CN113259187B - SDN-based traffic stack analysis method, system and computer-readable storage medium - Google Patents
SDN-based traffic stack analysis method, system and computer-readable storage medium Download PDFInfo
- Publication number
- CN113259187B CN113259187B CN202110782907.8A CN202110782907A CN113259187B CN 113259187 B CN113259187 B CN 113259187B CN 202110782907 A CN202110782907 A CN 202110782907A CN 113259187 B CN113259187 B CN 113259187B
- Authority
- CN
- China
- Prior art keywords
- analysis
- node
- flow
- sdn
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a SDN-based traffic stack analysis method, a system and a computer-readable storage medium. The method comprises the steps of calculating a flow distribution strategy of each analysis node according to current stacking session flow of network data and node load capacity of each analysis node, and distributing the network data of corresponding flow to each analysis node through an SDN network controller based on the flow distribution strategy; each analysis node receives and statistically analyzes the distributed network data corresponding to the flow respectively, and reports a statistical analysis result; and summarizing the statistical analysis results of all the analysis nodes at regular time, and summarizing and analyzing the summarized contents to obtain a total flow analysis result. By adopting the flow stack analysis of the SDN based on MapReduce, the method can deeply analyze the ultrahigh-speed flow and find the problem, and meanwhile, deeply analyze the content of the flow and find the deep reason of the problem.
Description
Technical Field
The present invention relates to the field of network traffic analysis, and more particularly, to a method, a system, and a computer-readable storage medium for traffic stack analysis based on SDN.
Background
As networks become more widely used, their size has grown, and has grown from gigabit networks to ten gigabit networks, to 25G/100G networks that are deployed on a large scale today. The services carried in the network are also becoming more and more abundant. Enterprises need to know the services carried in the network in time and grasp the network flow characteristics in time so as to optimize the network bandwidth configuration and solve the network performance problem in time. Meanwhile, when the network is abnormal, the abnormal source tracing needs to be carried out in time. The solution adopted by the existing products in the market at present comprises the following steps: firstly, only the header of the message is analyzed, and secondly, distributed deployment is adopted.
Only the header of the message is analyzed, which can meet the data statistics of the flow, but when the flow is insufficient, the content cannot be analyzed, and the problem is found but the reason of the problem is unknown. And the distributed deployment is adopted, so that not only is the deployment inconvenient, the accurate statistical analysis of the flow cannot be carried out, but also the situations of repeated calculation, repeated analysis and missing analysis exist.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method, a system and a computer readable storage medium for flow stack analysis based on SDN, which can not only deeply analyze the ultra-high speed flow, but also accurately analyze the flow content in real time.
The technical scheme adopted by the invention for solving the technical problems is as follows: constructing a SDN-based traffic stack analysis method, comprising the following steps:
s1, calculating a flow distribution strategy of each analysis node according to the current stacking session flow of the network data and the node load capacity of each analysis node by adopting a Map module, and distributing the network data of corresponding flow to each analysis node through an SDN network controller based on the flow distribution strategy;
s2, each analysis node receives and statistically analyzes the distributed network data of the corresponding flow respectively, and reports statistical analysis results;
and S3, regularly summarizing the statistical analysis results of all the analysis nodes by adopting a Reduce module, and summarizing and analyzing the summarized contents to obtain a total flow analysis result.
In the SDN-based traffic stack analysis method according to the present invention, step S1 further includes the following steps:
s11, generating a node load capacity table including the node load capacity of each analysis node according to the current load condition of each analysis node by adopting a Map module, and sequencing each analysis node according to the node load capacity of each analysis node from large to small and then putting the analysis nodes into a node list;
s12, analyzing the network data by adopting a Map module to obtain the current stacking conversation flow of all the conversation information, sequencing all the conversation information according to the descending order of the conversation triple flow and then putting the conversation information into a flow list;
s13, sequentially taking out analysis nodes from the node list by adopting a Map module according to the sequence, calculating the flow of the required load according to the node load capacity of the analysis nodes, sequentially taking out session information from the flow list according to the load flow limitation of the analysis nodes according to the sequence, loading the session information to the analysis nodes until all the session information is traversed, and then putting the analysis nodes into the node list for reordering;
s14, repeating the steps S11-S13 by adopting a Map module until all the session information is loaded.
In the SDN-based traffic stack analysis method according to the present invention, step S12 further includes the following steps:
s121, dividing the network data into different streaming data packets by adopting a Map module according to the detailed information of the network data, and carrying out independent data statistics on the different streaming data packets;
s122, analyzing all session information and session flow of the session information by adopting a Map module according to the detailed information of each stream data packet;
and S123, sequencing all the session information according to the sequence of the session triple flow from large to small by adopting a Map module, and then putting the sequenced session information into a flow list.
In the SDN-based traffic stack analysis method of the present invention, the detailed information includes a target IP address, a target port, a source IP address, a protocol number, and a service term, and the session triple traffic includes a source IP address, a target IP address, and a target port triple traffic.
In the SDN-based traffic stack analysis method according to the present invention, in step S11, a node load capacity of each analysis node is calculated based on the CPU frequency, the total amount of memory, the CPU frequency weight coefficient, and the total amount of memory weight coefficient of the analysis node.
In the SDN-based traffic stack analysis method according to the present invention, step S3 further includes the following steps:
s31, regularly summarizing the statistical analysis results of all analysis nodes;
s32, correlating, analyzing and summarizing the statistical analysis results to obtain the total flow analysis result;
and S33, performing visualization processing on the total flow analysis result and storing the total flow analysis result.
The technical scheme adopted by the invention for solving the technical problems is as follows: constructing an SDN-based traffic stack analysis system, comprising: the system comprises a plurality of analysis nodes, a Map module, an SDN network controller and a Reduce module;
the Map module is used for calculating a flow distribution strategy of each analysis node according to the current stacking flow of network data and the node load capacity of each analysis node, and distributing the network data of corresponding flow to each analysis node through an SDN network controller based on the flow distribution strategy;
each analysis node receives and statistically analyzes the distributed network data corresponding to the flow respectively, and reports a statistical analysis result;
the Reduce module is used for regularly summarizing the statistical analysis result of each analysis node and summarizing and analyzing the summarized content to obtain a total flow analysis result.
In the SDN-based traffic stack analysis system of the present invention, the Map module is further configured to perform the following steps:
s1, generating a node load capacity table including the node load capacity of each analysis node according to the current load condition of each analysis node, and sorting each analysis node according to the node load capacity of each analysis node from large to small and then placing the analysis nodes into a node list;
s2, analyzing the network data to obtain the conversation flow of all the conversation information, and sequencing all the conversation information according to the descending order of the conversation triple flow and then putting the conversation information into a flow list;
s3, sequentially taking out analysis nodes from the node list according to the sequence, calculating the flow of the required load according to the node load capacity, sequentially taking out session information from the flow list according to the load flow limitation of the analysis nodes according to the sequence, loading the session information to the analysis nodes until all the session information is traversed, and then putting the analysis nodes into the node list for reordering;
the foregoing steps S1-S3 are repeatedly executed until all session information is loaded.
In the SDN-based traffic stack analysis system of the present invention, the Reduce module is further configured to: the statistical analysis results of all the analysis nodes are gathered regularly; correlating, analyzing and summarizing the statistical analysis results to obtain the total flow analysis result; and carrying out visual processing on the total flow analysis result and storing the total flow analysis result.
The other technical scheme adopted by the invention for solving the technical problem is as follows: a computer-readable storage medium is constructed on which a computer program is stored which, when being executed by a processor, implements the SDN based traffic stack analysis method.
By implementing the SDN-based traffic stack analysis method, the SDN-based traffic stack analysis system and the computer-readable storage medium, the traffic stack analysis of the SDN based on MapReduce can be adopted, the ultra-high-speed traffic of 100G or more at the data center can be deeply analyzed, the problems can be found, and the deep reasons for generating the problems can be found by deeply analyzing the content of the traffic.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
fig. 1 is a flow chart of a first preferred embodiment of an SDN based traffic stack analysis method of the present invention;
figure 2 is a flow chart of the steps of network data traffic distribution of a second preferred embodiment of the SDN based traffic stack analysis method of the present invention;
FIG. 3A illustrates a hardware configuration of various analysis nodes according to the preferred embodiment shown in FIG. 2;
FIG. 3B shows CPU frequency and total amount of memory for each analysis node prior to network data traffic distribution;
FIG. 3C illustrates a node load capacity table of node load capacities of various analysis nodes;
figure 4 is a flow chart of the steps of result summarization of a third preferred embodiment of the SDN based traffic stack analysis method of the present invention;
figure 5 is a schematic block diagram of a first preferred embodiment of an SDN based traffic stack analysis system of the present invention;
fig. 6 is a timing diagram of the traffic stack analysis system of the SDN shown in fig. 5.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The Software Defined Network (SDN) can virtualize underlying hardware facilities, and the controller is used for carrying out overall network centralized management to realize uniform network configuration. Therefore, by providing a programming interface clearly defined by the network, the SDN realizes dynamic and flexible centralized interaction of the application program and network hardware, thereby meeting the requirement of real-time centralized configuration of a big data application system architecture.
The Map-Reduce is an application system framework oriented to large-scale mass data parallel computing, computing tasks are divided into Map operation and Reduce operation, and computing work is divided into a large number of machines. The Reduce adopts a slave/master architecture, and the compute node integrates two application programs, namely a data storage unit (data node) and a compute task tracker, so as to complete the functions of storing the data of the node and executing Map-Reduce operation. The control node integrates application programs such as a directory unit, a secondary directory unit, a work tracker and the like, decomposes the calculation task of a user, distributes corresponding calculation resources, and monitors the execution of the whole calculation task.
The invention supports various analyses on network flow of various scales by adopting Map-Reduce flow stacking analysis and SDN network distribution technology, breaks through the defect that the existing product can not deeply analyze the flow in a large-scale flow scene, can support elastic expansion at the same time, is suitable for continuous expansion of the future network scale, and only needs elastic expansion of flow analysis nodes.
Fig. 1 is a flowchart of a first preferred embodiment of an SDN-based traffic stack analysis method of the present invention. As shown in fig. 1, in step S1, a Map module is used to calculate a traffic distribution policy of each analysis node according to a current stacking session traffic of network data and a node load capacity of each analysis node, and an SDN network controller distributes network data of corresponding traffic to each analysis node based on the traffic distribution policy.
In this step, the Map module may distribute, by using the SDN network controller, current stacking session traffic of the network data according to the node load capacity of each analysis node. Each analysis node is the smallest analysis unit that performs the intrusion detection analysis of the data flow. Fig. 2 shows a flow chart of the steps of network data traffic distribution according to a preferred embodiment of the present invention.
As shown in fig. 2, in step S11, a Map module is used to generate a node load capacity table including the node load capacities of the analysis nodes (i.e., the computation nodes) according to the current load conditions of the analysis nodes, and the analysis nodes are sorted in the order of their node load capacities from large to small and then placed in the node list. Preferably, the node load capacity of each analysis node may be calculated based on the CPU frequency, the total amount of memory, the CPU frequency weight coefficient, and the total amount of memory weight coefficient of each analysis node. For example, suppose that the analysis node group S = { S1, S2, S3 … Sn-1}, Si is the ith analysis node, the node load capacity is r (Si), and Ki is the specific gravity coefficient of the analysis node Si, where
. MiningIf the CPU frequency is represented by Rcpu and the total memory amount is represented by Rm, the formula for calculating r (si) may be r (si) = k1 × Rcpu (si) + k2 × Rm (si).
For example, the hardware configuration of each analysis node is as shown in fig. 3A. Before the step of network data traffic distribution, the current load condition of each analysis node, that is, the CPU frequency and the total memory amount, is obtained as shown in fig. 3B. Because the environment of each analysis node is different, such as a system and software, the data is different, and the consumed resources are different, the CPU frequency proportion coefficient and the memory total proportion coefficient are set. As shown in fig. 3C, the CPU frequency specific gravity coefficient and the total memory specific gravity coefficients 0.3 and 0.7 are taken, and the node load capacities of the analysis nodes are respectively shown in fig. 3C. The sum of the node load capacities of the analysis nodes is as follows: 15.28 + 5.08 + 6.12 + 4.46 + 1.04 = 31.98. And then, sequencing all the analysis nodes according to the order of the node load capacity from large to small, and then putting the analysis nodes into a node list.
In step S12, the Map module is used to analyze the network data to obtain the current stacking session traffic of all the session information, and the session information is sorted according to the sequence of the session triple traffic from large to small and then put into a traffic list.
In a preferred embodiment of the present invention, the network data may be divided into different stream packets according to detailed information of the network data, and the different stream packets may be subjected to independent data statistics. For example, the detailed information includes a destination IP address, a destination port, a source IP address, a protocol number, and service terms, and the session triplet traffic includes a source IP address, a destination IP address, and a destination port triplet traffic. That is, for example, an on-switch traffic statistics function may be turned on, the switch divides the network data into different stream packets according to the destination IP address, destination port, source IP address, protocol number, and service terms of the network data, performs independent data statistics on the different stream packets, and then periodically sends the collected detailed information for subsequent processing. And then analyzing all the session information and the session triple flow according to the detailed information of each streaming data packet, sequencing all the session information according to the sequence of the session triple flow from large to small, and putting the sequenced session information into a flow list. The session triple traffic comprises triple traffic of a source IP address, a target IP address and a target port
In step S13, a Map module is used to sequentially take out analysis nodes from the node list according to the order, calculate the traffic size of the required load according to the node load capacity of the analysis nodes, sequentially take out session information from the traffic list according to the load traffic quota of the analysis nodes until all the session information is traversed, and then put the analysis nodes into the node list for re-ordering. Then, in step S14, the Map module is used to determine whether all the session information is loaded, if so, the distribution process is ended, otherwise, the step S11 is returned, and the steps S11 to S13 are repeated until all the session information is loaded.
Preferably, the Map module is adopted to sequentially take out the analysis nodes from the node list according to the sequence, and the flow rate of the required load is calculated according to the node load capacity of the analysis nodes. And simultaneously or sequentially taking out the session information from the traffic list according to the sequence and loading the session information to the analysis node, as long as the session information does not exceed the limit of the load traffic which can be carried by the analysis node, until all the traffic corresponding to the session information cannot be maintained by the load of the analysis node. Specific node load capabilities can be seen in fig. 3C. And after all the session information is traversed, adding the analysis nodes into the node list again, and reordering the analysis nodes according to the remaining node load capacity for secondary loading. And after all the analysis nodes finish the traffic load, the traffic which is not loaded to the analysis nodes is still present, the node list of the traffic analysis nodes is circularly traversed again, and the session information is sequentially added to each analysis node according to the steps until all the session traffic is loaded.
Preferably, flow table information may be generated according to the current load traffic of each analysis node while adding a default flow table. After the new load distribution is completed, the analysis node which does not load all the traffic in the current session information to the maximum idle load capacity is performed.
In step S2, each analysis node receives and statistically analyzes the distributed network data corresponding to the traffic, and reports a statistical analysis result. In a preferred embodiment of the present invention, the analysis nodes may perform various types of statistics, deep analysis of data content, and persistent storage of data on the received network data. One skilled in the art can perform this step using any known statistical analysis method.
In step S3, a Reduce module is used to periodically summarize the statistical analysis results of the analysis nodes, and summarize the summary content to obtain a total traffic analysis result. Figure 4 shows the result summarization step of the preferred embodiment. As shown in fig. 4, in step S31, each analysis node reports the statistical analysis result at regular time, and then receives the statistical analysis result by using Reduce module, and performs a regular summary on the statistical analysis result. In step S32, a Reduce module is used to correlate, analyze and summarize the statistical analysis results to obtain the total flow analysis result. The traffic analysis results may include obtaining total traffic analysis situation and abnormal situation. In step S33, a Reduce module is used to perform visualization processing on the total flow analysis result and store the result. Preferably, an exception alarm may also be supported.
By implementing the SDN-based traffic stack analysis method, the traffic stack analysis of the SDN based on MapReduce is adopted, the ultrahigh-speed traffic of 100G or more in a data center can be deeply analyzed, the problem can be found, and the deep reason for generating the problem can be found by deeply analyzing the content of the traffic.
Fig. 5 is a schematic block diagram of a first preferred embodiment of the SDN based traffic stack analysis system of the present invention. Fig. 6 is a timing diagram of the traffic stack analysis system of the SDN shown in fig. 5. As shown in fig. 5 to 6, the SDN-based traffic stack analysis system of the present invention includes: map module 100, SDN network controller 200, analysis module 300, and Reduce module 400. The analysis module 300 includes a plurality of analysis nodes 310. As shown in fig. 5, the SDN network controller 200 is provided in the SDN network control node 20. The Map module 100 and the Reduce module 400 are provided in the MapReduce node 10.
In the present invention, as shown in fig. 6, the Map module 100 calculates a traffic distribution policy of each analysis node 310 according to a current stacking traffic of network data and a node load capacity of each analysis node 310, and issues the traffic distribution policy to an SDN network control node, an SDN network controller 200 of the SDN network control node 20 supports a software-defined network, and distributes network data of corresponding traffic to each analysis node 310 based on the traffic distribution policy.
Each analysis node 310 receives and statistically analyzes the distributed network data corresponding to the traffic, including various statistics, deep analysis of data content and persistent storage of data, and reports the analysis result to the Reduce module for reduction processing. The Reduce module 400 is configured to summarize the statistical analysis results of the analysis nodes 310 at regular time, and perform summarization analysis on the summarized content to obtain a total traffic analysis result.
Preferably, the Map module 100 is further configured to: generating a node load capacity table including the node load capacity of each analysis node 310 according to the current load condition of each analysis node 310, and sorting each analysis node 310 according to the order of the node load capacity from large to small and then placing the analysis nodes in a node list; analyzing the network data to obtain session triple flow of all session information of the network data, sequencing all the session information according to the sequence of the session triple flow from large to small, and putting the sequenced session information into a flow list; sequentially taking out the analysis nodes 310 from the node list according to the sequence, calculating the flow size of the required load according to the node load capacity, sequentially taking out the session information from the flow list according to the load flow limitation of the analysis nodes 310 according to the sequence, loading the session information to the analysis nodes 310 until all the session information is traversed, and then putting the analysis nodes 310 into the node list for reordering; and repeating the steps until all the session information is loaded.
In the SDN-based traffic stack analysis system of the present invention, the Reduce module 400 is further configured to summarize the statistical analysis results of each analysis node 310 at regular time; correlating, analyzing and summarizing the statistical analysis results to obtain the total flow analysis result; and carrying out visual processing on the total flow analysis result and storing the total flow analysis result.
Those skilled in the art will appreciate that the Map module 100, the SDN network controller 200, the analysis module 300, the Reduce module 400, and the analysis node 310 may be configured in accordance with the embodiments shown in fig. 1-4. Based on the present invention, those skilled in the art can implement the SDN-based traffic stack analysis system, and thus, the description is not repeated here.
Accordingly, the present invention can be realized in hardware, software, or a combination of hardware and software. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the present invention is suited. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
The invention also relates to a computer readable storage medium having stored thereon a computer program containing all the features enabling the SDN based traffic stack analysis method of the invention. When installed in a computer system, may implement the methods of the present invention. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format.
By implementing the SDN-based traffic stack analysis method, the SDN-based traffic stack analysis system and the computer-readable storage medium, dynamic flow scheduling is performed according to the load of the analysis nodes by a distributed parallel detection method, so that real-time and accurate detection is ensured, the phenomena of missing report and delay caused by performance are prevented, and the maximization of the overall performance is realized.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. An SDN-based traffic stack analysis method is characterized by comprising the following steps:
s1, calculating a flow distribution strategy of each analysis node according to the current stacking session flow of the network data and the node load capacity of each analysis node by adopting a Map module, and distributing the network data of corresponding flow to each analysis node through an SDN network controller based on the flow distribution strategy;
s2, each analysis node receives and statistically analyzes the distributed network data of the corresponding flow respectively, and reports statistical analysis results;
and S3, regularly summarizing the statistical analysis results of all the analysis nodes by adopting a Reduce module, and summarizing and analyzing the summarized contents to obtain a total flow analysis result.
2. The SDN-based traffic stack analysis method according to claim 1, wherein step S1 further comprises the steps of:
s11, generating a node load capacity table including the node load capacity of each analysis node according to the current load condition of each analysis node by adopting a Map module, and sequencing each analysis node according to the node load capacity of each analysis node from large to small and then putting the analysis nodes into a node list;
s12, analyzing the network data by adopting a Map module to obtain the current stacking conversation flow of all the conversation information, sequencing all the conversation information according to the descending order of the conversation triple flow and then putting the conversation information into a flow list;
s13, sequentially taking out analysis nodes from the node list by adopting a Map module according to the sequence, calculating the flow of the required load according to the node load capacity of the analysis nodes, sequentially taking out session information from the flow list according to the load flow limitation of the analysis nodes according to the sequence, loading the session information to the analysis nodes until all the session information is traversed, and then putting the analysis nodes into the node list for reordering;
s14, repeating the steps S11-S13 by adopting a Map module until all the session information is loaded.
3. The SDN-based traffic stack analysis method according to claim 2, wherein the step S12 further comprises the steps of:
s121, dividing the network data into different streaming data packets by adopting a Map module according to the detailed information of the network data, and carrying out independent data statistics on the different streaming data packets;
s122, analyzing all session information and session flow of the session information by adopting a Map module according to the detailed information of each stream data packet;
and S123, sequencing all the session information according to the sequence of the session triple flow from large to small by adopting a Map module, and then putting the sequenced session information into a flow list.
4. The SDN-based traffic stack analysis method of claim 3, wherein the detailed information includes a destination IP address, a destination port, a source IP address, a protocol number, and a service term, and wherein the session triplet traffic includes a source IP address, a destination IP address, and a destination port triplet traffic.
5. The SDN-based traffic stack analysis method according to claim 3, wherein in step S11, the node load capacity of each analysis node is calculated based on the CPU frequency, the total amount of memory, the CPU frequency weight coefficient and the total amount of memory weight coefficient of the analysis node.
6. The SDN-based traffic stack analysis method according to any one of claims 1-5, wherein step S3 further comprises the steps of:
s31, regularly summarizing the statistical analysis results of all analysis nodes;
s32, correlating, analyzing and summarizing the statistical analysis results to obtain the total flow analysis result;
and S33, performing visualization processing on the total flow analysis result and storing the total flow analysis result.
7. An SDN-based traffic stack analysis system, comprising: a plurality of analysis nodes, a Map module, an SDN network controller and a Reduce module,
the Map module is used for calculating a flow distribution strategy of each analysis node according to the current stacking flow of network data and the node load capacity of each analysis node, and distributing the network data of corresponding flow to each analysis node through an SDN network controller based on the flow distribution strategy;
each analysis node receives and statistically analyzes the distributed network data corresponding to the flow respectively, and reports a statistical analysis result;
the Reduce module is used for regularly summarizing the statistical analysis result of each analysis node and summarizing and analyzing the summarized content to obtain a total flow analysis result.
8. The SDN-based traffic stack analysis system of claim 7, wherein the Map module is further configured to perform the steps of:
s1, generating a node load capacity table including the node load capacity of each analysis node according to the current load condition of each analysis node, and sorting each analysis node according to the node load capacity of each analysis node from large to small and then placing the analysis nodes into a node list;
s2, analyzing the network data to obtain the conversation flow of all the conversation information, and sequencing all the conversation information according to the descending order of the conversation triple flow and then putting the conversation information into a flow list;
s3, sequentially taking out analysis nodes from the node list according to the sequence, calculating the flow of the required load according to the node load capacity, sequentially taking out session information from the flow list according to the load flow limitation of the analysis nodes according to the sequence, loading the session information to the analysis nodes until all the session information is traversed, and then putting the analysis nodes into the node list for reordering;
the foregoing steps S1-S3 are repeatedly executed until all session information is loaded.
9. The SDN-based traffic stack analysis system of claim 7, wherein the Reduce module is further configured to: the statistical analysis results of all the analysis nodes are gathered regularly; correlating, analyzing and summarizing the statistical analysis results to obtain the total flow analysis result; and carrying out visual processing on the total flow analysis result and storing the total flow analysis result.
10. A computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the SDN based traffic stack analysis method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110782907.8A CN113259187B (en) | 2021-07-12 | 2021-07-12 | SDN-based traffic stack analysis method, system and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110782907.8A CN113259187B (en) | 2021-07-12 | 2021-07-12 | SDN-based traffic stack analysis method, system and computer-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113259187A CN113259187A (en) | 2021-08-13 |
| CN113259187B true CN113259187B (en) | 2021-10-26 |
Family
ID=77191113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110782907.8A Active CN113259187B (en) | 2021-07-12 | 2021-07-12 | SDN-based traffic stack analysis method, system and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113259187B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391742A (en) * | 2015-12-18 | 2016-03-09 | 桂林电子科技大学 | Hadoop-based distributed intrusion detection system |
| CN106789147A (en) * | 2016-04-29 | 2017-05-31 | 新华三技术有限公司 | A kind of flow analysis method and device |
| CN110858308A (en) * | 2018-08-22 | 2020-03-03 | 北京航天长峰科技工业集团有限公司 | P2P flow analysis method based on large-scale data storage and processing technology |
| WO2020202167A1 (en) * | 2019-03-29 | 2020-10-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for virtual network function (vnf) load characterization using traffic analytics in sdn managed clouds |
-
2021
- 2021-07-12 CN CN202110782907.8A patent/CN113259187B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391742A (en) * | 2015-12-18 | 2016-03-09 | 桂林电子科技大学 | Hadoop-based distributed intrusion detection system |
| CN106789147A (en) * | 2016-04-29 | 2017-05-31 | 新华三技术有限公司 | A kind of flow analysis method and device |
| CN110858308A (en) * | 2018-08-22 | 2020-03-03 | 北京航天长峰科技工业集团有限公司 | P2P flow analysis method based on large-scale data storage and processing technology |
| WO2020202167A1 (en) * | 2019-03-29 | 2020-10-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for virtual network function (vnf) load characterization using traffic analytics in sdn managed clouds |
Non-Patent Citations (2)
| Title |
|---|
| 基于MapReduce的大规模流量分析系统的设计.;唐宏.;《电信科学》;20131220;第29卷(第12期);全文 * |
| 基于一体化网络的分布式流量分析系统的设计与实现.;张朝贵.;《中国优秀硕士学位论文全文数据库信息科技辑2015年》;20150415(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113259187A (en) | 2021-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7890620B2 (en) | Monitoring system and monitoring method | |
| CN107729147B (en) | Data processing method in stream computing system, control node and stream computing system | |
| US7020713B1 (en) | System and method for balancing TCP/IP/workload of multi-processor system based on hash buckets | |
| CN110932989B (en) | Elephant flow path monitoring and scheduling method based on SDN data center network | |
| US9753942B2 (en) | Traffic statistic generation for datacenters | |
| US20220038374A1 (en) | Microburst detection and management | |
| CN112202644B (en) | Collaborative network measurement method and system oriented to hybrid programmable network environment | |
| CN111865817A (en) | Load balancing control method, device and equipment for remote measuring collector and storage medium | |
| CN115277574A (en) | Data center network load balancing method under SDN architecture | |
| CN108280018A (en) | A kind of node workflow communication overhead efficiency analysis optimization method and system | |
| CN113259187B (en) | SDN-based traffic stack analysis method, system and computer-readable storage medium | |
| Nguyen et al. | On load balancing for a virtual and distributed MME in the 5G core | |
| CN110557302B (en) | Network equipment message observation data acquisition method | |
| Zhou | A trace-driven simulation study of dynamic load balancing | |
| KhudaBukhsh et al. | Generalized cost-based job scheduling in very large heterogeneous cluster systems | |
| CN114124732B (en) | Cloud-oriented in-band computing deployment method, device and system | |
| CN113055493B (en) | Data packet processing method, device, system, scheduling device and storage medium | |
| CN110336758B (en) | Data distribution method in virtual router and virtual router | |
| CN110572332B (en) | Network equipment message observation data acquisition task dividing method | |
| Akanbi et al. | Proactive load shifting for distributed sdn control plane architecture | |
| Pan et al. | Orchestrating probabilistic in-band network telemetry for network monitoring | |
| CN114610765B (en) | Stream calculation method, device, equipment and storage medium | |
| Cranfield et al. | Computer modeling the ATLAS Trigger/DAQ system performance | |
| WO2023105697A1 (en) | Conversion device, conversion method, and conversion program | |
| CN110545217B (en) | Event-driven fine-grained TCP flow measurement method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |