CN112416469A - Initialization method and reset method of virtualized network target range environment - Google Patents

Initialization method and reset method of virtualized network target range environment Download PDF

Info

Publication number
CN112416469A
CN112416469A CN202011612763.3A CN202011612763A CN112416469A CN 112416469 A CN112416469 A CN 112416469A CN 202011612763 A CN202011612763 A CN 202011612763A CN 112416469 A CN112416469 A CN 112416469A
Authority
CN
China
Prior art keywords
network
configuration
network equipment
network element
virtualized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011612763.3A
Other languages
Chinese (zh)
Other versions
CN112416469B (en
Inventor
傅涛
郭超
郭金辉
张冠阳
付荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co ltd
Original Assignee
Bozhi Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bozhi Safety Technology Co ltd filed Critical Bozhi Safety Technology Co ltd
Priority to CN202011612763.3A priority Critical patent/CN112416469B/en
Publication of CN112416469A publication Critical patent/CN112416469A/en
Application granted granted Critical
Publication of CN112416469B publication Critical patent/CN112416469B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses an initialization method and a reset method for a virtualized network target range environment, which comprise the following steps: determining each virtualized network equipment network element in a scene needing to be constructed in a network target range; setting initialization parameters of a network element of the virtualization network equipment, wherein the initialization parameters comprise a mirror image loaded during starting and whether a specified configuration starting file needs to be loaded or not; and initializing the network target range according to the initialization parameters of each network element of the virtualization network equipment. According to the method and the device, the configuration examples of different scenes are separated from the basic mirror image and the version of the network equipment, the configuration starting file is flexibly loaded based on the scenes to meet the requirements of constructing and resetting the network shooting range environment, and the problem that the network shooting range environment occupies a large disk space in the prior art can be effectively solved.

Description

Initialization method and reset method of virtualized network target range environment
Technical Field
The invention relates to the technical field of information security, in particular to an initialization and reset method of a network shooting range environment, and particularly relates to an initialization method and a reset method of a virtualized network shooting range environment.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. However, the global network security situation is severe, the network security events with infinite layers are frequent, and in the increasingly complex and huge network structures, any industry cannot be fortunate under the increasingly abusive network attacks. Whether the military is used for military training and tactical strategy of network space, or response practice of public service industry for coping with network attacks, or performance and safety test evaluation are ensured before key capital construction comes on line, large-scale network safety target range support based on virtual-real combined technology high simulation is not left.
In the process of simulating network attack and defense drilling, the environment of the network safety shooting range is quickly constructed and restored, and the method is the common requirement and the rigidity requirement of various industries on network shooting range products. However, the initialization construction method and the fast reset method after being attacked for the network device in the network target range environment at present have the following disadvantages:
aiming at the initialization construction of virtual network equipment in the current network shooting range environment, a method of generating a snapshot after virtual machine loading configuration is generally adopted; for attack reset of a virtualized network device, a method of reloading a virtual machine snapshot is generally adopted. In a virtual-real combined network shooting range environment, a large number of disk spaces of storage engines are required to be occupied to store virtualized image files in different scenes.
Disclosure of Invention
The present application aims to provide an initialization method and a recovery method for a virtualized network shooting range environment, so as to solve the technical problems mentioned in the above background art.
A first embodiment of the present invention provides a method for initializing a virtualized network shooting range environment, including:
determining each virtualized network equipment network element in a scene needing to be constructed in a network target range;
setting initialization parameters of the network element of the virtualized network equipment, wherein the initialization parameters comprise a mirror image loaded during starting and whether a specified configuration starting file needs to be loaded or not;
and initializing the network target range according to the initialization parameters of each network element of the virtualization network equipment.
Preferably, the initializing the network target range according to the initialization parameter of each network element of the virtualized network device specifically includes:
starting a mirror image of the network element of the virtualized network equipment;
judging the type of the mirror image, loading a configuration starting file through a corresponding port according to the type of the mirror image, and finishing the initialization of the network shooting range scene; the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file.
Preferably, the starting of the mirror image of the network element of the virtualized network device specifically includes:
and starting the mirror image of the network element of the virtualized network equipment by using a virtualization technology, and mapping the serial port of the network element of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment.
Preferably, the virtualization technology comprises OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker.
Preferably, the determining the type of the mirror image, and loading a configuration boot file through a corresponding port according to the type of the mirror image specifically include:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the network element of the virtualization network equipment is connected with the host machine through the serial port, and a configuration starting file is loaded from the host machine; the configuration management center of the host machine stores a specified configuration starting file, and the specified configuration starting file is automatically generated by a network element of a virtualized network device of a network configuration manufacturer related to the scene;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment network element needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment network element, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment network element; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment.
Preferably, the virtualized network device network element is connected to the host through the serial port, and loads a configuration start file from the host, specifically:
the virtual network equipment network element is connected with the host machine through the serial port;
judging whether the current network element of the virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the network element of the virtual network equipment, and storing the configuration starting file in a configuration starting file storage path of the current network element of the virtual network equipment; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment.
Preferably, when the management port and the configuration management center are unreachable for multiple times, restarting the current network element of the virtualized network device, and retrying connection.
Preferably, the external interface includes a command line interface and a WEB interface.
A second embodiment of the present invention provides a method for resetting a virtualized network shooting range environment, where the method is executed to reset the network shooting range after the network shooting range is attacked.
Compared with the prior art, the initialization method and the reset method of the virtualized network shooting range environment have the following beneficial effects:
according to the method and the device, the configuration examples of different scenes are separated from the basic mirror image and the version of the network equipment, the configuration starting file is flexibly loaded based on the scenes to meet the requirements of constructing and resetting the network shooting range environment, and the defect that the network shooting range environment occupies a large disk space in the prior art can be effectively overcome. The method is characterized in that a starting network device mirror image is adopted for the virtualization network device, a configuration starting file of a specific scene is loaded through a serial port, a management port and a container command line interface to initialize and reset a network target range scene, a storage engine only stores a device manufacturer basic mirror image file, and the disk space occupied by the storage engine is reduced.
Drawings
FIG. 1 is a flow chart of a method for initializing a virtualized network shooting range environment of the present invention;
FIG. 2 is a general flow chart of an embodiment of the present invention;
FIG. 3 is a flowchart of an embodiment of automatically generating a configuration boot file;
FIG. 4 is a flow chart of scheduling a network shooting range scenario in accordance with an embodiment of the present invention;
fig. 5 is a flowchart of an automatic initialization network range scene and an automatic reset network range scene according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
The present invention will be described in detail with reference to examples, but the present invention is not limited to these examples.
FIG. 1 is a flow chart of a method for initializing a virtualized network shooting range environment in accordance with the present invention.
The initialization method of the virtualized network shooting range environment of the first embodiment of the present invention includes:
step 1, determining each virtualized network equipment network element in a scene needing to be constructed in a network target range;
step 2, setting initialization parameters of the network element of the virtualized network equipment, wherein the initialization parameters comprise a mirror image loaded during starting and whether a specified configuration starting file needs to be loaded or not;
step 3, initializing the network target range according to the initialization parameters of each network element of the virtualized network device, specifically:
step 3.1, starting the mirror image of the network element of the virtualized network device, specifically:
and starting the mirror image of the network element of the virtualized network equipment by using a virtualization technology, and mapping the serial port of the network element of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment. Virtualization technologies of the present application include, but are not limited to, OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker
Step 3.2, judging the type of the mirror image, loading a configuration starting file through a corresponding port according to the type of the mirror image, and finishing the initialization of the network shooting range scene; the configuration starting file comprises a designated configuration starting file and a default configuration starting file, and specifically comprises the following steps:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the network element of the virtualization network equipment is connected with the host machine through the serial port, and a configuration starting file is loaded from the host machine; the configuration management center of the host machine stores a specified configuration starting file, and the specified configuration starting file is automatically generated by a network element of a virtualized network device of a network configuration manufacturer related to the scene;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment network element needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment network element, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment network element; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment.
The virtualized network device network element is connected to the host machine through the serial port, and loads a configuration start file from the host machine, specifically:
the virtual network equipment network element is connected with the host machine through the serial port;
judging whether the current network element of the virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the network element of the virtual network equipment, and storing the configuration starting file in a configuration starting file storage path of the current network element of the virtual network equipment; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment. External interfaces include, but are not limited to, command line interfaces and WEB interfaces.
And restarting the network element of the current virtual network equipment when the management port and the configuration management center are inaccessible for multiple times, and retrying connection. The configuration management center includes but is not limited to FTP server, TFTP server, SFTP server, WEB server.
A second embodiment of the present invention provides a method for resetting a virtualized network shooting range environment, where the method is executed to reset the network shooting range after the network shooting range is attacked.
The present application will be described in detail below with specific examples.
The initialization method and the reset method of the virtualized network target range environment of the embodiment have a general flow chart as shown in fig. 2, and include the following steps:
1. the automatic generation of the configuration start file, the flow chart of which is shown in fig. 3, includes:
s1.1, judging a network equipment manufacturer, comprising:
and arranging proper network equipment manufacturers according to the scenes required to be constructed in the network target range. Including but not limited to routers, switches, base stations, core networks, firewalls, and the like. The network equipment manufacturers comprise, but are not limited to, Cisco, Nokia, Ericsson, Pabo and the like of foreign manufacturers, and Huashi, Zhongxing, Xinhua san, beacon fire, Sharp and the like of domestic manufacturers.
S1.2, automatically generating a configuration starting file based on different manufacturer equipment, comprising the following steps:
and automatically generating a corresponding configuration starting file according to the selected network configuration manufacturer in the network target range scene. The automatic generation of the corresponding configuration start file refers to automatic generation of the end-to-end attribute description of the network connection based on the scene.
2. The network shooting range scene is programmed, and the flow chart is shown in figure 4, and comprises the following steps:
s2.1, arranging a single network equipment network element, comprising:
and sequentially arranging the network elements of the single network equipment according to the scenes required to be constructed in the network target range. The network element of the network equipment refers to the smallest unit which can be monitored and managed in network management.
S2.2, specifying the type and the mirror image of the network equipment, comprising the following steps:
the type and mirroring of a network device is specified for a single network device network element. The network device type comprises a virtualized network device. The network device mirror image refers to a mirror image file which is started and loaded by the virtual network device.
S2.3, whether the configuration starting file is loaded or not is specified, and the method comprises the following steps:
and aiming at a single network equipment network element, whether the configuration starting file is loaded during initialization is specified. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S2.4, arranging the relationship between network elements of the network equipment, comprising the following steps:
and arranging the topological relation among network elements of the network equipment according to the scene required to be constructed in the network target range. The topological relation refers to the spatial connection and adjacency relation between the graphic elements, and does not consider the specific position, including but not limited to topological adjacency, topological relation, topological inclusion and the like.
3. The flow chart of the automatic initialization network shooting range scene and the automatic reset network shooting range scene is shown in fig. 5, the flow chart comprises the initialization and reset flows of the materialized network equipment and the virtualized network equipment of the application, and the initialization and reset flows comprise the following steps:
s3.1, judging the network element type of the network equipment, comprising the following steps:
and judging the type of the network element of the network equipment according to the network element of each network equipment involved in the scheduling of the network target range scene. The network element types comprise virtualized network equipment and instantiated network equipment.
S3.2, virtualizing network equipment, comprising:
the current network equipment network element belongs to the virtualized network equipment.
S3.3, starting the network equipment mirror image, comprising the following steps:
the network element of the current network equipment belongs to the virtualized network equipment, the network equipment mirror image is started through the virtualization technology, and the serial port mapping of the virtualized network equipment is carried out. The virtualization technology includes but is not limited to OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker, etc. The serial port mapping means that the serial port of the virtualized network device is mapped to a specific port of a host machine through a virtualization technology, and the port of the host machine can be connected through a terminal simulation program to access the serial port of the virtualized network device. The serial port refers to a Console port of the network device, and is generally directly connected to a serial port of a computer by using a Console cable, and the network device is configured locally by using a terminal simulation program. And the serial port mapping ports are uniformly distributed and managed by a virtual-real combined engine.
S3.4, judging the mirror image type of the network equipment, comprising the following steps:
and judging the type of the mirror image of the current network equipment to be started. The network device image types include, but are not limited to, Qemu, IoL, Dynamips, Docker, and the like.
S3.5, Qemu/IoL/Dynamips, comprising:
the image type of the current network equipment belongs to the image file format supported by Qemu, IoL and Dynamips.
S3.6, connecting the network equipment through a serial port, comprising:
the serial port of the materialized network equipment is accessed by connecting the specified port mapped by the port of the serial management center through the terminal simulation program, the serial port of the virtualized network equipment is accessed by connecting the specified port mapped by the port of the host machine through the terminal simulation program, and the current network equipment can be configured by the serial port connection. Even if the management surface of the network target range is attacked, serial connection and configuration are not affected, and successful initialization and resetting of the network target range scene can be guaranteed through serial connection of network equipment.
S3.7, loading a specified configuration starting file, comprising the following steps:
and judging whether the current network equipment needs to load the specified configuration starting file or not. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S3.8, downloading/uploading the configuration starting file through the management port, comprising the following steps:
the current network equipment needs to load the appointed configuration starting file, and obtains a configuration starting file storage path from the configuration management center to the current network equipment through the management port. If the management port and the configuration management center are not reachable for multiple times, the current virtualized network device is restarted and connection is retried, and the situation that the connection of the management port is unavailable after the management surface of the network device is attacked is prevented. The configuration management center refers to a module providing management functions of uploading, storing, downloading and the like of configuration starting files, and includes but is not limited to an FTP server, a TFTP server, an SFTP server and a WEB server. The management port refers to a management interface of a network device, including but not limited to a Mgmt port and other interfaces that configure network accessibility and enable management plane functions. The management plane functions include, but are not limited to, Telnet, SSH, FTP, TFTP, SFTP, WEB, SNMP, Netconf, etc.
S3.9, loading the specified configuration starting file, including:
and loading a specified configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.10, Docker, comprising:
the image type of the current network device belongs to the image file format supported by Docker.
S3.11, loading a specified configuration starting file, comprising the following steps:
and judging whether the current network equipment needs to load the specified configuration starting file or not. The configuration starting file refers to the configuration starting file meeting the manufacturer specification in S1.1 and S1.2. The appointed loading configuration starting file refers to a configuration starting file which is uploaded to a configuration management center to be stored when the network element of the network equipment is arranged, and the configuration starting files of different network shooting range scenes are different.
S3.12, copying/mapping the configuration boot file through a Docker command, comprising the following steps:
the current network device needs to load a specified configuration boot file, obtain the configuration boot file from the configuration management center through a container Command Line (CLI) interface, and copy or map the configuration boot file to a configuration boot file storage path of the current network device. If the management port and the configuration management center are not reachable for multiple times, the current virtualized network device is restarted and connection is retried, and the situation that the connection of the management port is unavailable after the management surface of the network device is attacked is prevented. The configuration management center refers to a module providing management functions of uploading, storing, downloading and the like of configuration starting files, and includes but is not limited to an FTP server, a TFTP server, an SFTP server and a WEB server. The management port refers to a management interface of a network device, including but not limited to a Mgmt port and other interfaces that configure network accessibility and enable management plane functions.
S3.13, loading a default configuration starting file, comprising the following steps:
and loading a default configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.14, loading a default configuration starting file, comprising the following steps:
and loading a default configuration starting file through an interface externally provided by the current equipment manufacturer. The interface provided for the external includes, but is not limited to, a Command Line (CLI) interface, a WEB interface, and the like.
S3.15, the materialized network equipment comprises:
the network element of the current network equipment belongs to the materialized network equipment, the serial port of the materialized network equipment is connected to the serial port management center, and the management port is connected to the exchange management center. The serial port management center refers to a port which can be connected and configured with the current network equipment after accessing the mapping of the serial port management center, and the serial port management center comprises but is not limited to a serial server and the like. The switching management center refers to a computer networking management center which effectively manages spatial information and metadata thereof in different ranges and fields and provides directory information, metadata information, information addresses and the like of the spatial information for information demanders, and the computer networking management center comprises but is not limited to an Ethernet switch and the like.
S3.16, the network equipment has a serial port, and the method comprises the following steps:
the network element of the current network equipment belongs to the materialized network equipment, and whether the serial port exists in the network equipment is judged. The serial port refers to a Console port of the network device, and is generally directly connected to a serial port of a computer by using a Console cable, and the network device is configured locally by using a terminal simulation program. And the serial port mapping ports are uniformly distributed and managed by a virtual-real combined engine.
S3.17, connecting the network equipment through the management port, comprising:
the terminal emulation program is connected with a management port of the network equipment, and the current network equipment can be configured through the connection of the management port.
Further, the method for automatically initializing the network target range scene and automatically resetting the network target range scene is different in that the configuration starting file during the scene initialization is the configuration starting file specified by the un-started scene, and the configuration starting file during the scene resetting is the configuration starting file specified by the currently started scene.
It should be appreciated that the essence of the embodiment of the present invention is to separate the configuration instances of different scenarios from the basic image and version of the network device, and flexibly load the configuration boot file based on the scenarios to satisfy the construction and reset of the network shooting range environment. The method in the embodiment of the invention not only supports the initialization and the reset of the pure virtualization network shooting range environment, but also supports the initialization and the reset of the pure materialization network shooting range environment, and also supports the initialization and the reset of the virtual-real combined network shooting range environment.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like.
The invention can solve the problem that the virtualized image file in the network shooting range environment occupies large disk space. Aiming at the virtualized network equipment, starting a network equipment mirror image, loading a configuration starting file of a specific scene through a serial port, a management port and a container command line interface to initialize and reset a network target range scene, wherein a storage engine only needs to store a basic mirror image file of an equipment manufacturer, and the disk space occupied by the storage engine is greatly reduced; the problem of network target range environment materialization network equipment materialization scene solidification can be solved. Aiming at the materialized network equipment, a network equipment starting version is adopted, a configuration starting file of a specific scene is loaded through a serial port and a management port to generate a network shooting range scene, and the materialized equipment can initialize different network attack and defense scenes through different configuration starting files, so that the reusability of the materialized network equipment is greatly increased, and the hardware cost of the network shooting range is reduced; the problem that the network equipment needs manual intervention for resetting in the materialized network environment of the network target range can be solved. The network shooting range scene is reset by the configuration starting file reloaded by the serial port or the management port, and the network shooting range scene can be quickly reset.
The present invention has been described in an illustrative manner by the embodiments, and it should be understood by those skilled in the art that the present disclosure is not limited to the embodiments described above, but is capable of various changes, modifications and substitutions without departing from the scope of the present invention.

Claims (10)

1. A method for initializing a virtualized network shooting range environment, comprising:
determining each virtualized network equipment network element in a scene needing to be constructed in a network target range;
setting initialization parameters of the network element of the virtualized network equipment, wherein the initialization parameters comprise a mirror image loaded during starting and whether a specified configuration starting file needs to be loaded or not;
and initializing the network target range according to the initialization parameters of each network element of the virtualization network equipment.
2. The initialization method for a virtualized network target environment according to claim 1, wherein the initializing the network target according to the initialization parameters of each network element of the virtualized network device specifically comprises:
starting a mirror image of the network element of the virtualized network equipment;
judging the type of the mirror image, loading a configuration starting file through a corresponding port according to the type of the mirror image, and finishing the initialization of the network shooting range scene; the configuration start-up file comprises a specified configuration start-up file and a default configuration start-up file.
3. The initialization method for a virtualized network shooting range environment according to claim 2, wherein the starting of the mirror image of the network element of the virtualized network device specifically comprises:
and starting the mirror image of the network element of the virtualized network equipment by using a virtualization technology, and mapping the serial port of the network element of the virtualized network equipment to a specific port of a host machine, wherein the host machine is the materialized network equipment.
4. The initialization method for a virtualized network target farm environment according to claim 3, wherein the virtualization technology comprises OpenStack, KVM, VMware, Virtualbox, Qemu, IoL, Dynamips, Docker.
5. The initialization method for a virtualized network shooting range environment according to claim 3, wherein the determining the type of the image and loading a configuration boot file through a corresponding port according to the type of the image specifically comprise:
when the type of the mirror image belongs to a mirror image format supported by Qemu, IoL or Dynamips, the network element of the virtualization network equipment is connected with the host machine through the serial port, and a configuration starting file is loaded from the host machine; the configuration management center of the host machine stores a specified configuration starting file, and the specified configuration starting file is automatically generated by a network element of a virtualized network device of a network configuration manufacturer related to the scene;
when the type of the mirror image belongs to a mirror image format supported by Docker, judging whether the virtualized network equipment network element needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a container command line interface of the virtualized network equipment network element, and copying or mapping the specified configuration starting file to a configuration starting file storage path of the current virtualized network equipment network element; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment.
6. The initialization method for the virtualized network target range environment according to claim 5, wherein the virtualized network device network element is connected to the host through the serial port, and loads a configuration start file from the host, specifically:
the virtual network equipment network element is connected with the host machine through the serial port;
judging whether the current network element of the virtual network equipment needs to load a specified configuration starting file, if so, acquiring the specified configuration starting file from a configuration management center of the host machine through a management port of the network element of the virtual network equipment, and storing the configuration starting file in a configuration starting file storage path of the current network element of the virtual network equipment; and if not, loading a default configuration starting file through an external interface of the network element of the current virtual network equipment.
7. The method of claim 6, wherein when the management port is not reachable from the configuration management center for multiple times, the current network element of the virtualized network device is restarted and a connection is retried.
8. The method for initializing a virtualized network shooting range environment according to claim 5 or 6, wherein the external interfaces comprise a command line interface and a WEB interface.
9. The initialization method for a virtualized network shooting range environment according to claim 5, wherein the configuration management center comprises FTP server, TFTP server, SFTP server, WEB server.
10. A method for resetting a virtualized network shooting range environment, wherein the method of any of claims 1-9 is performed to reset the network shooting range after the network shooting range is attacked.
CN202011612763.3A 2020-12-30 2020-12-30 Initialization method and reset method of virtualized network target range environment Active CN112416469B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011612763.3A CN112416469B (en) 2020-12-30 2020-12-30 Initialization method and reset method of virtualized network target range environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011612763.3A CN112416469B (en) 2020-12-30 2020-12-30 Initialization method and reset method of virtualized network target range environment

Publications (2)

Publication Number Publication Date
CN112416469A true CN112416469A (en) 2021-02-26
CN112416469B CN112416469B (en) 2021-12-17

Family

ID=74782927

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011612763.3A Active CN112416469B (en) 2020-12-30 2020-12-30 Initialization method and reset method of virtualized network target range environment

Country Status (1)

Country Link
CN (1) CN112416469B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268206A (en) * 2021-07-19 2021-08-17 南京赛宁信息技术有限公司 Network target range resource hot plug implementation method and system
CN113595772A (en) * 2021-07-16 2021-11-02 南京赛宁信息技术有限公司 Multi-user scene multiplexing method and device in shooting range environment
CN114040408A (en) * 2021-11-02 2022-02-11 恒安嘉新(北京)科技股份公司 Shooting range system based on 4G mobile network simulation environment
CN114095340A (en) * 2022-01-20 2022-02-25 湖南泛联新安信息科技有限公司 Virtual-real combined network shooting range scene and snapshot construction method
CN115001959A (en) * 2022-08-08 2022-09-02 南京赛宁信息技术有限公司 Network target range network equipment initialization method and system
CN117459401A (en) * 2023-09-15 2024-01-26 永信至诚科技集团股份有限公司 Method, device, equipment and storage medium for generating network target range environment snapshot

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180316769A1 (en) * 2015-06-22 2018-11-01 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111555913A (en) * 2020-04-24 2020-08-18 北京安码科技有限公司 Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180316769A1 (en) * 2015-06-22 2018-11-01 Amazon Technologies, Inc. Private service endpoints in isolated virtual networks
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111555913A (en) * 2020-04-24 2020-08-18 北京安码科技有限公司 Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595772A (en) * 2021-07-16 2021-11-02 南京赛宁信息技术有限公司 Multi-user scene multiplexing method and device in shooting range environment
CN113595772B (en) * 2021-07-16 2023-08-29 南京赛宁信息技术有限公司 Scene multiplexing method and device in multi-user shooting range environment
CN113268206A (en) * 2021-07-19 2021-08-17 南京赛宁信息技术有限公司 Network target range resource hot plug implementation method and system
CN114040408A (en) * 2021-11-02 2022-02-11 恒安嘉新(北京)科技股份公司 Shooting range system based on 4G mobile network simulation environment
CN114040408B (en) * 2021-11-02 2024-05-28 恒安嘉新(北京)科技股份公司 Target range system based on 4G mobile network simulation environment
CN114095340A (en) * 2022-01-20 2022-02-25 湖南泛联新安信息科技有限公司 Virtual-real combined network shooting range scene and snapshot construction method
CN114095340B (en) * 2022-01-20 2022-04-19 湖南泛联新安信息科技有限公司 Virtual-real combined network shooting range scene and snapshot construction method
CN115001959A (en) * 2022-08-08 2022-09-02 南京赛宁信息技术有限公司 Network target range network equipment initialization method and system
CN115001959B (en) * 2022-08-08 2022-11-22 南京赛宁信息技术有限公司 Network target range network equipment initialization method, system and storage medium
CN117459401A (en) * 2023-09-15 2024-01-26 永信至诚科技集团股份有限公司 Method, device, equipment and storage medium for generating network target range environment snapshot

Also Published As

Publication number Publication date
CN112416469B (en) 2021-12-17

Similar Documents

Publication Publication Date Title
CN112416469B (en) Initialization method and reset method of virtualized network target range environment
CN112311816B (en) Initialization method and reset method for virtual and real combined network target range environment
US11848817B2 (en) Techniques for updating edge devices
JP7391862B2 (en) AUTOMATICALLY DEPLOYED INFORMATION TECHNOLOGY (IT) SYSTEMS AND METHODS
CN113452830B (en) Batch control method of android cloud mobile phone, computer readable medium and electronic device
CN104166586A (en) Transparent computing method and transparent computing system based on virtualization technology
CN108319492B (en) Method, device and system for resetting physical machine
US11044148B2 (en) Optimistic and failsafe network configuration
CN114697191A (en) Resource migration method, device, equipment and storage medium
CN110795209B (en) Control method and device
CN111083160A (en) Resource information recovery method and device
US20230325220A1 (en) Hosting dpu management operating system using dpu software stack
CN113626144B (en) Method, device, equipment and readable medium for creating and storing double live volumes by clusters
CN112003726B (en) High-availability configuration method for rapidly deploying Beegfs management service nodes
CN113268252A (en) Mirror image manufacturing method and system based on virtual chemical industry control equipment and storage medium
CN115905271B (en) Virus library updating method and device and multi-engine detection system
CN112711444A (en) Virtualization method and system for power grid monitoring service unit
US11972300B2 (en) Techniques for managing edge device provisioning
US20240111602A1 (en) Virtual edge devices
CN111752680B (en) IPC simulation method, device, storage medium and equipment based on KVM
WO2022216752A1 (en) Composable edge device platforms
CN117389677A (en) Cloud computing technology-based server and cloud system
CN116909683A (en) Engine containerization control method, system, electronic device and storage medium
CN117614822A (en) RDMA network configuration method and server
CN116055312A (en) Fusion method, device, equipment and storage medium of virtualization platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant