CN112311816B - Initialization method and reset method for virtual and real combined network target range environment - Google Patents

Initialization method and reset method for virtual and real combined network target range environment Download PDF

Info

Publication number
CN112311816B
CN112311816B CN202011612811.9A CN202011612811A CN112311816B CN 112311816 B CN112311816 B CN 112311816B CN 202011612811 A CN202011612811 A CN 202011612811A CN 112311816 B CN112311816 B CN 112311816B
Authority
CN
China
Prior art keywords
network
network equipment
configuration
type
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011612811.9A
Other languages
Chinese (zh)
Other versions
CN112311816A (en
Inventor
傅涛
郭超
郭金辉
张冠阳
付荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co ltd
Original Assignee
Bozhi Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bozhi Safety Technology Co ltd filed Critical Bozhi Safety Technology Co ltd
Priority to CN202011612811.9A priority Critical patent/CN112311816B/en
Publication of CN112311816A publication Critical patent/CN112311816A/en
Application granted granted Critical
Publication of CN112311816B publication Critical patent/CN112311816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • G06F9/4451User profiles; Roaming
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses an initialization method and a reset method for a virtual-real combined network target range environment, which comprise the following steps: determining each network equipment network element in a scene needing to be constructed in a network target range; setting initialization parameters of each network equipment network element; initializing parameters including type, whether a specified configuration starting file needs to be loaded or not and topological relation; the appointed configuration starting file is automatically generated by a network equipment network element of a network configuration manufacturer related in the scene; the types comprise virtualized network equipment and instantiated network equipment; and judging the type of each network element of the network equipment, and initializing a network target range according to the type and other initialization parameters. According to the method and the device, the configuration examples of different scenes are separated from the basic mirror image and the version of the network equipment, the configuration starting file is flexibly loaded based on the scenes to meet the requirements of constructing and resetting the network shooting range environment, and the defects that the network shooting range environment occupies a large disk space, the materialized scenes are solidified and manual intervention for resetting in the prior art can be effectively overcome.

Description

Initialization method and reset method for virtual and real combined network target range environment
Technical Field
The invention relates to the technical field of information security, in particular to an initialization method and a reset method of a network shooting range environment, and particularly relates to an initialization method and a reset method of a network shooting range environment based on a virtual-real combination technology.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. However, the global network security situation is severe, the network security events with infinite layers are frequent, and in the increasingly complex and huge network structures, any industry cannot be fortunate under the increasingly abusive network attacks. Whether the military is used for military training and tactical strategy of network space, or response practice of public service industry for coping with network attacks, or performance and safety test evaluation are ensured before key capital construction comes on line, large-scale network safety target range support based on virtual-real combined technology high simulation is not left.
In the process of simulating network attack and defense drilling, the environment of the network safety shooting range is quickly constructed and restored, and the method is the common requirement and the rigidity requirement of various industries on network shooting range products. However, the initialization construction method and the fast reset method after being attacked for the network device in the network target range environment at present have the following disadvantages:
aiming at the initialization construction of virtual network equipment in the current network shooting range environment, a method of generating a snapshot after virtual machine loading configuration is generally adopted; for attack reset of a virtualized network device, a method of reloading a virtual machine snapshot is generally adopted. In a virtual-real combined network shooting range environment, a large number of disk spaces of storage engines are required to be occupied to store virtualized image files in different scenes.
Aiming at the initialization construction of materialized network equipment in the current network target range environment, a set of materialized equipment is generally adopted to solidify a network attack and defense scene; for attack reset of the materialized network device, a method of power-off restart after being attacked is generally adopted. In the virtual-real combined network shooting range environment, on one hand, a large amount of funds are needed to purchase the materialized equipment, and on the other hand, manual intervention is needed for attack reset of the materialized equipment.
Disclosure of Invention
The present application aims to provide an initialization method and a reset method for a virtual-real combined network shooting range environment, so as to solve the technical problems in the background art.
A first embodiment of the present invention provides a method for initializing a virtual-real combined network shooting range environment, including:
determining each network equipment network element in a scene needing to be constructed in a network target range;
setting initialization parameters of each network element of the network equipment; the initialization parameters comprise types, whether a specified configuration starting file needs to be loaded or not and a topological relation; the appointed configuration starting file is automatically generated by a network equipment network element of a network configuration manufacturer related in the scene; the types comprise virtualized network equipment and instantiated network equipment;
and judging the type of each network element of the network equipment, and initializing the network target range according to the type and other initialization parameters.
Preferably, the setting of the initialization parameter of each network element of the network device specifically includes:
setting the type of each network element of the network equipment, wherein the type comprises virtualized network equipment and materialized network equipment, and when the type is the virtualized network equipment, setting a mirror image loaded when the virtualized network equipment is started;
setting whether a specified configuration starting file needs to be loaded or not when each network equipment network element is started, wherein the specified configuration starting file is automatically generated by the network equipment network element of the network configuration manufacturer related to the scene and is stored in a configuration management center of the network equipment network element;
and setting the topological relation among the network elements of the network equipment.
Preferably, the type of each network element of the network device is determined, and the network target range is initialized according to the type and other initialization parameters, specifically:
judging the type of each network element of the network equipment, starting the mirror image of the virtualized network equipment when the type is the virtualized network equipment, judging the type of the mirror image, loading a configuration start file through a corresponding port according to the type of the mirror image, and finishing the initialization of a network target range scene;
when the type is the materialized network equipment, directly loading a configuration starting file to finish the initialization of the network shooting range scene;
the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file.
Preferably, when the type is a virtualized network device, the mirror image of the virtualized network device is started, specifically:
when the type is the virtualized network equipment, starting the mirror image of the virtualized network equipment through a virtualization technology, and mapping the serial port of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment.
Preferably, the virtualization technology comprises OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker.
Preferably, the determining the type of the mirror image, and loading a configuration boot file through a corresponding port according to the type of the mirror image specifically include:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the virtualization network equipment is connected with the host machine through the serial port, and configuration starting files are loaded from the host machine;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
Preferably, the virtualized network device is connected to the host through the serial port, and loads a configuration start file from the host, specifically:
the virtualization network equipment is connected with the host machine through the serial port;
judging whether the current virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the current virtual network equipment, and storing the specified configuration starting file in a configuration starting file storage path of the current virtual network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
Preferably, when the type is the materialized network device, the configuration boot file is directly loaded, specifically:
when the type is the materialized network equipment, judging whether the materialized network equipment has a serial port, if so, connecting other materialized network equipment in the topological relation through the serial port; if not, connecting other materialized network equipment in the topological relation through the management port.
Preferably, after the determining whether the instantiated network device has a serial port, the method further includes:
judging whether the materialized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the materialized network equipment through a management port of the materialized network equipment; and if not, loading a default configuration starting file through an external interface of the current materialized network equipment.
The second embodiment of the invention provides a virtual-real combined network shooting range environment resetting method, which is executed to reset the network shooting range after the network shooting range is attacked.
Compared with the prior art, the initialization method and the reset method of the virtual and real combined network shooting range environment have the following beneficial effects:
according to the method and the device, the configuration examples of different scenes are separated from the basic mirror image and the version of the network equipment, the configuration starting file is flexibly loaded based on the scenes to meet the requirements of constructing and resetting the network shooting range environment, and the defects that the network shooting range environment occupies a large disk space, the materialized scenes are solidified and manual intervention for resetting in the prior art can be effectively overcome. The method is characterized in that a starting network device mirror image is adopted for the virtualization network device, a configuration starting file of a specific scene is loaded through a serial port, a management port and a container command line interface to initialize and reset a network target range scene, a storage engine only stores a device manufacturer basic mirror image file, and the disk space occupied by the storage engine is reduced. The method comprises the steps that a starting network device version is adopted for the materialized network device, a configuration starting file of a specific scene is loaded through a serial port and a management port to generate a network shooting range scene, the materialized device initializes different network shooting range scenes through different configuration starting files, and the reusability of the materialized network device is improved. The starting network equipment version is adopted for the materialized network equipment, the serial port connection and the configuration are not influenced even if the network target range is attacked, the configuration starting file of the scene is reloaded through the serial port or the management port to reset the network target range scene, and the rapid resetting of the network target range scene is achieved.
The method and the system support the initialization and the reset of the pure virtualization network shooting range environment, the initialization and the reset of the pure materialization network shooting range environment, and the initialization and the reset of the virtual and real combined network shooting range environment.
Drawings
FIG. 1 is a flow chart of the initialization method of the virtual-real combined network shooting range environment of the present invention;
FIG. 2 is a general flow chart of an embodiment of the present invention;
FIG. 3 is a block diagram of a virtual-real combined network shooting range structure according to an embodiment of the present invention;
FIG. 4 is a flowchart of an embodiment of automatically generating a configuration boot file;
FIG. 5 is a flow chart of scheduling a network shooting range scenario in accordance with an embodiment of the present invention;
fig. 6 is a flowchart of an automatic initialization network range scene and an automatic reset network range scene according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
The present invention will be described in detail with reference to examples, but the present invention is not limited to these examples.
Fig. 1 is a flowchart of an initialization method for virtual-real combined network shooting range environment according to the present invention.
The initialization method of the virtual-real combined network shooting range environment of the first embodiment of the invention comprises the following steps:
step 1, determining each network equipment network element in a scene needing to be constructed in a network target range;
step 2, setting initialization parameters of network elements of each network device; initializing parameters including type, whether a specified configuration starting file needs to be loaded or not and topological relation; the appointed configuration starting file is automatically generated by a network equipment network element of a network configuration manufacturer related in the scene; the types comprise virtualized network equipment and instantiated network equipment, and the steps specifically comprise:
setting the type of each network element of the network equipment, wherein the type comprises virtualized network equipment and materialized network equipment, and when the type is the virtualized network equipment, setting a mirror image loaded when the virtualized network equipment is started;
setting whether a specified configuration starting file needs to be loaded or not when each network equipment network element is started, wherein the specified configuration starting file is automatically generated by the network equipment network element of the network configuration manufacturer related to the scene and is stored in a configuration management center of the network equipment network element;
and setting the topological relation among the network elements of the network equipment.
Step 3, judging the type of each network element of the network equipment, and initializing the network target range according to the type and other initialization parameters, specifically:
step 3.1, judging the type of each network element of the network equipment, starting the mirror image of the virtualized network equipment when the type is the virtualized network equipment, judging the type of the mirror image, loading a configuration starting file through a corresponding port according to the type of the mirror image, and finishing the initialization of the network target range scene; wherein the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file. The method comprises the following steps:
when the type is the virtualized network device, starting a mirror image of the virtualized network device, specifically:
when the type is the virtualized network equipment, starting the mirror image of the virtualized network equipment through a virtualization technology, and mapping the serial port of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment. Preferably, the virtualization technology comprises OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker.
The determining the type of the mirror image, and loading a configuration boot file through a corresponding port according to the type of the mirror image specifically include:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the virtualization network equipment is connected with the host machine through the serial port, and configuration starting files are loaded from the host machine;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
The virtualization network device in the application is connected with the host machine through the serial port, and loads the configuration starting file from the host machine, and the configuration starting file specifically comprises the following steps:
the virtualization network equipment is connected with the host machine through the serial port;
judging whether the current virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the current virtual network equipment, and storing the specified configuration starting file in a configuration starting file storage path of the current virtual network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
3.2, when the type is the materialized network equipment, directly loading a configuration starting file to finish the initialization of the network shooting range scene; the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file. The method comprises the following steps:
when the type is the materialized network equipment, judging whether the materialized network equipment has a serial port, if so, connecting other materialized network equipment in the topological relation through the serial port; if not, connecting other materialized network equipment in the topological relation through the management port.
After the judging whether the materialized network device has the serial port, the method further comprises the following steps:
judging whether the materialized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the materialized network equipment through a management port of the materialized network equipment; and if not, loading a default configuration starting file through an external interface of the current materialized network equipment.
The second embodiment of the invention provides a virtual-real combined network shooting range environment resetting method, which is executed to reset the network shooting range after the network shooting range is attacked.
The present application will be described in detail below with specific examples.
The general flow of this embodiment is shown in fig. 2, and the block diagram of the virtual-real combined network shooting range structure of this embodiment is shown in fig. 3.
The initialization method and the reset method of the virtual-real combined network shooting range environment in the embodiment are as follows:
1. the automatic generation of the configuration start file, the flow chart of which is shown in fig. 4, includes:
s1.1, judging a network equipment manufacturer, comprising:
and arranging proper network equipment manufacturers according to the scenes required to be constructed in the network target range. Including but not limited to routers, switches, base stations, core networks, firewalls, and the like. The network equipment manufacturers comprise, but are not limited to, Cisco, Nokia, Ericsson, Pabo and the like of foreign manufacturers, and Huashi, Zhongxing, Xinhua san, beacon fire, Sharp and the like of domestic manufacturers.
S1.2, automatically generating a configuration starting file based on different manufacturer equipment, comprising the following steps:
and automatically generating a corresponding configuration starting file according to the selected network configuration manufacturer in the network target range scene. The automatic generation of the corresponding configuration start file refers to automatic generation of the end-to-end attribute description of the network connection based on the scene.
2. The network shooting range scene is programmed, and the flow chart is shown in figure 5, and comprises the following steps:
s2.1, arranging a single network equipment network element, comprising:
and sequentially arranging the network elements of the single network equipment according to the scenes required to be constructed in the network target range. The network element of the network equipment refers to the smallest unit which can be monitored and managed in network management.
S2.2, specifying the type and the mirror image of the network equipment, comprising the following steps:
the type and mirroring of a network device is specified for a single network device network element. The network device types comprise virtualized network devices and instantiated network devices. The network device mirror image refers to a mirror image file which is started and loaded by the virtual network device.
S2.3, whether the configuration starting file is loaded or not is specified, and the method comprises the following steps:
and aiming at a single network equipment network element, whether the configuration starting file is loaded during initialization is specified. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S2.4, arranging the relationship between network elements of the network equipment, comprising the following steps:
and arranging the topological relation among network elements of the network equipment according to the scene required to be constructed in the network target range. The topological relation refers to the spatial connection and adjacency relation between the graphic elements, and does not consider the specific position, including but not limited to topological adjacency, topological relation, topological inclusion and the like.
3. The flow chart of the automatic initialization network range scene and the automatic reset network range scene is shown in figure 6, and comprises the following steps:
s3.1, judging the network element type of the network equipment, comprising the following steps:
and judging the type of the network element of the network equipment according to the network element of each network equipment involved in the scheduling of the network target range scene. The network element types comprise virtualized network equipment and instantiated network equipment.
S3.2, virtualizing network equipment, comprising:
the current network equipment network element belongs to the virtualized network equipment.
S3.3, starting the network equipment mirror image, comprising the following steps:
the network element of the current network equipment belongs to the virtualized network equipment, the network equipment mirror image is started through the virtualization technology, and the serial port mapping of the virtualized network equipment is carried out. The virtualization technology includes but is not limited to OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker, etc. The serial port mapping means that the serial port of the virtualized network device is mapped to a specific port of a host machine through a virtualization technology, and the port of the host machine can be connected through a terminal simulation program to access the serial port of the virtualized network device. The serial port refers to a Console port of the network device, and is generally directly connected to a serial port of a computer by using a Console cable, and the network device is configured locally by using a terminal simulation program. And the serial port mapping ports are uniformly distributed and managed by a virtual-real combined engine.
S3.4, judging the mirror image type of the network equipment, comprising the following steps:
and judging the type of the mirror image of the current network equipment to be started. The network device image types include, but are not limited to, Qemu, IoL, Dynamips, Docker, and the like.
S3.5, Qemu/IoL/Dynamips, comprising:
the image type of the current network equipment belongs to the image file format supported by Qemu, IoL and Dynamips.
S3.6, connecting the network equipment through a serial port, comprising:
the serial port of the materialized network equipment is accessed by connecting the specified port mapped by the port of the serial management center through the terminal simulation program, the serial port of the virtualized network equipment is accessed by connecting the specified port mapped by the port of the host machine through the terminal simulation program, and the current network equipment can be configured by the serial port connection. Even if the management surface of the network target range is attacked, serial connection and configuration are not affected, and successful initialization and resetting of the network target range scene can be guaranteed through serial connection of network equipment.
S3.7, loading a specified configuration starting file, comprising the following steps:
and judging whether the current network equipment needs to load the specified configuration starting file or not. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S3.8, downloading/uploading the configuration starting file through the management port, comprising the following steps:
the current network equipment needs to load the appointed configuration starting file, and obtains a configuration starting file storage path from the configuration management center to the current network equipment through the management port. If the management port and the configuration management center are not reachable for multiple times, the current virtualized network device is restarted and connection is retried, and the situation that the connection of the management port is unavailable after the management surface of the network device is attacked is prevented. The configuration management center refers to a module providing management functions of uploading, storing, downloading and the like of configuration starting files, and includes but is not limited to an FTP server, a TFTP server, an SFTP server and a WEB server. The management port refers to a management interface of a network device, including but not limited to a Mgmt port and other interfaces that configure network accessibility and enable management plane functions. The management plane functions include, but are not limited to, Telnet, SSH, FTP, TFTP, SFTP, WEB, SNMP, Netconf, etc.
S3.9, loading the specified configuration starting file, including:
and loading a specified configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.10, Docker, comprising:
the image type of the current network device belongs to the image file format supported by Docker.
S3.11, loading a specified configuration starting file, comprising the following steps:
and judging whether the current network equipment needs to load the specified configuration starting file or not. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S3.12, copying/mapping the configuration boot file through a Docker command, comprising the following steps:
the current network device needs to load a specified configuration boot file, obtain the configuration boot file from the configuration management center through a container Command Line (CLI) interface, and copy or map the configuration boot file to a configuration boot file storage path of the current network device. If the management port and the configuration management center are not reachable for multiple times, the current virtualized network device is restarted and connection is retried, and the situation that the connection of the management port is unavailable after the management surface of the network device is attacked is prevented. The configuration management center refers to a module providing management functions of uploading, storing, downloading and the like of configuration starting files, and includes but is not limited to an FTP server, a TFTP server, an SFTP server and a WEB server. The management port refers to a management interface of a network device, including but not limited to a Mgmt port and other interfaces that configure network accessibility and enable management plane functions.
S3.13, loading a default configuration starting file, comprising the following steps:
and loading a default configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.14, loading a default configuration starting file, comprising the following steps:
and loading a default configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.15, the materialized network equipment comprises:
the network element of the current network equipment belongs to the materialized network equipment, the serial port of the materialized network equipment is connected to the serial port management center, and the management port is connected to the exchange management center. The serial port management center refers to a port which can be connected and configured with the current network equipment after accessing the mapping of the serial port management center, and the serial port management center comprises but is not limited to a serial server and the like. The switching management center refers to a computer networking management center which effectively manages spatial information and metadata thereof in different ranges and fields and provides directory information, metadata information, information addresses and the like of the spatial information for information demanders, and the computer networking management center comprises but is not limited to an Ethernet switch and the like.
S3.16, the network equipment has a serial port, and the method comprises the following steps:
the network element of the current network equipment belongs to the materialized network equipment, and whether the serial port exists in the network equipment is judged. The serial port refers to a Console port of the network device, and is generally directly connected to a serial port of a computer by using a Console cable, and the network device is configured locally by using a terminal simulation program. And the serial port mapping ports are uniformly distributed and managed by a virtual-real combined engine.
S3.17, connecting the network equipment through the management port, comprising:
the terminal emulation program is connected with a management port of the network equipment, and the current network equipment can be configured through the connection of the management port.
Further, the method for automatically initializing the network target range scene and automatically resetting the network target range scene is different in that the configuration starting file during the scene initialization is the configuration starting file specified by the un-started scene, and the configuration starting file during the scene resetting is the configuration starting file specified by the currently started scene.
It should be appreciated that the essence of the embodiment of the present invention is to separate the configuration instances of different scenarios from the basic image and version of the network device, and flexibly load the configuration boot file based on the scenarios to satisfy the construction and reset of the network shooting range environment. The method in the embodiment of the invention not only supports the initialization and the reset of the pure virtualization network shooting range environment, but also supports the initialization and the reset of the pure materialization network shooting range environment, and also supports the initialization and the reset of the virtual-real combined network shooting range environment.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like.
The invention can solve the problem that the virtualized image file in the network shooting range environment occupies large disk space. Aiming at the virtualized network equipment, starting a network equipment mirror image, loading a configuration starting file of a specific scene through a serial port, a management port and a container command line interface to initialize and reset a network target range scene, wherein a storage engine only needs to store a basic mirror image file of an equipment manufacturer, and the disk space occupied by the storage engine is greatly reduced; the problem of network target range environment materialization network equipment materialization scene solidification can be solved. Aiming at the materialized network equipment, a network equipment starting version is adopted, a configuration starting file of a specific scene is loaded through a serial port and a management port to generate a network shooting range scene, and the materialized equipment can initialize different network attack and defense scenes through different configuration starting files, so that the reusability of the materialized network equipment is greatly increased, and the hardware cost of the network shooting range is reduced; the problem that the network equipment needs manual intervention for resetting in the materialized network environment of the network target range can be solved. The network shooting range scene is reset by the configuration starting file reloaded by the serial port or the management port, and the network shooting range scene can be quickly reset.
The present invention has been described in an illustrative manner by the embodiments, and it should be understood by those skilled in the art that the present disclosure is not limited to the embodiments described above, but is capable of various changes, modifications and substitutions without departing from the scope of the present invention.

Claims (8)

1. A method for initializing virtual and real combined network shooting range environment is characterized by comprising the following steps:
determining each network equipment network element in a scene needing to be constructed in a network target range;
setting initialization parameters of each network element of the network equipment; the initialization parameters comprise types, whether a specified configuration starting file needs to be loaded or not and a topological relation; the appointed configuration starting file is automatically generated by a network equipment network element of a network configuration manufacturer related in the scene; the types comprise virtualized network equipment and instantiated network equipment;
judging the type of each network element of the network equipment, and initializing the network target range according to the type and other initialization parameters;
the setting of the initialization parameter of each network element of the network device specifically includes:
setting the type of each network element of the network equipment, wherein the type comprises virtualized network equipment and materialized network equipment, and when the type is the virtualized network equipment, setting a mirror image loaded when the virtualized network equipment is started;
setting whether a specified configuration starting file needs to be loaded or not when each network equipment network element is started, wherein the specified configuration starting file is automatically generated by the network equipment network element of the network configuration manufacturer related to the scene and is stored in a configuration management center of the network equipment network element;
setting a topological relation between network elements of the network equipment;
judging the type of each network element of the network equipment, and initializing the network target range according to the type and other initialization parameters, wherein the method specifically comprises the following steps:
judging the type of each network equipment network element, starting a mirror image of the virtualized network equipment when the type of the network equipment network element is the virtualized network equipment, judging the type of the mirror image, loading a configuration starting file through a corresponding port according to the type of the mirror image, and finishing the initialization of a network target range scene;
when the type of the network element of the network equipment is the materialized network equipment, directly loading a configuration starting file to finish the initialization of a network target range scene;
the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file.
2. The initialization method for a virtual-real combined network shooting range environment according to claim 1, wherein when the type of the network element of the network device is a virtualized network device, the method starts a mirror image of the virtualized network device, specifically:
when the type of the network element of the network equipment is the virtualized network equipment, starting a mirror image of the virtualized network equipment through a virtualization technology, and mapping a serial port of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment.
3. The initialization method of a virtual-real combined network target range environment according to claim 2, wherein the virtualization technology comprises OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker.
4. The initialization method for a virtual-real combined network shooting range environment according to claim 2, wherein the determining of the type of the mirror image and the loading of the configuration boot file through the corresponding port according to the type of the mirror image are specifically:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the virtualization network equipment is connected with the host machine through the serial port, and configuration starting files are loaded from the host machine;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
5. The initialization method for a virtual-real combined network target range environment according to claim 4, wherein the virtualized network device is connected to the host machine through the serial port, and loads a configuration boot file from the host machine, specifically:
the virtualization network equipment is connected with the host machine through the serial port;
judging whether the current virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the current virtual network equipment, and storing the specified configuration starting file in a configuration starting file storage path of the current virtual network equipment; and if not, loading a default configuration starting file through an external interface of the current virtual network equipment.
6. The initialization method for a virtual-real combined network target range environment according to claim 1, wherein when the type of the network element of the network device is an instantiated network device, the configuration startup file is directly loaded, specifically:
when the network element of the network equipment is the materialized network equipment, judging whether the materialized network equipment has a serial port, if so, connecting other materialized network equipment in the topological relation through the serial port; if not, connecting other materialized network equipment in the topological relation through the management port.
7. The method for initializing virtual-real combined network target range environment according to claim 6, wherein after said determining whether said real network device has a serial port, further comprising:
judging whether the materialized network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the materialized network equipment through a management port of the materialized network equipment; and if not, loading a default configuration starting file through an external interface of the current materialized network equipment.
8. A method for resetting a virtual-real combined network shooting range environment, which is characterized in that the method of any one of claims 1 to 7 is executed to reset the network shooting range after the network shooting range is attacked.
CN202011612811.9A 2020-12-30 2020-12-30 Initialization method and reset method for virtual and real combined network target range environment Active CN112311816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011612811.9A CN112311816B (en) 2020-12-30 2020-12-30 Initialization method and reset method for virtual and real combined network target range environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011612811.9A CN112311816B (en) 2020-12-30 2020-12-30 Initialization method and reset method for virtual and real combined network target range environment

Publications (2)

Publication Number Publication Date
CN112311816A CN112311816A (en) 2021-02-02
CN112311816B true CN112311816B (en) 2021-03-30

Family

ID=74487587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011612811.9A Active CN112311816B (en) 2020-12-30 2020-12-30 Initialization method and reset method for virtual and real combined network target range environment

Country Status (1)

Country Link
CN (1) CN112311816B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112270085B (en) * 2020-10-26 2021-06-15 广州锦行网络科技有限公司 Dynamic design method of 3D network shooting range
CN112988336B (en) * 2021-05-18 2022-02-25 新华三技术有限公司 Network verification method and device of data center
CN113595772B (en) * 2021-07-16 2023-08-29 南京赛宁信息技术有限公司 Scene multiplexing method and device in multi-user shooting range environment
CN113268206B (en) * 2021-07-19 2021-10-19 南京赛宁信息技术有限公司 Network target range resource hot plug implementation method and system
CN114095340B (en) * 2022-01-20 2022-04-19 湖南泛联新安信息科技有限公司 Virtual-real combined network shooting range scene and snapshot construction method
CN115834410B (en) * 2022-12-28 2024-08-02 安天科技集团股份有限公司 Method and device for replacing Linux virtual machine of network target range with container

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180316769A1 (en) * 2015-06-22 2018-11-01 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111555913A (en) * 2020-04-24 2020-08-18 北京安码科技有限公司 Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization
CN111786983A (en) * 2020-06-24 2020-10-16 国家计算机网络与信息安全管理中心 Construction method of virtualized attack and defense confrontation environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108021428A (en) * 2017-12-05 2018-05-11 华迪计算机集团有限公司 A kind of method and system that network target range is realized based on Docker

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180316769A1 (en) * 2015-06-22 2018-11-01 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111555913A (en) * 2020-04-24 2020-08-18 北京安码科技有限公司 Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization
CN111786983A (en) * 2020-06-24 2020-10-16 国家计算机网络与信息安全管理中心 Construction method of virtualized attack and defense confrontation environment

Also Published As

Publication number Publication date
CN112311816A (en) 2021-02-02

Similar Documents

Publication Publication Date Title
CN112311816B (en) Initialization method and reset method for virtual and real combined network target range environment
CN112416469B (en) Initialization method and reset method of virtualized network target range environment
US11848817B2 (en) Techniques for updating edge devices
JP7391862B2 (en) AUTOMATICALLY DEPLOYED INFORMATION TECHNOLOGY (IT) SYSTEMS AND METHODS
CN103595801B (en) Cloud computing system and real-time monitoring method for virtual machine in cloud computing system
CN113452830B (en) Batch control method of android cloud mobile phone, computer readable medium and electronic device
CN113220398A (en) Intelligent multi-framework fusion type safety desktop cloud system
CN108073423B (en) Accelerator loading method and system and accelerator loading device
US20210288885A1 (en) Simulation and testing of infrastucture as a service scale using a container orchestration engine
CN111813495B (en) Node testing method and device, storage medium and electronic device
US8893114B1 (en) Systems and methods for executing a software package from within random access memory
CN108319492B (en) Method, device and system for resetting physical machine
CN115373798A (en) Intelligent Internet of things terminal container escape attack detection and defense method
US20230325220A1 (en) Hosting dpu management operating system using dpu software stack
US20240241766A1 (en) Techniques for managing edge device provisioning
CN110795209A (en) Control method and device
GB2508160A (en) Avoiding conflicts between computing machines
CN113268252B (en) Mirror image manufacturing method, system and storage medium based on virtual chemical control equipment
CN112711444A (en) Virtualization method and system for power grid monitoring service unit
CN115905271B (en) Virus library updating method and device and multi-engine detection system
CN111752680B (en) IPC simulation method, device, storage medium and equipment based on KVM
US20240111602A1 (en) Virtual edge devices
KR102723681B1 (en) Automatically distributed information technology (IT) system and method
WO2022216752A1 (en) Composable edge device platforms
CN117389677A (en) Cloud computing technology-based server and cloud system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant