CN111698110A - Network equipment performance analysis method, system, equipment and computer medium - Google Patents
Network equipment performance analysis method, system, equipment and computer medium Download PDFInfo
- Publication number
- CN111698110A CN111698110A CN201910193980.4A CN201910193980A CN111698110A CN 111698110 A CN111698110 A CN 111698110A CN 201910193980 A CN201910193980 A CN 201910193980A CN 111698110 A CN111698110 A CN 111698110A
- Authority
- CN
- China
- Prior art keywords
- network
- target
- performance analysis
- network equipment
- strategy information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application discloses a method, a system, a device and a computer medium for analyzing the performance of network equipment, wherein the method comprises the following steps: acquiring network rule strategy information of target network equipment; storing the network rule strategy information into a Trie tree; matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained target performance analysis request to obtain a corresponding matching result; dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy; combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network; and performing performance analysis on the target network equipment based on the forwarding graph. The network equipment performance analysis method can improve the performance analysis efficiency of the target network equipment. The network equipment performance analysis system, the network equipment performance analysis equipment and the computer readable storage medium solve the corresponding technical problems.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, a system, a device, and a computer medium for analyzing network device performance.
Background
With the development of computers, the network environment of clients becomes more and more complex, for example, a large number of network devices such as firewalls are used in the network of medium and large clients, and with the development of services, a plurality of complex network rule policies are configured on the firewalls. The complexity of the network devices themselves and the complexity of the network rule policies make performance analysis of the network devices inefficient.
In summary, how to improve the efficiency of performing performance analysis on network devices is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The present application is directed to a method for analyzing network device performance, which can solve the technical problem of how to improve the efficiency of performance analysis of a network device to a certain extent. The application also provides a network equipment performance analysis system, equipment and a computer readable storage medium.
In order to achieve the above purpose, the present application provides the following technical solutions:
a network device performance analysis method comprises the following steps:
acquiring network rule strategy information of target network equipment;
storing the network rule strategy information into a Trie tree;
matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained target performance analysis request to obtain a corresponding matching result;
dividing the matching result into corresponding behavior identical sets according to the division rules with identical network rule strategies;
combining the behavior identity set with corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in a network;
and performing performance analysis on the target network equipment based on the forwarding graph.
Preferably, the target performance analysis request comprises a policy security analysis request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
judging whether a source node in the forwarding graph can reach a target node, if so, judging that the network rule strategy information is correctly configured;
and/or determining that the configuration of the network rule policy information of the network equipment corresponding to the node rejected by the ACL in the forwarding graph is wrong;
and/or determining that a network rule strategy information configuration error of the network equipment corresponding to the non-target node of the next hop does not exist in the forwarding graph;
and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the nodes on the loop in the forwarding graph is wrong.
Preferably, the target performance analysis request comprises an access relation audit request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
determining a real-time access relationship of the target network device based on the forwarding graph;
and judging whether the real-time access relation is consistent with a preset access relation or not, if so, judging that the access relation of the target network equipment is in compliance, and if not, judging that the access relation of the target network equipment is not in compliance.
Preferably, the target performance analysis request comprises a software propagation path prediction request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
and traversing the forwarding graph to obtain a software propagation path prediction result.
Preferably, the storing the network rule policy information into a Trie tree includes:
normalizing the network rule policy information into network rule policy information in a target format;
converting the corresponding matching item of the network rule strategy information in the target format into a binary format;
and storing the matching items in the binary format into the Trie tree, and storing the network rule strategy information in the target format into the corresponding lowest node in the Trie tree.
Preferably, the acquiring network rule policy information of the target network device includes:
remotely linking the target network device;
exporting the configuration file of the target network equipment in a file transmission mode;
and analyzing the configuration file to obtain the network rule strategy information.
Preferably, the acquiring network rule policy information of the target network device includes:
sending a Syslog protocol to the target network device;
and receiving the network rule strategy information sent by the target network equipment after responding to the Syslog protocol.
Preferably, the acquiring network rule policy information of the target network device includes:
linking the target network device through the Snmp protocol;
and reading the network rule strategy information of the target network equipment.
Preferably, the acquiring network rule policy information of the target network device includes:
and reading the network rule strategy information through an API (application program interface) of the target network equipment.
Preferably, the network rule policy information includes a routing policy, an ACL policy, and a NAT policy.
A network device performance analysis system, comprising:
the first acquisition module is used for acquiring network rule strategy information of the target network equipment;
the first storage module is used for storing the network rule strategy information into a Trie tree;
the first matching module is used for matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the acquired target performance analysis request to obtain a corresponding matching result;
the first division module is used for dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy;
the first generation module is used for combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network;
and the first analysis module is used for carrying out performance analysis on the target network equipment based on the forwarding graph.
A network device performance analysis device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the network device performance analysis method as described in any one of the above when executing the computer program.
A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the network device performance analysis method according to any one of the preceding claims.
The application provides a network equipment performance analysis method, which comprises the steps of obtaining network rule strategy information of target network equipment; storing the network rule strategy information into a Trie tree; matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained target performance analysis request to obtain a corresponding matching result; dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy; combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network; and performing performance analysis on the target network equipment based on the forwarding graph. The network equipment performance analysis method provided by the application stores the acquired network rule strategy information into a Trie tree, matches Trie nodes bit by bit according to quintuple in a target performance analysis request to obtain a matching result, so that the matching result corresponding to the quintuple can be quickly determined by means of the Trie tree, then the line matching result is divided into behavior identical sets with the same corresponding network rule strategies, the behavior identical sets and the network rule strategy information are combined into a forwarding graph, so that a transmission relation graph of network equipment corresponding to the quintuple in a network can be quickly determined, and finally the target network equipment is subjected to performance analysis based on the forwarding graph, so that the analysis efficiency can be improved. The network equipment performance analysis system, the network equipment performance analysis equipment and the computer readable storage medium solve the corresponding technical problems.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a first flowchart of a network device performance analysis method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a forwarding graph generated by a behavior identity set in an embodiment of the present application in practical application;
fig. 3 is a schematic diagram of a first structure of a network device performance analysis system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a network device performance analysis device according to an embodiment of the present application;
fig. 5 is another schematic structural diagram of a network device performance analysis device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a first flowchart of a network device performance analysis method according to an embodiment of the present disclosure.
The network device performance analysis method provided by the embodiment of the application can comprise the following steps:
step S101: and acquiring the network rule strategy information of the target network equipment.
In practical application, the network rule policy information of the target network device may be obtained first. The target network device referred to in the present application refers to a network device that is subjected to performance analysis, and the type of the target network device may be determined according to actual needs. The specific type of the Network rule policy information of the target Network device may also be determined according to actual needs, including but not limited to a routing policy, a Network Address Translation (NAT) policy, an Access Control List (ACL) policy, and the like.
In a specific application scenario, for a remote target network device, in order to conveniently obtain network rule policy information, a process of obtaining the network rule policy information of the target network device may specifically be: remotely linking a target network device; exporting a configuration file of the target network equipment in a file transmission mode; and analyzing the configuration file to obtain the network rule strategy information. Specifically, the network devices may be linked by Telnet or SSH protocols. The Telnet protocol related by the application is one of TCP/IP protocol families, is a standard protocol and a main mode of Internet remote login service, and provides a capability of completing remote host work on a local computer for a user; the Telnet program is used on the end user's computer, which is connected to the server, where the end user can input commands in the Telnet program, which will run on the server, and can control the server locally as if directly input on the server's console, Telnet being a commonly used method for remote control of Web servers. The SSH (Secure Shell) protocol is established by the network Group of IETF (network working Group); SSH is a security protocol established on the basis of an application layer, has high reliability, is specially used for providing security for remote login session and other network services, and can effectively prevent the problem of information leakage in the remote management process by utilizing the SSH protocol.
In a specific application scenario, in order to reduce resources consumed for obtaining the network rule policy information, the target network device may actively send the network rule policy information, and the process of obtaining the network rule policy information of the target network device may be: sending a Syslog protocol to target network equipment; and receiving the network rule strategy information sent by the target network equipment after responding to the Syslog protocol. The Syslog protocol, often referred to as system logging or system logging, is a standard for communicating log messages in an internet protocol (TCP/IP) network.
In a specific application scenario, in order to improve the efficiency of obtaining the network rule policy information, the process of obtaining the network rule policy information of the target network device may specifically be: the target Network equipment is linked through an Snmp (Simple Network Management Protocol) Protocol; and reading the network rule strategy information of the target network equipment. The simple network management protocol consists of a set of network management standards including an application layer protocol (application layer protocol), a database model (database schema) and a set of resource objects, and is capable of supporting a network management system for monitoring whether any devices connected to the network are of any regulatory concern, and is part of an Internet protocol cluster defined by the Internet Engineering Task Force (IETF).
In a specific application scenario, in order to simply and rapidly acquire the network rule policy information when the target network device is on site, the process of acquiring the network rule policy information of the target network device may specifically be: and reading the network rule strategy information through an API (application program interface) of the target network equipment.
In a specific application scenario, the Network rule policy information may include a routing policy, an Access Control List (ACL) policy, and a Network Address Translation (NAT) policy. NAT realizes mapping and inverse mapping between internal network IP address and external network IP address. The ACL is a list of instructions for router and switch interfaces that control the ingress and egress of packets to and from the ports.
Step S102: and storing the network rule strategy information into the Trie tree.
In practical application, after the network rule strategy information is obtained, the network rule strategy information can be stored in a Trie tree, and the network rule strategy information can be flexibly and quickly stored by means of the Trie tree. In computer science, a Trie tree, also called a prefix tree or a dictionary tree, is an ordered tree used for storing an associated array, wherein keys are usually character strings; a tree (English: tree) is an Abstract Data Type (ADT) or a data structure for realizing the same, and is used for simulating a data set with a tree structure property, wherein the data set is a set with a hierarchical relationship formed by n (n >0) finite nodes.
In a specific application scenario, the network rule policy information of the target network device may have various formats and may include information irrelevant to performance analysis, and these factors may make the structure of the Trie tree complex or unclear, and to solve this problem, the process of storing the network rule policy information into the Trie tree may specifically be: normalizing the network rule policy information into network rule policy information in a target format; converting the corresponding matching item of the network rule strategy information in the target format into a binary format; and storing the matching items in the binary format into the Trie tree, and storing the network rule strategy information in the target format into the corresponding lowest node in the Trie tree. The normalization process may be: converting the format of each network rule strategy information into a preset format; the definition of the corresponding matching item can be determined according to actual needs, and for an IP address, the corresponding matching item can be a mask, and for a port, the corresponding matching item can be a port number, etc.; the conversion of the respective matching items into binary format is to facilitate the saving of the respective matching items. Specifically, the structure of the Trie may be a ternary tree, and each node in the Trie has child nodes pointing to 0, 1.
Step S103: and matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the acquired target performance analysis request to obtain a corresponding matching result.
In practical application, after the network rule strategy information is stored in the Trie tree, a target performance analysis request can be obtained, the target performance analysis request carries a quintuple, and then the Trie nodes in the Trie tree can be matched bit by bit according to the quintuple and according to the sequence from the root node to the leaf node, so that a corresponding matching result is obtained; taking a root node in the Trie as a source IP address and leaf nodes as source ports as an example, assuming that one root node has three leaf nodes, the root node is the source IP address 103.120.124.142, and the three leaf nodes are respectively a source port a, a source port B and a source port C from left to right; the obtained source IP address in the quintuple is 103.120.124.142, the source port is B, and the process of matching the Trie node bit by bit according to the quintuple is as follows: matching a source IP address in the five-tuple with the root node to obtain the same result, and matching a source port in the five-tuple with the leftmost leaf node to obtain different results; and matching the source port in the five-tuple with the middle leaf node, wherein the result is the same, and the obtained matching result of the five-tuple is a branch consisting of the root node and the middle leaf node in the Trie tree. The data in each section is stored in a binary mode and matched bit by bit in the binary mode. If the source IP address 103.120.124.142 and the binary mode 01100111,01111000,01111100,10001110 are matched, traversing the Trie tree from high order to low order, and if the final child node can be reached, the matching is successful; otherwise, the matching fails. The source port data is treated the same, and it is assumed that three leaf nodes are respectively source port a, source port B and source port C from left to right, and their port ids are respectively port 1, port 2 and port 3, and after being converted into binary, they are 00000001, 00000010 and 00000011. We assume the source port in the five-tuple is port 3 and will exclude port 1 if it matches 0000001, then 00000011 excludes port 2 acknowledging port 3. If the source port in the five-tuple is port 4 and its binary value is 00000100, then when it matches to 000001, there is no subsequent path, and it can be determined that there is no match. The method can save storage space and ensure matching efficiency.
Since the network rule policy information includes information of the network device, the matching result also includes information of the corresponding network device and the network rule policy information. The five-tuple, to which this application refers, is a generic term that generally refers to source IP address, source port, destination IP address, destination port, and transport layer protocol.
Step S104: and according to the division rules with the same network rule strategy, dividing the matching result into corresponding behavior identical sets.
In practical application, after the matching result corresponding to the quintuple is obtained, the matching result can be divided into a corresponding number of behavior identity sets, and the network rule strategies of the matching result contained in each behavior identity set are the same.
Step S105: and combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network.
In practical application, after the behavior identity set is obtained, the behavior identity set and the corresponding network rule policy information can be combined to generate a forwarding graph of the behavior identity set in the network, that is, a data transmission relation graph of network devices with the same network rule policy information in the network, and the data transmission relation graph among the network devices can be clearly, accurately and quickly determined by means of the forwarding graph. Referring to fig. 2, fig. 2 is a schematic diagram of a forwarding graph generated by a behavior identity set in an embodiment of the present application in practical application, in fig. 2, a behavior identity set 1 includes three network nodes with the same network rule policy, which are a node 1, a node 2, and a node 3, respectively, and a next hop node 2 of the node 1, a next hop node 3 of the node 2 after performing NAT, and the node 3 executes ACL rejection; it is understood that the forwarding graph frames corresponding to different network rule policies are different, so that the corresponding forwarding graph frames can be obtained according to the network rule policy information of the same behavior set.
Step S106: and performing performance analysis on the target network equipment based on the forwarding graph.
In practical application, after the forwarding graph is generated, performance analysis can be performed on the target network device based on the forwarding graph.
The application provides a network equipment performance analysis method, which comprises the steps of obtaining network rule strategy information of target network equipment; storing the network rule strategy information into a Trie tree; matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained target performance analysis request to obtain a corresponding matching result; dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy; combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network; and performing performance analysis on the target network equipment based on the forwarding graph. The network equipment performance analysis method provided by the application stores the acquired network rule strategy information into a Trie tree, matches Trie nodes bit by bit according to quintuple in a target performance analysis request to obtain a matching result, so that the matching result corresponding to the quintuple can be quickly determined by means of the Trie tree, then the line matching result is divided into behavior identical sets with the same corresponding network rule strategies, the behavior identical sets and the network rule strategy information are combined into a forwarding graph, so that a transmission relation graph of network equipment corresponding to the quintuple in a network can be quickly determined, and finally the target network equipment is subjected to performance analysis based on the forwarding graph, so that the analysis efficiency can be improved.
In practical application, in order to ensure the security of target network equipment, security analysis needs to be performed on network rule strategy information, and the existing methods include a manual analysis method and a security analysis method based on equipment simulation; in the manual analysis method, for the network fault situation, the firewall with the configuration error is determined by manually checking through dichotomy by means of a ping tool, and the manual check on the strategy of the firewall has low efficiency and great difficulty; in the safety analysis method based on equipment simulation, the current network equipment is modeled, the routing information, ACL information and the like in the network equipment are recorded by extracting the configuration of the network equipment, the input of a data packet is simulated during troubleshooting, and the behavior of the equipment on the data packet is obtained by matching the data packet according to the information in the simulation equipment so as to judge whether the data packet can be reached. The network rule strategy analysis method provided by the application can be used for rapidly analyzing the security strategy.
The network device performance analysis method provided by the embodiment of the application can comprise the following steps:
acquiring network rule strategy information of target network equipment;
storing the network rule strategy information into a Trie tree;
matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the acquired strategy security analysis request to obtain a corresponding matching result;
dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy;
combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network;
judging whether a source node in a forwarding graph can reach a target node, if so, judging that the configuration of the network rule strategy information is correct; and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the node rejected by the ACL in the forwarding graph is wrong; and/or determining that a network rule strategy information configuration error of the network equipment corresponding to the non-target node of the next hop does not exist in the forwarding graph; and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the nodes on the loop in the forwarding graph is wrong.
In a specific application scenario, a determination process for determining whether the configuration of the network rule policy information is correct or incorrect can be flexibly determined or executed according to actual needs.
In practical application, with formal implementation of the network security law of the people's republic of China, the requirement of enterprises on network compliance is further enhanced. The audit method is divided according to different audit angles and implementation technologies, and the information security audit is divided into six categories of compliance audit, log audit, network behavior audit, host audit, application system audit and centralized operation and maintenance audit. As the number of network devices gradually increases, configuration information in the network increases willingly with the continuous change of service applications, so that access relationships are difficult to clear. The network operation and maintenance engineers of the enterprise can not deeply know the large-scale network, can not clear the access relation of each device in the current network, and is not beneficial to the security compliance of the enterprise for carrying out the network. The network equipment performance analysis method provided by the application can solve the problem.
The network device performance analysis method provided by the embodiment of the application can comprise the following steps:
acquiring network rule strategy information of target network equipment;
storing the network rule strategy information into a Trie tree;
matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained access relation audit request to obtain a corresponding matching result;
dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy;
combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network;
determining a real-time access relation of the target network equipment based on the forwarding graph;
and judging whether the real-time access relation is consistent with the preset access relation, if so, judging that the access relation of the target network equipment is in compliance, and if not, judging that the access relation of the target network equipment is not in compliance.
In practical application, due to the endless emergence of network threats, network security personnel consider how to prevent network attacks on the boundary and consider how to block the network in time after the boundary of the network is broken through, so as to reduce loss. To achieve this goal, network security personnel want to know how malware spreads in the current network after breaching the boundaries of the current network, which infects those devices, which in turn infect those devices. I.e., network security personnel, may wish to know the malware's path of travel and, even before devices become infected, they may know that those devices may become infected, blocking their path of infection prematurely. To address this need, existing solutions include traffic-based path analysis methods and hazardous traffic-based path analysis methods. In the flow-based path analysis method, path analysis is carried out by recording flow, and the mutual access relation between current network devices is judged according to the recorded flow by recording all the flow in the current network or sampling and recording the flow in the current network; however, in this method, traffic is not present and does not represent inaccessible, which does not predict some paths that may exist in the current network that are not being used. In the dangerous flow path analysis method, by identifying dangerous flow in the current network, namely flow used by malicious software infection, recording the dangerous flow, and according to the recorded dangerous flow, all infected devices in the current network and infected paths thereof can be found out; according to the method, the infected path can be obtained only after the network is infected, the loss can be stopped to a certain degree only after the current network is infected, the infected path in the current network cannot be predicted in advance, and the method can be reinforced in time and prevented from getting ill in the bud. The network equipment performance analysis method provided by the application can predict paths which may exist in the current network and are not used, and can predict paths which may be infected in the current network in advance.
The network device performance analysis method provided by the embodiment of the application can comprise the following steps:
acquiring network rule strategy information of target network equipment;
storing the network rule strategy information into a Trie tree;
matching Trie nodes in a Trie tree bit by bit according to the quintuple in the acquired software propagation path prediction request to obtain a corresponding matching result;
dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy;
combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network;
and traversing the forwarding graph to obtain a software propagation path prediction result.
Specifically, in order to improve the prediction effect, when the Trie tree nodes are matched based on the quintuple, other matching information may be added according to actual needs, for example, the Trie tree nodes are matched according to the quintuple and the propagation port.
The application also provides a network equipment performance analysis system, which has the corresponding effect of the network equipment performance analysis method provided by the embodiment of the application. Referring to fig. 3, fig. 3 is a first structural schematic diagram of a network device performance analysis system according to an embodiment of the present disclosure.
The network device performance analysis system provided by the embodiment of the application may include:
a first obtaining module 101, configured to obtain network rule policy information of a target network device;
the first saving module 102 is configured to save the network rule policy information into a Trie tree;
the first matching module 103 is configured to match, bit by bit, Trie nodes in a Trie according to the quintuple in the obtained target performance analysis request, and obtain a corresponding matching result;
the first dividing module 104 is configured to divide the matching result into corresponding behavior identity sets according to the dividing rules with the same network rule policy;
a first generating module 105, configured to combine the behavior identity set and the corresponding network rule policy information to generate a forwarding graph of the behavior identity set in the network;
and a first analysis module 106, configured to perform performance analysis on the target network device based on the forwarding graph.
In the network device performance analysis system provided by the embodiment of the present application, the target performance analysis request may include a policy security analysis request;
accordingly, the first analysis module may comprise:
the first analysis unit is used for judging whether the source node in the forwarding graph can reach the target node, and if so, judging that the configuration of the network rule strategy information is correct; and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the node rejected by the ACL in the forwarding graph is wrong; and/or determining that a network rule strategy information configuration error of the network equipment corresponding to the non-target node of the next hop does not exist in the forwarding graph; and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the nodes on the loop in the forwarding graph is wrong.
In the network device performance analysis system provided by the embodiment of the application, the target performance analysis request may include an access relation audit request;
accordingly, the first analysis module may comprise:
the first determining unit is used for determining the real-time access relation of the target network equipment based on the forwarding graph;
and the first judgment unit is used for judging whether the real-time access relation is consistent with the preset access relation or not, judging that the access relation of the target network equipment is in compliance if the real-time access relation is consistent with the preset access relation, and judging that the access relation of the target network equipment is not in compliance if the real-time access relation is not consistent with the preset access relation.
In the network device performance analysis system provided by the embodiment of the application, the target performance analysis request may include a software propagation path prediction request;
accordingly, the first analysis module may comprise:
and the first traversal unit is used for traversing the forwarding graph to obtain a software propagation path prediction result.
In an embodiment of the present application, a network device performance analysis system, a first saving module may include:
the first conversion unit is used for normalizing the network rule strategy information into network rule strategy information in a target format;
the second conversion unit is used for converting the corresponding matching item of the network rule strategy information in the target format into a binary format;
and the first storage unit is used for storing the matching items in the binary format into the Trie tree and storing the network rule strategy information in the target format into the corresponding lowest node in the Trie tree.
In an embodiment of the present application, a network device performance analysis system, a first obtaining module may include:
a first linking unit for remotely linking a target network device;
the first exporting unit is used for exporting the configuration file of the target network equipment in a file transmission mode;
and the first analysis unit is used for analyzing the configuration file to obtain the network rule strategy information.
In an embodiment of the present application, a network device performance analysis system, a first obtaining module may include:
the first sending unit is used for sending the Syslog protocol to the target network equipment;
the first receiving unit is used for receiving the network rule strategy information sent by the target network equipment after responding to the Syslog protocol.
In an embodiment of the present application, a network device performance analysis system, a first obtaining module may include:
the second linking unit is used for linking the target network equipment through the Snmp protocol;
the first reading unit is used for reading the network rule strategy information of the target network equipment.
In an embodiment of the present application, a network device performance analysis system, a first obtaining module may include:
and the second reading unit is used for reading the network rule strategy information through the API of the target network equipment.
In the system for analyzing network device performance provided by the embodiment of the present application, the network rule policy information includes a routing policy, an ACL policy, and an NAT policy.
The application also provides a network device performance analysis device and a computer readable storage medium, which both have the corresponding effects of the network device performance analysis method provided by the embodiment of the application. Referring to fig. 4, fig. 4 is a schematic structural diagram of a network device performance analysis device according to an embodiment of the present disclosure.
The network device performance analysis device provided by the embodiment of the application may include:
a memory 201 for storing a computer program;
a processor 202 for implementing the steps of the network device performance analysis method as described in any of the above embodiments when executing the computer program stored in the memory 201.
Referring to fig. 5, another network device performance analysis device provided in the embodiment of the present application may further include: an input port 203 connected to the processor 202, for transmitting externally input commands to the processor 202; a display unit 204 connected to the processor 202, for displaying the processing result of the processor 202 to the outside; and the communication module 205 is connected with the processor 202 and is used for realizing the communication between the network equipment performance analysis equipment and the outside world. The display unit 204 may be a display panel, a laser scanning display, or the like; the communication method adopted by the communication module 205 includes, but is not limited to, mobile high definition link technology (HML), Universal Serial Bus (USB), High Definition Multimedia Interface (HDMI), and wireless connection: wireless fidelity technology (WiFi), bluetooth communication technology, bluetooth low energy communication technology, ieee802.11s based communication technology. In addition, another network device performance analysis device provided in this embodiment of the present application may further include an adaptation layer, an access layer, and an algorithm layer, where the adaptation layer is configured to obtain network rule policy information of a target network device, the access layer is configured to introduce the network policy rule information into the algorithm layer, and the algorithm layer is configured to store the network rule policy information into a Trie tree, process the network rule policy information, and the like; there may of course also be firewalls, routers, two/three tier switches, etc.
A computer-readable storage medium is provided in an embodiment of the present application, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the network device performance analysis method described in any of the above embodiments are implemented.
The computer-readable storage media to which this application relates include Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage media known in the art.
For a description of a relevant part in a network device performance analysis system, a device and a computer readable storage medium provided in the embodiments of the present application, refer to a detailed description of a corresponding part in a network device performance analysis method provided in the embodiments of the present application, which is not described herein again. In addition, parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of corresponding technical solutions in the prior art, are not described in detail so as to avoid redundant description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (13)
1. A method for analyzing network device performance, comprising:
acquiring network rule strategy information of target network equipment;
storing the network rule strategy information into a Trie tree;
matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the obtained target performance analysis request to obtain a corresponding matching result;
dividing the matching result into corresponding behavior identical sets according to the division rules with identical network rule strategies;
combining the behavior identity set with corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in a network;
and performing performance analysis on the target network equipment based on the forwarding graph.
2. The method of claim 1, wherein the target performance analysis request comprises a policy security analysis request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
judging whether a source node in the forwarding graph can reach a target node, if so, judging that the network rule strategy information is correctly configured;
and/or determining that the configuration of the network rule policy information of the network equipment corresponding to the node rejected by the ACL in the forwarding graph is wrong;
and/or determining that a network rule strategy information configuration error of the network equipment corresponding to the non-target node of the next hop does not exist in the forwarding graph;
and/or determining that the configuration of the network rule strategy information of the network equipment corresponding to the nodes on the loop in the forwarding graph is wrong.
3. The method of claim 1, wherein the target performance analysis request comprises an access relationship audit request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
determining a real-time access relationship of the target network device based on the forwarding graph;
and judging whether the real-time access relation is consistent with a preset access relation or not, if so, judging that the access relation of the target network equipment is in compliance, and if not, judging that the access relation of the target network equipment is not in compliance.
4. The method of claim 1, wherein the target performance analysis request comprises a software propagation path prediction request;
the analyzing the performance of the target network device based on the forwarding graph comprises:
and traversing the forwarding graph to obtain a software propagation path prediction result.
5. The method according to any one of claims 1 to 4, wherein the saving the network rule policy information into the Trie tree comprises:
normalizing the network rule policy information into network rule policy information in a target format;
converting the corresponding matching item of the network rule strategy information in the target format into a binary format;
and storing the matching items in the binary format into the Trie tree, and storing the network rule strategy information in the target format into the corresponding lowest node in the Trie tree.
6. The method of claim 5, wherein the obtaining network rule policy information of the target network device comprises:
remotely linking the target network device;
exporting the configuration file of the target network equipment in a file transmission mode;
and analyzing the configuration file to obtain the network rule strategy information.
7. The method of claim 5, wherein the obtaining network rule policy information of the target network device comprises:
sending a Syslog protocol to the target network device;
and receiving the network rule strategy information sent by the target network equipment after responding to the Syslog protocol.
8. The method of claim 5, wherein the obtaining network rule policy information of the target network device comprises:
linking the target network device through the Snmp protocol;
and reading the network rule strategy information of the target network equipment.
9. The method of claim 5, wherein the obtaining network rule policy information of the target network device comprises:
and reading the network rule strategy information through an API (application program interface) of the target network equipment.
10. The method of claim 5, wherein the network rule policy information comprises routing policies, ACL policies, NAT policies.
11. A network device performance analysis system, comprising:
the first acquisition module is used for acquiring network rule strategy information of the target network equipment;
the first storage module is used for storing the network rule strategy information into a Trie tree;
the first matching module is used for matching the Trie nodes in the Trie tree bit by bit according to the quintuple in the acquired target performance analysis request to obtain a corresponding matching result;
the first division module is used for dividing the matching result into corresponding behavior identity sets according to the division rules with the same network rule strategy;
the first generation module is used for combining the behavior identity set and the corresponding network rule strategy information to generate a forwarding graph of the behavior identity set in the network;
and the first analysis module is used for carrying out performance analysis on the target network equipment based on the forwarding graph.
12. A network device performance analysis device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the network device performance analysis method according to any one of claims 1 to 10 when executing the computer program.
13. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the network device performance analysis method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910193980.4A CN111698110B (en) | 2019-03-14 | 2019-03-14 | Network equipment performance analysis method, system, equipment and computer medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910193980.4A CN111698110B (en) | 2019-03-14 | 2019-03-14 | Network equipment performance analysis method, system, equipment and computer medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111698110A true CN111698110A (en) | 2020-09-22 |
| CN111698110B CN111698110B (en) | 2023-07-18 |
Family
ID=72474482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910193980.4A Active CN111698110B (en) | 2019-03-14 | 2019-03-14 | Network equipment performance analysis method, system, equipment and computer medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111698110B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114650187A (en) * | 2022-04-29 | 2022-06-21 | 深信服科技股份有限公司 | Abnormal access detection method and device, electronic equipment and storage medium |
| CN114822077A (en) * | 2022-06-27 | 2022-07-29 | 深圳市奇见科技有限公司 | Scheduling management system of intelligent stereo garage |
| CN115514501A (en) * | 2021-06-03 | 2022-12-23 | 中国移动通信集团四川有限公司 | Method and device for blocking network attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1439985A (en) * | 2002-02-20 | 2003-09-03 | 华北计算机系统工程研究所 | Method for improving fire wall performance |
| CN102437950A (en) * | 2011-11-08 | 2012-05-02 | 西安电子科技大学 | High efficient and extensible IP data packet classification method |
| KR20140098671A (en) * | 2012-12-03 | 2014-08-08 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Policy processing method and network device |
| CN105721297A (en) * | 2016-01-28 | 2016-06-29 | 北京国电通网络技术有限公司 | Routing loop detecting method and system based on SDN |
| CN107005555A (en) * | 2014-12-02 | 2017-08-01 | Nicira股份有限公司 | The distributed fire wall of context-aware |
| CN108399152A (en) * | 2018-02-06 | 2018-08-14 | 中国科学院信息工程研究所 | Compression expression method, system, storage medium and the rule match device of digital search tree |
-
2019
- 2019-03-14 CN CN201910193980.4A patent/CN111698110B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1439985A (en) * | 2002-02-20 | 2003-09-03 | 华北计算机系统工程研究所 | Method for improving fire wall performance |
| CN102437950A (en) * | 2011-11-08 | 2012-05-02 | 西安电子科技大学 | High efficient and extensible IP data packet classification method |
| KR20140098671A (en) * | 2012-12-03 | 2014-08-08 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Policy processing method and network device |
| CN107005555A (en) * | 2014-12-02 | 2017-08-01 | Nicira股份有限公司 | The distributed fire wall of context-aware |
| CN105721297A (en) * | 2016-01-28 | 2016-06-29 | 北京国电通网络技术有限公司 | Routing loop detecting method and system based on SDN |
| CN108399152A (en) * | 2018-02-06 | 2018-08-14 | 中国科学院信息工程研究所 | Compression expression method, system, storage medium and the rule match device of digital search tree |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514501A (en) * | 2021-06-03 | 2022-12-23 | 中国移动通信集团四川有限公司 | Method and device for blocking network attack |
| CN114650187A (en) * | 2022-04-29 | 2022-06-21 | 深信服科技股份有限公司 | Abnormal access detection method and device, electronic equipment and storage medium |
| CN114650187B (en) * | 2022-04-29 | 2024-02-23 | 深信服科技股份有限公司 | Abnormal access detection method and device, electronic equipment and storage medium |
| CN114822077A (en) * | 2022-06-27 | 2022-07-29 | 深圳市奇见科技有限公司 | Scheduling management system of intelligent stereo garage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111698110B (en) | 2023-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019216687B2 (en) | Path scanning for the detection of anomalous subgraphs and use of DNS requests and host agents for anomaly/change detection and network situational awareness | |
| US10079846B2 (en) | Domain name system (DNS) based anomaly detection | |
| Barbosa et al. | Flow whitelisting in SCADA networks | |
| US8844041B1 (en) | Detecting network devices and mapping topology using network introspection by collaborating endpoints | |
| Hamza et al. | Verifying and monitoring iots network behavior using mud profiles | |
| US9100363B2 (en) | Automatically recommending firewall rules during enterprise information technology transformation | |
| US10567384B2 (en) | Verifying whether connectivity in a composed policy graph reflects a corresponding policy in input policy graphs | |
| US20220086070A1 (en) | Apparatus and process for monitoring network behaviour of internet-of-things (iot) devices | |
| Khakpour et al. | Quantifying and querying network reachability | |
| CN111698110B (en) | Network equipment performance analysis method, system, equipment and computer medium | |
| Qiu et al. | Global Flow Table: A convincing mechanism for security operations in SDN | |
| Liu et al. | Quantifying and verifying reachability for access controlled networks | |
| Basile et al. | Inter‐function anomaly analysis for correct SDN/NFV deployment | |
| Yousefi et al. | A novel approach for analysis of attack graph | |
| Frankowski et al. | Application of the Complex Event Processing system for anomaly detection and network monitoring | |
| Zhang et al. | Towards verifiable performance measurement over in-the-cloud middleboxes | |
| Mavrakis | Passive asset discovery and operating system fingerprinting in industrial control system networks | |
| Wang et al. | Epinoia: Intent checker for stateful networks | |
| Clincy et al. | Detection of anomaly in firewall rule-sets | |
| Din et al. | Anomaly free on demand stateful software defined firewalling | |
| Albadri | Development of a network packet sniffing tool for internet protocol generations | |
| Ahmadon et al. | Detection and update method for attack behavior models in intrusion detection systems | |
| Acosta et al. | Survivability prediction of ad hoc networks under attack | |
| Purohit et al. | The Impact of ICMP Attacks in Software-Defined Network Environments | |
| Hadem et al. | I-SMITE: an IP traceback mechanism for inter-AS SDN networks using BGP |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |