CN114363160A - Network management method and device based on wide area network - Google Patents
Network management method and device based on wide area network Download PDFInfo
- Publication number
- CN114363160A CN114363160A CN202111672387.1A CN202111672387A CN114363160A CN 114363160 A CN114363160 A CN 114363160A CN 202111672387 A CN202111672387 A CN 202111672387A CN 114363160 A CN114363160 A CN 114363160A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- network
- session
- client
- candidate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 46
- 230000002159 abnormal effect Effects 0.000 claims abstract description 328
- 230000005856 abnormality Effects 0.000 claims abstract description 28
- 238000012216 screening Methods 0.000 claims abstract description 23
- 230000004308 accommodation Effects 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 25
- 238000004458 analytical method Methods 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 19
- 238000012790 confirmation Methods 0.000 claims description 12
- 230000002776 aggregation Effects 0.000 claims description 11
- 238000004220 aggregation Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 5
- 239000000126 substance Substances 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 238000012544 monitoring process Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000011084 recovery Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Abstract
The invention discloses a network management method and a device based on a wide area network, comprising the following steps: preliminarily screening the session flow mirrored from the core convergence switching equipment to obtain a candidate abnormal session; analyzing the messages of the candidate abnormal sessions to determine the abnormal type; the exception types comprise client exception, network exception and server exception; when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule; when the ratio of the number of the abnormal messages of the second candidate abnormal session to the total number of the messages in a preset period is larger than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm; the abnormal alarm comprises one or more of abnormal type and abnormal position. The embodiment of the invention can solve the problem of how to effectively manage the network by the wide area network in the prior art.
Description
Technical Field
The present invention relates to the field of data communication technologies, and in particular, to a network management method and apparatus based on a wide area network.
Background
Wide Area Networks (WAN), also known as extranets and public networks, are remote networks connecting computers in local Area networks or metropolitan Area networks in different regions for communication. Typically spanning a large physical range, ranging from tens of kilometers to thousands of kilometers, capable of connecting multiple regions, cities and countries, or spanning several continents and providing long-range communication, forming an international long-range network. Wide area networks have a tremendous range of coverage, with thousands of network devices. Wide area networks operate well by connecting regions by countless operators.
Nowadays, with the rapid increase of the network speed, the number of devices of an operator is also greatly increased, and meanwhile, the performance of the devices is also rapidly improved, and the flow rate is also greatly increased. This also makes network management of wide area networks more difficult and rapidly increasing. For example: if a user proposes that the use of the network is abnormal, the operator needs to determine whether the network is a problem, and if the network is a problem, further position which kind of network is the problem, and solve the network problem. On the other hand, if a certain network device, such as a switch, is abnormal in hardware, which causes unstable traffic in a certain area, we also need to find that the traffic is abnormal in time.
Therefore, a method capable of monitoring the network in real time, with fine enough monitoring granularity, actively discovering the problem, and primarily locating the problem range is provided, which is a problem that needs to be solved urgently in the management of the wide area network.
Currently, in-band Network Telemetry (INT) technology is commonly used in Network management. The existing INT technology is implemented with the following two schemes:
one is to add information of each hop to the header of the message and then to upload the message at the last hop, thereby acquiring the network status. If the scheme is used, on one hand, network equipment of the whole network needs to support message header revision; on the other hand, because information related to each hop needs to be added in the header of the message, the maximum length of the message is limited, and therefore, the utilization rate of the link is reduced. Meanwhile, even if the information of the message is sent in the last hop, the number of analysis is huge for the server, and the server is difficult to support in a wide area network.
In another scheme, each message passes through the switching equipment, and the required information is directly uploaded to the server for analysis. Thus if a message passes 10 transit points, the server will receive 10 messages, and if 100 messages are generated within 1 second of a session, the server will receive 1000 messages in one second. Compared with the first scheme, the scheme improves the utilization rate of the link, but causes overlarge server burden and cannot be applied to a wide area network.
Disclosure of Invention
The embodiment of the invention provides a network management method and device based on a Wide Area Network (WAN), which are used for solving the problem of how to effectively manage the WAN in the prior art.
According to an embodiment of the present invention, a network management method based on a wide area network is provided, which is applicable to a wide area network including a client and a server connected by a core convergence switching device, and is applied to a network management device which is suspended by the core convergence switching device, and includes:
preliminarily screening the session flow mirrored from the core convergence switching equipment to obtain a candidate abnormal session;
analyzing the messages of the candidate abnormal sessions to determine the abnormal type; the exception types comprise client exception, network exception and server exception;
when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule; and
when the ratio of the number of abnormal messages of a second candidate abnormal session to the total number of messages in a preset period is larger than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm; the abnormal alarm comprises one or more of abnormal type and abnormal position.
Optionally, the preliminarily screening the session traffic mirrored from the core aggregation switching device to obtain a candidate abnormal session specifically includes:
identifying a Transmission Control Protocol (TCP) message for the session flow;
carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message;
and calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold.
Optionally, the calculating the flow rate of the TCP according to the collected information specifically includes:
in a timing period, calculating the difference between the first message sequence number seq1 of the TCP message obtained when the timing period starts and the second message sequence number seq2 of the TCP message obtained when the timing period ends, so as to obtain the flow rate.
Optionally, the analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
Optionally, the obtaining, according to the packet and the acquisition information, a client receiving capability parameter, a server sending capability parameter, and a network accommodating capability parameter corresponding to the candidate abnormal session specifically includes:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server;
determining whether the message is subjected to fast retransmission or not, and updating a congestion window cwnd of the current network to be half of the current cwnd when the message is subjected to fast retransmission; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
Optionally, the analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
Optionally, when the exception type of the first candidate exception session is a network exception, determining an exception location of the first candidate exception session according to a preset exception location rule, specifically including:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session;
when the server and the client both sense packet loss, determining that the abnormal position is a network at the server side;
and when the server does not sense packet loss and the client senses packet loss, determining that the abnormal position is the network of the client side.
According to an embodiment of the present invention, there is also provided a network management apparatus based on a wide area network, which is applicable to a wide area network including a client and a server connected by a core convergence switching device, and is applied to a network management device which is suspended by the core convergence switching device, including: the system comprises a primary screening unit, an analysis unit and an alarm unit; wherein the content of the first and second substances,
the preliminary screening unit is used for preliminarily screening the session flow mirrored from the core convergence switching equipment to obtain a candidate abnormal session;
the analysis unit is used for analyzing the messages of the candidate abnormal sessions and determining the abnormal type; the exception types comprise client exception, network exception and server exception; the method is also used for determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule when the abnormal type of the first candidate abnormal session is network abnormality; and
the alarm unit is used for determining that the second candidate abnormal session is abnormal and outputting an abnormal alarm when the ratio of the number of the abnormal messages of the second candidate abnormal session to the total number of the messages in a preset period is greater than a preset threshold; the abnormal alarm comprises one or more of abnormal type and abnormal position.
Optionally, the preliminary screening unit is configured to preliminarily screen the session traffic mirrored from the core aggregation switching device, and specifically, when a candidate abnormal session is obtained, is configured to identify a TCP packet for the session traffic; carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message; and calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold.
Optionally, the prescreening unit is configured to, when calculating the flow rate of the TCP according to the collected information, specifically, calculate, within a timing period, a difference between a first packet sequence number seq1 of the TCP packet obtained when the timing period starts and a second packet sequence number seq2 of the TCP packet obtained when the timing period ends, so as to obtain the flow rate.
Optionally, the analysis unit is configured to analyze the packet of the candidate abnormal session, and when determining the abnormal type, specifically configured to:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
Optionally, the analysis unit is configured to, when obtaining a client receiving capability parameter, a server sending capability parameter, and a network capacity parameter corresponding to the candidate abnormal session according to the packet and the acquisition information, specifically:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server;
determining whether the message is subjected to fast retransmission or not, and updating a congestion window cwnd of the current network to be half of the current cwnd when the message is subjected to fast retransmission; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
Optionally, the analysis unit is configured to analyze the packet of the candidate abnormal session, and when determining the abnormal type, specifically configured to:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
Optionally, the analyzing unit is configured to, when the anomaly type of the first candidate abnormal session is a network anomaly, determine an abnormal location of the first candidate abnormal session according to a preset abnormal location rule, specifically:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session;
when the server and the client both sense packet loss, determining that the abnormal position is a network at the server side;
and when the server does not sense packet loss and the client senses packet loss, determining that the abnormal position is the network of the client side.
According to the embodiment of the invention, the electronic equipment comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing the above method steps when executing the program stored in the memory.
According to an embodiment of the present invention, there is also provided a computer-readable storage medium having stored therein a computer program, which when executed by a processor, performs the above-mentioned method steps.
The invention has the following beneficial effects:
according to the network management method and device based on the wide area network, provided by the embodiment of the invention, the network management equipment is hung beside the core convergence switching equipment, and the network management equipment performs primary screening on session flow mirrored from the core convergence switching equipment to obtain candidate abnormal sessions; analyzing the messages of the candidate abnormal sessions to determine the abnormal type; the exception types comprise client exception, network exception and server exception; when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule; and when the ratio of the number of the abnormal messages of the second candidate abnormal session to the total number of the messages in a preset period is larger than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm. In the embodiment of the invention, the network management equipment is hung beside the core convergence switching equipment, so that the deployment of single equipment can be realized, the realization is easy, the network management equipment can monitor all the flow flowing through the core convergence switching equipment in real time, the monitoring granularity can be accurate to a single message, the abnormal type and the abnormal position of abnormal conversation can be positioned by analyzing the message, and the abnormal alarm is carried out when the number of the abnormal messages meets the alarm requirement, so that the effective management of the wide area network is realized.
Drawings
FIG. 1 is a flow chart of a WAN-based network management method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a WAN-based network management apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device shown in the present application.
Detailed Description
Aiming at the problem that the wide area network in the prior art can not effectively realize network management, the embodiment of the invention provides a network management method based on the wide area network, which is suitable for the wide area network, wherein the wide area network comprises a client and a server which are connected through a core convergence switching device, and the method is applied to the network management device which is hung beside the core convergence switching device. The flow of the method of the invention is shown in figure 1, and the execution steps are as follows:
specifically, in this step, a Transmission Control Protocol (TCP) packet is identified for the session traffic, and when the session traffic is a TCP packet, the subsequent preliminary screening is performed.
102, analyzing the messages of the candidate abnormal sessions to determine abnormal types; the exception types comprise client exception, network exception and server exception;
specifically, in this step, it may be preliminarily determined that, when an abnormal session occurs, the abnormal type corresponding to the abnormal session is determined, and generally, a wide area network is formed by the client, the server, and a network connecting the client and the server. When the abnormal type is client abnormality or server abnormality, a client manufacturer or a server manufacturer can be directly notified to perform maintenance recovery; however, when the anomaly type is a network anomaly, the general position of the anomaly, that is, the abnormal position needs to be further determined because the network range of the wide area network is large, and then corresponding personnel can be notified to perform maintenance and recovery.
103, when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule;
a network may typically consist of a client-side network close to the client and a server-side network close to the server. Therefore, when the abnormal type of the first candidate abnormal session is a network abnormality, it needs to further determine whether the abnormal position of the first candidate abnormal session is a client-side network or a server-side network according to a preset abnormal position rule, so as to further remind a corresponding maintenance person.
104, when the ratio of the number of abnormal messages of a second candidate abnormal session to the total number of messages in a preset period is greater than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm; the abnormal alarm comprises one or more of abnormal type and abnormal position.
Here, not all the candidate abnormal sessions will be subjected to alarm prompting, and only when the ratio of the number of abnormal messages to the total number of messages of the candidate abnormal session is greater than a preset threshold, it is indicated that the abnormal condition of the candidate abnormal session is serious enough to affect normal services at this time, and at this time, it is determined that the abnormal degree of the candidate abnormal session meets the requirement of needing alarm, and for convenience of expression, the candidate abnormal session is called as a second candidate abnormal session; when the second candidate abnormal session is determined to be abnormal, the number of various abnormal types corresponding to the second candidate abnormal session can be further judged, and the abnormal type with the largest number of abnormal types is taken as a judgment result for carrying out alarm prompt; specifically, when the number of client exceptions is 3, the number of network exceptions is 5, and the number of server exceptions is 7, then the exception type of the second candidate exception session is taken as the server exception, and an alarm is given. It should be understood that the exception type with the largest number of consecutive times may also be used as the exception type of the second candidate exception session to perform an alarm, which is not limited by the embodiment of the present invention.
In the embodiment of the present invention, the network management device may be one physical device, or may be two physical devices, such as a prescreening network device and an analysis server device; when two physical devices are provided, the analysis server device may perform the process of step 102-step 104 by performing the process of step 101 through the prescreening network device.
Optionally, the preliminarily screening the session traffic mirrored from the core aggregation switching device to obtain a candidate abnormal session specifically includes:
identifying a Transmission Control Protocol (TCP) message for the session flow; the TCP identification of the packet may be performed in the existing manner, which is not limited by the present invention.
Carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message; specifically, the obtained acquisition information may include, but is not limited to: quadruple information, a message sequence number seq of the message, an acknowledgement sequence number ack and the like; the quadruplet information includes, but is not limited to, a source Internet Protocol (IP), a destination IP, a source port, and a destination port.
And calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold. Specifically, when the flow rate is smaller than the preset flow rate threshold, it is indicated that the flow rate of the current session flow is too low, and there may be an abnormality, and at this time, the session needs to be marked by using the collected quadruple information, which indicates that the callback is a candidate abnormal session.
Wherein, the calculating the flow rate of the TCP according to the collected information specifically includes:
in a timing period, calculating the difference between the first message sequence number seq1 of the TCP message obtained when the timing period starts and the second message sequence number seq2 of the TCP message obtained when the timing period ends, so as to obtain the flow rate.
Analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
The acquiring, according to the packet and the acquisition information, a client receiving capability parameter, a server sending capability parameter, and a network accommodating capability parameter corresponding to the candidate abnormal session specifically includes:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server; specifically, the fligh size is equal to the seq of the transmitted packet minus the previous ack of the most recently received packet.
Determining whether the message is subjected to fast retransmission, and updating a congestion window cwnd of a current network to be half of the current cwnd when the message is subjected to fast retransmission, wherein the fast retransmission refers to that a client continuously sends a preset number of acknowledgement messages ACK, for example, the preset number is 3; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
Analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
When the abnormal type of the first candidate abnormal session is a network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule, specifically including:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session; specifically, after sensing packet loss, the server repeatedly sends a message carrying the same seq, that is, whether the server senses packet loss can be determined through the seq; similarly, when the client senses packet loss, ack is retransmitted, so that whether the client informs the packet loss can be determined through the ack.
When the server and the client both sense packet loss, the packet loss is shown to occur at the server side, so that the abnormal position can be determined as a network at the server side;
when the server does not sense packet loss and the client senses packet loss, the probability that the client fails is higher, and therefore the network with the abnormal position as the client side can be determined.
It will be appreciated by those skilled in the art that the more network management devices in the network that are hooked up to the core aggregation switch device, the more accurate the determined anomaly location will be.
Based on the same inventive concept, an embodiment of the present invention provides a network management apparatus based on a wide area network, the apparatus is applicable to a wide area network, the wide area network includes a client and a server connected through a core convergence switch device, the apparatus is applied to a network management device by-hung on the core convergence switch device, and a structure of the apparatus is as shown in fig. 2, and the apparatus includes: a primary screening unit 21, an analysis unit 22 and an alarm unit 23; wherein the content of the first and second substances,
the preliminary screening unit 21 is configured to preliminarily screen session traffic mirrored from the core aggregation switching device to obtain candidate abnormal sessions;
the analysis unit 22 is configured to analyze the message of the candidate abnormal session, and determine an abnormal type; the exception types comprise client exception, network exception and server exception; the method is also used for determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule when the abnormal type of the first candidate abnormal session is network abnormality; and
the alarm unit 23 is configured to determine that a second candidate abnormal session is abnormal and output an abnormal alarm when a ratio of the number of abnormal messages of the second candidate abnormal session to the total number of messages in a preset period is greater than a preset threshold; the abnormal alarm comprises one or more of abnormal type and abnormal position.
Optionally, the preliminary screening unit 21 is configured to perform preliminary screening on the session traffic mirrored from the core aggregation switching device, and specifically, when a candidate abnormal session is obtained, perform identification of a TCP packet on the session traffic; carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message; and calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold.
Optionally, the prescreening unit 21 is configured to, when calculating the flow rate of the TCP according to the acquisition information, specifically, calculate, in a timing period, a difference between a first packet sequence number seq1 of the TCP packet obtained when the timing period starts and a second packet sequence number seq2 of the TCP packet obtained when the timing period ends, so as to obtain the flow rate.
Optionally, the analysis unit 22 is configured to analyze the packet of the candidate abnormal session, and when determining the abnormal type, specifically configured to:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
Optionally, the analysis unit 22 is configured to, when obtaining the client receiving capability parameter, the server sending capability parameter, and the network capacity parameter corresponding to the candidate abnormal session according to the packet and the acquisition information, specifically:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server;
determining whether the message is subjected to fast retransmission or not, and updating a congestion window cwnd of the current network to be half of the current cwnd when the message is subjected to fast retransmission; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
Optionally, the analysis unit 22 is configured to analyze the packet of the candidate abnormal session, and when determining the abnormal type, specifically configured to:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
Optionally, the analyzing unit 22 is configured to, when the anomaly type of the first candidate abnormal session is a network anomaly, determine an abnormal location of the first candidate abnormal session according to a preset abnormal location rule, specifically:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session;
when the server and the client both sense packet loss, determining that the abnormal position is a network at the server side;
and when the server does not sense packet loss and the client senses packet loss, determining that the abnormal position is the network of the client side.
It should be understood that the implementation principle and process of the wan-based network management apparatus according to the embodiment of the present invention are similar to those of the embodiment shown in fig. 1 and described above, and are not described herein again.
According to the network management method and device based on the wide area network, provided by the embodiment of the invention, the network management equipment is hung beside the core convergence switching equipment, and the network management equipment performs primary screening on session flow mirrored from the core convergence switching equipment to obtain candidate abnormal sessions; analyzing the messages of the candidate abnormal sessions to determine the abnormal type; the exception types comprise client exception, network exception and server exception; when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule; and when the ratio of the number of the abnormal messages of the second candidate abnormal session to the total number of the messages in a preset period is larger than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm. In the embodiment of the invention, the network management equipment is hung beside the core convergence switching equipment, so that the deployment of single equipment can be realized, the realization is easy, the network management equipment can monitor all the flow flowing through the core convergence switching equipment in real time, the monitoring granularity can be accurate to a single message, the abnormal type and the abnormal position of abnormal conversation can be positioned by analyzing the message, and the abnormal alarm is carried out when the number of the abnormal messages meets the alarm requirement, so that the effective management of the wide area network is realized.
An electronic device is further provided in the embodiment of the present application, please refer to fig. 3, which includes a processor 510, a communication interface 520, a memory 530 and a communication bus 540, wherein the processor 510, the communication interface 520 and the memory 530 complete communication with each other through the communication bus 540.
A memory 530 for storing a computer program;
the processor 510 is configured to implement the wan-based network management method according to any of the above embodiments when executing the program stored in the memory 530.
The communication interface 520 is used for communication between the electronic apparatus and other apparatuses.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In the scheme, the network management equipment is hung beside the core convergence switching equipment, so that single equipment deployment can be realized, the realization is easy, the network management equipment can monitor all the flow flowing through the core convergence switching equipment in real time, the monitoring granularity can be accurate to a single message, the abnormal type and the abnormal position of abnormal conversation can be positioned by analyzing the message, and when the number of the abnormal messages meets the alarm requirement, abnormal alarm is carried out, and the effective management of a wide area network is realized.
Accordingly, an embodiment of the present application further provides a computer-readable storage medium, in which instructions are stored, and when the instructions are executed on a computer, the computer is caused to execute the wide area network-based network management method in any of the foregoing embodiments.
In the scheme, the network management equipment is hung beside the core convergence switching equipment, so that single equipment deployment can be realized, the realization is easy, the network management equipment can monitor all the flow flowing through the core convergence switching equipment in real time, the monitoring granularity can be accurate to a single message, the abnormal type and the abnormal position of abnormal conversation can be positioned by analyzing the message, and when the number of the abnormal messages meets the alarm requirement, abnormal alarm is carried out, and the effective management of a wide area network is realized.
Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 201, 202, 203, etc., are merely used for distinguishing different operations, and the sequence numbers themselves do not represent any execution order. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While alternative embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following appended claims be interpreted as including alternative embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.
Claims (16)
1. A network management method based on a wide area network, which is applicable to a wide area network including a client and a server connected by a core aggregation switch device, and is applied to a network management device which is suspended by the core aggregation switch device, the method comprising:
preliminarily screening the session flow mirrored from the core convergence switching equipment to obtain a candidate abnormal session;
analyzing the messages of the candidate abnormal sessions to determine the abnormal type; the exception types comprise client exception, network exception and server exception;
when the abnormal type of the first candidate abnormal session is network abnormality, determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule; and
when the ratio of the number of abnormal messages of a second candidate abnormal session to the total number of messages in a preset period is larger than a preset threshold value, determining that the second candidate abnormal session is abnormal, and outputting an abnormal alarm; the abnormal alarm comprises one or more of abnormal type and abnormal position.
2. The method according to claim 1, wherein the preliminary screening of the session traffic mirrored from the core aggregation switch device to obtain the candidate abnormal session specifically comprises:
identifying a Transmission Control Protocol (TCP) message for the session flow;
carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message;
and calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold.
3. The method according to claim 2, wherein the calculating the flow rate of the TCP according to the collected information specifically includes:
in a timing period, calculating the difference between the first message sequence number seq1 of the TCP message obtained when the timing period starts and the second message sequence number seq2 of the TCP message obtained when the timing period ends, so as to obtain the flow rate.
4. The method according to claim 2, wherein the analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
5. The method according to claim 4, wherein the obtaining, according to the packet and the acquisition information, a client reception capability parameter, a server transmission capability parameter, and a network accommodation capability parameter corresponding to the candidate abnormal session specifically includes:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server;
determining whether the message is subjected to fast retransmission or not, and updating a congestion window cwnd of the current network to be half of the current cwnd when the message is subjected to fast retransmission; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
6. The method according to claim 2, wherein the analyzing the message of the candidate abnormal session to determine the abnormal type specifically includes:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
7. The method according to claim 2, wherein when the anomaly type of the first candidate abnormal session is a network anomaly, determining the abnormal location of the first candidate abnormal session according to a preset abnormal location rule specifically includes:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session;
when the server and the client both sense packet loss, determining that the abnormal position is a network at the server side;
and when the server does not sense packet loss and the client senses packet loss, determining that the abnormal position is the network of the client side.
8. A network management apparatus based on a wide area network, adapted to a wide area network, the wide area network including a client and a server connected through a core convergence switching device, wherein the apparatus is applied to a network management device which is suspended by the core convergence switching device, and includes: the system comprises a primary screening unit, an analysis unit and an alarm unit; wherein the content of the first and second substances,
the preliminary screening unit is used for preliminarily screening the session flow mirrored from the core convergence switching equipment to obtain a candidate abnormal session;
the analysis unit is used for analyzing the messages of the candidate abnormal sessions and determining the abnormal type; the exception types comprise client exception, network exception and server exception; the method is also used for determining the abnormal position of the first candidate abnormal session according to a preset abnormal position rule when the abnormal type of the first candidate abnormal session is network abnormality; and
the alarm unit is used for determining that the second candidate abnormal session is abnormal and outputting an abnormal alarm when the ratio of the number of the abnormal messages of the second candidate abnormal session to the total number of the messages in a preset period is greater than a preset threshold; the abnormal alarm comprises one or more of abnormal type and abnormal position.
9. The apparatus according to claim 8, wherein the preliminary screening unit is configured to perform preliminary screening on session traffic mirrored from the core aggregation switching device, and specifically, when a candidate abnormal session is obtained, perform identification of a TCP packet on the session traffic; carrying out information acquisition on the identified TCP message to obtain the acquisition information of the TCP message; and calculating the flow rate of the TCP according to the acquired information, and determining the session corresponding to the TCP message as a candidate abnormal session when the flow rate is smaller than a preset flow rate threshold.
10. The apparatus according to claim 9, wherein the prescreening unit is configured to, when calculating the flow rate of the TCP according to the collected information, specifically, calculate a difference between a first packet sequence number seq1 of the TCP packet obtained at the beginning of the timing period and a second packet sequence number seq2 of the TCP packet obtained at the end of the timing period within a timing period, so as to obtain the flow rate.
11. The apparatus according to claim 9, wherein the analysis unit is configured to analyze the packet of the candidate abnormal session, and when determining the type of the abnormality, specifically configured to:
according to the message and the acquisition information, acquiring a client receiving capacity parameter, a server sending capacity parameter and a network accommodation capacity parameter corresponding to the candidate abnormal session;
when the network accommodation capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is smaller than the network accommodation capacity parameter, determining that the abnormal type is server abnormal;
when the server sending capacity parameter is equal to the client receiving capacity parameter and the server sending capacity parameter is larger than the network accommodating capacity parameter, determining that the abnormal type is network abnormality;
and when the server sending capacity parameter is equal to the network accommodating capacity parameter and the server sending capacity parameter is greater than the client receiving capacity parameter, determining that the exception type is client exception.
12. The apparatus according to claim 11, wherein the analysis unit, when acquiring, according to the packet and the acquisition information, a client reception capability parameter, a server transmission capability parameter, and a network accommodation capability parameter corresponding to the candidate abnormal session, is specifically configured to:
acquiring the receiving capability parameter of the client according to the rwnd information of the receiving window carried by the message;
calculating the number flight size of the messages which are sent by the current sending window but have not received the confirmation messages according to the message sequence number seq and the confirmation sequence number ack in the acquisition information, and using the number flight size as the sending capacity parameter of the server;
determining whether the message is subjected to fast retransmission or not, and updating a congestion window cwnd of the current network to be half of the current cwnd when the message is subjected to fast retransmission; and when the fast retransmission does not occur, updating the congestion window cwnd of the current network into the flight size, and taking the updated cwnd as the network accommodation capacity parameter.
13. The apparatus according to claim 9, wherein the analysis unit is configured to analyze the packet of the candidate abnormal session, and when determining the type of the abnormality, specifically configured to:
when the packet loss of the candidate abnormal session exceeds the preset packet loss times, determining that the abnormal type is network abnormality;
when the maximum TCP segment size MSS is larger than the current message length of the candidate abnormal session, determining that the client is abnormal;
when the rwnd information of the receiving window carried by the message is 0, determining that the client is abnormal;
and when the rwnd exceeds the continuous descending of the preset descending times, determining that the client is abnormal.
14. The apparatus according to claim 9, wherein the analyzing unit is configured to, when the anomaly type of the first candidate anomaly session is a network anomaly, determine an anomaly location of the first candidate anomaly session according to a preset anomaly location rule, and specifically:
determining whether the server and the client perceive packet loss of the first candidate abnormal session according to seq and ack in the acquisition information of the TCP message of the first candidate abnormal session;
when the server and the client both sense packet loss, determining that the abnormal position is a network at the server side;
and when the server does not sense packet loss and the client senses packet loss, determining that the abnormal position is the network of the client side.
15. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-7 when executing a program stored on a memory.
16. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111672387.1A CN114363160A (en) | 2021-12-31 | 2021-12-31 | Network management method and device based on wide area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111672387.1A CN114363160A (en) | 2021-12-31 | 2021-12-31 | Network management method and device based on wide area network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114363160A true CN114363160A (en) | 2022-04-15 |
Family
ID=81104879
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111672387.1A Pending CN114363160A (en) | 2021-12-31 | 2021-12-31 | Network management method and device based on wide area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363160A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020105950A1 (en) * | 1996-05-20 | 2002-08-08 | Adc Telecommunications, Inc. | Computer data transmission over a telecommunications network |
| CN105187228A (en) * | 2015-06-12 | 2015-12-23 | 中国通信建设集团设计院有限公司 | Network quality detection method and router |
| CN110198298A (en) * | 2018-10-11 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of information processing method, device and storage medium |
| CN111865667A (en) * | 2020-06-28 | 2020-10-30 | 新华三技术有限公司 | Network connectivity fault root cause positioning method and device |
| CN111930882A (en) * | 2020-06-30 | 2020-11-13 | 国网电力科学研究院有限公司 | Server abnormity tracing method, system and storage medium |
| CN112153020A (en) * | 2020-09-10 | 2020-12-29 | 深圳供电局有限公司 | Industrial control flow analysis method and device |
| CN113595784A (en) * | 2021-07-26 | 2021-11-02 | 招商银行股份有限公司 | Network flow detection method, device, equipment, storage medium and program product |
-
2021
- 2021-12-31 CN CN202111672387.1A patent/CN114363160A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020105950A1 (en) * | 1996-05-20 | 2002-08-08 | Adc Telecommunications, Inc. | Computer data transmission over a telecommunications network |
| CN105187228A (en) * | 2015-06-12 | 2015-12-23 | 中国通信建设集团设计院有限公司 | Network quality detection method and router |
| CN110198298A (en) * | 2018-10-11 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of information processing method, device and storage medium |
| CN111865667A (en) * | 2020-06-28 | 2020-10-30 | 新华三技术有限公司 | Network connectivity fault root cause positioning method and device |
| CN111930882A (en) * | 2020-06-30 | 2020-11-13 | 国网电力科学研究院有限公司 | Server abnormity tracing method, system and storage medium |
| CN112153020A (en) * | 2020-09-10 | 2020-12-29 | 深圳供电局有限公司 | Industrial control flow analysis method and device |
| CN113595784A (en) * | 2021-07-26 | 2021-11-02 | 招商银行股份有限公司 | Network flow detection method, device, equipment, storage medium and program product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666537B2 (en) | Managing connections for data communications using heartbeat messaging | |
| JP5270901B2 (en) | Network test apparatus and method | |
| US9992117B2 (en) | Network apparatus, communication system, abnormal traffic detection method, and program | |
| CN110808874A (en) | Cross-machine-room service monitoring method and device, storage medium and server | |
| US10218563B2 (en) | Monitoring connections for data communications | |
| US20170250886A1 (en) | Network traffic capture analysis | |
| CN109167734B (en) | Method and device for identifying transmission control protocol state | |
| CN108092849A (en) | Business datum monitoring method, apparatus and system | |
| CN110838949B (en) | Network traffic log recording method and device | |
| CN107005590A (en) | Fault-tolerant content download system | |
| CN107819596A (en) | Diagnostic method, the apparatus and system of SDN failure | |
| CN102780612A (en) | Method and apparatus to estimate the sender's congestion window throughout the life of a TCP flow/socket connection | |
| CN114363160A (en) | Network management method and device based on wide area network | |
| CN116170203A (en) | Prediction method and system for security risk event | |
| CN105611406B (en) | One kind access net service provider monitors user to video server lag characteristic method | |
| WO2011048740A1 (en) | Data transmission system, transmission rate controlling method, receiving terminal and transmitting terminal | |
| EP3151468A1 (en) | A network status measuring system and a method for measuring a status of a network | |
| EP1432205A2 (en) | Automatic detecting method for protocol nonconformity and automatic detecting apparatus for protocol nonconformity | |
| CN113079065A (en) | Heartbeat detection method, device, equipment and medium based on Ambari | |
| CN106664217A (en) | Identification of candidate problem network entities | |
| JP2017034403A (en) | Device, program and method for estimating service influence cause | |
| CN114615170B (en) | Message processing method, device and computer storage medium | |
| JP6310405B2 (en) | Service impact cause estimation apparatus, service impact cause estimation program, and service impact cause estimation method | |
| CN116232442B (en) | Communication method, device and storage medium based on TCP/IP protocol and CCSDS protocol | |
| CN114158081B (en) | End-to-end perception early warning method and device and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |