect, one or more embodiments of the present specification provide a network fault location apparatus, including: the first acquisition module is used for acquiring the network connection relation information of the first network equipment when receiving a fault query request aiming at the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment; a network topology map generation module, configured to generate a network topology map corresponding to the first network device according to the network connection relationship information; the second acquisition module is used for acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device; and the fault record information association module is used for associating the fault record information to the network topological graph.
In yet another aspect, one or more embodiments of the present specification provide a network fault location apparatus, including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment; generating a network topology map corresponding to the first network equipment according to the network connection relation information; acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device; and associating the fault record information to the network topology map.
In yet another aspect, an embodiment of the present application provides a storage medium for storing computer-executable instructions, where the computer-executable instructions, when executed, implement the following processes: when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment; generating a network topology map corresponding to the first network equipment according to the network connection relation information; acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device; and associating the fault record information to the network topology map.
By adopting the technical scheme of one or more embodiments of the present specification, a corresponding network topology map is generated through the network connection relationship information of the first network device, the fault record information corresponding to the first network device and matched with the query time period information is acquired, and the fault record information is associated with the network topology map, so that the network topology map of the first network device in the query time period and the fault record information in the query time period can be acquired, and the fault record information in the query time period can be associated with the network topology map in the query time period, thereby supporting query and positioning of historical network faults, and realizing network fault source return.
Drawings
In order to more clearly illustrate one or more embodiments or technical solutions in the prior art in the present specification, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in one or more embodiments of the present specification, and other drawings can be obtained by those skilled in the art without inventive exercise.
FIG. 1 is a schematic flow chart diagram of a network fault location method in accordance with one embodiment of the present description;
FIG. 2 is a schematic diagram of a network architecture according to one embodiment of the present description;
FIG. 3 is a schematic flow chart diagram of a method of storing fault record information according to one embodiment of the present description;
FIG. 4 is a schematic flow chart diagram of a network fault location method in accordance with a specific embodiment of the present description;
FIG. 5 is a schematic diagram of a network history failure back source according to one embodiment of the present description;
fig. 6 is a schematic structural diagram of a network fault location device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a network fault location device according to an embodiment of the present disclosure.
Detailed Description
One or more embodiments of the present disclosure provide a method, an apparatus, and a device for locating a network fault, so as to solve the problem that the existing network topology does not support historical network fault query and cannot locate a network fault.
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments of the present disclosure without making any creative effort shall fall within the protection scope of one or more of the embodiments of the present disclosure.
Fig. 1 is a schematic flow chart of a network fault location method according to an embodiment of the present description, as shown in fig. 1, the method including:
s102, when a fault query request aiming at the first network equipment is received, the network connection relation information of the first network equipment is obtained.
The failure query request may include device information and query period information of the first network device, and the network connection relationship information may include Link Layer Discovery Protocol (LLDP) information and port information. Alternatively, the first network device may be a switch, a server, or an end host.
It can be understood that, during the operation of the network where the first network device is located, the relevant network data of each network device in the network, including the LLDP information and the port information of each network device, is continuously recorded. When the LLDP information and the port information are stored and written in the network connection relationship information, the corresponding current time information can be written correspondingly. In particular, the port information may include port address table information of the network device.
And S104, generating a network topological graph corresponding to the first network equipment according to the network connection relation information.
When a fault query request is received, the current time information which accords with the query time interval information and the corresponding LLDP information and port information can be determined according to the query time interval information contained in the fault query request. And then, generating a network topology map corresponding to the first network device in the query time period according to the LLDP information and the port information.
And S106, acquiring the fault record information which corresponds to the first network equipment and is matched with the query time interval information.
The fault record information is generated based on the relevant network data of the first network device, and may include at least one of a fault occurrence frequency, a fault occurrence time, a fault occurrence frequency, a fault type, and a fault severity. The related network data can be processed in the monitoring node or the data platform, and if the alarm condition is met, the alarm is given and fault record information is correspondingly generated. When a fault query request for the first network device is received, the generated fault record information may be queried based on the device information and the query period information, and fault record information corresponding to the device information and matching with the query period information may be obtained therefrom.
And S108, associating the fault record information to the network topology map.
And associating the fault record information to the network topology map to obtain a network fault back-source map of the query time period. The user can check the structure of the network, the connection relation between the network devices and the fault record information of the network devices through the network fault back-source graph.
In this embodiment of the present description, a corresponding network topology map may be generated according to the network connection relationship information of the first network device, and fault record information that corresponds to the first network device and matches with the query time period information is acquired, and the fault record information is associated with the network topology map, so that the network topology map of the first network device in the query time period and the fault record information in the query time period may be acquired, and the fault record information in the query time period may be associated with the network topology map in the query time period, thereby supporting query and location of a historical network fault, and implementing network fault source return.
In one embodiment, the related network data comprises first network data of a first network device and/or second network data of a second network device connected to the first network device. Before acquiring the fault record information corresponding to the first network device and matching with the query period information, the method further includes a step of generating the fault record information corresponding to the first network device, which may be performed in the following manner:
step A1, first network data and/or second network data are/is obtained.
Wherein the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first device port information may include first device port address information, first device port record information, and the like; the first traffic data includes first device traffic data and/or first device port traffic data.
The second network data includes at least one of: second device port information, second device port flow data, virtual local area network information, device port error information, link layer discovery protocol information, device manufacturer information, and device log data; the second device port information may include second device port address table information, second device port record information, and the like.
And A2, generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data.
Optionally, when the first network data includes the first traffic data, the fault record information corresponding to the first network device may be generated in the following manner:
step B1, first flow data in the query time interval are obtained from the first network data.
And B2, calculating the flow index range of the first network equipment in the normal operation state according to the first flow data. The flow indicator range may include a range of flow averages or a range of flow amplitudes.
And B3, if the first flow data is not in the flow index range, generating fault record information corresponding to the first network equipment according to the first flow data. And if the flow data exceeds the normal flow index range, generating corresponding fault record information.
Optionally, when the second network data includes device log data, the fault record information corresponding to the first network device may be generated in the following manner:
judging whether a parameter value contained in the device log data in the second network data is matched with a preset parameter range; and if the parameter value contained in the equipment log data is not matched with the preset parameter range, generating fault record information corresponding to the first network equipment according to the equipment log data. Specifically, whether the matching is performed or not can be judged through the regular expression of the fault state, and when the parameter value included in the log data meets the threshold condition in the regular expression, the first network device is considered to be in fault, and fault record information corresponding to the first network device is generated. The threshold condition in the regular expression is determined according to a preset parameter range. When the fault record information corresponding to the first network device is generated according to the device log data, the device log data can be subjected to fault description according to a fault description mode corresponding to the fault record information, and the fault record information corresponding to the first network device can be obtained. The failure description mode can be preset by related personnel (such as management personnel) with authority.
In one embodiment, the fault record information corresponding to the first network device may be stored in a fault database, and after the fault record information is generated, the method may further include the following steps:
step A1, searching a fault database, and determining whether a historical fault record identical to fault record information exists in the fault database. Wherein the same condition as the fault record information includes at least one of: the fault types corresponding to the same equipment and the same port are the same.
And step A2, if the historical fault record identical to the fault record information exists in the fault database and the fault is not recovered, updating the fault occurrence time corresponding to the historical fault record according to the fault record information.
In order to avoid generating a plurality of pieces of fault record information by frequent alarm, if the historical fault records identical to the fault record information exist in the fault database, only the fault occurrence time corresponding to the historical fault records is updated to the fault occurrence time corresponding to the current fault record information.
And step A3, if the historical fault record identical to the fault record information exists and the fault is recovered or the historical fault record identical to the fault record information does not exist, writing the fault record information into a fault database.
Optionally, in S104, the network connection relationship information may include link layer discovery protocol information and second device port information, and the network topology map corresponding to the first network device may be generated in the following manner: firstly, determining link layer discovery protocol information matched with query period information; and then, generating a network topological graph corresponding to the first network equipment according to the determined link layer discovery protocol information and the second equipment port information.
And associating the fault record information to a network topology map to obtain a network fault back-source map of the query period. The user can check the structure of the network, the connection relation between the network devices and the fault record information of the network devices through the network fault back-source graph.
Optionally, in S108, the fault record information may be associated to the network topology map by: and determining the position information of the first network equipment in the network topological graph, and then associating the fault record information corresponding to the first network equipment according to the position information of the first network equipment in the network topological graph.
Due to the fact that the user can conveniently check the fault record information, the fault record information is associated to the corresponding position of the first network equipment in the network topological graph, and the user can check the fault record information corresponding to the first network equipment through specified operation when checking the network topological graph. The above method may further comprise:
when a specified operation of a first network device in the network topology map is received, fault record information corresponding to the first network device is displayed in the network topology map. The specified operation may be a click operation input by a user for the first network device or a link between the first network device and another network device. In the network topology diagram, information such as the occurrence frequency of the fault, the occurrence time of the fault, the occurrence frequency of the fault, the type of the fault, the severity of the fault and the like can be displayed.
Fig. 2 is a schematic diagram of a network structure according to an embodiment of the present description. In fig. 2 it is shown that the network comprises a server 21, a switch 22, a monitoring device 23 and a failure database 24.
Specifically, the server 21 and the switch 22 are both connected to the failure database 24, and the server 21 is connected to the monitoring device 23 through the switch 22. The related network data of the server 21 and the switch 22 are both pushed to the monitoring device 23.
Specifically, network data such as flow data, network card address information, port information, and the like of all online servers 21 in the network are collected and pushed to the fault database 24 and the monitoring device 23; acquiring network data of all online switches including port information, port traffic data, virtual local area network information, port error information, link layer discovery protocol information, manufacturer information and the like through a simple network management protocol (snmp), and pushing the network data to a fault database 24 and a monitoring device 23; the log data of the switch is pushed to the fault database 24 and the monitoring device 23 by the system log protocol syslog. The port information includes a port address.
The monitoring device 23 performs the following processing on the received data:
(1) And writing the flow data of the server and the exchanger into a time sequence database for alarm threshold calculation, and pushing the flow data to a flow data platform for flow alarm.
(2) And pushing the log data of the switch to the stream data platform for alarming.
(3) The link layer of the switch discovers protocol information and port information, and writes the protocol information and port information into a connection relation table, that is, the network connection relation information, according to a corresponding time, so as to generate a network topology map at a certain time. According to different manufacturers of network equipment, if a link layer discovery protocol is not relied on, link layer discovery protocol information can be directly obtained without installing and starting a link layer discovery protocol information program.
Optionally, traffic data of the network device is mostly periodic data, wherein the traffic data is more common in a day period, for example, the traffic is the lowest at about 3 am and the traffic is the highest at about 10 am and 8 pm. Considering the periodicity of the monitoring items, the specified time period may be determined to be 7 days, that is, data of the past 7 days of a certain monitoring item of the network device is selected. The flow data platform performs the flow alarm process as follows:
firstly, the flow index range of the network equipment in a normal operation state is calculated. Specifically, the average value of the maximum value and the average value of the minimum value at the same time in the past 7 days at the current time point may be calculated, and the flow rate index range in the normal operation state may be obtained by using 1.2 times of the average value of the maximum value as the upper limit and 0.8 times of the average value of the minimum value as the lower limit. Specifically, the flow index range in the normal operation state can also be determined by the proportional amplitude calculation. For example, a difference is obtained by subtracting a value corresponding to the same time point on the previous day from the current value, 7-day data is sequentially calculated to obtain 7 differences, which are referred to as amplitude values, and then the maximum value of the absolute values of the 7 amplitude values may be used to determine the flow index range in the normal operation state.
And then, judging whether the current flow value corresponding to the flow data is within the flow index range, and if not, generating fault record information according to the flow data. If the current value is less than the average value of the minimum value 0.8, determining that the current flow value is suddenly reduced; and if the current flow value is larger than the average value of the maximum values by 1.2, determining that the current flow value is increased suddenly. And if the amplitude value of the current flow value is greater than 0 and greater than the maximum value 0.5 of the absolute value of the 7-day amplitude value, determining that the current flow value is increased suddenly. And if the amplitude value of the current flow value is less than 0 and greater than the maximum value 0.5 of the absolute value of the 7-day amplitude value, determining that the current flow value is suddenly reduced. And when the sudden decrease or the sudden decrease occurs, determining that the current flow value is abnormal, generating fault record information according to the flow data, and storing the fault record information in a fault database.
Optionally, the process of the streaming data platform performing log data alarm is as follows: for the log data of the switch, the log data can be matched according to the regular expression of a specific fault state, and if the parameter value corresponding to the log data meets the threshold condition of the regular expression, fault recording information is generated and stored in a fault database. For example, the port included in the log data is continuously UP/DOWN 3 times. The form of the fault log information is shown in table 1.
TABLE 1
Figure BDA0002452224870000101
In consideration of the storage efficiency and query efficiency of fault record information, the embodiment of the specification improves the storage rule of the fault database. Fig. 3 is a schematic flow chart of a method of storing fault record information according to an embodiment of the present specification. As shown in fig. 3, the method includes:
and S301, receiving fault record information generated by the streaming data platform.
S302, searching a fault database, and judging whether a historical fault record identical to the fault record information exists in the fault database. Wherein, the historical fault records which are the same as the fault record information comprise the same equipment, the same port and the same fault type. If yes, executing S303; if not, go to step S304.
And S303, judging whether the fault corresponding to the historical fault record is recovered. If yes, go to S304; if not, S305 is executed. If the recovery time of the historical fault record is 0, the corresponding fault is not recovered.
And S304, writing the fault record information into a fault database.
S305, updating the fault occurrence time corresponding to the historical fault record information according to the fault record information. By updating the fault occurrence time instead of writing a new piece of fault record information, it is possible to avoid generating multiple pieces of data by frequent fault alarms.
Fig. 4 is a schematic flow chart diagram of a network fault location method in accordance with a specific embodiment of the present description. As shown in fig. 4, the network fault location method includes:
s401, when whether a network fault exists in a certain period of time is inquired, the equipment information and the inquiry period are determined.
S402, inquiring the corresponding network connection relation information according to the inquiry time interval, and generating a network topological graph.
And S403, positioning the network equipment and the port thereof corresponding to the equipment information according to the network topology map.
S404, all fault records of which the fault starting time of the network equipment and the ports thereof in the fault database is greater than the starting time of the query time interval and the last fault occurrence time is less than the ending time of the query time interval are queried. And the fault starting time of the fault record is the first time when the fault corresponding to the fault record occurs.
S405, associating the inquired fault records to a network topology map, and generating a network historical fault back-source map in an inquiry period.
Referring to fig. 5, a schematic diagram of historical failure back source of the network is shown, which shows a topology structure of the network. The time axis above the topology structure diagram indicates the frequency of failure in a certain time period, and the color of the corresponding time axis is darker as the frequency is higher. And clicking any one network device or a link between two network devices in the topology structure diagram, and correspondingly displaying detailed fault record information.
The network fault positioning method in the embodiments of the present description supports historical network fault data query and network fault source return, is compatible with multiple manufacturers and multiple network architectures, and can acquire relevant data without installing other programs on some devices.
In summary, particular embodiments of the present subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may be advantageous.
Based on the same idea, the network fault location method provided in one or more embodiments of the present specification further provides a network fault location device.
Fig. 6 is a schematic structural diagram of a network fault location device according to an embodiment of the present disclosure. Referring to fig. 6, in a software implementation, the network fault location apparatus 600 may include: a first obtaining module 61, a network topology map generating module 62, a second obtaining module 63 and a fault record information associating module 64, wherein,
a first obtaining module 61, configured to obtain network connection relationship information of a first network device when a fault query request for the first network device is received; the fault query request comprises equipment information and query period information of the first network equipment;
a network topology map generating module 62, configured to generate a network topology map corresponding to the first network device according to the network connection relationship information;
a second obtaining module 63, configured to obtain fault record information corresponding to the first network device and matching the query time interval information; the fault record information is generated based on relevant network data of the first network device;
and a fault record information association module 64, configured to associate the fault record information with the network topology map.
The network fault location device in the embodiments of this specification may generate a corresponding network topology map through the network connection relationship information of the first network device, acquire fault record information corresponding to the first network device and matching with the query time period information, and associate the fault record information to the network topology map, may obtain the network topology map of the first network device in the query time period and the fault record information in the query time period, and may associate the fault record information in the query time period to the network topology map in the query time period, thereby supporting query and location of historical network faults, and implementing network fault source return.
In one embodiment, the related network data comprises first network data of the first network device and/or second network data of a second network device connected with the first network device; the device further comprises a fault record information generation module for:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises second equipment port information, second equipment port flow data, virtual local area network information, equipment port error information, link layer discovery protocol information, equipment manufacturer information and equipment log data;
and generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data.
In one embodiment, the first network data comprises the first traffic data;
the fault record information generating module is specifically configured to:
acquiring the first traffic data in the query period from the first network data;
calculating a flow index range of the first network equipment in a normal operation state according to the first flow data;
and if the first flow data is not in the flow index range, generating fault record information corresponding to the first network equipment according to the first flow data.
In one embodiment, the second network data comprises the device log data;
the fault record information generating module is specifically configured to:
judging whether a parameter value contained in the device log data in the second network data is matched with a preset parameter range;
if not, performing fault description on the device log data according to a fault description mode corresponding to the fault record information to obtain fault record information corresponding to the first network device.
In one embodiment, the apparatus further comprises a fault log information storage module to:
searching a fault database, and determining whether a historical fault record identical to the fault record information exists in the fault database; the same as the fault record information includes at least one of: corresponding to the same equipment, corresponding to the same port and having the same fault type;
if the historical fault record exists and the fault is not recovered, updating the fault occurrence time corresponding to the historical fault record according to the fault record information;
and if the historical fault record exists and the fault is recovered or the historical fault record does not exist, writing the fault record information into the fault database.
In one embodiment, the network connection relationship information includes link layer discovery protocol information and second device port information; the network topology generation module is specifically configured to:
determining link layer discovery protocol information matched with the query period information;
and generating a network topology map corresponding to the first network device according to the determined link layer discovery protocol information and the second device port information.
In an embodiment, the fault record information association module is specifically configured to:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
In one embodiment, the fault record information includes at least one of fault occurrence frequency, fault occurrence time, fault occurrence frequency, fault type and fault severity; the device also comprises a fault record information display module used for:
when a specified operation of the first network device in the network topology graph is received, displaying fault record information corresponding to the first network device in the network topology graph.
It should be understood by those skilled in the art that the network fault location apparatus can be used to implement the network fault location method described above, wherein the detailed description is similar to the description of the method, and is not repeated herein to avoid complexity.
Based on the same idea, one or more embodiments of the present specification further provide a network fault location device, as shown in fig. 7. The network fault locating device may have a large difference due to different configurations or performances, and may include one or more processors 701 and a memory 702, where one or more stored applications or data may be stored in the memory 702. Memory 702 may be, among other things, transient storage or persistent storage. The application program stored in memory 702 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for a network fault location device. Still further, processor 701 may be configured to communicate with memory 702 to execute a series of computer-executable instructions in memory 702 on a XXXX device. The network fault location apparatus may also include one or more power supplies 703, one or more wired or wireless network interfaces 704, one or more input-output interfaces 705, one or more keyboards 706.
In particular, in this embodiment, the network fault location device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the network fault location device, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
generating a network topology map corresponding to the first network equipment according to the network connection relation information;
acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
and associating the fault record information to the network topology map.
Optionally, the related network data includes first network data of the first network device and/or second network data of a second network device connected to the first network device; the computer executable instructions, when executed, may further cause the processor to:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises second equipment port information, second equipment port flow data, virtual local area network information, equipment port error information, link layer discovery protocol information, equipment manufacturer information and equipment log data;
and generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data.
Optionally, the first network data comprises the first traffic data;
the computer executable instructions, when executed, may further cause the processor to:
acquiring the first traffic data in the query period from the first network data;
calculating a flow index range of the first network equipment in a normal operation state according to the first flow data;
and if the first flow data is not in the flow index range, generating fault record information corresponding to the first network equipment according to the first flow data.
Optionally, the second network data comprises the device log data;
the computer executable instructions, when executed, may further cause the processor to:
judging whether a parameter value contained in the device log data in the second network data is matched with a preset parameter range or not;
if not, performing fault description on the device log data according to a fault description mode corresponding to the fault record information to obtain fault record information corresponding to the first network device.
Optionally, the computer executable instructions, when executed, may further cause the processor to:
searching a fault database, and determining whether a historical fault record identical to the fault record information exists in the fault database; the same as the fault record information includes at least one of: corresponding to the same equipment, corresponding to the same port and having the same fault type;
if the historical fault record exists and the fault is not recovered, updating the fault occurrence time corresponding to the historical fault record information according to the fault record information;
and if the historical fault record exists and the fault is recovered or the historical fault record does not exist, writing the fault record information into the fault database.
Optionally, the network connection relationship information includes link layer discovery protocol information and second device port information; the computer executable instructions, when executed, may further cause the processor to:
the generating a network topology map corresponding to the first network device according to the network connection relationship information includes:
determining link layer discovery protocol information matched with the query period information;
and generating a network topology map corresponding to the first network device according to the determined link layer discovery protocol information and the second device port information.
Optionally, the computer executable instructions, when executed, may further cause the processor to:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
Optionally, the fault record information includes at least one of a fault occurrence frequency, a fault occurrence time, a fault occurrence frequency, a fault type, and a fault severity; the computer executable instructions, when executed, may further cause the processor to:
after the associating the fault record information to the first network device, the method further comprises:
when a specified operation of the first network device in the network topology graph is received, displaying fault record information corresponding to the first network device in the network topology graph.
One or more embodiments of the present specification also propose a computer-readable storage medium storing one or more programs, the one or more programs including instructions, which when executed by an electronic device including a plurality of application programs, enable the electronic device to perform the above-mentioned network fault localization method, and in particular to perform:
when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
generating a network topology map corresponding to the first network equipment according to the network connection relation information;
acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
and associating the fault record information to the network topology map.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, respectively. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
One or more embodiments of the present specification have been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
One or more embodiments of the specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only one or more embodiments of the present disclosure, and is not intended to limit the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of claims of one or more embodiments of the present specification.

Claims (9)

1. A network fault location method is characterized by comprising the following steps:
when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
generating a network topology map corresponding to the first network equipment according to the network connection relation information;
acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
associating the fault record information to the network topological graph to obtain a network fault back-source graph of a query time period;
wherein the related network data comprises first network data of the first network device and/or second network data of a second network device connected with the first network device;
before the obtaining of the fault record information corresponding to the first network device and matching with the query period information, the method further includes:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises at least one of: second device port information, second device port flow data, virtual local area network information, device port error information, link layer discovery protocol information, device manufacturer information, and device log data;
generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data;
the associating the fault record information to the network topology map includes:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
2. The method of claim 1, wherein the first network data comprises the first traffic data;
the generating fault record information corresponding to the first network device according to the first network data and/or the second network data includes:
acquiring the first traffic data in the query period from the first network data;
calculating a flow index range of the first network equipment in a normal operation state according to the first flow data;
and if the first flow data is not in the flow index range, generating fault record information corresponding to the first network equipment according to the first flow data.
3. The method of claim 1, wherein the second network data comprises the device log data;
the generating fault record information corresponding to the first network device according to the first network data and/or the second network data includes:
judging whether a parameter value contained in the device log data in the second network data is matched with a preset parameter range;
if not, performing fault description on the device log data according to a fault description mode corresponding to the fault record information to obtain fault record information corresponding to the first network device.
4. The method of claim 1, further comprising, after the generating fault record information from the network data:
searching a fault database, and determining whether a historical fault record identical to the fault record information exists in the fault database; the same as the fault record information includes at least one of: corresponding to the same equipment, corresponding to the same port and having the same fault type;
if the historical fault record exists and the fault is not recovered, updating the fault occurrence time corresponding to the historical fault record according to the fault record information;
and if the historical fault record exists and the fault is recovered or the historical fault record does not exist, writing the fault record information into the fault database.
5. The method of claim 1, wherein the network connection relationship information comprises link layer discovery protocol information and second device port information;
generating a network topology map corresponding to the first network device according to the network connection relationship information, including:
determining link layer discovery protocol information matched with the query period information;
and generating a network topology map corresponding to the first network device according to the determined link layer discovery protocol information and the second device port information.
6. The method according to claim 1, wherein the fault log information includes at least one of a frequency of occurrence of a fault, a time of occurrence of a fault, a number of occurrences of a fault, a type of fault, a severity of a fault;
after the associating the fault record information to the first network device, the method further comprises:
when a specified operation of the first network device in the network topology graph is received, displaying fault record information corresponding to the first network device in the network topology graph.
7. A network fault location device, comprising:
the first acquisition module is used for acquiring the network connection relation information of the first network equipment when receiving a fault query request aiming at the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
a network topology map generation module, configured to generate a network topology map corresponding to the first network device according to the network connection relationship information;
the second acquisition module is used for acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
the fault record information correlation module is used for correlating the fault record information to the network topological graph to obtain a network fault back-source graph of a query time period;
wherein the relevant network data comprises first network data of the first network device and/or second network data of a second network device connected with the first network device; the apparatus further comprises a fault record information generating module configured to:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises second equipment port information, second equipment port flow data, virtual local area network information, equipment port error information, link layer discovery protocol information, equipment manufacturer information and equipment log data;
generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data;
the fault record information association module is specifically configured to:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
8. A network fault location device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
generating a network topology map corresponding to the first network equipment according to the network connection relation information;
acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
associating the fault record information to the network topological graph to obtain a network fault back-source graph of a query time period;
wherein the related network data comprises first network data of the first network device and/or second network data of a second network device connected with the first network device;
before the obtaining of the fault record information corresponding to the first network device and matching with the query period information, the method further includes:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises at least one of: second device port information, second device port flow data, virtual local area network information, device port error information, link layer discovery protocol information, device manufacturer information, and device log data;
generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data;
the associating the fault record information to the network topology map includes:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
9. A storage medium storing computer-executable instructions that, when executed, implement the following:
when a fault query request aiming at first network equipment is received, acquiring network connection relation information of the first network equipment; the fault query request comprises equipment information and query period information of the first network equipment;
generating a network topology map corresponding to the first network equipment according to the network connection relation information;
acquiring fault record information which corresponds to the first network equipment and is matched with the query time interval information; the fault record information is generated based on relevant network data of the first network device;
associating the fault record information to the network topological graph to obtain a network fault back-source graph of a query time period;
wherein the related network data comprises first network data of the first network device and/or second network data of a second network device connected with the first network device;
before the obtaining of the fault record information corresponding to the first network device and matching with the query period information, the method further includes:
acquiring the first network data and/or the second network data; the first network data comprises at least one of: the method comprises the steps of obtaining first flow data, first equipment network card address information and first equipment port information; the first traffic data comprises first device traffic data and/or first device port traffic data; the second network data comprises at least one of: second equipment port information, second equipment port flow data, virtual local area network information, equipment port error information, link layer discovery protocol information, equipment manufacturer information and equipment log data;
generating fault record information corresponding to the first network equipment according to the first network data and/or the second network data;
the associating the fault record information to the network topology map includes:
determining location information of the first network device in the network topology map;
and associating the fault record information to the first network equipment according to the position information.
CN202010296029.4A 2020-04-15 2020-04-15 Network fault positioning method, device and equipment Active CN111600746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010296029.4A CN111600746B (en) 2020-04-15 2020-04-15 Network fault positioning method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010296029.4A CN111600746B (en) 2020-04-15 2020-04-15 Network fault positioning method, device and equipment

Publications (2)

Publication Number Publication Date
CN111600746A CN111600746A (en) 2020-08-28
CN111600746B true CN111600746B (en) 2022-12-09

Family

ID=72184990

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010296029.4A Active CN111600746B (en) 2020-04-15 2020-04-15 Network fault positioning method, device and equipment

Country Status (1)

Country Link
CN (1) CN111600746B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532611B (en) * 2020-11-25 2022-12-06 中盈优创资讯科技有限公司 Real-time cross-line traffic topological data generation method and device
CN113645114A (en) * 2021-08-13 2021-11-12 广汽丰田汽车有限公司 Network failure prevention system, network management method, vehicle, and storage medium
CN113821367B (en) * 2021-09-23 2024-02-02 中国建设银行股份有限公司 Method and related device for determining influence range of fault equipment
CN114021746A (en) * 2021-10-25 2022-02-08 天纳能源科技(上海)有限公司 Virtual metering method, virtual metering appliance, and computer-readable storage medium
CN114221882A (en) * 2021-12-23 2022-03-22 锐捷网络股份有限公司 Method, device, equipment and storage medium for detecting fault link
CN114401186A (en) * 2021-12-30 2022-04-26 中国电信股份有限公司 End-to-end fault determination method and system in customized network
CN114338413B (en) * 2021-12-30 2024-01-26 中国工商银行股份有限公司 Method, device and storage medium for determining topological relation of equipment in network
CN114422338B (en) * 2022-03-29 2022-08-26 浙江网商银行股份有限公司 Fault influence analysis method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08314741A (en) * 1995-05-15 1996-11-29 Nec Corp Fault information managing method
WO2016206386A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Fault correlation method and apparatus
CN109150619A (en) * 2018-09-04 2019-01-04 国家计算机网络与信息安全管理中心 A kind of fault diagnosis method and system based on network flow data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08314741A (en) * 1995-05-15 1996-11-29 Nec Corp Fault information managing method
WO2016206386A1 (en) * 2015-06-26 2016-12-29 中兴通讯股份有限公司 Fault correlation method and apparatus
CN109150619A (en) * 2018-09-04 2019-01-04 国家计算机网络与信息安全管理中心 A kind of fault diagnosis method and system based on network flow data

Also Published As

Publication number Publication date
CN111600746A (en) 2020-08-28

Similar Documents

Publication Publication Date Title
CN111600746B (en) Network fault positioning method, device and equipment
CN110661659B (en) Alarm method, device and system and electronic equipment
CN107171819B (en) Network fault diagnosis method and device
AU2016351091B2 (en) Method and device for processing service calling information
US9612892B2 (en) Creating a correlation rule defining a relationship between event types
CN113609139A (en) Monitoring data management method and device, electronic equipment and storage medium
CN111193605B (en) Fault positioning method and device and storage medium
US8443078B2 (en) Method of determining equivalent subsets of agents to gather information for a fabric
CN111177165A (en) Method, device and equipment for detecting data consistency
CN108306749B (en) Monitoring system alarming method, monitoring system and monitoring device
CN111131079B (en) Policy query method and device
CN104346264A (en) System and method for processing system event logs
CN111314158B (en) Big data platform monitoring method, device, equipment and medium
CN112737800A (en) Service node fault positioning method, call chain generation method and server
CN111258798A (en) Fault positioning method and device for monitoring data, computer equipment and storage medium
CN107590160B (en) Method and device for monitoring internal structure of radix tree to realize test
CN113595773A (en) Information processing method, device, electronic equipment and storage medium
CN110086840B (en) Image data storage method, device and computer readable storage medium
CN115756888A (en) Data processing method, processor, device and storage medium
CN113497721B (en) Network fault positioning method and device
CN115168605A (en) Map determination method and apparatus, storage medium, and electronic apparatus
CN114860432A (en) Method and device for determining information of memory fault
CN111563272B (en) Information statistical method and device
CN114138615A (en) Service alarm processing method, device, equipment and storage medium
CN114719244A (en) Equipment monitoring method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230303

Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193

Patentee after: Sina Technology (China) Co.,Ltd.

Address before: 100193 7th floor, scientific research building, Sina headquarters, plot n-1, n-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193

Patentee before: Sina.com Technology (China) Co.,Ltd.