CN112866036B - Network flow simulation method and system of cloud computing platform and computer storage medium - Google Patents

Network flow simulation method and system of cloud computing platform and computer storage medium Download PDF

Info

Publication number
CN112866036B
CN112866036B CN202110207314.9A CN202110207314A CN112866036B CN 112866036 B CN112866036 B CN 112866036B CN 202110207314 A CN202110207314 A CN 202110207314A CN 112866036 B CN112866036 B CN 112866036B
Authority
CN
China
Prior art keywords
network
cloud computing
computing platform
traffic
local area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110207314.9A
Other languages
Chinese (zh)
Other versions
CN112866036A (en
Inventor
向文丽
符永铨
孙丽群
黄珺
吉青利
赵辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peng Cheng Laboratory
Original Assignee
Peng Cheng Laboratory
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peng Cheng Laboratory filed Critical Peng Cheng Laboratory
Priority to CN202110207314.9A priority Critical patent/CN112866036B/en
Publication of CN112866036A publication Critical patent/CN112866036A/en
Application granted granted Critical
Publication of CN112866036B publication Critical patent/CN112866036B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Abstract

The invention discloses a network flow simulation method, a system and a computer storage medium of a cloud computing platform, which are used for receiving flow which is generated by a flow generator and comprises a first virtual local area network label; determining a second VLAN tag bound to the first VLAN tag, wherein the second VLAN tag is bound with at least two different first VLAN tags; and sending the flow to a virtual machine network corresponding to the second virtual local area network label in the cloud computing platform. According to the invention, the cloud computing platform virtual machine network is respectively bound with the plurality of different first virtual local area network tags, so that the flow of the plurality of different first virtual local area network tags can be sent to the cloud computing platform virtual machine network, thereby reducing the flow required to be generated by the virtual machine network during network flow simulation, reducing fewer flow generators applied to simulation and saving the cost of the cloud computing platform network flow simulation.

Description

Network flow simulation method and system of cloud computing platform and computer storage medium
Technical Field
The invention relates to the technical field of cloud computing platforms, in particular to a network flow simulation method and system of a cloud computing platform and a computer storage medium.
Background
In order to avoid the influence and damage to a real computer network, a network target range is generally adopted for the drilling and testing research of network attack and defense. In the simulation environment of the network shooting range, flow is required to be generated through a flow generator and sent to a cloud end, so that real network flow when a large number of users interact with the cloud end is simulated, and the simulation environment is as close to a real internet environment as possible.
The simulation environment of the network shooting range is generally realized based on a cloud computing platform, the number of virtual machines of the cloud computing platform is huge, and how to apply a limited flow generator to the huge and randomly generated cloud computing platform is a difficult problem to be solved urgently.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a method and a system for simulating network traffic of a cloud computing platform and a computer storage medium, aiming at reducing the number of traffic generators which need to be applied to simulation by binding a virtual machine network of the cloud computing platform with a plurality of different first virtual local area network tags respectively.
In order to achieve the above object, the present invention provides a network traffic simulation method for a cloud computing platform, where the network traffic simulation method for the cloud computing platform includes:
receiving traffic generated by a traffic generator and comprising a first virtual local area network tag;
determining a second VLAN tag bound to the first VLAN tag, wherein the second VLAN tag is bound with at least two different first VLAN tags;
and sending the flow to a virtual machine network corresponding to the second virtual local area network label in the cloud computing platform.
Optionally, the step of receiving traffic generated by the traffic generator and including the first vlan tag includes:
and controlling the flow generator to generate the flow comprising the first virtual local area network label and sending the flow to the cloud computing platform through a second communication port connected with the cloud computing platform by the flow generator through a first communication port connected with the cloud computing platform.
Optionally, before the step of receiving traffic generated by the traffic generator and including the first vlan tag, the method further includes:
acquiring the type of each virtual machine network in the cloud computing platform;
determining the second virtual local area network tag corresponding to the type of the virtual machine network;
and binding the second virtual local area network label corresponding to the type of the virtual machine network with a plurality of first virtual local area network labels corresponding to the virtual machine network.
Optionally, the network traffic simulation method of the cloud computing platform further includes:
and executing a simulation test of a network target range when the flow is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform.
Optionally, when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, the step of executing the simulation test of the network target range includes:
when the flow is sent to the virtual machine network corresponding to the second virtual local area network label in the cloud computing platform, executing attack and defense test operation;
and obtaining a test result of the attack and defense test operation, wherein the test result comprises the interference degree of the flow to the attack and defense test operation.
Optionally, when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, the step of executing the simulation test of the network target range includes:
when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, collecting security protection characteristics of the virtual machine network corresponding to the second virtual local area network tag, wherein the traffic is malicious attack traffic;
and acquiring an attack result of the malicious attack traffic according to the safety protection characteristic.
In addition, to achieve the above object, the present invention further provides a network traffic simulation system of a cloud computing platform, where the network traffic simulation system of the cloud computing platform includes:
a traffic generator for generating traffic including a first virtual local area network tag;
and the cloud computing platform is connected with the flow generator and is used for executing the steps of the network flow simulation method of the cloud computing platform.
Optionally, the traffic generator includes a first communication port and a second communication port, and the cloud computing platform includes a computing node and a control node;
the computing node is connected with the second communication port and used for receiving the flow sent by the flow generator through the second communication port;
the control node is connected with the first communication port and used for controlling the flow generator to send the flow, and sending the flow received by the computing node to the virtual machine network corresponding to the second virtual local area network label in the cloud computing platform.
In addition, to achieve the above object, the present invention further provides a computer storage medium, where a network traffic simulation program of a cloud computing platform is stored, and when being executed by a processor, the computer storage medium implements the steps of the network traffic simulation method of the cloud computing platform as described in any one of the above.
The network traffic simulation method, system and computer storage medium for the cloud computing platform provided by the embodiments of the present invention receive traffic including a first virtual local area network tag generated by a traffic generator, determine a second virtual local area network tag bound to the first virtual local area network tag, where the second virtual local area network tag is bound to at least two different first virtual local area network tags, and send the traffic to a virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform. According to the invention, the cloud computing platform virtual machine network is respectively bound with the plurality of different first virtual local area network tags, so that the flow of the plurality of different first virtual local area network tags can be sent to the cloud computing platform virtual machine network, thereby reducing the flow required to be generated by the virtual machine network during network flow simulation, reducing fewer flow generators applied to simulation and saving the cost of the cloud computing platform network flow simulation.
Drawings
Fig. 1 is a schematic flowchart of an embodiment of a network traffic simulation method of a cloud computing platform according to the present invention;
fig. 2 is a schematic flow chart illustrating a network traffic simulation method of a cloud computing platform according to another embodiment of the present invention;
fig. 3 is a schematic diagram of a terminal rack of the network traffic simulation system of the cloud computing platform according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the invention provides a solution, which is characterized in that a cloud computing platform virtual machine network is respectively bound with a plurality of different first virtual local area network tags, so that the flow of the plurality of different first virtual local area network tags can be sent to the cloud computing platform virtual machine network, the flow required to be generated by the virtual machine network during network flow simulation is reduced, fewer flow generators applied to simulation are provided, and the cost of the cloud computing platform network flow simulation is saved.
Referring to fig. 1, in an embodiment, the network traffic simulation method for the cloud computing platform includes the following steps:
step S10, receiving the traffic generated by the traffic generator and including the first virtual local area network label;
in this embodiment, Traffic Generator (Traffic Generator) can generate and output Traffic, and the Traffic Generator is usually used to detect network performance, and is an important tool for network-related research, for example, it can be used to test link rate. The flow generator generally includes commercial software cybertflood, a contact, open source software Trex, and the like, and when the flow generator performs flow simulation, a VLAN (virtual Local Area network) tag is marked on generated flow, so that after the flow generator outputs the flow, the receiving end identifies the VLAN tag of the flow, and sends the flow to a corresponding Local Area network in the receiving end. The VLAN tag marked on the traffic generator is the first VLAN tag of the traffic, and it should be noted that the traffic includes different first VLAN tags due to different types and functions of the traffic generated by the traffic generator.
Optionally, because the traffic generator sends the traffic to the cloud computing platform, and the cloud computing platform includes a plurality of virtual local area networks, the virtual local area networks perform group management on the plurality of virtual machines, in order to avoid that the traffic generated by the traffic generator is broadcast to each virtual local area network, and the virtual local area network that does not need to receive the traffic also receives the traffic, a first virtual local area network tag needs to be marked on the traffic generated by the traffic generator, so as to send the traffic only to the corresponding virtual local area network.
Optionally, when the traffic generator generates the traffic, the traffic generator puts the corresponding first vlan tag into a "tag" field in a header of the traffic, so as to distinguish the traffic sent to different vlans.
Optionally, the traffic generator is connected with the cloud computing platform through a communication port, so that traffic including the first virtual local area network tag generated by the traffic generator is sent to the cloud computing platform, background traffic of the terminal device and the cloud computing platform is simulated, and network traffic simulation of the cloud computing platform is achieved.
Optionally, the cloud computing is a computing mode and a service mode based on the internet, and has the advantages of flexibly and dynamically allocating resources, uniformly managing, effectively reducing the management and maintenance cost and the like, so that the network shooting range based on the cloud computing platform also has the advantages of high cost performance, convenience in management and maintenance and the like.
Optionally, the traffic generator includes a first communication port and a second communication port, both of which are physical ports, and the first communication port and the second communication port are connected to the cloud computing platform through an ovs (open vswitch).
Alternatively, to avoid the impact of the external network on the simulation, the simulation is typically performed in an environment isolated from the external network, therefore, the first communication port is connected with a control node of the cloud computing platform, the second communication port is connected with a computing node of the cloud computing platform, the connection of the first communication port with the control node is an external network connection, the connection of the second communication port with the computing node is an emulation environment network connection isolated from the external network, to control the traffic generator to generate traffic comprising a first virtual local area network tag via the first communication port and to control the traffic generator to send the traffic to a computing node of the cloud computing platform via the second communication port, the control node further to control distribution of the traffic, namely, the control computing node sends the traffic to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform.
Step S20, determining a second vlan tag bound to the first vlan tag, where the second vlan tag has at least two different first vlan tags bound thereto;
step S30, sending the traffic to a virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform.
In this embodiment, the cloud computing platform may be OpenStack, OpenStack is a community, and is also a project and an open source software, and provides open source code software to establish public and private clouds, and it provides an operating platform or a tool set for deploying the clouds, and its purpose is: the cloud service system helps to organize the cloud which runs as a virtual computing or storage service, and provides extensible and flexible cloud computing for public clouds, private clouds, big clouds and small clouds. The OpenStack is composed of four major parts, namely a control node, a computing node, a network node and a storage node, wherein the control node is responsible for controlling other nodes and comprises virtual machine establishment, migration, network allocation, storage allocation and the like, the computing node is responsible for virtual machine operation, the network node is responsible for communication between an external network and an internal network, and the storage node is responsible for extra storage management and the like of the virtual machine.
Optionally, the cloud computing platform runs a huge number of virtual machines, before receiving traffic including the first virtual Local Area network tag generated by the traffic generator, the virtual machines in the cloud computing platform may be further grouped, and the virtual machines in the same group may form one virtual Local Area network (i.e., a virtual machine network), so that different virtual machine networks may correspond to different VLAN (virtual Local Area network) tags or VXLAN (virtual Extensible Local Area network) tags, and the VLAN tag or the VXLAN tag is a second virtual Local Area network tag.
Optionally, before receiving traffic including the first virtual local area network tag generated by the traffic generator, the type of each virtual machine network in the cloud computing platform may also be obtained, a second virtual local area network tag corresponding to the type of the virtual machine network is determined, and the second virtual local area network tag corresponding to the type of the virtual machine network is bound to the plurality of first virtual local area network tags corresponding to the virtual machine networks, where the second virtual local area network tag is used to uniquely identify the corresponding virtual machine network.
Optionally, since a single first vlan tag may be bound to multiple second vlan tags at the same time, and the number of bound second vlan tags is not limited, the number of virtual machines used by the cloud computing platform may be increased or decreased according to the user's needs, and the cloud computing platform has very good expandability or extensibility in network traffic simulation.
Optionally, the cloud computing platform stores the binding relationship between each second VLAN tag and the first VLAN tag, each second VLAN tag is bound with a plurality of different first VLAN tags, therefore, after receiving the traffic including the first virtual local area network tag, the cloud computing platform identifies the first virtual local area network tag in the traffic, and determines a second VLAN tag bound to the first VLAN according to a pre-stored binding relationship, and sending the traffic to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, so that, the flow generated by the flow generator can be distributed to a plurality of designated virtual machine networks by the cloud computing platform, so that the problem that more flows are needed for network flow simulation of the cloud computing platform due to the fact that a single flow can only be sent to one virtual machine network and the problem that more flow generators for generating flows need to be equipped are avoided.
Optionally, the cloud computing platform comprises a plurality of virtual machine networks, the virtual machine networks comprising a plurality of virtual machines in the same group.
In the technical scheme disclosed in this embodiment, the cloud computing platform virtual machine network is respectively bound with a plurality of different first virtual local area network tags, the same flow generated by the flow generator can be sent to a plurality of virtual machine networks in the cloud computing platform, and a single virtual machine network can have a plurality of different background flows, so that the flows required to be generated by the virtual machine network during network flow simulation are reduced, fewer flow generators are applied to simulation, and the cost of network flow simulation of the cloud computing platform is saved.
In another embodiment, as shown in fig. 2, on the basis of the embodiment shown in fig. 1, the following steps are performed while the step S30 is performed:
step S40, when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, executing a simulation test of a network target range.
In this embodiment, when traffic is sent to a virtual machine network corresponding to a second virtual local area network tag in a cloud computing platform, so as to simulate network traffic of the cloud computing platform, a simulation test of a network target range can be further performed, wherein the network target range is realized based on the cloud computing platform, and according to the advantages of flexibility of dynamic resource allocation of the cloud computing platform, uniformity of management, low cost of maintenance, openness and the like, a network attack and defense target range system is constructed on the network attack and defense target range system, so that a comprehensive simulation environment is provided for network attack and defense drilling, penetration test, protection technology research and the like, and the network attack and defense target range system can be applied to network security laboratories in industries such as governments, enterprises and universities. The cloud computing platform employed by the network shooting range may be a private cloud or a public cloud. It should be noted that the simulation network environment in the network target or the cloud computing platform is isolated from the external real internet, so as to avoid the interaction between the simulation network environment and the external internet, for example, to avoid the damage to the internet environment caused by the simulation test of the network target.
Optionally, performing simulation testing of the network firing ground may include: the method comprises the steps of executing attack and defense test operation by taking simulation network flow of a cloud computing platform as background flow, obtaining a test result of the attack and defense test operation, detecting whether the background flow has influence on the attack and defense test operation in the environment of the simulation background flow, and further judging whether the attack and defense test operation is interfered in a real network environment, for example, the attack and defense difficulty of the attack and defense test operation is possibly changed when the attack and defense test operation receives the interference, so that the test result can comprise the interference degree of the background flow on the attack and defense test operation, and further analyzing how to shield the interference of the background flow on the attack and defense test operation according to the test result.
Alternatively, the attack and defense test operation may include a red-blue countermeasure, individual combat, and the like with network traffic of the cloud computing platform as background traffic.
Optionally, performing simulation testing of the network firing ground may include: the method comprises the steps of taking network simulation network flow of a cloud computing platform as background flow, carrying out malicious attack on a virtual machine in the cloud computing platform through the flow to detect the protection capability of the virtual machine, controlling the flow generator to generate the flow corresponding to the malicious attack when controlling the flow generator to generate the flow, enabling the cloud computing platform to carry out the malicious attack through the flow after distributing the flow to a corresponding virtual machine network in a meta-computing platform, collecting the security protection characteristics of the virtual machine network, obtaining the attack result of the malicious attack flow through the security protection characteristics, and judging whether the virtual machine successfully withstands the malicious attack and the strength of the protection capability of the virtual machine through the attack result.
In the technical scheme disclosed in this embodiment, when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform to simulate the network traffic of the cloud computing platform, a simulation test of a network target range can be executed, so as to realize a simulation test of background traffic based on the cloud computing platform.
In addition, referring to fig. 3, an embodiment of the present invention further provides a network traffic simulation system of a cloud computing platform, where the network traffic simulation system of the cloud computing platform includes:
a traffic generator for generating traffic including a first virtual local area network tag;
and the cloud computing platform is connected with the flow generator and is used for executing the steps of the network flow simulation method of the cloud computing platform according to the above embodiments.
In this embodiment, after generating traffic including a first virtual local area network tag, a traffic generator sends the traffic to a cloud computing platform, and the cloud computing platform determines a second virtual local area network tag bound to the first virtual local area network tag and sends the traffic to a virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform.
Optionally, in order to avoid the influence of the external network on the simulation, the simulation is usually performed in an environment isolated from the external network, and therefore, the traffic transmitter may include the first communication port and the second communication port, and the cloud computing platform may include the computing node and the control node. The computing node is connected with the second communication port, the second communication port is connected with the computing node through a simulation environment network isolated from an external network, and the computing node can receive the flow sent by the flow generator through the second communication port. The control node is connected with the first communication port, the connection between the first communication port and the control node is external network connection, and the control node can control the flow generator to generate and send flow through the second communication port. Because each virtual machine in the virtual machine network runs on the computing node, the control node can also send the traffic received by the computing node to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, so as to distribute the traffic generated by the traffic generator and realize the simulation of the network traffic of the cloud computing platform.
In the technical scheme disclosed in this embodiment, by binding the first vlan tag and the second vlan tag, it is possible to bind a plurality of first vlan tags to the same second vlan tag, and achieve the purpose that one traffic generator can generate traffic in the vm networks of a plurality of cloud computing platforms, thereby constructing rich background traffic application scenarios for the attack and defense shooting range, and using a limited traffic generator to generate background traffic in a large number of vms of the cloud computing platforms.
In addition, an embodiment of the present invention further provides a computer storage medium, where a network traffic simulation program of a cloud computing platform is stored on the computer storage medium, and when being executed by a processor, the network traffic simulation program of the cloud computing platform implements the steps of the network traffic simulation method of the cloud computing platform according to the above embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (8)

1. A network traffic simulation method of a cloud computing platform is characterized by comprising the following steps:
acquiring the type of each virtual machine network in the cloud computing platform, wherein the virtual machine network refers to a virtual local area network formed by virtual machines in the same group;
determining a second virtual local area network tag corresponding to the type of the virtual machine network, wherein the second virtual local area network tag refers to different VLAN tags or VXLAN tags corresponding to different virtual machine networks;
binding the second virtual local area network tag corresponding to the type of the virtual machine network with a plurality of first virtual local area network tags corresponding to the virtual machine network;
receiving traffic which is generated by a traffic generator and comprises a first virtual local area network tag, wherein the traffic generator marks the generated traffic with a VLAN tag, and the VLAN tag is the first virtual local area network tag;
determining a second VLAN tag bound to the first VLAN tag, wherein the second VLAN tag is bound with at least two different first VLAN tags;
and sending the flow to a virtual machine network corresponding to the second virtual local area network label in the cloud computing platform.
2. The method for network traffic simulation of a cloud computing platform of claim 1, wherein the step of receiving traffic generated by a traffic generator that includes a first virtual local area network tag comprises:
and controlling the flow generator to generate the flow comprising the first virtual local area network label and sending the flow to the cloud computing platform through a second communication port connected with the cloud computing platform by the flow generator through a first communication port connected with the cloud computing platform.
3. The method for network traffic simulation of a cloud computing platform of claim 1, wherein the method for network traffic simulation of a cloud computing platform further comprises:
and executing a simulation test of a network target range when the flow is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform.
4. The method for simulating network traffic of the cloud computing platform according to claim 3, wherein the step of performing a simulation test of a network target range when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform includes:
when the flow is sent to the virtual machine network corresponding to the second virtual local area network label in the cloud computing platform, executing attack and defense test operation;
and obtaining a test result of the attack and defense test operation, wherein the test result comprises the interference degree of the flow to the attack and defense test operation.
5. The method for simulating network traffic of the cloud computing platform according to claim 3, wherein the step of performing a simulation test of a network target range when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform includes:
when the traffic is sent to the virtual machine network corresponding to the second virtual local area network tag in the cloud computing platform, collecting security protection characteristics of the virtual machine network corresponding to the second virtual local area network tag, wherein the traffic is malicious attack traffic;
and acquiring an attack result of the malicious attack traffic according to the safety protection characteristic.
6. A network traffic simulation system of a cloud computing platform is characterized by comprising:
a traffic generator for generating traffic including a first virtual local area network tag;
the flow generator is also used for marking a VLAN label on the generated flow, wherein the VLAN label is a first virtual local area network label;
a cloud computing platform connected to the traffic generator for performing the steps of the network traffic simulation method of the cloud computing platform according to any of claims 1 to 5.
7. The network traffic simulation system of the cloud computing platform of claim 6, wherein the traffic generator comprises a first communication port and a second communication port, the cloud computing platform comprising a computing node and a control node;
the computing node is connected with the second communication port and used for receiving the flow sent by the flow generator through the second communication port;
the control node is connected with the first communication port and used for controlling the flow generator to send the flow, and sending the flow received by the computing node to the virtual machine network corresponding to the second virtual local area network label in the cloud computing platform.
8. A computer storage medium, characterized in that the computer storage medium has stored thereon a network traffic simulation program of a cloud computing platform, which when executed by a processor implements the steps of the network traffic simulation method of the cloud computing platform according to any one of claims 1 to 5.
CN202110207314.9A 2021-02-24 2021-02-24 Network flow simulation method and system of cloud computing platform and computer storage medium Active CN112866036B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110207314.9A CN112866036B (en) 2021-02-24 2021-02-24 Network flow simulation method and system of cloud computing platform and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110207314.9A CN112866036B (en) 2021-02-24 2021-02-24 Network flow simulation method and system of cloud computing platform and computer storage medium

Publications (2)

Publication Number Publication Date
CN112866036A CN112866036A (en) 2021-05-28
CN112866036B true CN112866036B (en) 2022-03-01

Family

ID=75991119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110207314.9A Active CN112866036B (en) 2021-02-24 2021-02-24 Network flow simulation method and system of cloud computing platform and computer storage medium

Country Status (1)

Country Link
CN (1) CN112866036B (en)

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100579037C (en) * 2007-05-09 2010-01-06 华为技术有限公司 Network flow simulation method and equipment, network flow test method and equipment
CN101494574B (en) * 2009-03-03 2011-05-25 中兴通讯股份有限公司 Performance test system and method for double-layer virtual special access backbone network
CN103475542A (en) * 2013-09-04 2013-12-25 上海斐讯数据通信技术有限公司 Network equipment handling capacity performance testing system and method
CN106027406B (en) * 2016-05-23 2019-03-15 电子科技大学 NS3 analogue system flow introduction method based on Netflow
CN108123819B (en) * 2016-11-30 2020-10-16 江南大学 Virtual-real network seamless fusion simulation method
CN108271198B (en) * 2016-12-30 2020-11-17 华为技术有限公司 Flow simulation method and device
CN109921947B (en) * 2019-03-26 2022-02-11 东软集团股份有限公司 Network flow simulation method, device, equipment and network equipment test system
CN110635943B (en) * 2019-09-02 2020-11-06 北京航空航天大学 Spark computing framework-based network flow simulation system in network transmission process
CN111835579B (en) * 2020-06-04 2021-12-21 南瑞集团有限公司 Method and system for testing effectiveness of network traffic scheduling simulation
CN111711536A (en) * 2020-06-05 2020-09-25 北京计算机技术及应用研究所 Method for constructing firewall test environment under cloud architecture

Also Published As

Publication number Publication date
CN112866036A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
US9729567B2 (en) Network infrastructure obfuscation
CN109802852B (en) Method and system for constructing network simulation topology applied to network target range
US8335678B2 (en) Network stimulation engine
US20180375897A1 (en) Automated network device cloner and decoy generator
Chadha et al. Cybervan: A cyber security virtual assured network testbed
US20160239330A1 (en) Dynamic Reconfiguration Of Resources In A Virtualized Network
CN109347881B (en) Network protection method, device, equipment and storage medium based on network spoofing
Kouril et al. Cloud-based testbed for simulation of cyber attacks
US11061792B2 (en) Test system for testing a computer of a computer system in a test network
CN112491892A (en) Network attack inducing method, device, equipment and medium
CN108605264A (en) Network management
CN107171979A (en) Vulnerability scanning method and system based on cloud computing and SDN
CN112866036B (en) Network flow simulation method and system of cloud computing platform and computer storage medium
CN106161171A (en) A kind of method and apparatus setting up Network example
Schoonover et al. Galaxy: a network emulation framework for cybersecurity
Hori et al. A comprehensive security analysis checksheet for openflow networks
Gao et al. Techniques and research trends of network testbed
Khorkov Methods for testing network-intrusion detection systems
CN110430132B (en) Method and device for binding Socket and VRF
CN111245800B (en) Network security test method and device, storage medium and electronic device
Kumar Inter-Docker Cluster Communication Across Different Network Regions Using EVPN
US20210211456A1 (en) Device, method and non-transitory tangible machine-readable medium for testing a cyber defense mechanism of a device under test
Roy Scalable Emulator for Software Defined Networks
CN112333025A (en) Network security simulation training method, device and system
CN111865996A (en) Data detection method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant