CN112367210B - Method for rapidly checking configuration change - Google Patents
Method for rapidly checking configuration change Download PDFInfo
- Publication number
- CN112367210B CN112367210B CN202110035087.6A CN202110035087A CN112367210B CN 112367210 B CN112367210 B CN 112367210B CN 202110035087 A CN202110035087 A CN 202110035087A CN 112367210 B CN112367210 B CN 112367210B
- Authority
- CN
- China
- Prior art keywords
- information
- new
- determining
- inspection
- empty
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for rapidly checking configuration change, which comprises the following steps: acquiring equipment configuration information of the network equipment at the current moment; classifying according to the equipment configuration information to determine different types of inspection information; according to the inspection information and the reference information, respectively determining a corresponding inspection object set and a corresponding reference object set; judging whether a non-empty preset condition is met or not according to the inspection object set and the reference object set; if the non-empty preset condition is met, respectively establishing a corresponding new element set and a reference element set according to the inspection object set and the reference object set; and performing intersection operation according to the new element set and the reference element set, and determining configuration change information of the network equipment at the current moment. The invention determines the configuration change information aiming at different types of check information, identifies the change details of various objects and is convenient for network management.
Description
Technical Field
The invention relates to the technical field of network management, in particular to a method for rapidly checking configuration change.
Background
At present, the scale of an enterprise network is large, and the related safety equipment and switching equipment are very many and have large scale, namely hundreds of equipment and even thousands of equipment. In contrast, in order to ensure network security, the firewall configurations corresponding to different devices are becoming larger. In the operation process of various devices, the configuration information of the devices inevitably changes to some extent, and network managers need to master the configuration changes therein to better perform network management and operation and maintenance, but too many network devices result in huge amount of configuration information, which is not beneficial to accurately searching out the configuration changes. Therefore, how to quickly check the configuration change of the network device is an urgent problem to be solved.
Disclosure of Invention
In view of the above, it is desirable to provide a method for checking configuration change quickly, so as to solve the problem of how to check configuration change of network devices quickly.
The invention provides a method for rapidly checking configuration change, which comprises the following steps:
acquiring equipment configuration information of the network equipment at the current moment;
classifying according to the equipment configuration information, and determining different types of checking information, wherein the checking information comprises configuration object information of the network equipment at the current moment;
inquiring the configuration object information of the network equipment at the previous moment, and determining reference information;
according to the inspection information and the reference information, respectively determining a corresponding inspection object set and a corresponding reference object set;
judging whether a non-empty preset condition is met or not according to the inspection object set and the reference object set;
if the non-empty preset condition is met, respectively establishing a corresponding new element set and a reference element set according to the inspection object set and the reference object set;
and performing intersection operation according to the new element set and the reference element set, and determining configuration change information of the network equipment at the current moment.
Further, the determining the corresponding inspection object set and the reference object set according to the inspection information and the reference information respectively includes:
determining a plurality of corresponding inspection object elements according to the inspection information at the current moment to form an inspection object set;
and determining a plurality of corresponding reference object elements according to the reference information at the previous moment to form the reference object set.
Further, the respectively establishing a corresponding new element set and a corresponding reference element set according to the inspection object set and the reference object set includes:
aiming at the inspection object set, taking the object name of the inspection object element as a corresponding new key, and taking the object details of the inspection object element as a corresponding new value;
forming a new key value pair group according to the new key and the new value, and determining the new element set according to a plurality of new key value pair groups;
for the reference object set, taking the object name of the reference object element as a corresponding old key, and taking the object detail of the reference object element as a corresponding old value;
and forming an old key value pair group according to the old key and the old value, and determining the reference element set according to a plurality of old key value pair groups.
Further, the performing intersection operation according to the new element set and the reference element set, and determining the configuration change information of the network device at the current time includes:
if the new key is consistent with the old key, the new key is an intersection key;
a plurality of the intersection keys form an element intersection;
determining a new value corresponding to the new element set and an old value corresponding to the reference element set according to the intersection key in the element intersection;
and if the new value is inconsistent with the old value, determining that the corresponding check object element is configuration modification information.
Further, the determining configuration change information of the network device at the current time according to the intersection operation performed on the new element set and the reference element set further includes:
removing the inspection object elements corresponding to the intersection key in the new element set, wherein the rest inspection object elements are configured with newly added information;
and eliminating the reference object elements corresponding to the intersection key in the reference element set, wherein the rest reference object elements are configuration deletion information.
Further, the non-null preset condition includes: both the set of examination objects and the set of reference objects belong to non-empty sets.
Further, the method for rapidly checking configuration change further comprises:
if the non-empty preset condition is not met, when the inspection object set and the reference object set belong to an empty set at the same time, all inspection object elements in the inspection object set are configuration non-change information;
if the non-empty preset condition is not met, when the inspection object set belongs to a non-empty set and the reference object set belongs to an empty set, all inspection object elements in the inspection object set are configured with new information;
if the non-empty preset condition is not met, when the inspection object set belongs to an empty set and the reference object set belongs to a non-empty set, all reference object elements in the reference object set are configuration deletion information.
Further, the checking information includes a first type of checking information, a second type of checking information, and a third type of checking information, the classifying according to the device configuration information, and the determining different types of checking information includes:
analyzing the equipment configuration information into universal standard format information;
and classifying according to the characteristics of the standard format information, and determining the first type of checking information, the second type of checking information and the third type of checking information.
Further, the first type of check information includes an address object, an address group object, a service group object, a time object, and a domain object; the second type of check information includes policy information, and the third type of check information includes static routes and routing tables.
Further, the method for rapidly checking configuration change further comprises:
when the checking information is strategy information, determining a plurality of corresponding strategy checking object elements to form a strategy checking object set;
determining a plurality of corresponding reference strategy object elements according to the reference strategy information at the previous moment to form a reference strategy object set;
generating corresponding unique identifiers aiming at the strategy checking object set and the reference strategy object set;
if the reference policy object set belongs to a non-empty set, judging whether the reference policy object set contains the policy check object set;
if yes, resetting the unique identifier corresponding to the strategy checking object set to the unique identifier corresponding to the reference strategy object set.
Compared with the prior art, the invention has the beneficial effects that: firstly, classifying according to equipment configuration information, determining different types of inspection information, and establishing different inspection object sets and reference object sets so as to be convenient for matching different types of inspection information; furthermore, a corresponding inspection object set and a reference object set are respectively determined, so that a set of the current time and a set of the previous time are established, the two sets are convenient to compare, and the change of the equipment configuration information of the current time relative to the previous time is discovered; then, judging whether the two sets meet a non-empty preset condition, if so, indicating that the two sets are not empty, and judging whether the two sets change or not by simply comparing, thereby continuously generating a corresponding new element set and a reference element set; and finally, determining the difference between the new element set and the reference element set by using intersection operation, and simply and quickly determining configuration change information by using the difference. In conclusion, the invention determines the configuration change information aiming at different types of check information, identifies the change details of various objects, is convenient for network management, simply and quickly identifies by using intersection operation and enhances the efficiency of checking configuration change.
Drawings
FIG. 1 is a first flowchart illustrating a method for rapidly checking configuration changes according to the present invention;
FIG. 2 is a flow chart illustrating the classification information provided by the present invention;
FIG. 3 is a schematic flow chart of determining a set of inspection objects and a set of reference objects according to the present invention;
FIG. 4 is a schematic flow chart of determining a new element set and a reference element set according to the present invention;
FIG. 5 is a first flowchart illustrating an intersection operation according to the present invention;
FIG. 6 is a second flowchart illustrating intersection operations provided by the present invention;
FIG. 7 is a second flowchart illustrating a method for rapidly checking configuration changes according to the present invention;
FIG. 8 is a flowchart illustrating a method for rapidly checking policy changes according to the present invention;
fig. 9 is a schematic structural diagram of an apparatus for rapidly checking configuration change according to the present invention.
Detailed Description
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate preferred embodiments of the invention and together with the description, serve to explain the principles of the invention and not to limit the scope of the invention.
Example 1
An embodiment of the present invention provides a method for rapidly checking configuration change, and referring to fig. 1, fig. 1 is a flowchart illustrating a method for rapidly checking configuration change according to the present invention, where the method for rapidly checking configuration change includes steps S1 to S7, where:
in step S1, device configuration information of the network device at the current time is obtained;
in step S2, classifying according to the device configuration information, and determining different types of check information, where the check information includes the configuration object information of the network device at the current time;
in step S3, querying configuration object information of the network device at the previous time, and determining reference information;
in step S4, determining a corresponding inspection object set and a reference object set according to the inspection information and the reference information, respectively;
in step S5, it is determined whether a non-null preset condition is satisfied based on the inspection object set and the reference object set;
in step S6, if the non-null preset condition is satisfied, respectively establishing a corresponding new element set and a reference element set according to the inspection object set and the reference object set;
in step S7, an intersection operation is performed according to the new element set and the reference element set, and configuration change information of the network device at the current time is determined.
In the embodiment of the invention, firstly, classification is carried out according to the equipment configuration information, different types of inspection information are determined, so that different inspection object sets and reference object sets are established, and the different types of inspection information can be conveniently matched; furthermore, a corresponding inspection object set and a reference object set are respectively determined, so that a set of the current time and a set of the previous time are established, the two sets are convenient to compare, and the change of the equipment configuration information of the current time relative to the previous time is discovered; then, judging whether the two sets meet a non-empty preset condition, if so, indicating that the two sets are not empty, and judging whether the two sets change or not by simply comparing, thereby continuously generating a corresponding new element set and a reference element set; and finally, determining the difference between the new element set and the reference element set by using intersection operation, and simply and quickly determining configuration change information by using the difference.
Preferably, the check information includes first type check information, second type check information and third type check information, and referring to fig. 2, fig. 2 is a schematic flow chart of the classification information provided by the present invention, and step S2 specifically includes steps S21 to S22, where:
in step S21, the device configuration information is parsed into general standard format information;
in step S22, classification is performed based on the standard format information, and the first type of check information, the second type of check information, and the third type of check information are determined.
Therefore, the formats of the equipment configuration information of the network equipment are different, the existing format difference is eliminated by analyzing the equipment configuration information into the universal standard format information, the standard format information is used for classification, the attribute of the equipment configuration information is effectively determined, and different checking information is determined.
Preferably, the first type check information includes an address object, an address group object, a service group object, a time object, a domain object; the second type of check information includes policy information; the third type of check information includes static routes, routing tables. Therefore, the invention divides the checking information into three types, checks different configuration changes according to different checking information, has pertinence and ensures the rapidity and the accuracy of checking the configuration changes.
Preferably, the non-null preset conditions include: both the set of examination objects and the set of reference objects belong to non-empty sets. Therefore, the non-empty preset condition is set, and the condition that the inspection object set and the reference object set are not empty is effectively determined, in this case, the device configuration is performed at the current time and the previous time, and the configuration change information needs to be continuously searched.
Preferably, referring to fig. 3, fig. 3 is a schematic flow chart illustrating the determining of the inspection object set and the reference object set provided by the present invention, where the step S4 specifically includes steps S41 to S42, where:
in step S41, determining a plurality of corresponding inspection object elements according to the inspection information at the current time, and forming an inspection object set;
in step S42, a plurality of reference object elements are determined according to the reference information at the previous time, and a reference object set is formed.
Therefore, the corresponding information sets, namely the inspection object set and the reference object set, are determined according to the inspection information at the current moment and the reference information at the previous moment, so that the subsequent set judgment and search are facilitated.
Preferably, referring to fig. 4, fig. 4 is a schematic flow chart of determining a new element set and a reference element set provided by the present invention, where the step S6 specifically includes steps S61 to S64, where:
in step S61, regarding the check object set, the object name of the check object element is used as a corresponding new key, and the object details of the check object element are used as a corresponding new value;
in step S62, a new key value pair group is formed according to the new key and the new value, and a new element set is determined according to the plurality of new key value pair groups;
in step S63, regarding the reference object set, the object name of the reference object element is used as the corresponding old key, and the object details of the reference object element are used as the corresponding old value;
in step S64, old key-value pair groups are formed from old keys and old values, and a reference element set is determined from a plurality of old key-value pair groups.
Thus, aiming at the set of the inspection objects, a new element set is effectively determined in a key-value pair format; and aiming at the reference object set, the reference element set is effectively determined in a key value pair format, so that the subsequent intersection operation of the new element set and the reference object set is facilitated.
Preferably, referring to fig. 5, fig. 5 is a first flowchart of the intersection operation provided by the present invention, where the step S7 specifically includes steps S71 to S74, where:
in step S71, if the new key and the old key are identical, the new key is an intersection key;
in step S72, the plurality of intersection keys form an intersection of elements;
in step S73, according to the intersection key in the element intersection, a new value corresponding to the new element set and an old value corresponding to the reference element set are determined;
in step S74, if the new value and the old value are not consistent, the corresponding check object element is determined as configuration modification information.
Therefore, each element in the new element set and the reference element set is extracted according to the intersection key, namely object details (namely key values) are extracted from the new set and the old set respectively according to the element names for judgment, if the object details are inconsistent, the object details show that the change is configured, the detail contents before and after the change are recorded, and the element to be checked is effectively judged to be configuration modification information.
Preferably, referring to fig. 6, fig. 6 is a second flowchart illustrating the intersection operation provided by the present invention, where the step S7 specifically includes steps S75 to S76, where:
in step S75, removing the inspection object elements corresponding to the intersection key in the new element set, where the remaining inspection object elements are configured with new information;
in step S76, the reference object elements corresponding to the intersection key in the reference element set are removed, and the remaining reference object elements are the configuration deletion information.
Therefore, the new element set is effectively judged to be added to the reference element set more than the new element set through the intersection operation of the new element set and the reference element set, the intersection part is removed from the new element set, and the rest is added; and through intersection operation of the new element set and the reference element set, effectively judging the redundant part of the reference element set compared with the new element set, removing the intersection part from the reference element set, and deleting the residual part.
Preferably, referring to fig. 7, fig. 7 is a flowchart illustrating a second method for quickly checking configuration change according to the present invention, where the method for quickly checking configuration change includes steps S8 to S10, where:
in step S8, if the non-empty preset condition is not satisfied, when the inspection object set and the reference object set belong to an empty set at the same time, all the inspection object elements in the inspection object set are configuration non-change information;
in step S9, if the non-empty preset condition is not satisfied, when the inspection object set belongs to the non-empty set and the reference object set belongs to the empty set, all the inspection object elements in the inspection object set are configuration new information;
in step S10, if the non-empty preset condition is not satisfied, when the check object set belongs to an empty set and the reference object set belongs to a non-empty set, all the reference object elements in the reference object set are configuration deletion information.
Therefore, when the inspection object set and the reference object set belong to the empty set at the same time, the situation that the configuration is not changed is effectively explained; when the inspection object set belongs to a non-empty set and the reference object set belongs to an empty set, the last moment is not configured, and the inspection object elements at the current moment are all configuration newly-added information; when the check object set belongs to an empty set and the reference object set belongs to a non-empty set, the configuration information exists at the last moment, and the configuration information does not exist at the current moment, so that all the reference object elements at the last moment are the configuration deletion information.
Preferably, referring to fig. 8, fig. 8 is a flowchart illustrating a method for quickly checking policy change according to the present invention, where the method for quickly checking configuration change includes steps S001 to S005, where:
in step S001, when the check information is policy information, determining a plurality of corresponding policy check object elements to form a policy check object set;
in step S002, a plurality of corresponding reference policy object elements are determined according to the reference policy information at the previous time, so as to form a reference policy object set;
in step S003, a corresponding unique identifier is generated for the policy check object set and the reference policy object set;
in step S004, if the reference policy object set belongs to a non-empty set, it is determined whether the reference policy object set includes a policy check object set;
in step S005, if included, the unique identifier corresponding to the policy check object set is reset to the unique identifier corresponding to the reference policy object set.
Therefore, the unique identifier corresponding to the strategy object set is set and referred to, so that the unique identifier is not changed when the strategy object is not changed.
In a specific embodiment of the present invention, for the inspection of the first class object, taking an address object as an example, a specific flow is as follows:
the first step is as follows: acquiring an address object at the current moment (as check information) and an address object at the previous moment (as reference information);
the second step is that: taking the address object at the current moment as a checking address object collection set, and taking the address object at the previous moment as a reference address object collection set;
the third step: comparing the inspection address object collection with the reference address object collection; judging whether the two are empty at the same time, if so, ending the program, and regarding the address object as unchanged;
the fourth step: judging that the reference address object collection is empty, and checking that the address object collection is not empty, wherein all the address objects corresponding to the check address object collection are newly added and belong to configuration newly added information;
the fifth step: judging whether the checking address object collection is empty or not, and if the reference address object collection is not empty, deleting the reference address object collection, wherein the reference address object collection belongs to configuration deletion information;
and a sixth step: judging whether the inspection address object collection and the reference address object collection are non-empty (meeting a non-empty preset condition), taking the object name of the address object element in the inspection address object collection as a corresponding new Key (Key), taking the object detail of the inspection object element as a corresponding new Value (Value), forming a new Key Value pair group, and determining a new address element collection (corresponding to a new element collection); taking the object name of an address object element in a reference address object set as a corresponding old Key (Key), taking the object details of a check object element as a corresponding old Value (Value), forming an old Key Value pair group, and determining an old address element set (corresponding to the reference element set);
the seventh step: and performing intersection operation on the new address element set and the old address element set, and if the intersection of the elements is not empty, judging whether a flow for configuring modification information exists or not:
determining intersection keys (namely object names corresponding to the new keys and the old keys when the new keys and the old keys are the same) according to the element intersection;
the method comprises the following steps of (1) circulating element intersection, taking out each intersection key in the intersection keys, respectively taking out object details from a new address element set and an old address element set according to object names corresponding to the intersection keys for judgment, and if the two object details are consistent, indicating that the object element of the inspection address is not changed; if the two elements do not match, the element indicates that a change is arranged, and the details before and after the change are recorded, the element to be checked belongs to one of the change types: configuring modification information;
eighth step: eliminating intersection parts from the old address element set, wherein the rest is deleted configuration deletion information;
the ninth step: and eliminating the intersection part from the new address element set, and remaining new configuration information.
In a specific embodiment of the present invention, the examination of the second class object, taking the examination of the policy as an example, includes the following steps:
the first step is as follows: acquiring a strategy object at the current moment (as check information) and a strategy object at the previous moment (as reference information);
the second step is that: taking the strategy object at the current moment as a checking strategy object collection set, and taking the strategy object at the previous moment as a reference strategy object collection set;
the third step: circularly checking the strategy objects in the strategy object aggregate, judging whether the uuid (unique identifier) corresponding to the strategy object exists or not, if not, generating the uuid and assigning values, and ending the circulation;
it should be noted that, when the policy object collection is changed for the first time or the last time, the value has been assigned, a corresponding uuid (unique identifier) already exists, and no repeated operation is required in service.
The fourth step: judging whether the reference strategy object collection is empty, and if the reference strategy object collection is empty, ending the operation;
the fifth step: if the reference strategy object collection is not empty, continuously judging whether the reference strategy object collection exists in the reference strategy object collection or not; if the unique identifier does not exist, skipping, if the unique identifier does not exist, resetting the uuid in the checking strategy object set, and using the uuid value in the reference strategy object set to indicate that the checking strategy object set exists before and the unique identifier does not change (note: only the unique identifier does not change here, but whether the strategy set is not identified to change or not);
and a sixth step: converting the strategy object elements in the reference strategy object set into map key value pairs; if the reference strategy object collection is not empty, circularly referencing all strategy object elements under the strategy object collection, taking the strategy object details as an old value (value), combining the corresponding strategy collection name + strategy name or the corresponding strategy collection name + strategy ID according to the combination priority to form a new character string as an old key (key), and storing the new character string as a map key value pair format to form an old strategy element collection (corresponding to the reference element collection);
converting the strategy object elements in the inspection strategy object set into map key value pairs; if the strategy object collection is checked to be not empty, all strategy object elements under the strategy object collection are checked in a circulating mode, the strategy object details are used as new values (value), the corresponding strategy collection name + strategy name or the corresponding strategy collection name + strategy ID are combined according to the combination priority to form new character strings which are used as new keys (key) and stored in a map key value pair format to form a new strategy element collection (corresponding to a new element collection);
wherein, the combination priority is:
when the policy name is not empty, using the policy set name + the policy name;
when the strategy name is empty and the strategy ID is not empty, using the strategy set name plus the strategy ID;
and if the strategy name and the strategy ID are both null, the checking condition is not met, and the checking is skipped.
It should be noted that, if the reference policy object collection is empty, the old policy element collection is empty, and if the check policy object collection is empty, the new policy element collection is empty.
The seventh step: judging whether the new strategy element set and the old strategy element set are empty at the same time (whether a non-empty preset condition is met); if the data are all empty at the same time, no change is made, and the program is ended;
eighth step: judging whether the old strategy element collection is empty or not, if so, configuring new information for all strategy object elements in the new strategy element collection, and ending the program;
eighth step: judging whether the old strategy element collection is empty or not, if the new strategy element collection is empty, configuring deletion information for all strategy object elements of the old strategy element collection, and ending the program;
the ninth step; judging whether the old strategy element collection is the new strategy element collection and is not empty, performing intersection operation, and determining the intersection of the elements of the old strategy element collection and the new strategy element collection;
the tenth step; if the element intersection is not empty, a judgment process of configuration modification information is carried out;
determining intersection keys (namely object names corresponding to the new keys and the old keys when the new keys and the old keys are the same) according to the element intersection;
the method comprises the following steps of (1) circulating element intersection, taking out each intersection key in the intersection keys, respectively taking out object details of strategies from a new strategy element set and an old strategy element set according to object names corresponding to the intersection keys for judgment, and if the object details are consistent, indicating that the strategy object elements are not changed; if the policy object element does not match, the policy object element indicates that a change is placed, and the details before and after the change are recorded, the policy object element belongs to one of the change types: configuring modification information;
the eleventh step: eliminating intersection parts from the old strategy element set, wherein the rest is deleted configuration deletion information;
the twelfth step: and eliminating the intersection part from the new strategy element set, and the rest is newly added configuration newly added information.
In a specific embodiment of the present invention, regarding the inspection of the third class object, taking static routing as an example, the specific flow is as follows:
the first step is as follows: acquiring static routing information (as check information) at the current moment and static routing information (as reference information) at the previous moment;
the second step is that: taking the static routing information at the current moment as a check routing object collection, and taking the static routing information at the previous moment as a reference routing object collection;
the third step: circularly checking the routing information objects in the routing object aggregate, judging whether uuids (unique identifiers) corresponding to the routing information objects exist or not, if not, generating one uuid and assigning values, and ending the circulation;
it should be noted that, when the policy object collection is changed for the first time or the last time, the value has been assigned, a corresponding uuid (unique identifier) already exists, and no repeated operation is required in service.
The fourth step: judging whether the reference routing object collection is empty, and if the reference routing object collection is empty, ending the process;
the fifth step: if the reference routing object collection is not empty, continuously judging whether the reference routing object collection exists in the reference routing object collection or not; if the unique identifier does not exist, skipping, if the unique identifier does exist, resetting the uuid in the check route object set, and using the uuid value in the reference route object set to indicate that the check route object set exists before and the unique identifier does not change (note: only the unique identifier does not change here, but does not identify whether the route set changes or not);
and a sixth step: converting the route object elements in the reference route object set into map key value pairs; if the reference routing object collection is not empty, circularly referencing all routing object elements under the routing object collection, taking the details of the routing objects as an old value (value), and storing a new character string after priority combination of the corresponding routing set name, the routing destination IP, the routing next hop address and the description as an old key (key) in a map key value pair format to form an old routing element collection (corresponding to the reference element collection);
converting the routing object elements in the checked routing object aggregate into map key value pairs; if the routing object collection is checked to be not empty, all routing object elements under the routing object collection are checked in a circulating mode, the details of the routing objects are used as new values (value), the corresponding routing collection name, the routing destination IP, the routing next hop address, the description priority combined new character string are used as new keys (key), the new keys are stored in a map key value pair format, and a new routing element collection (corresponding to a new element collection) is formed;
wherein, the priority combination order is:
if the route name is not null, the name is selected, and the following steps are returned: route set name + route name;
if the route destination IP is not empty, the destination IP is taken, and the following steps are returned: route set name + destination IP;
if the next hop address is not null, taking the next hop address, and returning: route set name + next hop address;
if the description is not null, the description is taken, and the following steps are returned: route set name + description.
It should be noted that, if the reference route object set is empty, the old route element set is empty, and if the check route object set is empty, the new route element set is empty.
The seventh step: judging whether the new routing element set and the old routing element set are empty at the same time (whether a non-empty preset condition is met); if the data are all empty at the same time, no change is made, and the program is ended;
eighth step: judging whether the old routing element set is empty or not, if so, configuring new information for all routing object elements in the new routing element set, and ending the program;
eighth step: judging whether the old routing element set is empty or not, if the new routing element set is empty, configuring deletion information for all routing object elements of the old routing element set, and ending the program;
the ninth step; judging whether the old routing element set is a new routing element set or not, performing intersection operation, and determining the intersection of the elements of the old routing element set and the new routing element set;
the tenth step; if the element intersection is not empty, a judgment process of configuration modification information is carried out;
determining intersection keys (namely object names corresponding to the new keys and the old keys when the new keys and the old keys are the same) according to the element intersection;
the method comprises the following steps of (1) circulating element intersection, taking out each intersection key in the intersection keys, respectively taking out the object details of a route from a new route element set and an old route element set according to the object names corresponding to the intersection keys for judgment, and if the two object details are consistent, indicating that the route object element is not changed; if the routing object element does not match with the routing object element, the routing object element indicates that a change is arranged, and the details before and after the change are recorded, the routing object element belongs to one of the change types: configuring modification information;
the eleventh step: eliminating intersection parts from the old routing element set, wherein the rest is deleted configuration deletion information;
the twelfth step: and eliminating the intersection part from the new routing element set, and remaining new configuration information.
Preferably, any character change remaining after excluding the check of the 9 large objects (address object, address group object, service group object, time object, domain object, policy information, static route, routing table) is considered as a configuration change. Thus, the 9-large object check is performed with priority, and if there is a change, it is recognized that: and (6) changing the object. If the object is not a 9-large object, any other character or object is changed, the arrangement is changed.
Example 2
An embodiment of the present invention provides an apparatus for rapidly checking configuration change, and referring to fig. 9, fig. 9 is a schematic structural diagram of the apparatus for rapidly checking configuration change provided by the present invention, wherein the apparatus 900 for rapidly checking configuration change includes:
an obtaining unit 901, configured to obtain device configuration information of a network device at a current time;
a processing unit 902, configured to classify according to the device configuration information and determine different types of check information, where the check information includes configuration object information of the network device at the current time; the network equipment is also used for respectively determining a corresponding checking object set and a corresponding reference object set according to the checking information and the reference information, wherein the reference information comprises the configuration object information of the network equipment at the previous moment; the device is also used for judging whether a non-empty preset condition is met or not according to the inspection object set and the reference object set; the method is also used for respectively establishing a corresponding new element set and a corresponding reference element set according to the inspection object set and the reference object set if the non-empty preset condition is met;
and a configuration change determining unit 903, configured to perform intersection operation according to the new element set and the reference element set, and determine configuration change information of the network device at the current time.
Example 3
The embodiment of the invention provides a device for rapidly checking configuration change, which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the method for rapidly checking configuration change.
Example 4
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the method for rapidly checking configuration change as described above.
The invention discloses a method for rapidly checking configuration change, which comprises the steps of firstly, classifying according to equipment configuration information, determining different types of checking information, and establishing different checking object sets and reference object sets so as to be convenient for matching different types of checking information; furthermore, a corresponding inspection object set and a reference object set are respectively determined, so that a set of the current time and a set of the previous time are established, the two sets are convenient to compare, and the change of the equipment configuration information of the current time relative to the previous time is discovered; then, judging whether the two sets meet a non-empty preset condition, if so, indicating that the two sets are not empty, and judging whether the two sets change or not by simply comparing, thereby continuously generating a corresponding new element set and a reference element set; and finally, determining the difference between the new element set and the reference element set by using intersection operation, and simply and quickly determining configuration change information by using the difference.
According to the technical scheme, the configuration change information is determined according to different types of inspection information, the change details of various objects are identified, network management is facilitated, intersection operation is utilized, identification is simply and quickly carried out, the efficiency of inspecting configuration change is enhanced, and the accuracy and the speed of inspecting configuration change are guaranteed.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.
Claims (7)
1. A method for quickly checking for configuration changes, comprising:
acquiring equipment configuration information of the network equipment at the current moment;
classifying according to the equipment configuration information, and determining different types of checking information, wherein the checking information comprises configuration object information of the network equipment at the current moment;
inquiring the configuration object information of the network equipment at the previous moment, and determining reference information;
according to the inspection information and the reference information, respectively determining a corresponding inspection object set and a corresponding reference object set;
judging whether a non-empty preset condition is met or not according to the inspection object set and the reference object set;
if the non-empty preset condition is met, respectively establishing a corresponding new element set and a reference element set according to the inspection object set and the reference object set;
performing intersection operation according to the new element set and the reference element set, and determining configuration change information of the network equipment at the current moment;
wherein the determining the corresponding inspection object set and the reference object set according to the inspection information and the reference information respectively comprises:
determining a plurality of corresponding inspection object elements according to the inspection information at the current moment to form an inspection object set;
determining a plurality of corresponding reference object elements according to the reference information at the previous moment to form the reference object set;
wherein, the respectively establishing a corresponding new element set and a reference element set according to the inspection object set and the reference object set comprises:
aiming at the inspection object set, taking the object name of the inspection object element as a corresponding new key, and taking the object details of the inspection object element as a corresponding new value;
forming a new key value pair group according to the new key and the new value, and determining the new element set according to a plurality of new key value pair groups;
for the reference object set, taking the object name of the reference object element as a corresponding old key, and taking the object detail of the reference object element as a corresponding old value;
forming an old key value pair group according to the old key and the old value, and determining the reference element set according to a plurality of old key value pair groups;
wherein, the performing intersection operation according to the new element set and the reference element set, and determining the configuration change information of the network device at the current time includes:
if the new key is consistent with the old key, the new key is an intersection key;
a plurality of the intersection keys form an element intersection;
determining a new value corresponding to the new element set and an old value corresponding to the reference element set according to the intersection key in the element intersection;
and if the new value is inconsistent with the old value, determining that the corresponding check object element is configuration modification information.
2. The method of claim 1, wherein determining the configuration change information of the network device at the current time by performing an intersection operation according to the new element set and the reference element set further comprises:
removing the inspection object elements corresponding to the intersection key in the new element set, wherein the rest inspection object elements are configured with newly added information;
and eliminating the reference object elements corresponding to the intersection key in the reference element set, wherein the rest reference object elements are configuration deletion information.
3. The method of claim 2, wherein the non-null preset condition comprises: both the set of examination objects and the set of reference objects belong to non-empty sets.
4. The method of claim 3, further comprising:
if the non-empty preset condition is not met, when the inspection object set and the reference object set belong to an empty set at the same time, all inspection object elements in the inspection object set are configuration non-change information;
if the non-empty preset condition is not met, when the inspection object set belongs to a non-empty set and the reference object set belongs to an empty set, all inspection object elements in the inspection object set are configured with new information;
if the non-empty preset condition is not met, when the inspection object set belongs to an empty set and the reference object set belongs to a non-empty set, all reference object elements in the reference object set are configuration deletion information.
5. The method of claim 4, wherein the check information includes a first type of check information, a second type of check information, and a third type of check information, and the determining different types of check information according to the device configuration information includes:
analyzing the equipment configuration information into universal standard format information;
and classifying according to the characteristics of the standard format information, and determining the first type of checking information, the second type of checking information and the third type of checking information.
6. The method of claim 5, wherein the first type of check information comprises an address object, an address group object, a service group object, a time object, a domain object; the second type of check information includes policy information, and the third type of check information includes static routes and routing tables.
7. The method of claim 6, further comprising:
when the checking information is strategy information, determining a plurality of corresponding strategy checking object elements to form a strategy checking object set;
determining a plurality of corresponding reference strategy object elements according to the reference strategy information at the previous moment to form a reference strategy object set;
generating corresponding unique identifiers aiming at the strategy checking object set and the reference strategy object set;
if the reference policy object set belongs to a non-empty set, judging whether the reference policy object set contains the policy check object set;
if yes, resetting the unique identifier corresponding to the strategy checking object set to the unique identifier corresponding to the reference strategy object set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110035087.6A CN112367210B (en) | 2021-01-12 | 2021-01-12 | Method for rapidly checking configuration change |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110035087.6A CN112367210B (en) | 2021-01-12 | 2021-01-12 | Method for rapidly checking configuration change |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112367210A CN112367210A (en) | 2021-02-12 |
| CN112367210B true CN112367210B (en) | 2021-04-02 |
Family
ID=74534825
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110035087.6A Active CN112367210B (en) | 2021-01-12 | 2021-01-12 | Method for rapidly checking configuration change |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112367210B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101819525A (en) * | 2009-02-27 | 2010-09-01 | 国际商业机器公司 | Method and equipment for searching configuration file of application in system |
| CN103428195A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | Unknown virus detecting method |
| CN104142660A (en) * | 2013-05-09 | 2014-11-12 | 洛克威尔自动控制技术股份有限公司 | Remote assistance via a cloud platform for industrial automation |
| CN107547239A (en) * | 2016-10-27 | 2018-01-05 | 腾讯科技(深圳)有限公司 | Configure the update method and device of object |
| CN108696531A (en) * | 2018-06-08 | 2018-10-23 | 武汉思普崚技术有限公司 | A kind of security strategy adaptive analysis and big data Visualization Platform system |
| CN110266598A (en) * | 2019-06-20 | 2019-09-20 | 深圳市网心科技有限公司 | A kind of routing information processing method, apparatus, equipment and readable storage medium storing program for executing |
| CN111563074A (en) * | 2020-04-28 | 2020-08-21 | 厦门市美亚柏科信息股份有限公司 | Data quality detection method and system based on multi-dimensional label |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9407506B2 (en) * | 2011-09-12 | 2016-08-02 | Microsoft Technology Licensing, Llc | Multi-entity management |
| US20150254214A1 (en) * | 2013-09-06 | 2015-09-10 | Knowledge Initiatives LLC | Electronic publication environment |
-
2021
- 2021-01-12 CN CN202110035087.6A patent/CN112367210B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101819525A (en) * | 2009-02-27 | 2010-09-01 | 国际商业机器公司 | Method and equipment for searching configuration file of application in system |
| CN103428195A (en) * | 2012-12-27 | 2013-12-04 | 北京安天电子设备有限公司 | Unknown virus detecting method |
| CN104142660A (en) * | 2013-05-09 | 2014-11-12 | 洛克威尔自动控制技术股份有限公司 | Remote assistance via a cloud platform for industrial automation |
| CN107547239A (en) * | 2016-10-27 | 2018-01-05 | 腾讯科技(深圳)有限公司 | Configure the update method and device of object |
| CN108696531A (en) * | 2018-06-08 | 2018-10-23 | 武汉思普崚技术有限公司 | A kind of security strategy adaptive analysis and big data Visualization Platform system |
| CN110266598A (en) * | 2019-06-20 | 2019-09-20 | 深圳市网心科技有限公司 | A kind of routing information processing method, apparatus, equipment and readable storage medium storing program for executing |
| CN111563074A (en) * | 2020-04-28 | 2020-08-21 | 厦门市美亚柏科信息股份有限公司 | Data quality detection method and system based on multi-dimensional label |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112367210A (en) | 2021-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105704041A (en) | Ccn routing using hardware-assisted hash tables | |
| CN108566296B (en) | Network device layering method, network management device and computer readable storage medium | |
| US8688659B2 (en) | Method for indexed-field based difference detection and correction | |
| CN112367211B (en) | Method, device and storage medium for generating configuration template by device command line | |
| CN112311571B (en) | Network topology generation method and device, electronic equipment and non-transitory storage medium | |
| CN108681603B (en) | Method for rapidly searching tree structure data in database and storage medium | |
| CN108614837B (en) | File storage and retrieval method and device | |
| CN105809389A (en) | Method and apparatus for generating BOM trees | |
| CN113282799B (en) | Node operation method, node operation device, computer equipment and storage medium | |
| CN110287192A (en) | Search for application data processing method, device, computer equipment and storage medium | |
| CN111026765A (en) | Dynamic processing method, equipment, storage medium and device for strictly balanced binary tree | |
| CN111104476B (en) | Archive data generation method, archive data generation device, and readable storage medium | |
| CN109698814A (en) | Botnet finds that method and Botnet find device | |
| CN114186102A (en) | Tree structure data construction method and device and computer equipment | |
| CN104301186B (en) | A kind of method and system for testing route forwarding table correctness | |
| CN112367210B (en) | Method for rapidly checking configuration change | |
| CN113553458A (en) | Data export method and device in graph database | |
| CN106789695B (en) | Message processing method and device | |
| KR100899930B1 (en) | System and Method for Generating Relating Data Class | |
| JP6246885B1 (en) | Route analysis processing apparatus and route analysis processing program | |
| CN110611591A (en) | Network topology establishing method and device | |
| CN114118944A (en) | Forensic laboratory grading management method, terminal device and storage medium | |
| US7159019B2 (en) | Information collection apparatus and method | |
| CN111984850A (en) | Resource searching method and related device | |
| CN112910894A (en) | Method for realizing quick matching of strategies |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |