CN113518047A - Network traffic replication method, switch and application - Google Patents
Network traffic replication method, switch and application Download PDFInfo
- Publication number
- CN113518047A CN113518047A CN202110381319.3A CN202110381319A CN113518047A CN 113518047 A CN113518047 A CN 113518047A CN 202110381319 A CN202110381319 A CN 202110381319A CN 113518047 A CN113518047 A CN 113518047A
- Authority
- CN
- China
- Prior art keywords
- port
- network
- network traffic
- switch
- bidirectional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Abstract
The invention discloses a network flow replication method, a switch and application, wherein the network flow replication method comprises the following steps: the invention provides a convenient method for duplicating network flow of a switch, which can duplicate the network flow of paired ports of the switch to one or more network analysis devices and can also duplicate the network flow of a plurality of groups of paired ports of the switch to a plurality of corresponding network analysis devices respectively and simultaneously.
Description
Technical Field
The invention relates to the technical field of network traffic transmission. In particular to a network flow replication method, a switch and application.
Background
The network flow copying function is used for completely copying the flow passing through the port of the switch to the other port of the same switch, and the other port is simultaneously connected to the network analysis equipment, so that the purpose of real-time network flow analysis is achieved.
Generally, network traffic replication generally uses a traffic mirroring function of a switch, and most switches in the market currently only support one or two groups of traffic mirroring functions; if the same port network flow is copied to a plurality of network analysis devices or a plurality of port network flows are copied to a plurality of network analysis devices at the same time, most switches cannot meet the requirement; if the requirements need to be met, at least a plurality of switches or one high-end switch is needed, which is particularly wasteful.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to provide a network traffic replication method, a switch and an application, and provide a convenient switch network traffic replication method, which can replicate a switch paired port network traffic to one or more network analysis devices, and can replicate multiple sets of paired port network traffic of the switch to corresponding multiple network analysis devices at the same time.
In order to solve the technical problems, the invention provides the following technical scheme:
a network flow copying method sets a virtual local area network, and at least a pair of two-way ports and at least a one-way port are set in the virtual local area network, and simultaneously, the MAC address learning function of all two-way ports is closed, then the network flow is sent to the virtual local area network through at least one two-way port, and the network flow is copied to the other two-way ports and all one-way ports.
In the network traffic replication method, the unidirectional port is a bidirectional port which sends the network traffic to the virtual local area network and the network traffic channel is in a closed state.
According to the network flow replication method, the bidirectional port sends the network flow to the virtual local area network in the form of the flooding frame.
The switch for switching network traffic by using the network traffic replication method is characterized in that at least two bidirectional ports and at least one unidirectional port are arranged on a switch main body, and MAC address learning functions of all the bidirectional ports are in a closed state.
In the switch, the unidirectional port is a bidirectional port which sends a network traffic to the virtual local area network and the network traffic path is in a closed state.
The application of the network traffic replication method is to use the one-way port in network analysis or/and network troubleshooting after the one-way port is in communication connection with the network analysis equipment.
The technical scheme of the invention achieves the following beneficial technical effects:
1. the invention can copy the network flow passing through the paired ports to one or more network analysis devices, and compared with the prior flow mirroring technology, the invention can more flexibly realize the flow copying function and can also realize the function even on a lower-end switch.
2. The method can simultaneously copy the network traffic of a plurality of groups of paired ports to a plurality of corresponding network analysis devices respectively, and compared with the existing traffic mirroring technology, the method can more flexibly realize the traffic copying function and can also be realized even on a lower-end switch.
Drawings
Fig. 1 is a schematic diagram of the operation of the switch in embodiment 1;
FIG. 2 is a diagram showing the operation of the switch in embodiment 2;
fig. 3 is a schematic diagram of the operation of the switch in embodiment 3.
Detailed Description
Example 1
As shown in fig. 1, the switch in this embodiment is provided with a bidirectional port 1, a bidirectional port 2, and a unidirectional port 3, and the bidirectional port 1, the bidirectional port 2, and the unidirectional port 3 are provided in a first virtual local area network. The MAC address learning function of the bidirectional port 1 and the MAC address learning function of the bidirectional port 2 are both in a closed state, and the unidirectional port 3 is in communication connection with the network analysis device a.
When the network traffic is sent into the first vlan through the bidirectional port 1, the network traffic entering the first vlan through the bidirectional port 1 is also copied and forwarded to the unidirectional port 3 when being copied and forwarded to the bidirectional port 2, and then the network traffic entering the first vlan through the bidirectional port 1 is copied and sent to the network analysis device a through the unidirectional port 3. When the network traffic is sent into the first vlan through the bidirectional port 2, the network traffic entering the first vlan through the bidirectional port 2 is also copied and forwarded to the unidirectional port 3 when being copied and forwarded to the bidirectional port 1, and then the network traffic entering the first vlan through the bidirectional port 2 is copied and sent to the network analysis device a through the unidirectional port 3. When the network traffic is sent into the first vlan through the bidirectional port 1 and the bidirectional port 2, the network traffic entering the first vlan through the bidirectional port 1 is copied and forwarded to the bidirectional port 2 and the unidirectional port 3, and the network traffic entering the first vlan through the bidirectional port 2 is also copied and forwarded to the bidirectional port 1 and the unidirectional port 3, and the network analysis device a can obtain the network traffic sent into the first vlan through the bidirectional port 1 and the bidirectional port 2 through the unidirectional port, so that the network traffic passing through the bidirectional port 1 and the bidirectional port 2 is copied to the network analysis device a.
In this embodiment, the bidirectional port 1 and the bidirectional port 2 send network traffic to the first vlan in the form of a flooding frame.
Example 2
As shown in fig. 2, the switch in the present embodiment is different from the switch in embodiment 1 in that: the switch in this embodiment is additionally provided with a unidirectional port 4, and the network analysis device B is accessed to the first virtual local area network through the unidirectional port 4.
When the network traffic sent into the first vlan through the bidirectional port 1 and the bidirectional port 2 is copied and sent to the unidirectional port 3 and sent to the network analysis device a through the unidirectional port 3, the network traffic sent into the first vlan through the bidirectional port 1 and the bidirectional port 2 is also copied and sent to the unidirectional port 4 and sent to the network analysis device B through the unidirectional port 4, so that the network traffic is copied and sent to the network analysis device a and the network analysis device B at the same time.
Based on the situation, if the network traffic sent to the first vlan through the bidirectional port 1 and the bidirectional port 2 is copied and sent to more network analysis devices, the network traffic sent to the pair of bidirectional ports in the vlan is copied and sent to one or more network analysis devices located in the same vlan only by adding the corresponding number of unidirectional ports, and thus, the network traffic from the bidirectional ports in the same vlan can be analyzed by using one or more network analysis devices.
Example 3
As shown in fig. 3, the switch in the present embodiment is different from the switch in embodiment 2 in that: the switch in this embodiment is additionally provided with a second virtual local area network formed by a bidirectional port 5, a bidirectional port 6 and a unidirectional port 7, and a third local area network formed by a bidirectional port 8, a bidirectional port 9 and a unidirectional port 10, wherein a network analysis device C is in communication connection with the unidirectional port 7, and a network analysis device D is in communication connection with the unidirectional port 10. The MAC address learning function of the bidirectional port 5, the MAC address learning function of the bidirectional port 6, the MAC address learning function of the bidirectional port 8, and the MAC address learning function of the bidirectional port 9 are all in a normally closed state.
When network traffic is sent into the second vlan through the bidirectional port 5 and the bidirectional port 6, respectively, the network traffic entering the second vlan through the bidirectional port 5 and the bidirectional port 6 is copied and sent to the unidirectional port 7, and sent to the network analysis device C through the unidirectional port 7. Similarly, when network traffic is sent into the third vlan through the bidirectional port 8 and the bidirectional port 9, respectively, the network traffic entering the third vlan through the bidirectional port 8 and the bidirectional port 9 is copied and sent to the unidirectional port 10, and sent to the network analysis device D through the unidirectional port 10.
When network traffic is simultaneously transmitted through the bidirectional port 1, the bidirectional port 2, the bidirectional port 5, the bidirectional port 6, the bidirectional port 8, and the bidirectional port 9, it is possible to simultaneously copy multiple sets of paired port network traffic to corresponding multiple sets of network analysis devices through one switch. The bidirectional port 1, the bidirectional port 2, the bidirectional port 5, the bidirectional port 6, the bidirectional port 8 and the bidirectional port 9 send network traffic to the virtual local area network in the form of flooding frames.
When the network traffic of a plurality of groups of paired ports is respectively copied to a plurality of corresponding network analysis devices simultaneously by using the existing switch, a path for transmitting the network traffic from the bidirectional port in the existing switch to the switch can be closed, so that part of the bidirectional ports in the existing switch are changed into unidirectional ports.
The network analysis equipment can be used for analyzing the network flow passing through the bidirectional port, knowing and mastering the internet surfing dynamics of the bottom-layer user, and accurately pushing and preventing the user from accessing the high-risk website, so that the anti-fraud purpose is achieved, various network threats can be sensed, the threat characteristics are recorded, and the network attack at that time can be backtracked, analyzed, tracked and evidence-obtained according to related event logs in the later period. For example, the network traffic through the bidirectional port can be analyzed to know and master the internet surfing dynamic and internet browsing content of the underlying user, and then, the user can be accurately pushed with advertisements according to the content, such as standby advertisements on a smart screen. And moreover, the network flow can be monitored and analyzed, the network flow protocol proportion can be accurately calculated, the fault reason can be judged, a corresponding solution can be found according to the reason, and the normal operation of the network can be recovered.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications are possible which remain within the scope of the appended claims.
Claims (6)
1. A network flow copying method is characterized in that a virtual local area network is set, at least one pair of two-way ports and at least one-way port are arranged in the virtual local area network, the MAC address learning function of all the two-way ports is closed, then network flow is sent to the virtual local area network through the at least one two-way port, and the network flow is copied to the rest two-way ports and all the one-way ports.
2. The method of claim 1, wherein the unidirectional port is a bidirectional port that sends network traffic into the vlan with the network traffic path in a closed state.
3. The method of claim 1, wherein the bidirectional port sends network traffic into the VLAN in the form of flooded frames.
4. A switch for switching network traffic by using the network traffic replication method according to any one of claims 1 to 3, wherein at least two bidirectional ports and at least one unidirectional port are provided on a switch main body, and MAC address learning functions of all the bidirectional ports are in a closed state.
5. The switch of claim 3, wherein the unidirectional port is a bidirectional port that sends network traffic into the VLAN in a closed state.
6. Use of the method for replicating network traffic according to any of claims 1 to 3, wherein the unidirectional port is communicatively connected to a network analysis device for network analysis or/and network troubleshooting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110381319.3A CN113518047A (en) | 2021-04-09 | 2021-04-09 | Network traffic replication method, switch and application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110381319.3A CN113518047A (en) | 2021-04-09 | 2021-04-09 | Network traffic replication method, switch and application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113518047A true CN113518047A (en) | 2021-10-19 |
Family
ID=78062692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110381319.3A Pending CN113518047A (en) | 2021-04-09 | 2021-04-09 | Network traffic replication method, switch and application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113518047A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208771A (en) * | 2022-06-10 | 2022-10-18 | 深圳融安网络科技有限公司 | Network traffic analysis method, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130259037A1 (en) * | 2007-07-11 | 2013-10-03 | Foundry Networks, Inc. | Duplicating network traffic through transparent vlan flooding |
| CN105743734A (en) * | 2016-01-22 | 2016-07-06 | 北京航空航天大学 | Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
-
2021
- 2021-04-09 CN CN202110381319.3A patent/CN113518047A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130259037A1 (en) * | 2007-07-11 | 2013-10-03 | Foundry Networks, Inc. | Duplicating network traffic through transparent vlan flooding |
| US20160164768A1 (en) * | 2007-07-11 | 2016-06-09 | Foundry Networks, Llc | Duplicating network traffic through transparent vlan flooding |
| CN105743734A (en) * | 2016-01-22 | 2016-07-06 | 北京航空航天大学 | Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208771A (en) * | 2022-06-10 | 2022-10-18 | 深圳融安网络科技有限公司 | Network traffic analysis method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5600632A (en) | Methods and apparatus for performance monitoring using synchronized network analyzers | |
| KR101471315B1 (en) | Asynchronous virtual machine replication | |
| US8824453B2 (en) | Method and apparatus for managing quality of service for multimedia applications | |
| CN102204184B (en) | Method, business board, and system for KVM data transmission | |
| EP3024164A1 (en) | Switching method and apparatus for main and standby devices | |
| WO2006079001A3 (en) | Data exchanges related to financial transactions over a public network | |
| CN109413138B (en) | File uploading method and device | |
| CN106411629A (en) | Method used for monitoring state of CDN node and equipment thereof | |
| CN109088819A (en) | A kind of message forwarding method, interchanger and computer readable storage medium | |
| CN113518047A (en) | Network traffic replication method, switch and application | |
| CN111565133B (en) | Private line switching method and device, electronic equipment and computer readable storage medium | |
| CN103177028A (en) | Method and system for information interaction | |
| US8811157B2 (en) | Protection switching method and system for ethernet dual-homed link | |
| CN109525463B (en) | Method and device for detecting 64-bit video networking protocol communication function | |
| JP4724763B2 (en) | Packet processing apparatus and interface unit | |
| CN112866390B (en) | Data transmission method, device, terminal equipment and storage medium | |
| CN104769891A (en) | Method and apparatus to display information on a web browser based upon state of communication link | |
| CN106789413A (en) | A kind of method and apparatus for detecting proxy surfing | |
| CN104168200A (en) | Open vSwitch-based method and system for realizing ACL function | |
| CN104468497B (en) | The data isolation method and device of monitoring system | |
| Basu et al. | Architecture of a cloud-based fault-tolerant control platform for improving the qos of social multimedia applications on sd-wan | |
| CN110324205B (en) | Monitoring method, monitoring device, electronic equipment and storage medium | |
| CN201048388Y (en) | Blade server based kilomega switching blade | |
| CN109361546B (en) | Program early warning method and device based on video network | |
| CN101895411A (en) | Session management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211019 |
|
| RJ01 | Rejection of invention patent application after publication |