CN112448915B - Verification method and device for configuration message and computer storage medium - Google Patents
Verification method and device for configuration message and computer storage medium Download PDFInfo
- Publication number
- CN112448915B CN112448915B CN201910802221.3A CN201910802221A CN112448915B CN 112448915 B CN112448915 B CN 112448915B CN 201910802221 A CN201910802221 A CN 201910802221A CN 112448915 B CN112448915 B CN 112448915B
- Authority
- CN
- China
- Prior art keywords
- verification
- configuration message
- label
- configuration
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The application discloses a verification method and device for configuration messages and a computer storage medium, and belongs to the technical field of networks. The control equipment acquires all labels of the configuration message to be verified. The control equipment acquires a target verification strategy corresponding to each label in all labels of the configuration message to be verified based on the corresponding relation between the labels and the verification strategies, and the corresponding relation between the labels and the verification strategies is generated based on a plurality of configuration message samples and the corresponding verification strategies. And the control equipment adopts a target verification strategy corresponding to each label to verify the configuration message to be verified before configuration. The control equipment does not need to adopt all verification strategies to verify the configuration message to be verified before configuration, so that the time consumed in the verification process is shortened, the verification efficiency is improved, and the operation overhead of the control equipment is reduced.
Description
Technical Field
The present application relates to the field of network technologies, and in particular, to a method and an apparatus for verifying a configuration packet, and a computer storage medium.
Background
The Network Configuration Protocol (NetConf) provides a set of mechanisms for managing Network devices. The control device may generate a configuration message including network configuration information based on NetConf and send the configuration message to the managed network device. The network device may parse the configuration message based on NetConf and adjust network configuration parameters according to network configuration information in the configuration message to add, modify, and/or delete network configurations.
Since different network configurations may affect each other in terms of function implementation, for example, deleting a certain network configuration may cause that functions of other network configurations cannot be implemented, after the control device generates a configuration message, it needs to verify the configuration message before configuration on the control device, and after the control device determines that the verification before configuration is successful, that is, after the control device theoretically determines that the network device adjusts network configuration parameters according to network configuration information in the configuration message, the control device sends the configuration message to the network device after all functions of network configurations deployed in the network can be implemented. Since the control device cannot determine which functions of which network configurations are affected by the network configuration information in the newly generated configuration message at present, when the control device verifies the configuration message before configuration, each function of all network configurations is usually verified to verify the realizability of each function of each network configuration. Currently, as an authentication policy, usually, a pair of authentication Questions and Answers (QA) is used, and there are currently 20 pairs of authentication QAs, each pair of authentication QA being used to authenticate a function.
However, after each new configuration packet is generated by the control device, each function of all network configurations needs to be verified, the verification process before configuration of the configuration packet takes a long time, and the computation overhead of the control device is large.
Disclosure of Invention
The application provides a verification method and device for a configuration message and a computer storage medium, which can solve the problems that the time consumption of a verification process before configuration of the configuration message is long and the operation overhead of control equipment is high.
In a first aspect, a method for verifying a configuration packet is provided. The control equipment acquires all labels of the configuration message to be verified. The control equipment acquires a target verification strategy corresponding to each label in all labels of the configuration message to be verified based on the corresponding relation between the labels and the verification strategies, and the corresponding relation between the labels and the verification strategies is generated based on a plurality of configuration message samples and the corresponding verification strategies. And the control equipment adopts a target verification strategy corresponding to each label to verify the configuration message to be verified before configuration.
The configuration message to be verified may be a message in xml format or json format.
In the application, the control equipment can obtain the target verification strategy corresponding to the label of the configuration message to be verified based on the corresponding relation between the label and the verification strategy, and then verify the configuration message to be verified before configuring by adopting the target verification strategy, and verify the configuration message to be verified before configuring by adopting all verification strategies, so that the time consumed in the verification process is shortened, the verification efficiency is improved, and meanwhile, the operation overhead of the control equipment is reduced.
Optionally, the control device obtains all the tags of each configuration packet sample in the plurality of configuration packet samples. The control equipment determines one or more verification strategies corresponding to each label of each configuration message sample according to all labels of each configuration message sample in the plurality of configuration message samples and all verification strategies corresponding to each configuration message sample.
In the application, the control device may generate the correspondence between the tag and the verification policy according to the plurality of configuration packet samples and the corresponding verification policies. Or, the control device may also obtain a correspondence relationship between the tag and the verification policy generated by the other device according to the plurality of configuration packet samples and the corresponding verification policies.
Optionally, the process of determining, by the control device, one or more verification policies corresponding to each tag of each configuration packet sample according to all tags of each configuration packet sample in the plurality of configuration packet samples and all verification policies corresponding to each configuration packet sample includes:
the control equipment generates a label set and a verification strategy set, wherein the label set comprises m labels, the label set is a union set of labels of a plurality of configuration message samples, the verification strategy set comprises n verification strategies, the verification strategy set is a union set of verification strategies corresponding to the plurality of configuration message samples, and m and n are positive integers. The control equipment calculates the contribution degree of the ith label in the m labels to the jth verification strategy in the n verification strategies, the sum of the contribution degrees of the ith label to the n verification strategies is equal to a fixed value, the contribution degree of the ith label to the jth verification strategy is positively correlated with the number of target configuration message samples, each target configuration message sample has the ith label and corresponds to the jth verification strategy, i is more than or equal to 1 and less than or equal to m, and j is more than or equal to 1 and less than or equal to n. When the contribution degree of the ith tag to the jth verification strategy meets the contribution degree condition, the control device determines that the jth verification strategy is the verification strategy corresponding to the ith tag.
In a possible implementation manner, when the contribution degree of the ith tag to the jth authentication policy is greater than the contribution degree threshold, the control device determines that the jth authentication policy is the authentication policy corresponding to the ith tag. The contribution threshold may be some fixed value; or the contribution threshold corresponding to different tags may be different, for example, the contribution threshold corresponding to the ith tag is equal to the average value of the contribution of the ith tag to all verification policies.
In another possible implementation manner, the control device takes a plurality of verification policies with the highest contribution degree of the ith tag as the verification policy corresponding to the ith tag.
Optionally, after obtaining all the tags of the configuration message to be verified, the control device outputs the target tag when the corresponding relationship between the tags and the verification policy does not include the verification policy corresponding to the target tag in the configuration message to be verified, where the target tag is any one of all the tags of the configuration message to be verified.
Controlling a device to output a target tag, comprising: the control device displays a target label on a User Interface (UI); or the control device transmits the target label to the display device for the display device to display the target label. According to the method and the device, the target label is displayed, so that an expert can conveniently check the unknown label in the configuration message to be verified, and the verification strategy corresponding to the target label is determined.
Optionally, after the control device outputs the target tag, if the control device obtains the verification policy corresponding to the target tag, the control device may further update the correspondence between the tag and the verification policy by using the target tag and the verification policy corresponding to the target tag.
Optionally, the tag of the configuration packet to be verified is an xml tag or a json tag.
In a second aspect, an apparatus for verifying a configuration packet is provided. The apparatus comprises a plurality of functional modules that interact to implement the method of the first aspect and its embodiments described above. The functional modules can be implemented based on software, hardware or a combination of software and hardware, and the functional modules can be combined or divided arbitrarily based on specific implementation.
In a third aspect, a device for verifying a configuration packet is provided, including: a processor and a memory. The memory for storing a computer program, the computer program comprising program instructions; the processor is configured to invoke the computer program to implement the method in the first aspect and the embodiments thereof.
In a fourth aspect, a computer storage medium is provided, which has instructions stored thereon, which when executed by a processor, implement the method of the first aspect and its embodiments described above.
In a fifth aspect, a chip is provided, where the chip includes programmable logic circuits and/or program instructions, and when the chip runs, the method in the first aspect and its embodiments is implemented.
The beneficial effect that technical scheme that this application provided brought includes at least:
the control equipment can obtain the target verification strategy corresponding to the label of the configuration message to be verified based on the corresponding relation between the label and the verification strategy, and then verify the configuration message to be verified before configuration by adopting the target verification strategy, without adopting all verification strategies to verify the configuration message to be verified before configuration, thereby shortening the time consumed in the verification process, improving the verification efficiency and simultaneously reducing the operation overhead of the control equipment.
Drawings
Fig. 1 is a flowchart of a verification method for a configuration packet according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an apparatus for verifying a configuration packet according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of another configuration message verification apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another configuration message verification apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a further verification apparatus for configuration messages according to an embodiment of the present application;
fig. 6 is a block diagram of an apparatus for verifying a configuration packet according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a method for verifying a configuration packet according to an embodiment of the present application. As shown in fig. 1, the method includes:
A control device refers to a device capable of providing a configuration for a managed network device, for example, a NetConf server.
Optionally, the configuration message to be verified is generated by the control device according to the natural language intention of the user based on the general configuration model and the network expert system. The generic configuration model is a network configuration model that is independent of the type of network device. The network expert system is a computer program system capable of working on the network communication expert level, and can be software with communication network management, monitoring and operation and maintenance capabilities. The control device may determine the user intention by recognizing a natural language on a User Interface (UI). For example, if the user inputs "create a network interface, the type is vbdif" on the UI of the control device, the control device determines that the natural language of the user intends to create a vbdif-type network interface, and generates a configuration packet containing network configuration information required by the network device to create a vbdif-type network interface based on a network common model and a network expert system.
Optionally, the configuration packet to be verified may be a packet in an xml format or a json format, and the tag of the configuration packet to be verified may be an xml tag or a json tag. And when the configuration message to be verified is a message in an xml format, the label of the configuration message to be verified is an xml label. And when the configuration message to be verified is a json-format message, the label of the configuration message to be verified is a json label. The embodiment of the present application takes an example in which the configuration packet to be verified is a packet in an xml format as an example.
By way of example, the configuration message for creating a network interface of the vbdif type (interface name vbdif 12) may be represented as follows:
<ifm content-version="1.0"format-version="1.0"xmlns="http://www.xxx.com/netconf/vrp">
<interfaces>
<interface operation="merge">
<ifName>vbdif12</ifName>
<ifMac>0000-5e00-0101</ifMac>
</interface>
</interfaces>
</ifm>
the xml tag of the configuration message includes: < ifm >, < interfaces >, < interface >, < ifName >, and < ifMac >.
Further, for example, a configuration packet for creating a network virtual edge node (Nve) (the node name is Nve 1) and specifying a source Internet Protocol (IP) address of a gateway (the source IP address is 1.1.1.1) may be represented as follows:
<nvo3 content-version="1.0"format-version="1.0"
xmlns="http://www.xxx.com/netconf/vrp">
<nvo3Nves>
<nvo3Nve operation="merge">
<ifName>Nve1</ifName>
<nveType>mode-l2</nveType>
<srcAddr>1.1.1.1</srcAddr>
</nvo3Nve>
</nvo3Nves>
</nvo3>
the xml tag of the configuration message includes: < nvo3>, < nvo3Nves >, < nvo3Nve >, < ifName >, < nveType >, and < srcAddr >.
Optionally, the control device extracts all tags of the configuration packet to be verified through text parsing.
The corresponding relation between the label and the verification strategy is generated based on a plurality of configuration message samples and the corresponding verification strategy. Each tag corresponds to one or more authentication policies. The authentication policies include control plane authentication policies and data plane authentication policies. The control plane verification strategy comprises a configuration compliance verification strategy, an interface conflict verification strategy, a Media Access Control (MAC) conflict verification strategy, a special character verification strategy, an IP repeated verification strategy, an adjacent sub-network redundancy verification strategy, a planning configuration and equipment configuration consistency verification strategy and the like. The data plane verification strategy comprises a reachability verification strategy, a black hole verification strategy, a loop verification strategy and the like. The verification policy may be to verify the QA pair.
Optionally, the process of generating, by the control device, a correspondence between the tag and the verification policy includes: the control device obtains all labels of each configuration message sample in the plurality of configuration message samples. The control equipment determines one or more verification strategies corresponding to each label of each configuration message sample according to all labels of each configuration message sample in the plurality of configuration message samples and all verification strategies corresponding to each configuration message sample. The configuration message sample is a configuration message of a known corresponding verification strategy.
Optionally, the control device may extract all tags of the configuration packet to be verified through text parsing. For example, all tags and corresponding all verification policies of each configuration packet sample may be expressed as follows:
{ [ < tag 1>, < tag 2>, < tag 3>, \ 8230 }, [ authentication policy 1, authentication policy 2, authentication policy 3, \8230 }.
Optionally, the process of determining, by the control device, one or more verification policies corresponding to each tag of each configuration packet sample according to all tags of each configuration packet sample in the plurality of configuration packet samples and all verification policies corresponding to each configuration packet sample may include step a, step B, and step C.
In the step A, the control device generates a label set and a verification strategy set, wherein the label set comprises m labels, the label set is a union of labels of a plurality of configuration message samples, the verification strategy set comprises n verification strategies, the verification strategy set is a union of verification strategies corresponding to the plurality of configuration message samples, and m and n are positive integers.
The label set is a union of labels of the multiple configuration message samples, and means that the label set includes a label of each configuration message sample in the multiple configuration message samples, and no duplicate label exists in the label set. The verification strategy set is a union set of verification strategies corresponding to the multiple configuration message samples, and means that the verification strategy set comprises all the verification strategies corresponding to each configuration message sample in the multiple configuration message samples, and no repeated verification strategy exists in the verification strategy set.
In step B, the control device calculates a degree of contribution of an ith tag of the m tags to a jth verification policy of the n verification policies. The sum of the contributions of the ith label to the n verification policies is equal to a fixed value, which may be 1, for example. The contribution degree of the ith label to the jth verification strategy is positively correlated with the number of target configuration message samples, the target configuration message samples are provided with the ith label and correspond to the jth verification strategy, i is more than or equal to 1 and less than or equal to m, and j is more than or equal to 1 and less than or equal to n.
For example, assume that there are 5 configuration packet samples (configuration packet samples 1-5), the tag set includes 5 tags (tags 1-5), and the verification policy set includes 5 verification policies (verification policies 1-5). The label and the corresponding verification strategy of each configuration message sample are respectively expressed as follows:
configuring a message sample 1: { [ < tag 1>, < tag 2>, < tag 3> ], [ verify policy 1, verify policy 2, verify policy 3] }.
Configuring a message sample 2: { [ < tag 1>, < tag 2>, < tag 4> ], [ verify policy 2, verify policy 3] }.
Configuring a message sample 3: { [ < tag 2>, < tag 3>, < tag 4>, < tag 5> ], [ verify policy 1, verify policy 2, verify policy 4, verify policy 5] }.
Configuring a message sample 4: { [ < tag 1>, < tag 2>, < tag 5> ], [ verify policy 1, verify policy 3, verify policy 4, verify policy 5] }.
Configuring a message sample 5: { [ < tag 1>, < tag 4>, < tag 5> ], [ verify policy 2, verify policy 3, verify policy 4, verify policy 5] }.
Optionally, for a single configuration packet sample, the contribution of each label of the configuration packet sample to the plurality of verification policies corresponding to the configuration packet sample is distributed evenly, and the contribution to the other verification policies except the verification policy corresponding to the configuration packet sample is 0. For example, for configuration packet sample 1, the contribution degrees of tag 1, tag 2, and tag 3 to verification policy 1 are all 33.33%, the contribution degrees of tag 1, tag 2, and tag 3 to verification policy 2 are all 33.33%, the contribution degrees of tag 3 to verification policy 3 are all 33.33%, the contribution degrees of tag 1 to verification policy 4 are all 0, and the contribution degrees of tag 3 to verification policy 5 are all 0. For example, for the configuration packet sample 2, the contribution degrees of the tag 1, the tag 2, and the tag 4 to the verification policy 1 are all 0, the contribution degree to the verification policy 2 is all 50%, the contribution degree to the verification policy 3 is all 50%, the contribution degree to the verification policy 4 is all 0, and the contribution degree to the verification policy 5 is all 0.
According to the embodiment of the application, the contribution degree of each label in the label set to each verification strategy in the verification strategy set can be determined in a Bayesian statistical mode. For example, the average value of the contribution degrees of the label of the single configuration packet sample to each verification policy may be used as the original contribution degree of the label to each verification policy, and the original contribution degrees of the label to each verification policy may be normalized to obtain the final contribution degree, where the normalization is performed to make the sum of the contribution degrees of the label to all verification policies equal to 1. For example, the way to calculate the contribution of tag 1 to verification policies 1-5 is as follows:
first, the original contribution of the tag 1 to each verification policy is calculated:
the original contribution degree of label 1 to verification strategy 1 is (33% +0+25% + 0)/5 =11.6%;
the original contribution degree of label 1 to verification strategy 2 is (33% +50% +0+ 25%)/5 =21.6%;
the original contribution of label 1 to verification strategy 3 is (33% +50% +0+ 25%)/5= 26.6%;
the original contribution degree of label 1 to the verification strategy 4 is (0 + 25%)/5= 10%;
the original contribution of label 1 to validation strategy 5 is (0 + 25%)/5 =10%.
Then, normalizing the original contribution degrees of the label 1 to each verification strategy to obtain the contribution degrees of the label 1 to the verification strategies 1-5 in turn as follows: 14.54%, 27.07%, 33.33%, 12.53%.
The contribution degree of each tag to each verification policy obtained by the above calculation is shown in table 1.
TABLE 1
In step C, when the contribution degree of the ith tag to the jth authentication policy satisfies the contribution degree condition, the control device determines that the jth authentication policy is the authentication policy corresponding to the ith tag.
In a possible implementation manner, when the contribution degree of the ith tag to the jth authentication policy is greater than the contribution degree threshold, the control device determines that the jth authentication policy is the authentication policy corresponding to the ith tag. The contribution threshold may be some fixed value; or the contribution threshold corresponding to different tags may be different, for example, the contribution threshold corresponding to the ith tag is equal to the average value of the contribution of the ith tag to all verification policies.
In another possible implementation manner, the control device takes a plurality of verification policies with the highest contribution degree of the ith tag as the verification policy corresponding to the ith tag. For example, the control device takes the 2 verification policies with the highest contribution degree of the ith label as the verification policy corresponding to the ith label. Referring to table 1, the authentication policy corresponding to the tag 1 may include an authentication policy 2 and an authentication policy 3, and the authentication policy corresponding to the tag 2 may include an authentication policy 2 and an authentication policy 3.
Optionally, the correspondence between the tag and the verification policy may be generated by the control device, or may be generated by other devices and then sent to the control device, and a manner in which the other devices generate the correspondence between the tag and the verification policy may refer to the description of the relevant process for the control device to generate the correspondence between the tag and the verification policy, which is not described herein again in this embodiment of the present application.
In the embodiment of the application, a verification strategy decision model can be obtained through training of a model trainer based on a plurality of configuration message samples and corresponding verification strategies, the input of the verification strategy decision model is a label of the configuration message, and the output of the verification strategy decision model is the verification strategy corresponding to the configuration message. The implementation manner of the above step 102 is: the control equipment inputs all labels of the configuration message to be verified to the verification strategy decision model, and receives a target verification strategy output by the verification strategy decision model according to all labels of the configuration message to be verified.
Optionally, when the corresponding relationship between the tag and the verification policy does not include the verification policy corresponding to the target tag in the configuration message to be verified, the control device outputs the target tag, where the target tag is any one of all tags in the configuration message to be verified. Controlling the device to output a target tag, comprising: controlling the device to display the target label on the UI; or the control device transmits the target label to the display device for the display device to display the target label. By displaying the target label, an expert can conveniently check the unknown label in the configuration message to be verified, and determine the verification strategy corresponding to the target label.
Optionally, after obtaining the verification policy corresponding to the target tag, the control device may update the correspondence between the tag and the verification policy by using the target tag and the verification policy corresponding to the target tag. The control device may add the target tag and the corresponding verification policy to the correspondence of the tag and the verification policy. Or, the control device may retrain the verification policy decision model using the configuration packet to be verified as a new configuration packet sample to update the model.
In the embodiment of the present application, the correspondence between the tag and the verification policy may be updated periodically, for example, the configuration packet for which the corresponding verification policy has been determined in each period may be added to a configuration packet sample set including a plurality of configuration packet samples as a new configuration packet sample, and the correspondence between the tag and the verification policy is re-determined, thereby ensuring the reliability and accuracy of the correspondence.
And 103, the control equipment adopts a target verification strategy corresponding to each label in all labels of the configuration message to be verified, and verifies the configuration message to be verified before configuration.
The control device verifies the configuration message to be verified before configuration, that is, the control device verifies the network configuration based on the configuration message to be verified before sending the configuration message to be verified to the network device. And when the configuration message to be verified corresponds to the plurality of target verification strategies, the control equipment sequentially verifies the configuration message to be verified before configuration according to the plurality of target verification strategies.
Optionally, the process of verifying the configuration message to be verified by the control device before configuration includes: and the control equipment performs NetConf configuration analysis on the configuration message to be verified, and converts the configuration message to be verified in an xml format or a json format into a corresponding Java binding object. The control device converts the Java Bindings objects into data objects under a predefined generic configuration model. The control equipment adopts a control surface verification strategy to carry out validity verification (including configuration compliance verification, interface conflict verification, MAC conflict verification, special character verification, IP repeated verification, adjacent subnet redundancy verification and the like) and/or multi-configuration comparison verification (including planning configuration, equipment configuration consistency verification and the like) on the data object under the general configuration model. And the control equipment generates a data plane model based on the data object under the general configuration model according to the actual network configuration information and the network topology, and performs reachability verification, black hole verification, loop verification and the like on the generated data plane model by adopting a data plane verification strategy. The data plane model includes forwarding routing table entries and the like.
After the control equipment successfully verifies the configuration message to be verified before configuration, the control equipment sends the configuration message to be verified to the network equipment; the network equipment adjusts the network configuration parameters according to the network configuration information in the configuration message to be verified, and returns a configuration execution result to the control equipment, wherein the configuration execution result comprises success or failure; the control device outputs a configuration execution result of the network device.
Optionally, when the control device fails to verify the configuration message to be verified, the control device outputs a specific error configuration for an expert to determine whether a problem exists in analyzing an error root factor, for example, whether the problem exists in a knowledge graph (i.e., a corresponding relationship between a tag and a verification policy), so that the expert can conveniently perform further debugging.
The sequence of steps of the verification method for the configuration message provided by the embodiment of the application can be properly adjusted, and the steps can be correspondingly increased or decreased according to the situation. Any method that can be easily conceived by a person skilled in the art within the technical scope disclosed in the present application is covered by the protection scope of the present application, and thus the detailed description thereof is omitted.
In the verification method for the configuration message provided in the embodiment of the application, the control device may obtain the target verification policy corresponding to the tag of the configuration message to be verified based on the corresponding relationship between the tag and the verification policy, and then perform pre-configuration verification on the configuration message to be verified by using the target verification policy, without performing pre-configuration verification on the configuration message to be verified by using all verification policies, thereby shortening the time consumed in the verification process, improving the verification efficiency, and reducing the operation overhead of the control device.
Fig. 2 is a schematic structural diagram of an apparatus for verifying a configuration packet according to an embodiment of the present application. The device can be applied to control equipment. As shown in fig. 2, the apparatus 20 includes:
the first obtaining module 201 is configured to obtain all tags of the configuration packet to be verified.
The second obtaining module 202 is configured to obtain a target verification policy corresponding to each tag in all tags of the configuration packet to be verified based on a corresponding relationship between the tags and the verification policies, where the corresponding relationship between the tags and the verification policies is generated based on the multiple configuration packet samples and the corresponding verification policies.
The verification module 203 is configured to verify the configuration message to be verified before configuration by using the target verification policy corresponding to each tag.
Optionally, as shown in fig. 3, the apparatus 20 further comprises:
a third obtaining module 204, configured to obtain all tags of each configuration packet sample in the multiple configuration packet samples;
the determining module 205 is configured to determine one or more verification policies corresponding to each tag of each configuration packet sample according to all tags of each configuration packet sample in the plurality of configuration packet samples and all verification policies corresponding to each configuration packet sample.
Optionally, the determining module 205 is configured to:
generating a label set and a verification strategy set, wherein the label set comprises m labels, the label set is a union set of labels of a plurality of configuration message samples, the verification strategy set comprises n verification strategies, the verification strategy set is a union set of verification strategies corresponding to the plurality of configuration message samples, and m and n are positive integers; calculating the contribution degree of the ith label in the m labels to the jth verification strategy in the n verification strategies, wherein the sum of the contribution degrees of the ith label to the n verification strategies is equal to a fixed value, the contribution degree of the ith label to the jth verification strategy is positively correlated with the number of target configuration message samples, each target configuration message sample has the ith label and corresponds to the jth verification strategy, i is more than or equal to 1 and less than or equal to m, and j is more than or equal to 1 and less than or equal to n; and when the contribution degree of the ith tag to the jth verification strategy meets the contribution degree condition, determining the jth verification strategy as the verification strategy corresponding to the ith tag.
Optionally, as shown in fig. 4, the apparatus 20 further includes:
the output module 206 is configured to output the target tag when the corresponding relationship between the tag and the verification policy does not include the verification policy corresponding to the target tag in the configuration message to be verified, where the target tag is any one of all tags in the configuration message to be verified.
Optionally, as shown in fig. 5, the apparatus 20 further includes:
the updating module 207 is configured to update the correspondence between the tag and the verification policy by using the target tag and the verification policy corresponding to the target tag after obtaining the verification policy corresponding to the target tag.
Optionally, the tag of the configuration packet to be verified is an xml tag or a json tag.
In the verification apparatus for configuring a message provided in the embodiment of the application, the control device may obtain, by the second obtaining module, the target verification policy corresponding to the tag of the configuration message to be verified based on the correspondence between the tag and the verification policy, and perform pre-configuration verification on the configuration message to be verified by using the target verification policy through the verification module, without performing pre-configuration verification on the configuration message to be verified by using all verification policies, thereby shortening the time consumed in the verification process, improving the verification efficiency, and reducing the operation overhead of the control device.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 6 is a block diagram of an apparatus for verifying a configuration packet according to an embodiment of the present application. The verification device of the configuration message may be a control device, and the control device may be a network controller, a network management device, a gateway or other devices with control capability. As shown in fig. 6, the control device 60 includes: a processor 601 and a memory 602.
A memory 602 for storing a computer program comprising program instructions;
the processor 601 is configured to invoke the computer program to implement the method for verifying the configuration packet shown in fig. 1.
Optionally, the control device 60 further comprises a communication bus 603 and a communication interface 604.
The processor 601 includes one or more processing cores, and the processor 601 executes various functional applications and data processing by running a computer program.
The memory 602 may be used to store computer programs. Alternatively, the memory may store an operating system and application program elements required for at least one function. The operating system may be a Real Time eXceptive (RTX) operating system, such as LINUX, UNIX, WINDOWS, or OS X.
There may be multiple communication interfaces 604, the communication interfaces 604 being used to communicate with other storage devices or network devices. For example, in an embodiment of the present application, the communication interface 604 may be configured to send a configuration message to a network device in a communication network. Alternatively, the communication network may be a Software Defined Network (SDN) or a virtual extensible local area network (VXLAN), etc. The network device may be a switch or router, etc.
The memory 602 and the communication interface 604 are connected to the processor 601 via a communication bus 603, respectively.
An embodiment of the present application further provides a computer storage medium, where instructions are stored on the computer storage medium, and when the instructions are executed by a processor, the method for verifying a configuration packet as shown in fig. 1 is implemented.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
In the embodiments of the present application, the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The term "and/or" in this application is only one kind of association relationship describing the associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
The above description is only exemplary of the present application and is not intended to limit the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principles of the present application are intended to be included within the scope of the present application.
Claims (14)
1. A method for verifying a configuration message is characterized in that the method comprises the following steps:
acquiring all labels of a configuration message to be verified;
acquiring a target verification strategy corresponding to each label in all labels of the configuration message to be verified based on the corresponding relation between the labels and the verification strategies, wherein the corresponding relation between the labels and the verification strategies is generated based on a plurality of configuration message samples and the corresponding verification strategies;
and verifying the configuration message to be verified before configuration by adopting the target verification strategy corresponding to each label.
2. The method of claim 1, further comprising:
acquiring all labels of each configuration message sample in the plurality of configuration message samples;
and determining one or more verification strategies corresponding to each label of each configuration message sample according to all labels of each configuration message sample in the plurality of configuration message samples and all verification strategies corresponding to each configuration message sample.
3. The method according to claim 2, wherein the determining one or more verification policies corresponding to each tag of each configuration packet sample according to all tags of each configuration packet sample of the plurality of configuration packet samples and all verification policies corresponding to each configuration packet sample comprises:
generating a label set and a verification strategy set, wherein the label set comprises m labels, the label set is a union set of labels of the multiple configuration message samples, the verification strategy set comprises n verification strategies, the verification strategy set is a union set of verification strategies corresponding to the multiple configuration message samples, and m and n are positive integers;
calculating the contribution degree of the ith label in the m labels to the jth verification strategy in the n verification strategies, wherein the sum of the contribution degrees of the ith label to the n verification strategies is equal to a fixed value, the contribution degree of the ith label to the jth verification strategy is positively correlated with the number of target configuration message samples, the target configuration message samples have the ith label and correspond to the jth verification strategy, i is more than or equal to 1 and less than or equal to m, and j is more than or equal to 1 and less than or equal to n;
when the contribution degree of the ith tag to the jth verification policy meets the contribution degree condition, determining that the jth verification policy is the verification policy corresponding to the ith tag.
4. The method according to claim 1, wherein after obtaining all tags of the configuration packet to be verified, the method further comprises:
and when the corresponding relation between the label and the verification strategy does not comprise the verification strategy corresponding to the target label in the configuration message to be verified, outputting the target label, wherein the target label is any one of all labels in the configuration message to be verified.
5. The method of claim 4, wherein after said outputting the target tag, the method further comprises:
and after the verification strategy corresponding to the target label is obtained, updating the corresponding relation between the label and the verification strategy by adopting the target label and the verification strategy corresponding to the target label.
6. The method of any one of claims 1 to 5, wherein the tag is an xml tag or a json tag.
7. An apparatus for validating a configuration message, the apparatus comprising:
the first acquisition module is used for acquiring all labels of the configuration message to be verified;
a second obtaining module, configured to obtain a target verification policy corresponding to each tag in all tags of the configuration packet to be verified based on a correspondence between the tags and the verification policies, where the correspondence between the tags and the verification policies is generated based on the multiple configuration packet samples and the corresponding verification policies;
and the verification module is used for verifying the configuration message to be verified before configuration by adopting the target verification strategy corresponding to each label.
8. The apparatus of claim 7, further comprising:
a third obtaining module, configured to obtain all tags of each configuration packet sample in the plurality of configuration packet samples;
and the determining module is used for determining one or more verification strategies corresponding to each label of each configuration message sample according to all labels of each configuration message sample in the plurality of configuration message samples and all verification strategies corresponding to each configuration message sample.
9. The apparatus of claim 8, wherein the determining module is configured to:
generating a label set and a verification strategy set, wherein the label set comprises m labels, the label set is a union of labels of the plurality of configuration message samples, the verification strategy set comprises n verification strategies, the verification strategy set is a union of verification strategies corresponding to the plurality of configuration message samples, and m and n are positive integers;
calculating the contribution degree of the ith label in the m labels to the jth verification strategy in the n verification strategies, wherein the sum of the contribution degrees of the ith label to the n verification strategies is equal to a fixed value, the contribution degree of the ith label to the jth verification strategy is positively correlated with the number of target configuration message samples, the target configuration message samples have the ith label and correspond to the jth verification strategy, i is more than or equal to 1 and less than or equal to m, and j is more than or equal to 1 and less than or equal to n;
when the contribution degree of the ith tag to the jth verification policy meets the contribution degree condition, determining that the jth verification policy is the verification policy corresponding to the ith tag.
10. The apparatus of claim 7, further comprising:
and the output module is used for outputting the target label when the corresponding relation between the label and the verification strategy does not include the verification strategy corresponding to the target label in the configuration message to be verified, wherein the target label is any one of all labels of the configuration message to be verified.
11. The apparatus of claim 10, further comprising:
and the updating module is used for updating the corresponding relation between the label and the verification strategy by adopting the target label and the verification strategy corresponding to the target label after the verification strategy corresponding to the target label is obtained.
12. The device of any one of claims 7 to 11, wherein the tag is an xml tag or a json tag.
13. An apparatus for validating a configuration message, comprising: a processor and a memory;
the memory for storing a computer program, the computer program comprising program instructions;
the processor is used for calling the computer program to realize the verification method of the configuration message according to any one of claims 1 to 6.
14. A computer storage medium having stored thereon instructions which, when executed by a processor, carry out a method of validating a configuration message according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910802221.3A CN112448915B (en) | 2019-08-28 | 2019-08-28 | Verification method and device for configuration message and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910802221.3A CN112448915B (en) | 2019-08-28 | 2019-08-28 | Verification method and device for configuration message and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112448915A CN112448915A (en) | 2021-03-05 |
| CN112448915B true CN112448915B (en) | 2023-03-24 |
Family
ID=74742386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910802221.3A Active CN112448915B (en) | 2019-08-28 | 2019-08-28 | Verification method and device for configuration message and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112448915B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884821B (en) | 2022-06-17 | 2023-07-18 | 北京邮电大学 | Multi-strategy conflict avoiding method in self-intelligent network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106612267A (en) * | 2015-10-27 | 2017-05-03 | 中国移动通信集团公司 | Verification method and verification device |
| WO2018100437A1 (en) * | 2016-11-30 | 2018-06-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Policy based configuration in programmable access networks |
| CN109670291A (en) * | 2017-10-17 | 2019-04-23 | 腾讯科技(深圳)有限公司 | A kind of implementation method of identifying code, device and storage medium |
| CN109802864A (en) * | 2017-11-16 | 2019-05-24 | 中兴通讯股份有限公司 | Chip design and verification method, device and chip tester |
-
2019
- 2019-08-28 CN CN201910802221.3A patent/CN112448915B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106612267A (en) * | 2015-10-27 | 2017-05-03 | 中国移动通信集团公司 | Verification method and verification device |
| WO2018100437A1 (en) * | 2016-11-30 | 2018-06-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Policy based configuration in programmable access networks |
| CN109670291A (en) * | 2017-10-17 | 2019-04-23 | 腾讯科技(深圳)有限公司 | A kind of implementation method of identifying code, device and storage medium |
| CN109802864A (en) * | 2017-11-16 | 2019-05-24 | 中兴通讯股份有限公司 | Chip design and verification method, device and chip tester |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112448915A (en) | 2021-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11362884B2 (en) | Fault root cause determining method and apparatus, and computer storage medium | |
| US11909744B2 (en) | Network verification method and apparatus | |
| EP2849064A1 (en) | Method and apparatus for network virtualization | |
| US20230142573A1 (en) | Method, apparatus, and system for constructing knowledge graph, and computer storage medium | |
| CN108306804A (en) | A kind of Ethercat main station controllers and its communication means and system | |
| CN107749807B (en) | Network function verification method and verification system for NFV | |
| CN107124365B (en) | Routing strategy acquisition system based on machine learning | |
| CN113810206B (en) | Network automation arrangement management method, entity, controller and electronic equipment | |
| CN109218080A (en) | A kind of method, monitoring system and the terminal device of automatic drafting network topology architecture | |
| CN112448915B (en) | Verification method and device for configuration message and computer storage medium | |
| CN113852476A (en) | Method, device and system for determining abnormal event associated object | |
| US20220116387A1 (en) | Remote attestation mode negotiation method and apparatus | |
| CN113938378A (en) | Method, device and medium for verifying network device configuration in cloud network environment | |
| US11456942B2 (en) | Systems and methods for providing traffic generation on network devices | |
| CN110808847A (en) | Method and device for managing DAS (data-based system), electronic device and storage medium | |
| CN108228197A (en) | A kind of method and apparatus for installing software in the cluster | |
| CN108900603A (en) | A kind of server discovery methods, devices and systems | |
| US20230087249A1 (en) | Method and Apparatus for Evaluating Impact of Network Operation, and Device | |
| KR20180058458A (en) | Virtualized network function management method and virtualized network function manager using TOSCA based information model, and network function virtualization system using the same | |
| CN110971716B (en) | Address configuration method, device, system and computer readable storage medium | |
| EP4315176A1 (en) | Automated training of failure diagnosis models for application in self-organizing networks | |
| US20220312211A1 (en) | System and device for verifying function of radio base station | |
| CN105607878B (en) | A kind of log Method of printing and its equipment | |
| CN103634938B (en) | AP accesses the method and apparatus of AC in Wireless LAN WLAN | |
| CN113852479B (en) | Secure network construction method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |