CN112787883A - Method, device and equipment for detecting NAT (network Address translation) fault of equipment - Google Patents
Method, device and equipment for detecting NAT (network Address translation) fault of equipment Download PDFInfo
- Publication number
- CN112787883A CN112787883A CN202011569171.8A CN202011569171A CN112787883A CN 112787883 A CN112787883 A CN 112787883A CN 202011569171 A CN202011569171 A CN 202011569171A CN 112787883 A CN112787883 A CN 112787883A
- Authority
- CN
- China
- Prior art keywords
- nat
- data packets
- equipment
- ratio
- detected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
Abstract
The application discloses a method, a device and equipment for detecting NAT faults, which can quickly and accurately detect the faults configured by NAT strategies of network equipment by utilizing the ratio of the number of data packets processed by NAT to the total number of data packets in equipment to be detected and the number of data packets processed by NAT in unit time, and improve the detection efficiency and the accuracy and effectiveness of detection results. The method comprises the following steps: firstly, data packets processed by NAT in equipment to be detected are obtained, then, the ratio of the number of the data packets processed by NAT to the total number of the data packets is calculated, the number of the data packets processed by NAT in the equipment to be detected is calculated, then, whether the ratio of the number of the data packets processed by NAT to the total number of the data packets exceeds a preset ratio threshold value or not is judged, whether the number of the data packets processed by NAT in the equipment to be detected per unit time exceeds a preset number threshold value or not is judged, and if yes, the NAT fault is generated in the equipment to be detected.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for detecting a NAT fault.
Background
At present, in Network operation and maintenance, Network exception caused by configuration change errors of Network equipment is difficult to avoid, and Network Address Translation (NAT) configuration is a common configuration operation. In order to quickly determine whether the network device NAT configuration strategy change error is caused and which network device NAT configuration strategy change error is caused when a network fault occurs, the positioning speed directly influences the fault influence duration.
At present, two methods for performing fault detection on network equipment NAT policy configuration are generally used, one is to use a packet capturing tool to capture data packets from the front and back of a plurality of related network equipment for analysis, and determine whether the processing of the network equipment is normal. The other method is to analyze whether the change causes the influence of the service by checking a configuration change script, the difference between the current network configuration and the configuration before the last change and the like. However, the two detection modes not only have large manual operation amount and slow positioning speed, but also have high requirements on the skill threshold of the detection personnel, and require professional personnel to go to the site for treatment.
Disclosure of Invention
The embodiments of the present application mainly aim to provide a method, an apparatus, and a device for detecting a NAT fault of a device, which can detect a fault of a NAT policy configuration of a network device more quickly and accurately.
In a first aspect, an embodiment of the present application provides a method for detecting a NAT failure in a device, including:
acquiring a data packet processed by NAT in equipment to be detected;
calculating the ratio of the number of the data packets subjected to NAT processing to the total number of the data packets, and calculating the number of the data packets subjected to NAT processing per unit time in the equipment to be detected;
judging whether the ratio of the number of the data packets subjected to NAT processing to the number of the total data packets exceeds a preset ratio threshold value or not, and judging whether the number of the data packets subjected to NAT processing per unit time in the equipment to be detected exceeds a preset number threshold value or not;
and if so, determining that the NAT fault is generated in the equipment to be detected.
Optionally, after it is determined that the NAT failure occurs in the device to be detected, the method further includes:
performing alarm processing on the NAT fault to obtain an alarm result;
and correcting the NAT fault according to the alarm result to finish the automatic rollback of the corresponding configuration of the NAT fault.
Optionally, the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model;
the construction method of the threshold prediction model is as follows:
acquiring a training data packet processed by NAT in equipment;
and training an initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the training data packets and the label number of the training data packets subjected to NAT processing in the equipment per unit time to generate the threshold prediction model.
Optionally, the method further includes:
obtaining a verification data packet processed by NAT in equipment;
inputting the content characteristics of the verification data packets into the threshold prediction model to obtain the prediction ratio of the number of the verification data packets in the equipment to the total number of the verification data packets and the predicted number of the verification data packets subjected to NAT processing per unit time in the equipment;
and when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number, the verification data packet is used as the training data packet again, and the threshold prediction model is updated.
In a second aspect, an embodiment of the present application further provides an apparatus for detecting a NAT failure, including:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a data packet which is processed by NAT (network address translation) in equipment to be detected;
the calculating unit is used for calculating the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets, and calculating the number of the data packets subjected to the NAT processing in unit time in the equipment to be detected;
the judging unit is used for judging whether the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets exceeds a preset ratio threshold value or not, and judging whether the number of the data packets subjected to the NAT processing per unit time in the equipment to be detected exceeds a preset number threshold value or not;
and the determining unit is used for determining that the NAT fault is generated in the equipment to be detected if the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets is judged to exceed a preset ratio threshold value and the number of the data packets subjected to the NAT processing per unit time in the equipment to be detected is judged to exceed a preset number threshold value.
Optionally, the apparatus further comprises:
the warning unit is used for carrying out warning processing on the NAT fault to obtain a warning result;
and the correction unit is used for correcting the NAT fault according to the alarm result and finishing the automatic rollback of the corresponding configuration of the NAT fault.
Optionally, the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model; the device further comprises:
the second acquisition unit is used for acquiring a training data packet processed by Network Address Translation (NAT) in the equipment;
and the training unit is used for training an initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the data packets, and the number of the labels of the training data packets subjected to NAT processing in the equipment per unit time to generate the threshold prediction model.
Optionally, the apparatus further comprises:
a third obtaining unit, configured to obtain a verification packet processed by network address translation NAT in the device;
an obtaining unit, configured to input content characteristics of the verification packets into the threshold prediction model, and obtain a prediction ratio of the number of verification packets in the device to the total number of verification packets, and a predicted number of verification packets subjected to NAT processing per unit time in the device;
and the updating unit is used for updating the threshold prediction model by taking the verification data packet as the training data packet again when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number.
The embodiment of the present application further provides a device NAT failure detection device, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any one implementation of the above-described device NAT failure detection method.
An embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a terminal device, the terminal device is enabled to execute any implementation manner of the above-mentioned NAT failure detection method.
The embodiment of the application provides a method, a device and equipment for detecting NAT faults of equipment, firstly, data packets processed by NAT in the equipment to be detected are obtained, then, the ratio of the number of the data packets processed by NAT to the number of total data packets is calculated, the number of the data packets processed by NAT in unit time in the equipment to be detected is calculated, then, whether the ratio of the number of the data packets processed by NAT to the number of the total data packets exceeds a preset ratio threshold value or not is judged, whether the number of the data packets processed by NAT in unit time in the equipment to be detected exceeds a preset number threshold value or not is judged, and if yes, faults are generated in the equipment to be detected. Therefore, the fault of the NAT strategy configuration of the network equipment can be quickly and accurately detected by utilizing the ratio of the number of the data packets processed by the NAT to the total number of the data packets in the equipment to be detected and the number of the data packets processed by the NAT in unit time, and the detection efficiency and the accuracy and the effectiveness of the detection result are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for detecting a NAT failure in a device according to an embodiment of the present application;
fig. 2 is a schematic composition diagram of an apparatus for detecting NAT failure according to an embodiment of the present application.
Detailed Description
At present, in network operation and maintenance, network abnormality caused by configuration change errors of network equipment is difficult to avoid, and NAT configuration is a common configuration operation. In order to quickly determine whether the NAT configuration policy change error of the network device causes and which NAT configuration policy change error of the network device causes when a network failure occurs, it is very important.
At present, two methods for performing fault detection on network equipment NAT policy configuration are generally used, one is to use a packet capturing tool to capture data packets from the front and back of a plurality of related network equipment for analysis, and determine whether the processing of the network equipment is normal. The other method is to analyze whether the change causes the influence of the service by checking a configuration change script, the difference between the current network configuration and the configuration before the last change and the like. However, the two detection modes not only have large manual operation amount and slow positioning speed, but also have high requirements on the skill threshold of the detection personnel, and require professional personnel to go to the site for treatment. Therefore, how to quickly and accurately detect the fault of the NAT policy configuration of the network device is an urgent problem to be solved.
In order to solve the above-mentioned defects, an embodiment of the present application provides a method for detecting an NAT failure of a device, including obtaining data packets that are subjected to NAT processing in the device to be detected, then calculating a ratio between the number of the data packets that are subjected to NAT processing and the number of total data packets, calculating the number of the data packets that are subjected to NAT processing per unit time in the device to be detected, then determining whether the ratio between the number of the data packets that are subjected to NAT processing and the number of total data packets exceeds a preset ratio threshold, and determining whether the number of the data packets that are subjected to NAT processing per unit time in the device to be detected exceeds a preset number threshold, if so, determining that an NAT failure occurs in the device to be detected. Therefore, the fault of the NAT strategy configuration of the network equipment can be quickly and accurately detected by utilizing the ratio of the number of the data packets processed by the NAT to the total number of the data packets in the equipment to be detected and the number of the data packets processed by the NAT in unit time, and the detection efficiency and the accuracy and the effectiveness of the detection result are improved.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
First embodiment
Referring to fig. 1, a schematic flow chart of a method for detecting a NAT failure in a device according to this embodiment is shown, where the method includes the following steps:
s101: and acquiring a data packet processed by NAT in the equipment to be detected.
It should be noted that, at present, in network operation and maintenance, network anomaly caused by a network device configuration change error is difficult to avoid, and NAT configuration is a common configuration operation in a network device, so to shorten the time duration of fault impact as much as possible, it is necessary to quickly and accurately determine whether the fault is caused by a network device NAT configuration policy change error and which network device NAT configuration policy change error causes the fault.
In this embodiment, in order to detect the fault of the network device NAT policy configuration more quickly and accurately, it is first necessary to obtain a data packet that is processed by the network address translation NAT in the device to be detected, so as to implement accurate detection of the fault of the network device NAT policy configuration through subsequent steps S102 to S104.
Some data packets flowing through the network device usually Need Address Translation (NAT) processing, that is, the source or destination address of the data will be translated, but an error may occur in NAT configuration change, which affects normal data transmission of the device.
Specifically, the device to be detected may be periodically logged in, and an inquiry command of the NAT statistics may be sent to the device to be detected, so that the device to be detected responds to the inquiry command, and returns a response result including a data packet processed by the NAT.
S102: and calculating the ratio of the number of the data packets processed by the NAT to the total number of the data packets, and calculating the number of the data packets processed by the NAT in the equipment to be detected per unit time.
In this embodiment, after the response result including the data packets processed by the NAT is periodically obtained from the device to be detected (and the number of times that each policy generates the NAT) in step S101, the response result may be further analyzed, for example, the returned response result in the form of a character string may be analyzed, and converted into a processable data format, so as to obtain the cumulative NAT amount of each policy, and sum and store the cumulative NAT amount, and then calculate the difference from the total cumulative NAT value obtained in the previous period, and divide by the collection interval time (i.e., the period), so as to obtain the NAT amount per unit time (i.e., the number of data packets processed by the NAT per unit time in the device to be detected). For example, assuming that the period is 5 minutes and the difference between the total NAT integrated values in adjacent periods is 200, the NAT amount per unit time is 40, that is, 200/5 is 40.
Meanwhile, the total receiving packet number in unit time can be collected. The NAT amount per unit time is divided by the total number of received packets to obtain the NAT occupation ratio (i.e., the ratio of the number of data packets processed by the NAT to the total number of data packets) for performing the subsequent step S103. For example, based on the above example, assuming that the total number of received packets is 1000, the NAT occupation ratio is 0.004, that is, 40/10000 is 0.004.
S103: judging whether the ratio of the number of the data packets processed by the NAT to the total number of the data packets exceeds a preset ratio threshold value or not, and judging whether the number of the data packets processed by the NAT per unit time in the equipment to be detected exceeds a preset number threshold value or not.
It should be noted that, because both the NAT amount per unit time and the NAT occupation ratio in the device to be detected exhibit a certain regularity, in this embodiment, after the ratio between the number of data packets subjected to NAT processing and the number of total data packets is calculated through step S102, and the number of data packets subjected to NAT processing per unit time in the device to be detected is calculated, it can be further determined whether the ratio between the number of data packets subjected to NAT processing and the number of total data packets exceeds a preset ratio threshold, and whether the number of data packets subjected to NAT processing per unit time in the device to be detected exceeds a preset number threshold, if so, the subsequent step S104 may be continuously performed, and if not, it is determined that no NAT fault is generated in the device to be detected.
In an alternative implementation manner, the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model, and a specific construction process of the threshold prediction model includes the following steps a1-a 2:
step A1: and acquiring a training data packet processed by NAT in the equipment.
Step A2: and training the initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the training data packets and the label number of the training data packets subjected to NAT processing in the equipment per unit time to generate a threshold prediction model.
Specifically, in this implementation, in order to construct the threshold prediction model, a large amount of preparation work needs to be performed in advance, and first, training packets subjected to NAT processing in a large number of devices need to be collected and acquired as sample data, then, the marking ratio of the training data packet quantity and the total data packet quantity corresponding to the sample data and the marking quantity of the training data packets processed by NAT in the equipment per unit time are marked manually in advance, then, the content features of the training data packet need to be extracted (for example, in the feature extraction process, the HOG feature extraction and SIFT feature extraction methods can be used for extraction), and further, the initial threshold prediction model can be trained according to the content features and the period value of the training data packet, and the label ratio and the label number corresponding to the training data packet, so as to generate the threshold prediction model.
Through the above embodiment, the training data packet may be used to train and generate the threshold prediction model, and further, the verification data packet may be used to verify the generated threshold prediction model, and the specific implementation process includes the following steps B1-B3:
step B1: and acquiring a verification data packet processed by NAT in the equipment.
Step B2: and inputting the content characteristics of the verification data packets into a threshold prediction model, and obtaining the prediction ratio of the number of the verification data packets in the equipment to the total number of the verification data packets and the predicted number of the verification data packets subjected to NAT processing in the equipment per unit time.
Step B3: and when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number, the verification data packet is used as the training data packet again, and the threshold prediction model is updated.
Specifically, in this implementation, in order to implement the verification of the threshold prediction model, first, it is necessary to obtain the verification packets subjected to the NAT processing in the device, and extract the content features of the verification packets, and further, the content features of the verification packets may be input into the threshold prediction model, so as to obtain the prediction ratio of the number of the verification packets in the device to the total number of the verification packets, and the predicted number of the verification packets subjected to the NAT processing per unit time in the device. When the prediction ratio is inconsistent with the result of the marked ratio marked by the artificial mark and the result of the prediction quantity is inconsistent with the result of the marked quantity marked by the artificial mark, the verification data packet can be used as the training data packet again to update the threshold prediction model.
S104: and if so, determining that the NAT fault is generated in the equipment to be detected.
In this embodiment, if it is determined through step S103 that the ratio of the number of data packets subjected to NAT processing to the total number of data packets has exceeded the preset ratio threshold, and it is determined that the number of data packets subjected to NAT processing per unit time in the device to be detected has exceeded the preset number threshold, it is indicated that the NAT amount per unit time and the NAT ratio fluctuate abnormally, the operating state of the device to be detected is abnormal, and a configuration error may occur in the address translation policy, that is, it may be determined that an NAT fault occurs in the device to be detected.
Further, if it is determined that an NAT failure occurs in the device to be tested, the NAT failure may be subjected to alarm processing to obtain an alarm result, and the NAT failure may be corrected according to the alarm result to complete automatic rollback of the NAT failure corresponding configuration. Specifically, after the detected abnormal result is sent to the alarm system. Meanwhile, the automatic configuration rollback can be realized in a one-key emergency or automatic triggering mode, and the quick recovery of the fault is further completed. Therefore, the alarm efficiency, the abnormal finding rate and the fault recovery speed are improved.
In summary, in the method for detecting an NAT failure of a device provided in this embodiment, first, data packets processed by NAT in the device to be detected are obtained, then, a ratio between the number of the data packets processed by NAT and the number of total data packets is calculated, the number of the data packets processed by NAT per unit time in the device to be detected is calculated, then, whether the ratio between the number of the data packets processed by NAT and the number of total data packets exceeds a preset ratio threshold is determined, and whether the number of the data packets processed by NAT per unit time in the device to be detected exceeds a preset number threshold is determined, if so, it is determined that an NAT failure occurs in the device to be detected. Therefore, the fault of the NAT strategy configuration of the network equipment can be quickly and accurately detected by utilizing the ratio of the number of the data packets processed by the NAT to the total number of the data packets in the equipment to be detected and the number of the data packets processed by the NAT in unit time, and the detection efficiency and the accuracy and the effectiveness of the detection result are improved.
Second embodiment
In this embodiment, a device for detecting NAT failure will be described, and please refer to the above method embodiment for related content.
Referring to fig. 2, a schematic composition diagram of an apparatus for detecting a NAT failure in a device according to this embodiment is provided, where the apparatus includes:
a first obtaining unit 201, configured to obtain a data packet that is processed by NAT in a device to be detected;
a calculating unit 202, configured to calculate a ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets, and calculate the number of the data packets subjected to the NAT processing per unit time in the device to be detected;
a determining unit 203, configured to determine whether a ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets exceeds a preset ratio threshold, and determine whether the number of the data packets subjected to the NAT processing per unit time in the device to be detected exceeds a preset number threshold;
a determining unit 204, configured to determine that an NAT failure occurs in the device to be detected if it is determined that the ratio between the number of the data packets subjected to NAT processing and the total number of the data packets exceeds a preset ratio threshold, and it is determined that the number of the data packets subjected to NAT processing per unit time in the device to be detected exceeds a preset number threshold.
In an implementation manner of this embodiment, the apparatus further includes:
the warning unit is used for carrying out warning processing on the NAT fault to obtain a warning result;
and the correction unit is used for correcting the NAT fault according to the alarm result and finishing the automatic rollback of the corresponding configuration of the NAT fault.
In an implementation manner of this embodiment, the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model; the device further comprises:
the second acquisition unit is used for acquiring a training data packet processed by Network Address Translation (NAT) in the equipment;
and the training unit is used for training an initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the data packets, and the number of the labels of the training data packets subjected to NAT processing in the equipment per unit time to generate the threshold prediction model.
In an implementation manner of this embodiment, the apparatus further includes:
a third obtaining unit, configured to obtain a verification packet processed by network address translation NAT in the device;
an obtaining unit, configured to input content characteristics of the verification packets into the threshold prediction model, and obtain a prediction ratio of the number of verification packets in the device to the total number of verification packets, and a predicted number of verification packets subjected to NAT processing per unit time in the device;
and the updating unit is used for updating the threshold prediction model by taking the verification data packet as the training data packet again when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number.
In summary, in the apparatus NAT failure detection device provided in this embodiment, first, data packets processed by NAT in the to-be-detected apparatus are obtained, then, a ratio between the number of the data packets processed by NAT and the number of total data packets is calculated, and the number of the data packets processed by NAT per unit time in the to-be-detected apparatus is calculated, next, whether the ratio between the number of the data packets processed by NAT and the number of total data packets exceeds a preset ratio threshold is determined, and whether the number of the data packets processed by NAT per unit time in the to-be-detected apparatus exceeds a preset number threshold is determined, if yes, it is determined that an NAT failure occurs in the to-be-detected apparatus. Therefore, the fault of the NAT strategy configuration of the network equipment can be quickly and accurately detected by utilizing the ratio of the number of the data packets processed by the NAT to the total number of the data packets in the equipment to be detected and the number of the data packets processed by the NAT in unit time, and the detection efficiency and the accuracy and the effectiveness of the detection result are improved.
Further, an embodiment of the present application further provides a device NAT failure detection device, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any of the above-described method of implementing NAT failure detection.
Further, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are run on a terminal device, the terminal device is caused to execute any implementation method of the above-mentioned device NAT failure detection method.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for detecting NAT faults is characterized by comprising the following steps:
acquiring a data packet processed by NAT in equipment to be detected;
calculating the ratio of the number of the data packets subjected to NAT processing to the total number of the data packets, and calculating the number of the data packets subjected to NAT processing per unit time in the equipment to be detected;
judging whether the ratio of the number of the data packets subjected to NAT processing to the number of the total data packets exceeds a preset ratio threshold value or not, and judging whether the number of the data packets subjected to NAT processing per unit time in the equipment to be detected exceeds a preset number threshold value or not;
and if so, determining that the NAT fault is generated in the equipment to be detected.
2. The method of claim 1, wherein after determining that the NAT failure has occurred in the device to be tested, the method further comprises:
performing alarm processing on the NAT fault to obtain an alarm result;
and correcting the NAT fault according to the alarm result to finish the automatic rollback of the corresponding configuration of the NAT fault.
3. The method according to any one of claims 1 to 2, wherein the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model;
the construction method of the threshold prediction model is as follows:
acquiring a training data packet processed by NAT in equipment;
and training an initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the training data packets and the label number of the training data packets subjected to NAT processing in the equipment per unit time to generate the threshold prediction model.
4. The method of claim 3, further comprising:
obtaining a verification data packet processed by NAT in equipment;
inputting the content characteristics of the verification data packets into the threshold prediction model to obtain the prediction ratio of the number of the verification data packets in the equipment to the total number of the verification data packets and the predicted number of the verification data packets subjected to NAT processing per unit time in the equipment;
and when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number, the verification data packet is used as the training data packet again, and the threshold prediction model is updated.
5. A device NAT fault detection device is characterized by comprising:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a data packet which is processed by NAT (network address translation) in equipment to be detected;
the calculating unit is used for calculating the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets, and calculating the number of the data packets subjected to the NAT processing in unit time in the equipment to be detected;
the judging unit is used for judging whether the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets exceeds a preset ratio threshold value or not, and judging whether the number of the data packets subjected to the NAT processing per unit time in the equipment to be detected exceeds a preset number threshold value or not;
and the determining unit is used for determining that the NAT fault is generated in the equipment to be detected if the ratio of the number of the data packets subjected to the NAT processing to the total number of the data packets is judged to exceed a preset ratio threshold value and the number of the data packets subjected to the NAT processing per unit time in the equipment to be detected is judged to exceed a preset number threshold value.
6. The apparatus of claim 5, further comprising:
the warning unit is used for carrying out warning processing on the NAT fault to obtain a warning result;
and the correction unit is used for correcting the NAT fault according to the alarm result and finishing the automatic rollback of the corresponding configuration of the NAT fault.
7. The apparatus of claim 5, wherein the preset ratio threshold and the preset number threshold are determined by a pre-constructed threshold prediction model; the device further comprises:
the second acquisition unit is used for acquiring a training data packet processed by Network Address Translation (NAT) in the equipment;
and the training unit is used for training an initial threshold prediction model according to the content characteristics of the training data packets, the label ratio of the number of the training data packets to the total number of the data packets, and the number of the labels of the training data packets subjected to NAT processing in the equipment per unit time to generate the threshold prediction model.
8. The apparatus of claim 7, further comprising:
a third obtaining unit, configured to obtain a verification packet processed by network address translation NAT in the device;
an obtaining unit, configured to input content characteristics of the verification packets into the threshold prediction model, and obtain a prediction ratio of the number of verification packets in the device to the total number of verification packets, and a predicted number of verification packets subjected to NAT processing per unit time in the device;
and the updating unit is used for updating the threshold prediction model by taking the verification data packet as the training data packet again when the prediction ratio is inconsistent with the mark ratio and the prediction number is inconsistent with the mark number.
9. A device NAT fault detection device, characterized by comprising: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is to store one or more programs, the one or more programs comprising instructions, which when executed by the processor, cause the processor to perform the method of any of claims 1-4.
10. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011569171.8A CN112787883B (en) | 2020-12-26 | 2020-12-26 | Method, device and equipment for detecting NAT (network Address translation) fault of equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011569171.8A CN112787883B (en) | 2020-12-26 | 2020-12-26 | Method, device and equipment for detecting NAT (network Address translation) fault of equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112787883A true CN112787883A (en) | 2021-05-11 |
| CN112787883B CN112787883B (en) | 2022-07-12 |
Family
ID=75752662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011569171.8A Active CN112787883B (en) | 2020-12-26 | 2020-12-26 | Method, device and equipment for detecting NAT (network Address translation) fault of equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112787883B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598615A (en) * | 2022-03-07 | 2022-06-07 | 中国农业银行股份有限公司 | Method, device, equipment and medium for monitoring firewall abnormity |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2595344A2 (en) * | 2011-11-17 | 2013-05-22 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for detecting connectivity in a multi-protocol label switching ring network |
| CN105634796A (en) * | 2015-12-22 | 2016-06-01 | 山西合力创新科技有限公司 | Network device failure prediction and diagnosis method |
| CN107483287A (en) * | 2017-08-17 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of Auto Observation System mouth data pack receiving and transmitting failure system and method |
| CN107995056A (en) * | 2016-10-27 | 2018-05-04 | 中国移动通信集团公司 | The method and device of fire wall recessiveness NAT breakdown judges |
| CN110868731A (en) * | 2018-08-27 | 2020-03-06 | 中国移动通信集团浙江有限公司 | VoLTE network fault detection method and system |
| CN111126603A (en) * | 2019-12-25 | 2020-05-08 | 江苏远望仪器集团有限公司 | Equipment fault prediction method, device and equipment based on neural network model |
| CN111565200A (en) * | 2020-07-14 | 2020-08-21 | 成都数维通信技术有限公司 | NAT (network Address translation) association detection method based on multi-path message detection analysis |
| WO2020230265A1 (en) * | 2019-05-14 | 2020-11-19 | 日本電信電話株式会社 | Packet capture device and method |
-
2020
- 2020-12-26 CN CN202011569171.8A patent/CN112787883B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2595344A2 (en) * | 2011-11-17 | 2013-05-22 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for detecting connectivity in a multi-protocol label switching ring network |
| CN105634796A (en) * | 2015-12-22 | 2016-06-01 | 山西合力创新科技有限公司 | Network device failure prediction and diagnosis method |
| CN107995056A (en) * | 2016-10-27 | 2018-05-04 | 中国移动通信集团公司 | The method and device of fire wall recessiveness NAT breakdown judges |
| CN107483287A (en) * | 2017-08-17 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of Auto Observation System mouth data pack receiving and transmitting failure system and method |
| CN110868731A (en) * | 2018-08-27 | 2020-03-06 | 中国移动通信集团浙江有限公司 | VoLTE network fault detection method and system |
| WO2020230265A1 (en) * | 2019-05-14 | 2020-11-19 | 日本電信電話株式会社 | Packet capture device and method |
| CN111126603A (en) * | 2019-12-25 | 2020-05-08 | 江苏远望仪器集团有限公司 | Equipment fault prediction method, device and equipment based on neural network model |
| CN111565200A (en) * | 2020-07-14 | 2020-08-21 | 成都数维通信技术有限公司 | NAT (network Address translation) association detection method based on multi-path message detection analysis |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598615A (en) * | 2022-03-07 | 2022-06-07 | 中国农业银行股份有限公司 | Method, device, equipment and medium for monitoring firewall abnormity |
| CN114598615B (en) * | 2022-03-07 | 2023-10-13 | 中国农业银行股份有限公司 | Firewall abnormality monitoring method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112787883B (en) | 2022-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108989150B (en) | Login abnormity detection method and device | |
| CN105068925B (en) | Software safety defect finds system | |
| CN109143094B (en) | Abnormal data detection method and device for power battery | |
| CN114285732A (en) | Network fault positioning method, system, storage medium and electronic equipment | |
| CN112787883B (en) | Method, device and equipment for detecting NAT (network Address translation) fault of equipment | |
| CN108737193A (en) | A kind of failure prediction method and device | |
| CN117319047A (en) | Network path analysis method and system based on network security anomaly detection | |
| CN114116390A (en) | Fault prediction method, device, equipment and readable storage medium | |
| CN111767193A (en) | Server data anomaly detection method and device, storage medium and equipment | |
| CN116954624B (en) | Compiling method based on software development kit, software development system and server | |
| CN111866921A (en) | Method, device and equipment for searching service fault of 5G base station and storage medium | |
| CN115114124A (en) | Host risk assessment method and device | |
| CN116136950B (en) | Chip verification method, device, system, electronic equipment and storage medium | |
| CN117235062A (en) | Service system data modeling method based on data center | |
| CN108984396B (en) | Automatic test method and system and test terminal | |
| CN110990223A (en) | Monitoring alarm method and device based on system log | |
| CN114884849B (en) | CAN bus abnormality detection method and system based on Adaboost | |
| CN107085544B (en) | System error positioning method and device | |
| CN113626236B (en) | Fault diagnosis method, device, equipment and medium for distributed file system | |
| CN106708638B (en) | System error detection method and device | |
| Okumoto | Software defect prediction based on stability test data | |
| CN114938339A (en) | Data processing method and related device | |
| CN109491921B (en) | Management method and system of buried point information | |
| CN113407520A (en) | Power network safety data cleaning system and method based on machine learning | |
| CN112819565A (en) | Method and system for detecting surrounding mark string mark and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |