CN113194004B - Network topology construction method and device, and network change processing method and device - Google Patents

Network topology construction method and device, and network change processing method and device Download PDF

Info

Publication number
CN113194004B
CN113194004B CN202110554998.XA CN202110554998A CN113194004B CN 113194004 B CN113194004 B CN 113194004B CN 202110554998 A CN202110554998 A CN 202110554998A CN 113194004 B CN113194004 B CN 113194004B
Authority
CN
China
Prior art keywords
network
devices
information
network topology
network connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110554998.XA
Other languages
Chinese (zh)
Other versions
CN113194004A (en
Inventor
李家炎
满欣
屠彧
曹璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110554998.XA priority Critical patent/CN113194004B/en
Publication of CN113194004A publication Critical patent/CN113194004A/en
Application granted granted Critical
Publication of CN113194004B publication Critical patent/CN113194004B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a network topology construction method, including: acquiring configuration information of each device in a plurality of devices of a real network, wherein the plurality of devices comprise a first device and a second device, and the configuration information comprises a communication link list and an interface information list; determining a first network connection relationship between a plurality of first devices based on the communication link list; determining a second network connection relationship among the plurality of second devices and between the second devices and the first device based on the interface information list; and adding the first network connection relation and the second network connection relation to the initial network topology to obtain a target network topology. In addition, the present disclosure also provides a network change processing method, a network topology constructing apparatus, a network change processing apparatus, an electronic device, a storage medium, and a computer program product. The method, the device, the equipment and the product provided by the disclosure can be used in the technical field of communication networks, the financial field or other fields.

Description

Network topology construction method and device, and network change processing method and device
Technical Field
The present disclosure relates to the field of communication network technologies, and in particular, to a network topology construction method, a network change processing method, a network topology construction apparatus, a network change processing apparatus, an electronic device, a storage medium, and a computer program product.
Background
With the development of cloud computing and hardware technology, the internal environment of the data center becomes more complex.
In the process of implementing the inventive concept disclosed by the present disclosure, the inventor finds that a data center has network devices of multiple manufacturers and multiple versions, and communication protocols supported by different network devices are different, so that it is difficult to construct a comprehensive and accurate network topology.
Disclosure of Invention
In view of the above, the present disclosure provides a network topology construction method, a network change processing method, a network topology construction apparatus, a network change processing apparatus, an electronic device, a storage medium, and a computer program product.
One aspect of the present disclosure provides a network topology construction method, including:
acquiring configuration information of each device in a plurality of devices of a real network, wherein the plurality of devices comprise a first device supporting a preset communication protocol and a second device not supporting the preset communication protocol, the configuration information of the first device comprises a communication link list and an interface information list, and the configuration information of the second device comprises the interface information list; determining a first network connection relationship among a plurality of the first devices based on the communication link list; determining a second network connection relationship among a plurality of the second devices and between the second devices and the first device based on the interface information list; and adding the first network connection relation and the second network connection relation to an initial network topology to obtain a target network topology.
According to an embodiment of the present disclosure, the communication link list includes a plurality of communication links established between the first devices based on the preset communication protocol; the determining a first network connection relationship between the first devices based on the communication link list includes: and determining a first network connection relation between the first devices based on the plurality of communication links.
According to an embodiment of the present disclosure, the interface information list includes interface address information of each port of the first device or the second device; the determining a second network connection relationship between the second devices and the first device based on the interface information list includes: acquiring a subnet mask of the port from the interface address information of the port; determining the network segment to which the port belongs according to the subnet mask, wherein a network connection relation exists between all ports belonging to the same network segment; and integrating the network connection relations existing in all the network segments to obtain second network connection relations among the second devices and between the second devices and the first devices.
According to an embodiment of the present disclosure, further comprising: determining a third network connection relationship between the first device or the second device and another device based on the interface description information when the interface information list of the first device or the second device includes the interface description information; and adding the third network connection relationship to the target network topology.
According to an embodiment of the present disclosure, further comprising: and verifying the target network topology according to traffic information, wherein the traffic information comprises historical traffic information among ports of a plurality of devices in the real network and simulated traffic information among the ports of the plurality of devices in the target network topology.
According to an embodiment of the present disclosure, the verifying the target network topology according to the traffic information includes: matching the historical flow information with the simulated flow information to obtain a matching result; determining that the target network topology is constructed under the condition that the matching result is consistent; and modifying the network connection relation in the target network topology based on the historical traffic information and the simulated traffic information when the matching result is inconsistent.
Another aspect of the present disclosure provides a network change processing method, including: acquiring a network change scheme and a user intention, wherein the network change scheme comprises a configuration instruction; inputting the configuration instruction into the target network topology to obtain a network change result; and verifying the network change result based on the user intention so as to determine the network change processing strategy of the real network.
According to an embodiment of the present disclosure, the verifying the network change result based on the user intention to determine the network change processing policy of the real network includes: inputting the network change plan into the real network to change the network of the real network when the network change result meets the user intention; and feeding back error prompt information and modification opinions of the network change scheme under the condition that the network change result does not accord with the user intention.
Another aspect of the present disclosure provides a network topology constructing apparatus, which includes a first obtaining module, a first determining module, a second determining module, and a first executing module. Wherein: a first obtaining module, configured to obtain configuration information of each device in a plurality of devices of a real network, where the plurality of devices include a first device that supports a preset communication protocol and a second device that does not support the preset communication protocol, the configuration information of the first device includes a communication link list and an interface information list, and the configuration information of the second device includes the interface information list; a first determining module, configured to determine a first network connection relationship among a plurality of the first devices based on the communication link list; a second determining module, configured to determine, based on the interface information list, second network connection relationships among the plurality of second devices and between the second devices and the first device; and a first execution module, configured to add the first network connection relationship and the second network connection relationship to an initial network topology to obtain a target network topology.
Another aspect of the present disclosure provides a network change processing apparatus, which includes a second obtaining module, a second executing module, and a second verifying module. Wherein: the second acquisition module is used for acquiring a network change scheme and user intention, wherein the network change scheme comprises a configuration instruction; the second execution module is used for inputting the configuration instruction into the target network topology to obtain a network change result; and the second verification module is used for verifying the network change result based on the user intention so as to determine the network change processing strategy of the real network.
Another aspect of the present disclosure provides an electronic device including: one or more processors; memory to store one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement a method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program product comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, the network connection relationship among the multiple devices is determined through the communication link information established among the multiple devices in the real network and the interface address information of the multiple devices, and the network connection relationship is added to the initial network topology to complete the construction of the network topology. By adopting the technical means, the problem that part of equipment in the network does not support the preset communication protocol and is ignored when the network topology is built is at least partially solved, so that the integrity of the built network topology is effectively improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of the embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture 100 to which a network topology construction method may be applied, according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a network topology construction method 200 in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a network topology construction method 300 according to another embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram of a network change processing method 400 according to an embodiment of the disclosure;
5A-5C schematically illustrate diagrams of target network topologies before and after a change according to an embodiment of the disclosure;
fig. 6 schematically shows a block diagram of a network topology construction apparatus 600 according to an embodiment of the present disclosure;
fig. 7 schematically shows a block diagram of a network change handling device 700 according to an embodiment of the present disclosure;
fig. 8 schematically shows a block diagram of an electronic device adapted to implement a network topology construction method and a network change handling method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that these descriptions are illustrative only and are not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). In those instances where a convention analogous to "at least one of A, B, or C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, or C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
With the rapid development of cloud technology, the internal environment of a data center becomes more and more complex, and the scale and complexity of a production network formed by all devices in the data center also increase, so that when the configuration of the production network is changed, whether a logic error exists in a configuration change instruction cannot be judged. On the other hand, the complex equipment environment puts higher requirements on network operation and maintenance personnel, and the network operation and maintenance personnel cannot judge in advance whether the configuration change instruction causes negative effects on the production network or not and whether the configuration change instruction meets the change expectation or not.
Therefore, in the related art, a simulation method is often adopted to verify a network change scheme in advance, for example, a simulation network identical to a production network is constructed, but the method has high equipment cost and maintenance cost; or, simulation software is used for simulating a production network, and a network change scheme is verified through a computer instruction, but because multiple manufacturers and multiple versions of equipment exist in the data center, the method is easily limited by equipment compatibility when applied, and partial equipment does not have mirror images of the equipment in the simulation software, so that the cost for constructing the equipment in the software is greatly increased.
In view of the above, the inventor constructs a 1: 1 network topology by collecting network device configurations and constructing the network topology based on the digital twin technology of the intended network, and then correcting the topology by additional information. After the network topology is built, the network change scheme is verified by using a digital twin technology, so that whether the change scheme is in accordance with expectation or not is verified by the network in advance, and a logic error of the network change scheme is discovered in advance.
Specifically, embodiments of the present disclosure provide a network topology construction method, a network change processing method, a network topology construction apparatus, a network change processing apparatus, an electronic device, a storage medium, and a computer program product. The network topology construction method comprises the following steps: acquiring configuration information of each device in a plurality of devices of a real network, wherein the plurality of devices comprise a first device supporting a preset communication protocol and a second device not supporting the preset communication protocol, the configuration information of the first device comprises a communication link list and an interface information list, and the configuration information of the second device comprises an interface information list; determining a first network connection relationship between a plurality of first devices based on the communication link list; determining a second network connection relationship among the plurality of second devices and between the second devices and the first device based on the interface information list; and adding the first network connection relation and the second network connection relation to the initial network topology to obtain a target network topology.
The network topology construction method and device, and the network change processing method and device provided by the embodiments of the present disclosure can be used in the technical field of communication networks and the financial field, for example, the method and device can be used for constructing a network topology corresponding to a bank machine room, and predicting the effect of configuration change when device configuration change is performed in the machine room. The method and the device provided by the embodiment of the disclosure can also be used in any fields except the technical field of communication networks and the financial field, and the application field of the method and the device provided by the embodiment of the disclosure is not limited.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the network topology construction method may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a real network 110, a network topology 120, and a terminal device 130. The real network 110 includes network devices 111, 112, and 113, and network connections 114, 115, and 116 between the network devices; included in network topology 120 are points 121, 122, and 123 for representing network devices, and edges 124, 125, and 126 for representing network connections.
Network devices 111, 112, and 113 may include servers, gateways, routers, and other communication-capable devices. Network connections 114, 115, and 116 between network devices 111, 112, and 113 may be established via various communication protocols, wired or wireless.
The terminal device 130 may be various electronic devices having a display screen and supporting communication functions, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
A user may use the terminal device 130 to obtain configuration information for the real network 110 and build the network topology 120 based on the obtained configuration information. The points 121, 122, and 123 in the constructed network topology 120 correspond to the network devices 111, 112, and 113 in the real network 110 one to one, and the edges 124, 125, and 126 in the network topology 120 correspond to the network connections 114, 115, and 116 in the real network 110 one to one.
It should be noted that the network topology construction method provided by the embodiment of the present disclosure may be generally executed by the terminal device 130. Accordingly, the network topology constructing apparatus provided by the embodiment of the present disclosure may be generally disposed in the terminal device 130. The network topology construction method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster capable of communicating with the terminal device 130. Correspondingly, the network topology constructing apparatus provided in the embodiment of the present disclosure may also be disposed in a server or a server cluster capable of communicating with the terminal device 130.
It should be understood that the number of network devices and terminal devices in fig. 1 is merely illustrative, and that any number of network devices and terminal devices may be present according to actual needs.
Fig. 2 schematically illustrates a flow chart of a network topology construction method 200 according to an embodiment of the present disclosure.
As shown in FIG. 2, the method 200 includes operations S210-S240.
In operation S210, configuration information of each of a plurality of devices of a real network is acquired. The plurality of devices include a first device supporting a preset communication protocol and a second device not supporting the preset communication protocol, the configuration information of the first device includes a communication link list and an interface information list, and the configuration information of the second device includes an interface information list.
In operation S220, a first network connection relationship between the plurality of first devices is determined based on the communication link list.
In operation S230, a second network connection relationship between the plurality of second devices, between the second devices and the first device, is determined based on the interface information list.
In operation S240, the first network connection relationship and the second network connection relationship are added to the initial network topology, resulting in a target network topology.
According to embodiments of the present disclosure, the real network may comprise a production network of a data center.
According to embodiments of the present disclosure, a device may include a physical entity, such as a computer, switch, bridge, router, gateway, etc., capable of connecting into a network.
According to embodiments of the present disclosure, a device may support multiple communication protocols, such as the TCP/IP protocol, NETBEUI protocol, IPX/SPX protocol, LLDP protocol, CDP protocol, and the like. The compatibility of different devices with different communication protocols may vary, for example, the CDP protocol is a proprietary two-layer network protocol that can only operate on designated devices. The devices can establish a wired or wireless communication link based on a communication protocol, so as to establish a network connection relationship.
According to the embodiment of the disclosure, the communication link established by the two devices based on one communication protocol can be stored in the communication link list corresponding to the communication protocol in the configuration information of the two devices.
According to an embodiment of the present disclosure, the interface information list of the device may include information such as an IP address, a subnet mask, a gateway, a network number, and a broadcast address of the device.
According to embodiments of the present disclosure, a point that is a mirror image of each device in the real network may be included in the initial network topology. And adding the first network connection relation determined by the communication link list and the first network connection relation determined by the interface information list into the initial network topology as edges to obtain a target network topology 1: 1 with the real network.
According to the embodiment of the disclosure, the network connection relationship among the multiple devices is determined through the communication link information established among the multiple devices in the real network and the interface address information of the multiple devices, and the network connection relationship is added to the initial network topology to complete the construction of the network topology. By adopting the technical means, the problem that part of equipment in the network does not support the preset communication protocol and is ignored when the network topology is built is at least partially solved, so that the integrity of the built network topology is effectively improved.
Fig. 3 schematically illustrates a flow chart of a network topology construction method 300 according to another embodiment of the present disclosure.
As shown in FIG. 3, the method 300 includes operations S301-S308.
In operation S301, configuration information of each of a plurality of devices of a real network is acquired. The plurality of devices include a first device supporting a preset communication protocol and a second device not supporting the preset communication protocol, the configuration information of the first device includes a communication link list and an interface information list, and the configuration information of the second device includes an interface information list.
In operation S302, a first network connection relationship between a plurality of first devices is determined based on the communication link list.
In operation S303, a second network connection relationship between the plurality of second devices, and between the second device and the first device is determined based on the interface information list.
In operation S304, it is determined whether interface description information is included in the interface information list. In the case where it is determined that the interface description information is included in the interface information list, operation S305 is performed.
In operation S305, a third network connection relationship between the plurality of devices is determined based on the interface description information.
In operation S306, the first network connection relationship, the second network connection relationship, and the third network connection are added to the initial network topology, so as to obtain a target network topology.
In operation S307, it is verified whether the target network topology is completely constructed. In case it is determined that the target network topology is not completely constructed, operation S308 is performed. And under the condition that the target network topology is determined to be constructed, ending the network topology construction process.
In operation S308, a network connection relationship in the target network topology is modified based on the historical traffic information and the simulated traffic information.
According to an embodiment of the present disclosure, the communication link list may include a plurality of communication links established between the first devices based on a preset communication protocol. The preset communication protocol may be, for example, LLDP communication protocol, CDP communication protocol, or the like.
According to an embodiment of the present disclosure, in a case where a communication link exists between two first devices, it can be considered that a network connection relationship exists between the two first devices. Traversing the communication links of all the first devices may determine a first network connection relationship between the first devices.
According to an embodiment of the present disclosure, the interface address information of each port of the device may be included in the interface information list. According to the interface address information of the port, the subnet mask of the port can be determined, so that the network segment to which the port belongs can be determined. Because all ports belonging to the same network segment have network connection relations, the network connection relations existing in all network segments are integrated by traversing all network segments, and then the second network connection relation among the devices can be determined.
According to an embodiment of the present disclosure, the interface description information may include a name specification of the port, for example, the name specification may be a name of a device that requires adding, to a port name, names of other ports and ports having network connections with the port. Based on the naming convention and the port name, a third network connection relationship between ports of different devices may be determined to supplement the target network topology.
According to the embodiment of the disclosure, the target network topology can be verified according to the traffic information. The traffic information may include historical traffic information between ports of a plurality of devices in a real network and simulated traffic information between ports of a plurality of devices in a target network topology. And matching the historical flow information with the simulated flow information to obtain a matching result. For example, in the historical traffic information, if port a receives a packet with a size of 10KB sent by port b in each communication, in the simulation traffic information, if port a and port b are normally connected in the target network topology, port a should also receive a packet with a size of 10KB sent by port b in each simulation communication. And under the condition that the matching result is inconsistent, detecting and modifying the connection relation between the equipment A to which the port a belongs and other equipment and the connection relation between the equipment B to which the port B belongs and other equipment so as to modify the network connection relation in the target network topology.
Fig. 4 schematically illustrates a flow diagram of a network change processing method 400 according to an embodiment of the disclosure.
As shown in FIG. 4, the method 400 includes operations S410-S430.
In operation S410, a network change scenario and a user intention are acquired. The network change scheme comprises a configuration instruction.
In operation S420, a configuration instruction is input into the target network topology, and a network change result is obtained.
In operation S430, the network change result is verified based on the user intention to determine a network change processing policy of the real network.
According to an embodiment of the present disclosure, the target network topology may be a network topology constructed according to method 200 or method 300.
According to an embodiment of the present disclosure, the network change scheme may include a plurality of configuration instructions, and the configuration instructions may include quiescing a designated port of a designated device, modifying an Access Control List (ACL) of the device, and the like.
According to an embodiment of the present disclosure, the network change scheme and the user intention may be in one-to-one correspondence, and the user intention may be a verification step in the network change scheme. For example, if the network change scheme includes a configuration instruction of an access control list of a newly added switch, the user intention includes verifying whether the access control list is valid, that is, whether a specific IP is allowed to pass through a firewall of the switch, which may be expressed as: disp ac name Interactive | inc permit ip source 84.105.38.0.0.0.255.
According to the embodiment of the disclosure, the network change scheme can be converted into the configuration instruction by simulating a routing protocol and the like.
According to an embodiment of the present disclosure, a mathematical model may be generated using an open source model and a formal verification algorithm, and the configuration instructions may be simulated using the mathematical model. For example, the access control list of device a defines the following behavior: when the port a of the device a is called, if the port a can be matched with the corresponding access control list, the corresponding information is forwarded from the port d of the device a, otherwise, the corresponding information is discarded. The mathematical model can be represented using a transfer function T as: t (condition in, port a) = (condition 1, port d) or = (other, null). The above equation indicates that condition 1 is satisfied, i.e. port a matches the access control list, the corresponding information is forwarded from port d, otherwise, the corresponding information is thrown to null (i.e. meaning that the corresponding information is discarded).
According to the embodiment of the disclosure, after the target network topology is changed, a data packet may be input into the target network topology to determine reachability, isolation, and the like of the target network topology, so as to determine whether a network change result meets a user intention.
According to an embodiment of the present disclosure, the network change handling policy may include: when the verification result is that the network change result is consistent with the user intention, determining that the network change scheme can be executed in the real network; and when the verification result is that the network change result is inconsistent with the user intention, modifying the network change scheme.
According to the embodiment of the disclosure, the network change scheme is verified in the target network topology, and the network change strategy of the real network is determined according to the verification result, so that the influence of the network change scheme and whether the network change scheme meets the expectation before the network change is carried out on the real network can be judged in advance, and the operation and maintenance cost of the real network and the probability of production accidents caused by errors of the change scheme are effectively reduced.
Fig. 5A-5C schematically illustrate diagrams of target network topologies before and after a change according to an embodiment of the disclosure.
FIG. 5A shows a schematic diagram of a data path in a target network topology including devices P1, P2, P3, P4, P5, P6, and P7 as points in the network topology and an inter-device connection E as edges in the network topology, according to an embodiment of the disclosure p1-p2 、E p1-p3 、E p2-p4 、E p2-p5 、E p3-p4 、E p3-p5 、E p4-p6 、E p5-p6 And E p6-p7 . The start point of the data path is device P1 and the end point is device P7.
According to the embodiment of the disclosure, the input of the change configuration instruction can be performed for any one device in the data path, and the reachability verification and isolation verification are performed in other devices in the data path to determine whether the network change scheme meets the user intention.
For example, a configuration instruction to quiesce the device P4 is input in the device P1, and the corresponding user intends to isolate the device P4. After the configuration command is executed, each port of the device P4 is disconnected from the other device, so as to obtain a changed network topology, as shown in fig. 5B. As can be seen from fig. 5A and 5B, after the network change, the connection relationship E p2-p4 、E p3-p4 And E p4-p6 And when the device P4 is disconnected, the data path is changed, and other devices in the network topology have no network connection with the device P4, so that the user intention is met.
According to the embodiment of the disclosure, in the case that the network change result meets the user's intention, the network change scheme can be input into the real network to perform network change of the real network.
For another example, for the data path in fig. 5A, if the configuration instruction of the quiesce device P6 is executed, the corresponding user intends to isolate the device P6 and maintain reachability of the device P1 to device P7 communication. After the configuration instruction is executed, the connection relationship E between the device P6 and other devices p4-p6 、E p5-p6 And E p6-p7 Is disconnected as shown in fig. 5C. However, after the network change, the device P7 does not establish a network connection with any other device in the data path, and therefore,the devices P1 to P7 do not have reachability of communication, and the network change scheme does not conform to the user intention.
According to the embodiment of the disclosure, in the case that the network change result does not meet the user's intention, information of a logic error, a static error, and the like in the network change scheme can be fed back to a user, and a modification opinion can be given. For example, for the network change schemes of fig. 5A to 5C, a modification opinion may be given that a configuration instruction for establishing a network connection relationship of the devices P7 to P4 or P5 is added in the network change scheme.
Fig. 6 schematically shows a block diagram of a network topology constructing apparatus 600 according to an embodiment of the present disclosure.
As shown in fig. 6, the network topology constructing apparatus 600 includes a first obtaining module 610, a first determining module 620, a second determining module 630 and a first executing module 640.
The first obtaining module 610 is configured to obtain configuration information of each device in a plurality of devices of a real network, where the plurality of devices include a first device that supports a preset communication protocol and a second device that does not support the preset communication protocol, the configuration information of the first device includes a communication link list and an interface information list, and the configuration information of the second device includes an interface information list.
A first determining module 620, configured to determine a first network connection relationship among the plurality of first devices based on the communication link list.
A second determining module 630, configured to determine, based on the interface information list, second network connection relationships among the plurality of second devices and between the second devices and the first device.
The first executing module 640 is configured to add the first network connection relationship and the second network connection relationship to the initial network topology to obtain a target network topology.
According to the embodiment of the disclosure, the network connection relationship among the multiple devices is determined through the communication link information established among the multiple devices in the real network and the interface address information of the multiple devices, and the network connection relationship is added to the initial network topology to complete the construction of the network topology. By adopting the technical means, the problem that part of equipment in the network does not support the preset communication protocol and is ignored when the network topology is built is at least partially solved, so that the integrity of the built network topology is effectively improved.
According to the embodiment of the disclosure, the communication link list includes a plurality of communication links established between the first devices based on a preset communication protocol; the first determination module 620 is further configured to: a first network connection relationship between first devices is determined based on a plurality of communication links.
According to an embodiment of the present disclosure, the interface information list includes interface address information of each port of the first device or the second device; the second determination module 630 includes a first determination unit, a second determination unit, and a third determination unit, wherein: the first determining unit is used for acquiring a subnet mask of the port from the interface address information of the port; the second determining unit is used for determining the network segment to which the port belongs according to the subnet mask, wherein the network connection relationship exists among all the ports belonging to the same network segment; and the second determining unit is used for integrating the network connection relations existing in all the network segments to obtain second network connection relations between the second devices and the first devices.
According to an embodiment of the present disclosure, the apparatus 600 further comprises a third determination module comprising a fourth determination unit and a fifth determination unit, wherein: a third determining module, configured to determine, based on the interface description information, a third network connection relationship between the first device or the second device and another device when the interface information list of the first device or the second device includes the interface description information; and a fourth determining module for adding the third network connection relationship to the target network topology.
According to an embodiment of the present disclosure, the apparatus 600 further comprises a first authentication module. The first verification module is used for verifying the target network topology according to the traffic information, wherein the traffic information comprises historical traffic information among ports of a plurality of devices in a real network and simulated traffic information among the ports of the plurality of devices in the target network topology.
According to an embodiment of the present disclosure, a first authentication module includes a first authentication unit, a second authentication unit, and a third authentication unit. The first verification unit is used for matching the historical flow information with the simulated flow information to obtain a matching result; the second verification unit is used for determining that the target network topology is constructed under the condition that the matching result is consistent; and the third verification unit is used for modifying the network connection relation in the target network topology based on the historical traffic information and the simulated traffic information under the condition that the matching result is inconsistent.
Fig. 7 schematically shows a block diagram of a network change processing apparatus 700 according to an embodiment of the present disclosure.
As shown in fig. 7, the network change processing apparatus 700 includes a second acquiring module 710, a second executing module 720, and a second verifying module 730.
A second obtaining module 710, configured to obtain a network change scheme and a user intention, where the network change scheme includes a configuration instruction.
A second executing module 720, configured to input the configuration instruction into the target network topology, so as to obtain a network change result.
A second verification module 730, configured to verify the network change result based on the user intention to determine a network change handling policy of the real network.
According to the embodiment of the disclosure, the network change scheme is verified in the target network topology, and the network change strategy of the real network is determined according to the verification result, so that the influence of the network change scheme and whether the influence accords with the expectation before the network change is carried out on the real network can be prejudged, and the operation and maintenance cost of the real network and the probability of production accidents caused by errors of the change scheme are effectively reduced.
According to an embodiment of the present disclosure, the second authentication module 730 includes a fourth authentication unit and a fifth authentication unit. The fourth verification unit is used for inputting the network change scheme into the real network to change the network of the real network under the condition that the network change result conforms to the user intention; and a fifth verification unit, configured to feed back error prompt information and modification opinions of the network change plan when the network change result does not meet the user intention.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
It should be noted that, the network topology constructing apparatus and the network change processing apparatus in the embodiment of the present disclosure are corresponding to the network topology constructing method and the network change processing method in the embodiment of the present disclosure, and the description of the network topology constructing apparatus and the network change processing apparatus refers to the network topology constructing method and the network change processing method in detail, which is not described herein again.
Fig. 8 schematically shows a block diagram of an electronic device adapted to implement a network topology construction method and a network change handling method according to an embodiment of the present disclosure. The electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 8, a computer electronic device 800 according to an embodiment of the present disclosure includes a processor 801 which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 803, various programs and data necessary for the operation of the electronic apparatus 800 are stored. The processor 801, the ROM802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM802 and/or RAM 803. Note that the programs may also be stored in one or more memories other than the ROM802 and the RAM 803. The processor 801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 800 may also include input/output (I/O) interface 805, input/output (I/O) interface 805 also connected to bus 804, according to an embodiment of the present disclosure. The electronic device 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program, when executed by the processor 801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include one or more memories other than the ROM802 and/or RAM 803 and/or ROM802 and RAM 803 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product runs on an electronic device, the program code is configured to enable the electronic device to implement the network topology construction method and the network change processing method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 801, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via communication section 809, and/or installed from removable media 811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It will be appreciated by those skilled in the art that various combinations and/or combinations of the features recited in the various embodiments of the disclosure and/or the claims may be made even if such combinations or combinations are not explicitly recited in the disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments of the present disclosure and/or the claims may be made without departing from the spirit and teachings of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (11)

1. A network topology construction method comprises the following steps:
acquiring configuration information of each device in a plurality of devices of a real network, wherein the plurality of devices comprise a first device supporting a preset communication protocol and a second device not supporting the preset communication protocol, the configuration information of the first device comprises a communication link list and an interface information list, and the configuration information of the second device comprises the interface information list;
determining a first network connection relationship between a plurality of the first devices based on the communication link list;
determining a second network connection relationship among the plurality of second devices and between the second devices and the first device based on the interface information list; and
adding the first network connection relation and the second network connection relation to an initial network topology to obtain a target network topology;
wherein the interface information list includes interface address information of each port of the first device or the second device;
wherein the determining a second network connection relationship between the second devices and the first device based on the interface information list comprises:
acquiring a subnet mask of the port from interface address information of the port;
determining the network segment to which the port belongs according to the subnet mask, wherein a network connection relation exists among all ports belonging to the same network segment; and
and integrating the network connection relations existing in all the network segments to obtain second network connection relations between the second devices and the first devices.
2. The method according to claim 1, wherein the communication link list includes a plurality of communication links established between the first devices based on the preset communication protocol;
the determining a first network connection relationship between the first devices based on the communication link list comprises:
determining a first network connection relationship between the first devices based on the plurality of communication links.
3. The method of claim 1, further comprising:
determining a third network connection relationship between the first device or the second device and other devices based on the interface description information if the interface information list of the first device or the second device includes the interface description information; and
adding the third network connection relationship to the target network topology.
4. The method of claim 1, further comprising:
and verifying the target network topology according to traffic information, wherein the traffic information comprises historical traffic information among ports of a plurality of devices in the real network and simulated traffic information among the ports of the plurality of devices in the target network topology.
5. The method of claim 4, wherein the verifying the target network topology according to traffic information comprises:
matching the historical flow information with the simulated flow information to obtain a matching result;
determining that the target network topology is constructed under the condition that the matching result is consistent; and
and modifying the network connection relation in the target network topology based on the historical traffic information and the simulated traffic information under the condition that the matching result is inconsistent.
6. A network change handling method implemented using a target network topology constructed according to the method of any one of claims 1 to 5, comprising:
acquiring a network change scheme and a user intention, wherein the network change scheme comprises a configuration instruction;
inputting the configuration instruction into the target network topology to obtain a network change result; and
verifying the network change result based on the user intention to determine a network change handling policy of the real network.
7. The method of claim 6, wherein the validating the network change result based on the user intent to determine a network change handling policy of the real network comprises:
inputting the network change scheme into the real network to change the network of the real network under the condition that the network change result conforms to the intention of the user; and
and under the condition that the network change result does not accord with the user intention, feeding back error prompt information and modification opinions of the network change scheme.
8. A network topology construction apparatus comprising:
a first obtaining module, configured to obtain configuration information of each device in a plurality of devices of a real network, where the plurality of devices include a first device that supports a preset communication protocol and a second device that does not support the preset communication protocol, the configuration information of the first device includes a communication link list and an interface information list, and the configuration information of the second device includes the interface information list;
a first determining module, configured to determine a first network connection relationship among the plurality of first devices based on the communication link list;
a second determining module, configured to determine, based on the interface information list, second network connection relationships among the plurality of second devices and between the second devices and the first device; and
the first execution module is used for adding the first network connection relation and the second network connection relation to an initial network topology to obtain a target network topology;
wherein the interface information list includes interface address information of each port of the first device or the second device;
wherein the second determining module is specifically configured to:
acquiring a subnet mask of the port from interface address information of the port;
determining the network segment to which the port belongs according to the subnet mask, wherein network connection relations exist among all ports belonging to the same network segment; and
and integrating the network connection relations existing in all the network segments to obtain second network connection relations between the second devices and the first devices.
9. A network change processing apparatus comprising:
the second acquisition module is used for acquiring a network change scheme and user intention, wherein the network change scheme comprises a configuration instruction;
the second execution module is used for inputting the configuration instruction into a target network topology to obtain a network change result; and
the second verification module is used for verifying the network change result based on the user intention so as to determine a network change processing strategy of a real network;
wherein the target network topology is constructed using the method of any one of claims 1 to 5.
10. An electronic device, comprising:
one or more processors;
a memory to store one or more instructions that,
wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 7.
CN202110554998.XA 2021-05-20 2021-05-20 Network topology construction method and device, and network change processing method and device Active CN113194004B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110554998.XA CN113194004B (en) 2021-05-20 2021-05-20 Network topology construction method and device, and network change processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110554998.XA CN113194004B (en) 2021-05-20 2021-05-20 Network topology construction method and device, and network change processing method and device

Publications (2)

Publication Number Publication Date
CN113194004A CN113194004A (en) 2021-07-30
CN113194004B true CN113194004B (en) 2023-04-07

Family

ID=76984529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110554998.XA Active CN113194004B (en) 2021-05-20 2021-05-20 Network topology construction method and device, and network change processing method and device

Country Status (1)

Country Link
CN (1) CN113194004B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113778938B (en) * 2021-08-31 2024-03-12 上海阵量智能科技有限公司 Method, device and chip for determining network-on-chip topology structure
CN113890831B (en) * 2021-10-20 2024-02-13 中国联合网络通信集团有限公司 Method, device and storage medium for simulating network equipment
CN114520765A (en) * 2022-01-13 2022-05-20 锐捷网络股份有限公司 Automatic configuration method and device of equipment
CN114465907B (en) * 2022-03-17 2023-07-18 中国联合网络通信集团有限公司 Network topology discovery method, device and storage medium
CN115514586B (en) * 2022-11-24 2023-03-21 河北纬坤电子科技有限公司 Access control policy configuration method and electronic equipment
CN116248573B (en) * 2022-12-01 2024-06-18 中国联合网络通信集团有限公司 Link splicing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247784A (en) * 2018-03-07 2019-09-17 北京京东尚科信息技术有限公司 The method and apparatus for determining network topology structure
CN111858254A (en) * 2020-07-24 2020-10-30 中国工商银行股份有限公司 Data processing method and device, computing equipment and medium
CN111953507A (en) * 2019-05-17 2020-11-17 中移(苏州)软件技术有限公司 Network topology discovery method and device and computer storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2672657A1 (en) * 2012-06-05 2013-12-11 ABB Research Ltd. Device and method for verifying communication redundancy in an automation network
CN108055207A (en) * 2017-10-26 2018-05-18 北京天元创新科技有限公司 A kind of network topology cognitive method and device
EP3772199A1 (en) * 2019-08-02 2021-02-03 Siemens Aktiengesellschaft Deterministic network emulator and method for emulating a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247784A (en) * 2018-03-07 2019-09-17 北京京东尚科信息技术有限公司 The method and apparatus for determining network topology structure
CN111953507A (en) * 2019-05-17 2020-11-17 中移(苏州)软件技术有限公司 Network topology discovery method and device and computer storage medium
CN111858254A (en) * 2020-07-24 2020-10-30 中国工商银行股份有限公司 Data processing method and device, computing equipment and medium

Also Published As

Publication number Publication date
CN113194004A (en) 2021-07-30

Similar Documents

Publication Publication Date Title
CN113194004B (en) Network topology construction method and device, and network change processing method and device
AU2015267387B2 (en) Method and apparatus for automating the building of threat models for the public cloud
US9459987B2 (en) Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
CN111177617A (en) Web direct operation and maintenance method and device based on operation and maintenance management system and electronic equipment
JP7453426B2 (en) Network management systems, methods, devices and electronic equipment
US10212034B1 (en) Automated network change management
CN106293798B (en) Self-repairing method and system of electronic device and server
WO2015127851A1 (en) System and method for creating service chains and virtual networks in the cloud
CN113094081B (en) Software release method, device, computer system and computer readable storage medium
US20230396590A1 (en) Techniques for bootstrapping across secure air gaps with proxying sidecar
US20230393858A1 (en) Techniques for bootstrapping across secure air gaps with static sidecar
CN111181771A (en) Security changing abnormity positioning method and device based on fort machine and electronic equipment
CN114189553A (en) Flow playback method, system and computing equipment
CN111447273B (en) Cloud processing system and data processing method based on cloud processing system
US11972300B2 (en) Techniques for managing edge device provisioning
US11706245B2 (en) System and method for solution resolution for vulnerabilities identified by third-party vulnerability scanners
US20230393859A1 (en) Techniques for bootstrapping across secure air gaps with edge device cluster
CN116264538A (en) Data processing method, device, equipment and computer storage medium
CN115314257A (en) Authentication method and device of file system, electronic equipment and computer storage medium
CN110532186B (en) Method, device, electronic equipment and storage medium for testing by using verification code
CN114640614A (en) RPC interface automatic test method, system, electronic equipment, medium and product
CN112667508A (en) Mock method, system and device based on user-defined Mock platform and storage medium
US7620612B1 (en) Performing model-based root cause analysis using inter-domain mappings
CN114677138A (en) Data processing method, data processing equipment and computer readable storage medium
CN112433821B (en) Method and device for building business model, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant