CN114500412A - Method and system for processing mirror image flow data - Google Patents
Method and system for processing mirror image flow data Download PDFInfo
- Publication number
- CN114500412A CN114500412A CN202210094896.9A CN202210094896A CN114500412A CN 114500412 A CN114500412 A CN 114500412A CN 202210094896 A CN202210094896 A CN 202210094896A CN 114500412 A CN114500412 A CN 114500412A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- flow data
- image flow
- address
- encapsulated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims description 55
- 238000000034 method Methods 0.000 title claims description 26
- 238000004891 communication Methods 0.000 claims abstract description 141
- 230000005540 biological transmission Effects 0.000 claims abstract description 34
- 238000003672 processing method Methods 0.000 claims abstract description 27
- 238000004806 packaging method and process Methods 0.000 claims abstract description 12
- 238000005538 encapsulation Methods 0.000 claims description 24
- 239000012634 fragment Substances 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013467 fragmentation Methods 0.000 claims description 10
- 238000006062 fragmentation reaction Methods 0.000 claims description 10
- 230000006835 compression Effects 0.000 claims description 9
- 238000007906 compression Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
Abstract
The invention discloses a processing method and a system of mirror image flow data, wherein the processing method is applied to local communication equipment and comprises the following steps: acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment; packaging original mirror image flow data of the mirror image port to obtain packaged mirror image flow data; and transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway. The invention encapsulates the original mirror image flow data of the mirror image port by obtaining the destination IP address and the gateway of the remote communication equipment configured for the mirror image port of the local communication equipment, and transmits the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway, thereby realizing the transmission of the encapsulated mirror image flow data to the remote communication equipment which can be reached by any network and expanding the use range of mirror image flow data acquisition.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and a system for processing mirror flow data.
Background
The port Mirroring (port Mirroring) function realizes monitoring on a network by forwarding data traffic of one or more source ports to a certain designated port on a switch or a router, wherein the designated port is called as a "Mirroring port" or a "destination port", and the traffic of the network can be monitored and analyzed through the Mirroring port without seriously affecting the normal throughput of the source ports. The mirror image function is used in the enterprise, network data in the enterprise can be well monitored and managed, and when the network fails, the fault can be quickly positioned. Port mirroring is generally divided into the following three types according to the port mode of mirroring: inlet mirroring: mirroring only incoming traffic from that port; outlet mirroring: mirroring only the traffic sent out by the port; bidirectional mirroring:
supporting the mirror image of the bidirectional flow received and sent by the port;
in the prior art, messages mirrored by a mirroring method adopted when traffic data is processed are all original messages, and cannot be sent to remote communication equipment, so that the traffic data cannot be transmitted remotely.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method and a system for processing mirror image traffic data, so as to overcome the defect that in the prior art, when transmitting traffic data, the traffic data cannot be sent to a remote communication device to implement remote transmission of the traffic data.
The invention solves the technical problems through the following technical scheme:
the first aspect of the present invention provides a processing method for mirror image traffic data, where the processing method is applied to a local communication device, and the processing method includes:
acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment;
packaging the original mirror image flow data of the mirror image port to obtain packaged mirror image flow data;
and transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
Preferably, the network address information further includes a port number of the remote communication device; transmitting the encapsulated mirror image traffic data to the remote communication device corresponding to the remote communication device IP address through the gateway, including:
and transmitting the encapsulated mirror image traffic data to a remote communication equipment port corresponding to the port number through the gateway.
Preferably, the network address information further includes a source IP address of the local communication device; transmitting the encapsulated mirror image traffic data to the remote communication device corresponding to the destination IP address through the gateway, including:
judging whether the source IP address and the destination IP address belong to the same network segment;
if the source IP address and the destination IP address do not belong to the same network segment, transmitting the encapsulated mirror image flow data to remote communication equipment corresponding to the destination IP address through the gateway;
and if the source IP address and the destination IP address belong to the same network segment, directly transmitting the encapsulated mirror image flow data to remote communication equipment corresponding to the destination IP address.
Preferably, the encapsulating the original mirror image traffic data to obtain encapsulated mirror image traffic data includes:
encapsulating the original mirror image flow data according to a UDP (user datagram protocol) format to obtain encapsulated mirror image flow data;
and/or the presence of a gas in the gas,
and performing compression processing and/or encryption processing on the original mirror image flow data in the process of packaging according to the UDP format, wherein a key for the encryption processing is generated according to the packaging information of the original mirror image flow data.
Preferably, the processing method further comprises:
if the size of the encapsulated mirror image flow data exceeds a data volume threshold, performing IP fragmentation on the encapsulated mirror image flow data;
and transmitting the mirror image flow data fragment after the IP fragment to the remote communication equipment.
The second aspect of the present invention provides a processing method for mirror image traffic data, where the processing method is applied to a remote communication device, and the processing method includes:
receiving the encapsulated mirror image flow data transmitted by the local communication equipment through a gateway;
and de-encapsulating the encapsulated mirror image flow data.
Preferably, the processing method further comprises:
acquiring encapsulation information of the original mirror image flow data under the condition that the encapsulated mirror image flow data is encrypted data;
and decrypting the packaged mirror image flow data according to the key generated based on the packaging information.
Preferably, the processing method further comprises:
acquiring a serial number of the encapsulated mirror image flow data;
and verifying whether the encapsulated mirror image flow data is lost or not according to the sequence number.
The third aspect of the present invention provides a processing system for mirror image traffic data, where the processing system is applied to a local communication device, and the processing system includes a network address information obtaining module, an encapsulating module, and a transmission module;
the network address information acquisition module is used for acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment;
the encapsulation module is used for encapsulating the original mirror image flow data of the mirror image port to obtain the encapsulated mirror image flow data;
and the transmission module is used for transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
Preferably, the network address information further includes a port number of the remote communication device;
the transmission module is specifically configured to transmit the encapsulated mirror image traffic data to a port of the remote communication device corresponding to the port number through the gateway.
Preferably, the network address information further includes a source IP address of the local communication device; the transmission module comprises a judgment unit, a first transmission unit and a second transmission unit;
the judging unit is used for judging whether the source IP address and the destination IP address belong to the same network segment;
the first transmission unit is configured to transmit the encapsulated mirror image traffic data to a remote communication device corresponding to the destination IP address through the gateway if the source IP address and the destination IP address do not belong to the same network segment;
and the second transmission unit is used for directly transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address if the source IP address and the destination IP address belong to the same network segment.
Preferably, the encapsulating module is specifically configured to encapsulate the original mirror traffic data according to a UDP format to obtain encapsulated mirror traffic data;
and/or the presence of a gas in the gas,
the encapsulation module is specifically configured to perform compression processing and/or encryption processing on the original mirror image traffic data in an encapsulation process according to a UDP format, where a key for the encryption processing is generated according to encapsulation information of the original mirror image traffic data.
Preferably, the processing system further comprises a judging module and a fragment transmission module;
the judging module is used for carrying out IP fragmentation on the encapsulated mirror image flow data if the size of the encapsulated mirror image flow data exceeds a data volume threshold;
and the fragment transmission module is used for transmitting the mirror image flow data fragment after the IP fragment to the remote communication equipment.
The invention provides a processing system of mirror image flow data, which is applied to remote communication equipment and comprises a receiving module and an decapsulation module;
the receiving module is used for receiving the encapsulated mirror image flow data transmitted by the local communication equipment through the gateway;
and the decapsulation module is used for decapsulating the encapsulated mirror image flow data.
Preferably, the processing system further comprises a package information obtaining module and a decryption module;
the encapsulation information acquisition module is used for acquiring encapsulation information of original mirror image flow data under the condition that the encapsulated mirror image flow data is encrypted data;
and the decryption module is used for decrypting the encapsulated mirror image flow data according to a key generated based on the encapsulation information.
Preferably, the processing system further comprises a serial number obtaining module and a verification module;
the serial number obtaining module is used for obtaining the serial number of the encapsulated mirror image flow data;
and the verification module is used for verifying whether the encapsulated mirror image flow data is lost or not according to the serial number.
A fifth aspect of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for processing mirrored traffic data according to the first aspect or the second aspect when executing the computer program.
A sixth aspect of the present invention provides a computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the method for processing mirrored traffic data according to the first or second aspect.
On the basis of the common knowledge in the field, the preferred conditions can be combined randomly to obtain the preferred embodiments of the invention.
The positive progress effects of the invention are as follows:
the invention encapsulates the original mirror image flow data of the mirror image port by acquiring the network address information of the remote communication equipment, such as the destination IP address, the gateway and the like configured for the mirror image port of the local communication equipment, and transmits the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway, thereby realizing the transmission of the encapsulated mirror image flow data to the remote communication equipment which can be reached by any network and expanding the use range of mirror image flow data acquisition.
Drawings
Fig. 1 is a flowchart of a processing method for mirroring traffic data according to embodiment 1 of the present invention.
Fig. 2 is another flowchart of a method for processing mirror traffic data according to embodiment 2 of the present invention.
Fig. 3 is a block diagram of a system for processing mirror traffic data according to embodiment 3 of the present invention.
Fig. 4 is another block diagram of a system for processing mirror traffic data according to embodiment 4 of the present invention.
Fig. 5 is a schematic structural diagram of an electronic device according to embodiment 5 of the present invention.
Detailed Description
The invention is further illustrated by the following examples, which are not intended to limit the scope of the invention.
Example 1
The processing method for mirror image traffic data provided in this embodiment is applied to a local communication device, and as shown in fig. 1, the processing method includes:
in this embodiment, the original mirror image traffic data is accessed from the ingress interface of the local communication device, and the number of the ingress interface and the mirror image port of the local communication device is at least one, it should be noted that the number of the ingress interface of the local communication device may be greater than the number of the mirror image port of the local communication device, and each ingress interface and the mirror image port have a corresponding mapping relationship. The access interface and the mirror image interface of the local communication equipment can be flexibly configured according to the networking environment, so that the backup function of the original mirror image flow data of any port is realized.
It should be noted that, when configuring the network address information of the mirror image port of the local communication device, one mirror image port may be selectively configured according to an actual situation, or all mirror image ports may be selectively configured, which is not specifically limited herein.
In this embodiment, the original mirror image traffic data that is accessed in real time by the input interface that needs to be backed up and the mirror image port of the corresponding local communication device are selected, and the original mirror image traffic data that needs to be backed up is transmitted to the corresponding mirror image port.
102, packaging original mirror image flow data of a mirror image port to obtain packaged mirror image flow data;
in this embodiment, the original mirror image traffic data is encapsulated according to the UDP format to obtain encapsulated mirror image traffic data;
in this embodiment, in the process of encapsulating according to the UDP format, the original mirror traffic data is compressed and/or encrypted, and the key for the encryption is generated according to the encapsulation information of the original mirror traffic data.
In the embodiment, an LZ4 lossless compression algorithm is adopted to compress the original mirror image flow data so as to improve the data transmission efficiency; and encrypting the original mirror image flow data by adopting an AES (advanced encryption standard) symmetric encryption algorithm so as to ensure the security in the data transmission process. If there are both compression processing and encryption processing, compression processing is performed first and then encryption processing is performed.
It should be noted that, the UDP includes a data header and data content, the UDP format may encapsulate different data types, the long-distance efficient transmission of data may be achieved by using the UDP format, the format of the data header is set according to the docking requirement of the third-party remote communication device, for example, the format of the data header is as shown in table 1,
in this embodiment, the data content is determined by the data type (e.g., ethernet packet);
in the network transmission process, numerical values uniformly adopt a big end byte order (network byte order) mode, and character strings adopt utf-8 coding;
in this embodiment, for example, the data type is an ethernet packet, and the UDP thereof includes a packet header and a packet content.
And 103, transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
In this embodiment, the original mirror image traffic data can be encapsulated and forwarded to any third-party remote communication device capable of receiving the encapsulated mirror image traffic data, so that the encapsulated mirror image traffic data can be remotely transmitted to the third-party remote communication device through a network.
In one embodiment, the network address information further includes a port number of the remote communication device; step 103 comprises: and transmitting the encapsulated mirror image flow data to a remote communication equipment port corresponding to the port number through a gateway.
In this embodiment, the remote communication device is provided with a plurality of ports, and each port is configured with a corresponding port number.
In one embodiment, the network address information further includes a source IP address of the local communication device; step 103 comprises:
and step 1031, judging whether the source IP address and the destination IP address belong to the same network segment.
If not, go to step 1032, if yes, go to step 1033;
step 1032, transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through a gateway;
in this embodiment, if it is determined that the source IP address and the destination IP address do not belong to the same network segment, an arp (address resolution protocol) is sent to the gateway, an MAC (physical address) address of the gateway IP address is obtained, the MAC address of the gateway IP address and the destination IP address are both filled in a destination MAC of the encapsulated mirror image traffic data, so that the encapsulated mirror image traffic data can be successfully and accurately sent to the gateway, and the encapsulated mirror image traffic data is forwarded to the remote communication device corresponding to the destination IP address through the gateway.
And 1033, directly transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address.
In this embodiment, if it is determined that the source IP address and the destination IP address belong to the same network segment, the arp is sent to the third party telecommunication device, the MAC address of the destination IP address of the third party telecommunication device is obtained, and both the MAC address of the destination IP address of the third party telecommunication device and the destination IP address are filled in the destination MAC of the encapsulated mirror image traffic data, so that the encapsulated mirror image traffic data can be successfully and accurately transmitted directly to the telecommunication device corresponding to the destination IP address.
In an implementation scenario, the processing method further includes:
if the size of the encapsulated mirror image flow data exceeds a data volume threshold, performing IP fragmentation on the encapsulated mirror image flow data;
and transmitting the mirror image flow data after the IP fragmentation to the remote communication equipment.
In this embodiment, before sending the encapsulated mirror flow data to the third-party remote communication device, it is necessary to check whether the size of the encapsulated mirror flow data exceeds a data volume threshold, and if so, the encapsulated mirror flow data is automatically subjected to IP fragmentation, and then the IP fragmented mirror flow data is fragmented and transmitted to the remote communication device, so as to ensure that the encapsulated mirror flow data exceeding the data volume threshold can be transmitted in a long distance, and subsequently, IP fragmentation reassembly is performed on the IP fragmented mirror flow data received at the remote communication device.
It should be noted that the data amount threshold may be set to MTU (maximum transmission unit), or may be set to other values according to actual situations, and is not limited specifically here.
In the embodiment, the original mirror image flow data of the mirror image port is encapsulated by acquiring the network address information such as the destination IP address and the gateway of the remote communication device configured for the mirror image port of the local communication device, and the encapsulated mirror image flow data is transmitted to the remote communication device corresponding to the destination IP address through the gateway, so that the encapsulated mirror image flow data is transmitted to the remote communication device accessible to any network, and the use range of mirror image flow data acquisition is expanded.
Example 2
The processing method for mirror image traffic data provided in this embodiment is applied to a remote communication device, and as shown in fig. 2, the processing method includes:
and step 202, performing decapsulation processing on the encapsulated mirror image traffic data.
In this embodiment, the source IP address of the local communication device and the destination IP address of the remote communication device are in a route reachable state on the network. The remote communication equipment can receive the real-time encapsulated mirror image flow data transmitted by the local communication equipment so as to remotely acquire the real-time mirror image flow data.
In an implementation scenario, the processing method further includes:
acquiring encapsulation information of original mirror image flow data under the condition that the encapsulated mirror image flow data is encrypted data;
and decrypting the packaged mirror image flow data according to the key generated based on the packaging information.
In this embodiment, the encapsulation information may be encapsulation time of the original mirror image traffic data, an IP address of the original mirror image traffic data, or other identity information.
For example, in the process of encapsulating the original mirror flow data, 4 bytes of encapsulation time is used as a key of the original mirror flow data to be transmitted, and when the third-party remote communication device receives the encapsulated mirror flow data, the key of the original mirror flow data can be acquired, and then the encapsulated mirror flow data can be decrypted according to the key, so that the security of the data is ensured.
In an implementation scenario, the processing method further includes:
acquiring a serial number of the encapsulated mirror image flow data;
and verifying whether the encapsulated mirror image flow data is lost or not according to the sequence number.
In this embodiment, each data type has a respective independent serial number, and whether the encapsulated mirror flow data is lost is verified according to the respective independent serial numbers, so as to ensure reliability of data transmission.
The embodiment receives the encapsulated mirror image traffic data transmitted by the local communication equipment through the gateway; and the encapsulated mirror image flow data is subjected to de-encapsulation processing, so that the acquired mirror image flow data is received remotely, and meanwhile, the application scene is enriched by the cooperation of the remote communication equipment and the local communication equipment.
Example 3
As shown in fig. 3, the processing system includes a network address information obtaining module 1, an encapsulating module 2, and a transmitting module 3;
the network address information acquisition module 1 is used for acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment;
in this embodiment, the original mirror image traffic data is accessed from the ingress interface of the local communication device, and the number of the ingress interface and the mirror image port of the local communication device is at least one, it should be noted that the number of the ingress interface of the local communication device may be greater than the number of the mirror image port of the local communication device, and each ingress interface and the mirror image port have a corresponding mapping relationship. The access interface and the mirror image interface of the local communication equipment can be flexibly configured according to the networking environment, so that the backup function of the original mirror image flow data of any port is realized.
It should be noted that, when configuring the network address information of the mirror ports of the local communication device, one mirror port may be selectively configured according to the actual situation, or all mirror ports may be selectively configured, which is not specifically limited herein.
In this embodiment, the original mirror image traffic data that is accessed in real time by the input interface that needs to be backed up and the mirror image port of the corresponding local communication device are selected, and the original mirror image traffic data that needs to be backed up is transmitted to the corresponding mirror image port.
The encapsulation module 2 is used for encapsulating the original mirror image flow data of the mirror image port to obtain encapsulated mirror image flow data;
in this embodiment, the original mirror image traffic data is encapsulated according to the UDP format to obtain encapsulated mirror image traffic data;
in this embodiment, in the process of encapsulating according to the UDP format, the original mirror traffic data is compressed and/or encrypted, and the key for the encryption is generated according to the encapsulation information of the original mirror traffic data.
In the embodiment, an LZ4 lossless compression algorithm is adopted to compress the original mirror image flow data so as to improve the data transmission efficiency; and encrypting the original mirror image flow data by adopting an AES symmetric encryption algorithm so as to ensure the security in the data transmission process. If there are both compression processing and encryption processing, compression processing is performed first and then encryption processing is performed.
It should be noted that the UDP includes a data header and data content, the UDP format may encapsulate different data types, the long-distance efficient transmission of data may be achieved by using the UDP format, and the format of the data header is set according to the docking requirement of the third-party remote communication device, for example, the format of the data header is as shown in table 1 in embodiment 1.
In this embodiment, the data content is determined by the data type (e.g., ethernet packet);
in the network transmission process, numerical values uniformly adopt a big end byte order (network byte order) mode, and character strings adopt utf-8 coding;
in this embodiment, for example, the data type is an ethernet packet, and the UDP thereof includes a packet header and a packet content.
And the transmission module 3 is used for transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
In this embodiment, the original mirror image traffic data can be encapsulated and forwarded to any third-party remote communication device capable of receiving the encapsulated mirror image traffic data, so that the encapsulated mirror image traffic data can be remotely transmitted to the third-party remote communication device through a network.
In one embodiment, the network address information further includes a port number of the remote communication device;
the transmission module 3 is specifically configured to transmit the encapsulated mirror traffic data to a port of the remote communication device corresponding to the port number through the gateway.
In this embodiment, the remote communication device is provided with a plurality of ports, and each port is configured with a corresponding port number.
In one embodiment, the network address information further includes a source IP address of the local communication device; as shown in fig. 3, the transmission module 3 includes a judgment unit 311, a first transmission unit 312, and a second transmission unit 313;
a determining unit 311, configured to determine whether the source IP address and the destination IP address belong to the same network segment;
a first transmission unit 312, configured to transmit the encapsulated mirror image traffic data to a remote communication device corresponding to the destination IP address through a gateway if the source IP address and the destination IP address do not belong to the same network segment;
in this embodiment, if it is determined that the source IP address and the destination IP address do not belong to the same network segment, the arp is sent to the gateway to obtain the MAC address of the gateway IP address, the MAC address of the gateway IP address and the destination IP address are both filled in the destination MAC of the encapsulated mirror image traffic data, so that the encapsulated mirror image traffic data can be successfully and accurately sent to the gateway, and then the encapsulated mirror image traffic data is forwarded to the remote communication device corresponding to the destination IP address through the gateway.
And a second transmission unit 313, configured to directly transmit the encapsulated mirror image traffic data to the remote communication device corresponding to the destination IP address if the source IP address and the destination IP address belong to the same network segment.
In this embodiment, if it is determined that the source IP address and the destination IP address belong to the same network segment, the arp is sent to the third party telecommunication device, the MAC address of the destination IP address of the third party telecommunication device is obtained, and both the MAC address of the destination IP address of the third party telecommunication device and the destination IP address are filled in the destination MAC of the encapsulated mirror image traffic data, so that the mirror image traffic data can be successfully and accurately transmitted to the telecommunication device corresponding to the destination IP address.
In an implementation scenario, as shown in fig. 3, the processing system further includes a determining module 4 and a fragment transmitting module 5;
the judging module 4 is used for carrying out IP fragmentation on the encapsulated mirror image flow data if the size of the encapsulated mirror image flow data exceeds a data volume threshold;
and the fragment transmission module 5 is used for transmitting the mirror image flow data fragment after the IP fragment to the remote communication equipment.
In this embodiment, before sending the encapsulated mirror flow data to the third-party remote communication device, it is necessary to check whether the size of the encapsulated mirror flow data exceeds a data volume threshold, and if so, the encapsulated mirror flow data is automatically subjected to IP fragmentation, and then the IP fragmented mirror flow data is fragmented and transmitted to the remote communication device, so as to ensure that the encapsulated mirror flow data exceeding the data volume threshold can be transmitted in a long distance, and subsequently, IP fragmentation reassembly is performed on the IP fragmented mirror flow data received at the remote communication device.
It should be noted that the data amount threshold may be set to the MTU, or may be set to another value according to an actual situation, and is not limited specifically here.
In the embodiment, the original mirror image flow data of the mirror image port is encapsulated by acquiring the network address information such as the destination IP address and the gateway of the remote communication device configured for the mirror image port of the local communication device, and the encapsulated mirror image flow data is transmitted to the remote communication device corresponding to the destination IP address through the gateway, so that the encapsulated mirror image flow data is transmitted to the remote communication device accessible to any network, and the use range of mirror image flow data acquisition is expanded.
Example 4
The embodiment provides a processing system for mirroring traffic data, which is applied to a remote communication device, and as shown in fig. 4, the processing system includes a receiving module 41 and an decapsulation module 42;
a receiving module 41, configured to receive, through the gateway, the encapsulated mirror image traffic data transmitted by the local communication device;
and a decapsulation module 42, configured to decapsulate the encapsulated mirror image traffic data.
In this embodiment, the source IP address of the local communication device and the destination IP address of the remote communication device are in a route reachable state on the network. The remote communication equipment can receive the real-time encapsulated mirror image flow data transmitted by the local communication equipment so as to remotely acquire the real-time mirror image flow data.
In an implementation scenario, as shown in fig. 4, the processing system further includes a package information obtaining module 43 and a decryption module 44;
a package information obtaining module 43, configured to obtain package information of the original mirror image traffic data when the packaged mirror image traffic data is encrypted data;
and the decryption module 44 is configured to decrypt the encapsulated image traffic data according to the key generated based on the encapsulation information.
In this embodiment, the encapsulation information may be encapsulation time of the original mirror image traffic data, an IP address of the original mirror image traffic data, or other identity information.
For example, in the process of encapsulating the original mirror flow data, 4 bytes of encapsulation time is used as a key of the original mirror flow data to be transmitted, and when the third-party remote communication device receives the encapsulated mirror flow data, the key of the original mirror flow data can be acquired, and then the encapsulated mirror flow data can be decrypted according to the key, so that the security of the data is ensured.
In one embodiment, as shown in fig. 4, the processing system further includes a serial number obtaining module 45 and a verification module 46;
a serial number obtaining module 45, configured to obtain a serial number of the encapsulated mirror image traffic data;
and the verification module 46 is configured to verify whether the encapsulated mirror traffic data is lost according to the serial number.
In this embodiment, each data type has a respective independent serial number, and whether the encapsulated mirror flow data is lost is verified according to the respective independent serial numbers, so as to ensure reliability of data transmission.
The embodiment receives the encapsulated mirror image traffic data transmitted by the local communication equipment through the gateway; and the encapsulated mirror image flow data is subjected to de-encapsulation processing, so that the acquired mirror image flow data is received remotely, and meanwhile, the application scene is enriched by the cooperation of the remote communication equipment and the local communication equipment.
Example 5
Fig. 5 is a schematic structural diagram of an electronic device according to embodiment 5 of the present invention. The electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the processing method of mirroring traffic data of embodiments 1 and 2 when executing the program. The electronic device 30 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 5, the electronic device 30 may be embodied in the form of a general purpose computing device, which may be, for example, a server device. The components of the electronic device 30 may include, but are not limited to: the at least one processor 31, the at least one memory 32, and a bus 33 connecting the various system components (including the memory 32 and the processor 31).
The bus 33 includes a data bus, an address bus, and a control bus.
The memory 32 may include volatile memory, such as Random Access Memory (RAM)321 and/or cache memory 322, and may further include Read Only Memory (ROM) 323.
The processor 31 executes various functional applications and data processing, such as the processing method of mirroring traffic data of embodiments 1 and 2 of the present invention, by running the computer program stored in the memory 32.
The electronic device 30 may also communicate with one or more external devices 34 (e.g., keyboard, pointing device, etc.). Such communication may be through input/output (I/O) interfaces 35. Also, model-generating device 30 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via network adapter 36. As shown in FIG. 5, network adapter 36 communicates with the other modules of model-generating device 30 via bus 33. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the model-generating device 30, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk array) systems, tape drives, and data backup storage systems, to name a few.
It should be noted that although in the above detailed description several units/modules or sub-units/modules of the electronic device are mentioned, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the units/modules described above may be embodied in one unit/module according to embodiments of the invention. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.
Example 6
The present embodiment provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the processing method of the mirror traffic data provided in embodiments 1 and 2.
More specific examples, among others, that the readable storage medium may employ may include, but are not limited to: a portable disk, a hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible implementation, the present invention can also be implemented in the form of a program product comprising program code for causing a terminal device to execute a processing method for mirroring traffic data as described in embodiments 1 and 2, when the program product is run on the terminal device.
Where program code for carrying out the invention is written in any combination of one or more programming languages, the program code may execute entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device and partly on a remote device or entirely on the remote device.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that this is by way of example only, and that the scope of the invention is defined by the appended claims. Various changes and modifications to these embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications are within the scope of the invention.
Claims (12)
1. A processing method for mirroring traffic data is applied to a local communication device, and the processing method comprises the following steps:
acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment;
packaging the original mirror image flow data of the mirror image port to obtain packaged mirror image flow data;
and transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
2. The method of mirroring traffic data according to claim 1, wherein the network address information further comprises a port number of a remote communication device; transmitting the encapsulated mirror image traffic data to the remote communication device corresponding to the remote communication device IP address through the gateway, including:
and transmitting the encapsulated mirror image traffic data to a remote communication equipment port corresponding to the port number through the gateway.
3. The method of mirroring traffic data as recited in claim 1, wherein the network address information further includes a source IP address of a local communication device; transmitting the encapsulated mirror image traffic data to the remote communication device corresponding to the destination IP address through the gateway, including:
judging whether the source IP address and the destination IP address belong to the same network segment;
if the source IP address and the destination IP address do not belong to the same network segment, transmitting the encapsulated mirror image flow data to remote communication equipment corresponding to the destination IP address through the gateway;
and if the source IP address and the destination IP address belong to the same network segment, directly transmitting the encapsulated mirror image flow data to remote communication equipment corresponding to the destination IP address.
4. The method for processing mirror traffic data according to claim 1, wherein the encapsulating the original mirror traffic data to obtain encapsulated mirror traffic data includes:
packaging the original mirror image flow data according to a UDP format to obtain packaged mirror image flow data;
and/or the presence of a gas in the gas,
and performing compression processing and/or encryption processing on the original mirror image flow data in the process of packaging according to the UDP format, wherein a key for the encryption processing is generated according to the packaging information of the original mirror image flow data.
5. The method of processing mirrored traffic data as claimed in claim 1, wherein the method of processing further comprises:
if the size of the encapsulated mirror image flow data exceeds a data volume threshold, performing IP fragmentation on the encapsulated mirror image flow data;
and transmitting the mirror image flow data fragment after the IP fragment to the remote communication equipment.
6. A processing method for mirroring traffic data is applied to a remote communication device, and the processing method comprises the following steps:
receiving the encapsulated mirror image flow data transmitted by the local communication equipment through a gateway;
and de-encapsulating the encapsulated mirror image flow data.
7. The method of processing mirrored traffic data as claimed in claim 6, wherein the method of processing further comprises:
acquiring encapsulation information of the original mirror image flow data under the condition that the encapsulated mirror image flow data is encrypted data;
and decrypting the packaged mirror image flow data according to the key generated based on the packaging information.
8. The method of processing mirrored traffic data as claimed in claim 6, wherein the method of processing further comprises:
acquiring a serial number of the encapsulated mirror image flow data;
and verifying whether the encapsulated mirror image flow data is lost or not according to the sequence number.
9. The processing system for mirror image flow data is applied to local communication equipment and comprises a network address information acquisition module, an encapsulation module and a transmission module;
the network address information acquisition module is used for acquiring network address information configured for a mirror image port of local communication equipment, wherein the network address information comprises a destination IP address and a gateway of remote communication equipment;
the encapsulation module is used for encapsulating the original mirror image flow data of the mirror image port to obtain the encapsulated mirror image flow data;
and the transmission module is used for transmitting the encapsulated mirror image flow data to the remote communication equipment corresponding to the destination IP address through the gateway.
10. A processing system for mirroring traffic data, the processing system being applied to a remote communication device, the processing system comprising a receiving module and a decapsulation module;
the receiving module is used for receiving the encapsulated mirror image flow data transmitted by the local communication equipment through the gateway;
and the decapsulation module is used for decapsulating the encapsulated mirror image flow data.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of mirroring traffic data according to any one of claims 1 to 8 when executing the computer program.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of processing mirrored traffic data according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210094896.9A CN114500412A (en) | 2022-01-26 | 2022-01-26 | Method and system for processing mirror image flow data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210094896.9A CN114500412A (en) | 2022-01-26 | 2022-01-26 | Method and system for processing mirror image flow data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114500412A true CN114500412A (en) | 2022-05-13 |
Family
ID=81476985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210094896.9A Pending CN114500412A (en) | 2022-01-26 | 2022-01-26 | Method and system for processing mirror image flow data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500412A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114522A1 (en) * | 2003-11-26 | 2005-05-26 | Lavigne Bruce E. | Remote mirroring using IP encapsulation |
| US20050220091A1 (en) * | 2004-03-31 | 2005-10-06 | Lavigne Bruce E | Secure remote mirroring |
| CN101035033A (en) * | 2007-04-04 | 2007-09-12 | 杭州华为三康技术有限公司 | Message mirroring method and network device for supporting the remote message mirror |
| CN101335740A (en) * | 2007-06-26 | 2008-12-31 | 华为技术有限公司 | Method and system for transmitting and receiving data |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN111865748A (en) * | 2020-06-10 | 2020-10-30 | 新华三技术有限公司 | Communication system and communication method |
-
2022
- 2022-01-26 CN CN202210094896.9A patent/CN114500412A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050114522A1 (en) * | 2003-11-26 | 2005-05-26 | Lavigne Bruce E. | Remote mirroring using IP encapsulation |
| US20050220091A1 (en) * | 2004-03-31 | 2005-10-06 | Lavigne Bruce E | Secure remote mirroring |
| CN101035033A (en) * | 2007-04-04 | 2007-09-12 | 杭州华为三康技术有限公司 | Message mirroring method and network device for supporting the remote message mirror |
| CN101335740A (en) * | 2007-06-26 | 2008-12-31 | 华为技术有限公司 | Method and system for transmitting and receiving data |
| CN111478862A (en) * | 2020-03-09 | 2020-07-31 | 邦彦技术股份有限公司 | Remote data mirroring system and method |
| CN111865748A (en) * | 2020-06-10 | 2020-10-30 | 新华三技术有限公司 | Communication system and communication method |
Non-Patent Citations (1)
| Title |
|---|
| 朱晓姝: "计算机网络", 31 August 2017, pages: 163 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10862871B2 (en) | Hardware-accelerated payload filtering in secure communication | |
| US7948921B1 (en) | Automatic network optimization | |
| JP5074558B2 (en) | Network processing using IPSec | |
| US11870761B1 (en) | Hardware security accelerator | |
| US20230421627A1 (en) | Technologies for accelerated http processing with hardware acceleration | |
| US20040139313A1 (en) | Tagging mechanism for data path security processing | |
| US20200334184A1 (en) | Offloading data movement for packet processing in a network interface controller | |
| US9445384B2 (en) | Mobile device to generate multiple maximum transfer units and data transfer method | |
| EP3329651A1 (en) | Efficient use of ipsec tunnels in a multi-path environment | |
| CN114050921B (en) | UDP-based high-speed encryption data transmission system realized by FPGA | |
| CN114157649A (en) | Reliable data transmission method and device, computer equipment and storage medium | |
| CN116366740A (en) | Data transmission method, device, system, storage medium and processor | |
| WO2010025628A1 (en) | Method, equipment and system for data transmission on physical layer. | |
| CN102724133A (en) | Method and device for transmitting internet protocol (IP) message | |
| CN114679265B (en) | Flow acquisition method, device, electronic equipment and storage medium | |
| CN114500412A (en) | Method and system for processing mirror image flow data | |
| McGregor et al. | Performance impact of data compression on virtual private network transactions | |
| CN112910646B (en) | Data processing method and device of server cipher machine and server cipher machine | |
| CN114070606A (en) | Network security terminal device based on domestic operating system and working method | |
| JP2002026927A (en) | Capsulating method and unit, and program recording medium | |
| CN115189969B (en) | Network encryption communication method, device, medium and equipment | |
| CN112333204B (en) | 5G network transmission security device based on TCP IP protocol disorder feature code | |
| CN108234461A (en) | A kind of encrypted blinded communication system and method based on USB pairings | |
| Richard et al. | Design and performance of a split protocol architecture on Distributed Network Protocol 3 (DNP3) | |
| KR100522090B1 (en) | METHOD FOR SECURING PAEKETS IN IPv6 LAYER |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |