CN112436993B - VPN private line discovery method and device based on configuration file analysis - Google Patents

VPN private line discovery method and device based on configuration file analysis Download PDF

Info

Publication number
CN112436993B
CN112436993B CN202011268719.5A CN202011268719A CN112436993B CN 112436993 B CN112436993 B CN 112436993B CN 202011268719 A CN202011268719 A CN 202011268719A CN 112436993 B CN112436993 B CN 112436993B
Authority
CN
China
Prior art keywords
information
vpn
equipment
port
discovered
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011268719.5A
Other languages
Chinese (zh)
Other versions
CN112436993A (en
Inventor
庞洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unihub China Information Technology Co Ltd
Original Assignee
Unihub China Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unihub China Information Technology Co Ltd filed Critical Unihub China Information Technology Co Ltd
Priority to CN202011268719.5A priority Critical patent/CN112436993B/en
Publication of CN112436993A publication Critical patent/CN112436993A/en
Application granted granted Critical
Publication of CN112436993B publication Critical patent/CN112436993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a VPN private line discovery method and a device based on configuration file analysis, wherein the method comprises the following steps: collecting a configuration file; analyzing the configuration file, and respectively storing port information, VLAN information and VPN information into a table; scanning the equipment to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information; associating the existing topology information table, and screening layer by layer according to the A-end equipment until the last access equipment is found; and warehousing the VPN link information of the equipment port and generating a file. The method and the device can acquire and visually display the latest VPN private line data of the equipment at any time through automatic acquisition and automatic analysis, and are convenient, fast and efficient.

Description

VPN private line discovery method and device based on configuration file analysis
Technical Field
The invention relates to the field of VPN private line service, in particular to a method and a device for discovering VPN private line based on configuration file analysis.
Background
Today, the internet has increasingly large scale and the internet security problem is increasingly complex, it is increasingly important to provide a secure and reliable message transmission function in a complex network environment, so that the VPN private line service is more and more widely applied to network life. However, with the wide application, when the number of devices reaches thousands, a large amount of work is required for device management and querying of VPN private line data, and manual operation is difficult and may cause misoperation.
Disclosure of Invention
In order to solve the problems of complexity and low efficiency existing in the process of managing and inquiring VPN service information through equipment, the invention provides a method and a device for discovering a VPN private line based on configuration file analysis.
In order to achieve the purpose, the invention adopts the following technical scheme:
in an embodiment of the present invention, a method for discovering a VPN private line based on profile analysis is provided, where the method includes:
collecting a configuration file;
analyzing the configuration file, and respectively storing port information, VLAN information and VPN information into a table;
scanning the equipment to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information;
associating the existing topology information table, and screening layer by layer according to the A-end equipment until the last access equipment is found;
and warehousing the VPN link information of the equipment port and generating a file.
Further, scanning the device to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information, including:
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information and VPN information, and warehousing.
Further, the existing topology information table is correlated, and screening is carried out layer by layer according to the A-end equipment until the last access equipment is found; warehousing VPN link information of the equipment port and generating a file, wherein the file comprises the following steps:
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found; and integrating all the information into one record and recording the record into a file.
In an embodiment of the present invention, a device for discovering a VPN private line based on profile analysis is further provided, where the device includes:
the configuration file acquisition module is used for acquiring the configuration file of the equipment to the local;
the configuration file analysis module is used for analyzing the configuration file and respectively storing the port information, the VLAN information and the VPN information into a table;
the VPN related information acquisition module is used for scanning the equipment to be discovered, screening the ports to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information;
the access equipment searching module is used for associating the existing topology information table and screening layer by layer according to the A-end equipment until the last access equipment is found;
and the file generation module is used for warehousing the VPN link information of the equipment port and generating a file.
Further, the VPN related information acquiring module is specifically configured to:
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information and VPN information, and warehousing.
Further, the access device searching module is specifically configured to:
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found; and integrating all the information into one record and recording the record into a file.
In an embodiment of the present invention, a computer device is further provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the method for VPN private line discovery based on profile analysis is implemented.
In an embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program for executing the method for VPN private line discovery based on profile analysis is stored.
Has the advantages that:
the invention obtains the VPN private line data existing in the current network by analyzing the configuration files of the equipment in batches, analyzes the link information of the VPN private line step by step from top to bottom by combining the existing topological link data and the equipment VLAN data, and automatically arranges the data files, thereby effectively reducing the workload of manually logging in equipment for inquiry, improving the inquiry efficiency, increasing the accuracy of the data and ensuring that the VPN service is managed and maintained more conveniently.
Drawings
Fig. 1 is a flowchart illustrating a method for discovering a VPN private line based on profile analysis according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus for VPN private line discovery based on profile analysis according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, which should be understood to be presented only to enable those skilled in the art to better understand and implement the present invention, and not to limit the scope of the present invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a configuration file of the existing network equipment is obtained by utilizing the self-existing equipment basic acquisition function, the configuration file is analyzed in batch through a script to obtain the existing VPN private line data, then the specific path of the VPN private line from a PE end to an access end, namely the VPN link information of an equipment port is screened and calculated layer by layer from the PE end based on two-layer topological link data (the corresponding relation between equipment and the port between the A end and the B end of a link) in combination with the topological link data and the equipment VLAN data, and finally the calculation result is formed into a data file.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Fig. 1 is a flowchart illustrating a method for discovering a VPN private line based on profile analysis according to an embodiment of the present invention. As shown in fig. 1, the method includes:
s101, collecting configuration files;
and acquiring a configuration file of the equipment to the local.
S102, analyzing a configuration file, and respectively storing port information, VLAN information and VPN information into a table;
analyzing the configuration files in batches, acquiring the configuration information of the equipment, and respectively recording the port information, the VLAN information, the VPN information and the like into a database.
S103, scanning the equipment to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring corresponding VPN related information;
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information, VPN information and the like, and warehousing.
S104, associating the existing topology information table, and screening layer by layer downwards according to the A-end equipment until the last access equipment is found;
s105, storing the VPN link information of the equipment port in a storage mode and generating a file;
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found; and integrating all the information into one record and recording the record into a file.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
For a clearer explanation of the above method for implementing non-repetitive issue of real instructions based on a golang pipeline, a specific embodiment is described below, but it should be noted that this embodiment is only for better describing the present invention, and is not to be construed as an undue limitation on the present invention.
Taking the Alang equipment as an example, the specific steps are as follows:
1. collecting a configuration file;
and acquiring a configuration file of the equipment to the local.
2. Analyzing the configuration file, and respectively storing port information, VLAN information and VPN information into a table;
analyzing the configuration file in batch, acquiring configuration information of the device (taking the alan device as an example), and recording port information, VLAN information, VPN information and the like into a database respectively.
Figure GDA0003539203180000071
Figure GDA0003539203180000081
Figure GDA0003539203180000091
S103, scanning the equipment to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring corresponding VPN related information;
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information, VPN information and the like, and warehousing.
S104, associating the existing topology information table, and screening layer by layer downwards according to the A-end equipment until the last access equipment is found;
s105, storing the VPN link information of the equipment port in a storage mode and generating a file;
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found; and integrating all the information into one record and recording the record into a file.
For example, the following table:
Figure GDA0003539203180000101
the invention has been put into use in the Ningxia telecommunication service reconciliation project.
Based on the same inventive concept, the invention also provides a device for discovering the VPN private line based on the analysis of the configuration file. The implementation of the device can be referred to the implementation of the method, and repeated details are not repeated. The term "module," as used below, may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 2 is a schematic structural diagram of an apparatus for VPN private line discovery based on profile analysis according to an embodiment of the present invention. As shown in fig. 2, the apparatus includes:
a configuration file acquisition module 201, configured to acquire a configuration file of a device locally;
a configuration file analysis module 202, configured to analyze the configuration file and store the port information, the VLAN information, and the VPN information in a table, respectively;
a VPN related information acquiring module 203, configured to scan a device to be discovered, screen a port to be discovered according to a configured rule, and analyze the port to be discovered, so as to acquire corresponding VPN related information;
scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to a configured rule for analysis, respectively acquiring VLAN information, bandwidth information, user account information and VPN information, and warehousing;
the access device searching module 204 is configured to correlate an existing topology information table, and perform layer-by-layer downward screening according to the a-side device until a last access device is found;
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found; integrating all information into one record and recording the record into a file;
and the file generating module 205 is configured to store the VPN link information of the device port and generate a file.
It should be noted that although several modules of the VPN private line discovery apparatus based on profile analysis are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module according to embodiments of the invention. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Based on the aforementioned inventive concept, as shown in fig. 3, the present invention further provides a computer device 300, which includes a memory 310, a processor 320 and a computer program 330 stored in the memory 310 and capable of running on the processor 320, wherein the processor 320 executes the computer program 330 to implement the aforementioned method for VPN private line discovery based on profile analysis.
Based on the foregoing inventive concept, the present invention further provides a computer-readable storage medium storing a computer program for executing the foregoing method for VPN private line discovery based on profile analysis.
The method and the device for discovering the VPN private line based on the analysis of the configuration file can acquire and visually display the latest VPN private line data of the equipment at any time through automatic acquisition and automatic analysis, and are convenient and efficient.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
The limitation of the protection scope of the present invention is understood by those skilled in the art, and various modifications or changes which can be made by those skilled in the art without inventive efforts based on the technical solution of the present invention are still within the protection scope of the present invention.

Claims (6)

1. A method for VPN private line discovery based on profile analysis, the method comprising:
collecting a configuration file;
analyzing the configuration file, and respectively storing port information, VLAN information and VPN information into a table;
scanning the equipment to be discovered, screening the port to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information;
with the port as a unit and the VLAN as a filtering condition, searching two-layer topological link data, namely the corresponding relation between equipment and the port between the A end and the B end of the link, and screening layer by layer from the PE end until the final access equipment is found;
and warehousing the VPN link information of the equipment port and generating a file.
2. The method according to claim 1, wherein scanning a device to be discovered, screening a port to be discovered according to a configured rule, analyzing the port to be discovered, and acquiring corresponding VPN related information comprises:
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information and VPN information, and warehousing.
3. An apparatus for VPN private line discovery based on profile analysis, the apparatus comprising:
the configuration file acquisition module is used for acquiring the configuration file of the equipment to the local;
the configuration file analysis module is used for analyzing the configuration file and respectively storing the port information, the VLAN information and the VPN information into a table;
the VPN related information acquisition module is used for scanning the equipment to be discovered, screening the ports to be discovered according to the configured rule for analysis, and acquiring the corresponding VPN related information;
an access device searching module, configured to search two-layer topology link data, that is, a device-port correspondence between a link a and a link B, using a port as a unit and a VLAN as a filtering condition, and screen layer by layer from a PE end down until a final access device is found;
and the file generation module is used for warehousing the VPN link information of the equipment port and generating a file.
4. The device for VPN private line discovery based on profile analysis according to claim 3, wherein said VPN related information obtaining module is specifically configured to:
and scanning the equipment to be discovered, screening ports bound with the VPN in the equipment to be discovered according to the configured rule, analyzing, respectively acquiring VLAN information, bandwidth information, user account information and VPN information, and warehousing.
5. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-2 when executing the computer program.
6. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for performing the method of any one of claims 1-2.
CN202011268719.5A 2020-11-13 2020-11-13 VPN private line discovery method and device based on configuration file analysis Active CN112436993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011268719.5A CN112436993B (en) 2020-11-13 2020-11-13 VPN private line discovery method and device based on configuration file analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011268719.5A CN112436993B (en) 2020-11-13 2020-11-13 VPN private line discovery method and device based on configuration file analysis

Publications (2)

Publication Number Publication Date
CN112436993A CN112436993A (en) 2021-03-02
CN112436993B true CN112436993B (en) 2022-05-17

Family

ID=74700955

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011268719.5A Active CN112436993B (en) 2020-11-13 2020-11-13 VPN private line discovery method and device based on configuration file analysis

Country Status (1)

Country Link
CN (1) CN112436993B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109412955A (en) * 2018-12-06 2019-03-01 中盈优创资讯科技有限公司 IPRAN LA Management Room linking relationship determines method and device
CN109672562A (en) * 2018-12-19 2019-04-23 迈普通信技术股份有限公司 Data processing method, device, electronic equipment and storage medium
CN110391934A (en) * 2019-07-03 2019-10-29 中国联合网络通信集团有限公司 Network equipment mask method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7593352B2 (en) * 2006-06-02 2009-09-22 Cisco Technology, Inc. Discovering MPLS VPN services in a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109412955A (en) * 2018-12-06 2019-03-01 中盈优创资讯科技有限公司 IPRAN LA Management Room linking relationship determines method and device
CN109672562A (en) * 2018-12-19 2019-04-23 迈普通信技术股份有限公司 Data processing method, device, electronic equipment and storage medium
CN110391934A (en) * 2019-07-03 2019-10-29 中国联合网络通信集团有限公司 Network equipment mask method and device

Also Published As

Publication number Publication date
CN112436993A (en) 2021-03-02

Similar Documents

Publication Publication Date Title
US11249728B2 (en) System and method for generating an application structure for an application in a computerized organization
US9374278B2 (en) Graphic user interface based network management system to define and execute troubleshooting procedure
US10169434B1 (en) Tokenized HTTP event collector
US20110022707A1 (en) Hierarchy for characterizing interactions with an application
US20220414119A1 (en) Data source metric visualizations
US11436116B1 (en) Recovering pre-indexed data from a shared storage system following a failed indexer
US10089167B2 (en) Log file reduction according to problem-space network topology
CN113364801A (en) Management method, system, terminal device and storage medium of network firewall policy
CN106682210B (en) Log file query method and device
CN112436993B (en) VPN private line discovery method and device based on configuration file analysis
CN109710487A (en) A kind of monitoring method and device
CN115408569A (en) Process traceability tree simplification method, device, equipment and medium
CN112671567B (en) 5G core network topology discovery method and device based on service interface
CN113239074B (en) Physical port positioning method, physical port positioning device, electronic equipment and storage medium
CN112671565B (en) 5G core network topology discovery method and device based on signaling link
CN115344305A (en) Method and device for analyzing function call relation under micro-service architecture
CN114268569B (en) Configurable network operation and maintenance acceptance test method and device
CN109684158B (en) State monitoring method, device, equipment and storage medium of distributed coordination system
CN113722135A (en) Error log acquisition system, method, device and medium
CN113032341A (en) Log processing method based on visual configuration
CN111309368A (en) Development information management method, system, equipment and readable storage medium based on B/S framework
US10469319B2 (en) Certification tool gap analyzer
US11755453B1 (en) Performing iterative entity discovery and instrumentation
CN114666231B (en) Visual operation and maintenance management method and system under multi-cloud environment and storage medium
CN113918778A (en) Method and device for checking and comparing IP address information of private line user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 200000 room 702-2, No. 4811 Cao'an Road, Jiading District, Shanghai

Patentee after: CHINA UNITECHS

Address before: Room 1004-4, 10 / F, 1112 Hanggui Road, Anting Town, Jiading District, Shanghai

Patentee before: CHINA UNITECHS