CN114553798A - Flow mirroring method, device, electronic equipment, medium and product - Google Patents

Flow mirroring method, device, electronic equipment, medium and product Download PDF

Info

Publication number
CN114553798A
CN114553798A CN202210043204.8A CN202210043204A CN114553798A CN 114553798 A CN114553798 A CN 114553798A CN 202210043204 A CN202210043204 A CN 202210043204A CN 114553798 A CN114553798 A CN 114553798A
Authority
CN
China
Prior art keywords
virtual
operating system
port group
network card
mirror image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210043204.8A
Other languages
Chinese (zh)
Inventor
刘浩
蒋凯
冯顾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202210043204.8A priority Critical patent/CN114553798A/en
Publication of CN114553798A publication Critical patent/CN114553798A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

The invention provides a flow mirroring method, a device, electronic equipment, a medium and a product, wherein the flow mirroring method comprises the following steps: acquiring virtual switch information corresponding to all virtual switches in a virtualized operating system; respectively creating mirror image port groups in a hybrid mode for each virtual switch in the virtualization operating system according to the virtual switch information; setting a virtual network card for an IDS virtual machine pre-deployed in a virtualized operating system according to the information of the virtual switch, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system; the IDS virtual machine obtains the flow of all service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card. The invention can complete the flow mirror image configuration in the IDS virtual machine network card setting process without manually configuring each network card, thereby reducing a large amount of fussy manual configuration work.

Description

Flow mirroring method, device, electronic equipment, medium and product
Technical Field
The invention relates to the technical field of data communication monitoring, in particular to a flow mirroring method, a flow mirroring device, electronic equipment, a medium and a product.
Background
The traffic mirroring is to copy part or all of data related to one or more ports on the device to another port, determine whether the analysis network is safe according to the copied data, and if malicious traffic is detected, quickly locate the corresponding device.
Currently, in the vphere environment, traffic images are mainly divided into port images and port group promiscuous mode images. Port Mirroring (Port Mirroring) is to forward data traffic of one or more source virtual ports in a virtual machine to a certain destination virtual Port through a switch or a router, and monitor the source virtual ports in real time through the destination virtual ports. However, the port mirror only supports the distributed switch, and the implementation of the traffic mirror requires that the virtual network card of each virtual machine be configured in advance, so that the virtual machines are communicated with the switch. When the number of virtual machines is too large, manual configuration needs to be performed one by one, which is cumbersome and wastes time and energy.
The port group promiscuous mode mirror image supports both the distributed switch and the standard switch, but in the interface configuration process, too many configuration steps still exist, and the whole configuration is complicated.
Therefore, how to simplify the configuration steps in the flow mirroring process is a technical problem to be solved urgently.
Disclosure of Invention
The invention provides a flow mirroring method, a flow mirroring device, electronic equipment, a medium and a product, which are used for solving the defects.
The invention provides a flow mirroring method, which comprises the following steps: acquiring virtual switch information corresponding to all virtual switches in a virtualized operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines; respectively creating a mirror image port group in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information, wherein the mirror image port group in the promiscuous mode is used for acquiring a flow mirror image on the port group on the virtual switch; setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system; and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
According to the traffic mirroring method provided by the invention, the virtual switch is one or two of a VSphere distributed switch and a VSphere standard switch.
According to the traffic mirroring method provided by the present invention, the obtaining of the virtual switch information corresponding to each of all the virtual switches in the virtualized operating system includes: and calling an application programming interface used for acquiring the virtual switch information in the VMware vSphere to acquire the virtual switch information corresponding to all the virtual switches in the virtualized operating system.
According to a traffic mirroring method provided by the present invention, the creating mirror port groups in a promiscuous mode for each virtual switch in the virtualized operating system respectively includes: and calling an application programming interface used for creating a mirror image port group in the VMware vSphere, and respectively creating the mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system.
According to the traffic mirroring method provided by the invention, the setting of the virtual network card for the pre-deployed IDS virtual machine in the virtualized operating system comprises the following steps: and calling an application programming interface for adding a virtual network card in the VMware vSphere, and setting the virtual network card for the pre-deployed IDS virtual machine in the virtualized operating system.
According to a traffic mirroring method provided by the present invention, the respectively connecting the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system includes: and calling an application programming interface for network card configuration in the VMware vSphere, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualization operating system.
According to the traffic mirroring method provided by the invention, the method further comprises the following steps: an IDS virtual machine is deployed on a virtualized operating system.
The invention also provides a flow mirroring device, comprising: the information acquisition module is used for acquiring the virtual switch information corresponding to all the virtual switches in the virtualization operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines; a mirror image port group creating module, configured to create, according to the virtual switch information, a mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system, where the mirror image port group in the promiscuous mode is used to obtain a flow mirror image on a port group on the virtual switch where the mirror image port group is located; a flow acquiring module, configured to set a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and connect the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system respectively; and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the steps of any one of the traffic mirroring methods.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of the traffic mirroring methods described above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of any of the traffic mirroring methods described above.
The flow mirroring method comprises the steps of respectively establishing mirror image port groups in a hybrid mode for each virtual switch in the virtualized operating system, setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system, and further respectively connecting the virtual network card with the mirror image port groups, so that the IDS virtual machine can acquire the flow of all service virtual machines in the virtualized operating system through the mirror image port groups connected with the virtual network card, manual configuration of each network card is not needed, and a large amount of complicated manual configuration work is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a traffic mirroring method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a flow mirroring implementation provided in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a flow mirroring apparatus according to an embodiment of the present invention;
fig. 4 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a traffic mirroring method according to an embodiment of the present invention; as shown in fig. 1, the traffic mirroring method may include the steps of:
step 101, obtaining virtual switch information corresponding to all virtual switches in a virtualized operating system.
In this embodiment, the virtualized operating system is Esxi, which is an operating system of VMWare corporation, with virtualization capabilities built in.
The virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines.
Fig. 2 is a schematic diagram of implementing a traffic mirror according to an embodiment of the present invention.
As shown in fig. 2, there are m virtual switches on one Esxi, each virtual switch has n port groups, each port group is connected to a service virtual machines (that is, a virtual machine for processing user services, each port group may be connected to one service virtual machine or to multiple service virtual machines), at this time, one Esxi is connected to m × n × a service virtual machines, and simultaneously, services on m × n × a service virtual machines are processed.
In this step, virtual switch information corresponding to each virtual switch can be acquired on a configuration interface of the taxi host, where the virtual switch information specifically includes information such as a device ID and a port ID; or may be automatically obtained through a relevant API in the VMware vSphere, which is not limited.
Step 102, respectively creating mirror image port groups in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information.
The mirror port group is different from the normal port group in that the mirror port group can be set to the promiscuous mode by calling the VMWare vsphere API. The promiscuous mode is a characteristic of the vsphere port group, and is set as a mirror port group in the promiscuous mode, and can receive traffic mirrors of the service virtual machines connected to ports of all other port groups.
The port group on the virtual switch also refers to an organization unit on the VSphere software switch, one virtual switch can have a plurality of port groups, one port group has a plurality of ports, and the virtual network card of the service virtual machine is connected to one of the ports.
In this step, mirror port group setting may be performed on n port groups on the Vmware vSphere Distributed Switch according to the m pieces of virtual Switch information, specifically, a port mirror callback type is selected for a ports on a port group, then a port mirror name and session detailed information (for example, description of a mirror port and the like) are specified, then a port mirror source is selected, a traffic source and a traffic direction are selected for the mirror port, and finally a port or an uplink is selected as a mirror target of the mirror port. Mirror port groups can also be automatically created for each virtual switch through the associated APIs in VMware vSphere.
103, setting a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
Among them, the IDS virtual machine deployed on the virtualized operating system Esxi is a virtual machine for implementing an IDS function (intrusion detection).
In this step, m virtual network cards are added to the IDS virtual machine according to the information of the m virtual switches, and the added m virtual network cards are connected to the mirror port groups of the virtual switches, respectively. At this time, the IDS virtual machine may obtain the traffic of all the service virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card, that is, one IDS virtual machine can obtain the traffic on m × n × a service virtual machines.
In addition, the virtual network card can be added manually in a virtual network editor in the Vmware virtual machine software, or m virtual network cards can be automatically added to the IDS virtual machine through a related API in the Vmware vSphere.
In the traffic mirroring method provided by the embodiment of the present invention, the mirror port groups in the hybrid mode are respectively created for each virtual switch in the virtualized operating system, the virtual network card is set for the IDS virtual machine pre-deployed in the virtualized operating system, and the virtual network card is further connected to the mirror port groups, so that the IDS virtual machine can obtain the traffic of all the service virtual machines in the virtualized operating system through the mirror port groups connected to the virtual network card, the traffic mirroring configuration can be completed in the IDS virtual machine network card setting process, and each network card does not need to be manually configured, thereby reducing a large amount of cumbersome manual configuration work.
Further, the virtual switches are one or two of VSphere distributed switches and VSphere standard switches, that is, all of the m virtual switches may be VSphere distributed switches, all of the m virtual switches may be VSphere standard switches, or the m virtual switches are composed of b VSphere distributed switches and c VSphere standard switches.
The VSphere distributed switch is located in the VMkernel, and is a virtual switch spanning multiple associated Esxi hosts, and is responsible for managing traffic of the virtual machine and the VMkernel. In addition, because the VSphere distributed switch is established on the basis of the vCenter Server, the management and monitoring of the network of all associated Esxi hosts can be realized by configuring the distributed switch.
The VSphere standard switch is also located in the VMkernel, and is mainly used for providing network connection between the host and the virtual machine and managing the traffic of the virtual machine. Standard switches can bridge internal traffic between virtual machines in the same VLAN and link to the outside through an uplink (one or more physical network cards). The point that is different from the VSphere distributed switch described above is that the VSphere standard switch only runs on a single esi host.
The flow mirror image method provided by the embodiment of the invention can realize flow mirror image configuration on two types of virtual switches, namely the VSphere distributed switch and the VSphere standard switch, and has the advantages of wide application range and universality.
Further, the obtaining of the virtual switch information corresponding to each of all virtual switches in the virtualized operating system includes:
and calling an application programming interface used for acquiring the virtual switch information in the VMware vSphere, and acquiring the virtual switch information corresponding to all the virtual switches in the virtualized operating system.
Specifically, the virtual switch information of each virtual switch is acquired by calling an API capable of acquiring the virtual switch information in the VMware vSphere.
According to the traffic mirroring method provided by the embodiment of the invention, the virtual switch information is automatically acquired through the API used for acquiring the virtual switch information in the VMware vSphere, so that the configuration process of the traffic mirroring is further simplified, and the manual configuration work is reduced.
Further, the creating a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system includes:
and calling an application programming interface used for creating a mirror image port group in the VMware vSphere, and respectively creating the mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system.
Specifically, the mirror port groups in promiscuous mode are automatically and respectively created for each virtual switch by calling an API capable of creating the mirror port groups in VMware vSphere.
According to the traffic mirroring method provided by the embodiment of the invention, the mirror port group is automatically created for each virtual switch through the API used for creating the mirror port group in the VMware vSphere, so that the configuration process of traffic mirroring is further simplified, and the manual configuration work is reduced.
Further, the setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system includes:
and calling an application programming interface for adding a virtual network card in the VMware vSphere, and setting the virtual network card for the pre-deployed IDS virtual machine in the virtualized operating system.
Specifically, the mirror port groups in promiscuous mode are automatically and respectively created for each virtual switch by calling an API capable of creating the mirror port groups in VMware vSphere.
According to the traffic mirroring method provided by the embodiment of the invention, the mirror port group is automatically created for each virtual switch through the API used for creating the mirror port group in the VMware vSphere, so that the configuration process of traffic mirroring is further simplified, and the manual configuration work is reduced.
Further, the respectively connecting the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system includes:
and calling an application programming interface for network card configuration in the VMware vSphere, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualization operating system.
Specifically, the set virtual network card and the set mirror image port group are automatically configured by calling an API capable of configuring a network card in the VMware vSphere, so that the set virtual network card is connected with the set mirror image port group.
According to the flow mirroring method provided by the embodiment of the invention, the set virtual network card is automatically connected with the mirror image port group through the API for network card configuration in the VMware vSphere, so that the configuration process of the flow mirroring is further simplified, and the manual configuration work is reduced.
Further, the method further comprises: an IDS virtual machine is deployed on a virtualized operating system.
Specifically, before the information of the virtual switch is acquired, the IDS virtual machine is deployed on the virtualized operating system Esxi, and the deployment of the IDS virtual machine may be completed through vmwartcenter, which is not limited in the present invention.
In addition, after the IDS virtual machine obtains the flow of all the service virtual machines, the safety detection is carried out on the flow of all the service virtual machines, so that the safety loopholes are found in time, the corresponding service virtual machines are quickly positioned, and the processing is carried out in time.
The flow mirroring device provided by the present invention is described below, and the flow mirroring device described below and the flow mirroring method described above may be referred to in correspondence with each other.
Fig. 3 is a schematic structural diagram of a flow mirroring device according to an embodiment of the present invention, and as shown in fig. 3, a flow mirroring device includes:
an information obtaining module 301, configured to obtain virtual switch information corresponding to all virtual switches in the virtualized operating system.
The virtualized operating system is Esxi, which is an operating system of VMWare, and has a virtualization capability built in.
The virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines. Specifically, there are m virtual switches on one Esxi, each virtual switch has n port groups, each port group has a service virtual machines (i.e., virtual machines for processing user services), at this time, one Esxi is connected to m × n × a service virtual machines, and simultaneously processes services on m × n × a service virtual machines.
In the module, virtual switch information corresponding to each virtual switch can be acquired on a configuration interface of the Esxi host, wherein the virtual switch information specifically comprises information such as equipment ID (identity), port ID (identity) and the like; or may be automatically obtained through a relevant API in the VMware vSphere, which is not limited.
A mirror port group creating module 302, configured to create a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system according to the virtual switch information.
The mirror port group is different from the normal port group in that the mirror port group can be set to the promiscuous mode by calling the VMWare vsphere API. The promiscuous mode is a characteristic of the vsphere port group, and is set as a mirror port group in the promiscuous mode, and can receive traffic mirrors of the service virtual machines connected to ports of all other port groups.
The port group on the virtual switch also refers to an organization unit on the VSphere software switch, one virtual switch can have a plurality of port groups, one port group has a plurality of ports, and the virtual network card of the service virtual machine is connected to one of the ports.
In this module, mirror port group setting may be performed on n port groups on a Vmware vSphere Distributed Switch according to m pieces of virtual Switch information, specifically, a port mirror callback type is selected for a ports on a port group, a port mirror name and session detailed information (for example, description of a mirror port and the like) are specified, a port mirror source is selected, a traffic source and a traffic direction are selected for the mirror port, and a port or an uplink is selected as a mirror target of the mirror port. Mirror port groups can also be automatically created for each virtual switch through the associated APIs in VMware vSphere.
A flow acquiring module 303, configured to set a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and connect the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system respectively;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
Among them, the IDS virtual machine deployed on the virtualized operating system esix is a virtual machine for implementing IDS functions (intrusion detection).
In the module, m virtual network cards are added to the IDS virtual machine according to the information of the m virtual switches, and the added m virtual network cards are respectively connected with the mirror image port groups of the virtual switches. At this time, the IDS virtual machine may obtain the traffic of all the service virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card, that is, one IDS virtual machine can obtain the traffic on m × n × a service virtual machines.
In addition, the virtual network card can be added manually in a virtual network editor in Vmware virtual machine software, or m virtual network cards can be automatically added to the IDS virtual machine through a relevant API in Vmware vSphere.
In the traffic mirroring device provided in the embodiment of the present invention, the mirror port groups in the hybrid mode are respectively created for each virtual switch in the virtualized operating system, the virtual network card is set for the IDS virtual machine pre-deployed in the virtualized operating system, and the virtual network card is further connected to the mirror port groups, so that the IDS virtual machine can obtain the traffic of all the service virtual machines in the virtualized operating system through the mirror port groups connected to the virtual network card, and the traffic mirroring configuration can be completed in the IDS virtual machine network card setting process without manually configuring each network card, thereby reducing a large amount of cumbersome manual configuration work.
Further, the virtual switches are one or two of VSphere distributed switches and VSphere standard switches, that is, all of the m virtual switches may be VSphere distributed switches, all of the m virtual switches may be VSphere standard switches, or the m virtual switches are composed of b VSphere distributed switches and c VSphere standard switches.
The flow mirror image device provided by the embodiment of the invention can realize flow mirror image configuration on two types of virtual switches, namely the VSphere distributed switch and the VSphere standard switch, and has the advantages of wide application range and universality.
Further, the obtaining of the virtual switch information corresponding to each of all virtual switches in the virtualized operating system includes:
and calling an application programming interface used for acquiring the virtual switch information in the VMware vSphere, and acquiring the virtual switch information corresponding to all the virtual switches in the virtualized operating system.
Specifically, the virtual switch information of each virtual switch is acquired by calling an API capable of acquiring the virtual switch information in the VMware vSphere.
The flow mirroring device provided by the embodiment of the invention automatically acquires the virtual switch information through the API used for acquiring the virtual switch information in the VMware vSphere, thereby further simplifying the configuration process of the flow mirroring and reducing the manual configuration work.
Further, the creating a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system includes:
and calling an application programming interface used for creating a mirror image port group in the VMware vSphere, and respectively creating the mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system.
Specifically, the mirror port groups in promiscuous mode are automatically and respectively created for each virtual switch by calling an API capable of creating the mirror port groups in VMware vSphere.
The flow mirroring device provided by the embodiment of the invention automatically creates the mirror image port group for each virtual switch through the API used for creating the mirror image port group in the VMware vSphere, thereby further simplifying the configuration process of flow mirroring and reducing manual configuration work.
Further, the setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system includes:
and calling an application programming interface for adding a virtual network card in the VMware vSphere, and setting the virtual network card for the pre-deployed IDS virtual machine in the virtualized operating system.
Specifically, the mirror port groups in promiscuous mode are automatically and respectively created for each virtual switch by calling an API capable of creating the mirror port groups in VMware vSphere.
The flow mirroring device provided by the embodiment of the invention automatically creates the mirror image port group for each virtual switch through the API used for creating the mirror image port group in the VMware vSphere, thereby further simplifying the configuration process of flow mirroring and reducing manual configuration work.
Further, the respectively connecting the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system includes:
and calling an application programming interface for network card configuration in the VMware vSphere, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualization operating system.
Specifically, the set virtual network card and the set mirror image port group are automatically configured by calling an API capable of configuring a network card in the VMware vSphere, so that the set virtual network card is connected with the set mirror image port group.
According to the flow mirroring device provided by the embodiment of the invention, the set virtual network card is automatically connected with the mirror image port group through the API for network card configuration in the VMware vSphere, so that the configuration process of the flow mirroring is further simplified, and the manual configuration work is reduced.
Fig. 4 is a schematic entity structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 4, the electronic device may include: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. Processor 410 may invoke logic instructions in memory 430 to perform a traffic mirroring method comprising: acquiring virtual switch information corresponding to all virtual switches in a virtualized operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines;
respectively creating a mirror image port group in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information, wherein the mirror image port group in the promiscuous mode is used for acquiring a flow mirror image on the port group on the virtual switch;
setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product includes a computer program, the computer program can be stored on a non-transitory computer readable storage medium, when the computer program is executed by a processor, a computer can execute the traffic mirroring method provided by the above methods, including: acquiring virtual switch information corresponding to all virtual switches in a virtualized operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines;
respectively creating a mirror image port group in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information, wherein the mirror image port group in the promiscuous mode is used for acquiring a flow mirror image on the port group on the virtual switch;
setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to perform the methods provided by the above methods to perform a traffic mirroring method, including: acquiring virtual switch information corresponding to all virtual switches in a virtualized operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines;
respectively creating a mirror image port group in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information, wherein the mirror image port group in the promiscuous mode is used for acquiring a flow mirror image on the port group on the virtual switch;
setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (11)

1. A method of traffic mirroring, comprising:
acquiring virtual switch information corresponding to all virtual switches in a virtualization operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines;
respectively creating a mirror image port group in a promiscuous mode for each virtual switch in the virtualization operating system according to the virtual switch information, wherein the mirror image port group in the promiscuous mode is used for acquiring a flow mirror image on the port group on the virtual switch;
setting a virtual network card for an IDS virtual machine which is pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualized operating system;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
2. The traffic mirroring method of claim 1, wherein the virtual switch is one or both of a VSphere distributed switch and a VSphere standard switch.
3. The traffic mirroring method according to claim 1, wherein the obtaining of the virtual switch information corresponding to each of all virtual switches in the virtualized operating system comprises:
and calling an application programming interface used for acquiring the virtual switch information in the VMware vSphere, and acquiring the virtual switch information corresponding to all the virtual switches in the virtualized operating system.
4. The traffic mirroring method of claim 1, wherein the creating a mirror port group in promiscuous mode for each of the virtual switches in the virtualized operating system comprises:
and calling an application programming interface used for creating a mirror image port group in VMware vSphere, and respectively creating the mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system.
5. The traffic mirroring method of claim 1, wherein the setting of a virtual network card for a pre-deployed IDS virtual machine in the virtualized operating system comprises:
and calling an application programming interface for adding a virtual network card in the VMware vSphere, and setting the virtual network card for the pre-deployed IDS virtual machine in the virtualized operating system.
6. The traffic mirroring method according to claim 1, wherein the respectively connecting the set virtual network card to the mirror port groups of the virtual switches in the virtualized operating system comprises:
and calling an application programming interface for network card configuration in the VMware vSphere, and respectively connecting the set virtual network card with the mirror image port group of each virtual switch in the virtualization operating system.
7. The traffic mirroring method of any one of claims 1 to 6, further comprising:
an IDS virtual machine is deployed on a virtualized operating system.
8. A traffic mirroring apparatus, comprising:
the information acquisition module is used for acquiring the virtual switch information corresponding to all the virtual switches in the virtualization operating system; the virtualization operating system is provided with a plurality of virtual switches, and port groups on the virtual switches are connected with a plurality of service virtual machines;
a mirror image port group creating module, configured to create, according to the virtual switch information, a mirror image port group in a promiscuous mode for each virtual switch in the virtualized operating system, where the image port group in the promiscuous mode is used to obtain a flow mirror image on a port group on the virtual switch where the image port group is located;
a flow acquiring module, configured to set a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and connect the set virtual network card with the mirror port group of each virtual switch in the virtualized operating system respectively;
and the IDS virtual machine acquires the flow of all the service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the steps of the traffic mirroring method according to any one of claims 1 to 7.
10. A non-transitory computer readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the steps of the traffic mirroring method according to any one of claims 1 to 7.
11. A computer program product comprising a computer program, wherein the computer program when executed by a processor implements the steps of the traffic mirroring method according to any one of claims 1 to 7.
CN202210043204.8A 2022-01-14 2022-01-14 Flow mirroring method, device, electronic equipment, medium and product Pending CN114553798A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210043204.8A CN114553798A (en) 2022-01-14 2022-01-14 Flow mirroring method, device, electronic equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210043204.8A CN114553798A (en) 2022-01-14 2022-01-14 Flow mirroring method, device, electronic equipment, medium and product

Publications (1)

Publication Number Publication Date
CN114553798A true CN114553798A (en) 2022-05-27

Family

ID=81671471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210043204.8A Pending CN114553798A (en) 2022-01-14 2022-01-14 Flow mirroring method, device, electronic equipment, medium and product

Country Status (1)

Country Link
CN (1) CN114553798A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103354530A (en) * 2013-07-18 2013-10-16 北京启明星辰信息技术股份有限公司 Virtualization network boundary data flow gathering method and apparatus
CN104468504A (en) * 2014-10-22 2015-03-25 南京绿云信息技术有限公司 Monitoring method and system for virtualized network dynamic information security
CN105337789A (en) * 2014-08-12 2016-02-17 北京启明星辰信息安全技术有限公司 Method and device for monitoring flow of virtual network
CN105743734A (en) * 2016-01-22 2016-07-06 北京航空航天大学 Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device
US20160291999A1 (en) * 2015-04-02 2016-10-06 Vmware, Inc. Spanned distributed virtual switch
CN106254176A (en) * 2016-07-29 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
CN106790411A (en) * 2016-11-30 2017-05-31 武汉噢易云计算股份有限公司 The non-polymeric port cascade system and method for virtual switch and physical switches
CN107896215A (en) * 2017-11-24 2018-04-10 北京国网富达科技发展有限责任公司 A kind of dispositions method and device of the intruding detection system based on virtual machine
US20200366715A1 (en) * 2013-02-12 2020-11-19 Nicira, Inc. Infrastructure level lan security

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200366715A1 (en) * 2013-02-12 2020-11-19 Nicira, Inc. Infrastructure level lan security
CN103354530A (en) * 2013-07-18 2013-10-16 北京启明星辰信息技术股份有限公司 Virtualization network boundary data flow gathering method and apparatus
CN105337789A (en) * 2014-08-12 2016-02-17 北京启明星辰信息安全技术有限公司 Method and device for monitoring flow of virtual network
CN104468504A (en) * 2014-10-22 2015-03-25 南京绿云信息技术有限公司 Monitoring method and system for virtualized network dynamic information security
US20160291999A1 (en) * 2015-04-02 2016-10-06 Vmware, Inc. Spanned distributed virtual switch
CN105743734A (en) * 2016-01-22 2016-07-06 北京航空航天大学 Virtual machine mirror image flow transmission control method and virtual machine mirror image flow transmission control device
CN106254176A (en) * 2016-07-29 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
CN106790411A (en) * 2016-11-30 2017-05-31 武汉噢易云计算股份有限公司 The non-polymeric port cascade system and method for virtual switch and physical switches
CN107896215A (en) * 2017-11-24 2018-04-10 北京国网富达科技发展有限责任公司 A kind of dispositions method and device of the intruding detection system based on virtual machine

Similar Documents

Publication Publication Date Title
EP3300298B1 (en) Method and apparatus for switching vnf
CN108989151B (en) Flow collection method for network or application performance management
WO2017107656A1 (en) Virtualized network element failure self-healing method and device
CN112073252A (en) Cloud platform monitoring method and system, electronic equipment and storage medium
CN107908957B (en) Safe operation management method and system of intelligent terminal
CN107241283B (en) Cross-host tenant east-west network traffic mirror image acquisition method
US20200228440A1 (en) Information processing method and related device
CN110365699B (en) Traffic processing method, device and system and gateway equipment
CN113098852B (en) Log processing method and device
CN108880864B (en) Automatic recovery method and device for service network, disaster recovery platform and storage medium
CN114363334A (en) Network configuration method, device and equipment for cloud system and cloud desktop virtual machine
CN110798341A (en) Service opening method, device and system
CN114386934A (en) Method and device for generating business process, server and storage medium
CN114553798A (en) Flow mirroring method, device, electronic equipment, medium and product
CN110380930B (en) Test method, test device, server and computer storage medium
US9071548B2 (en) Methods, systems, and computer readable media for effecting movement of virtual switch interfaces between virtual switches connected to different physical ports of a device under test
CN110557267A (en) network Function Virtualization (NFV) -based capacity modification method and device
CN109039956B (en) Port mirroring method, device, host and storage medium
CN112995009B (en) Method and device for enabling virtual machine to mirror image flow of local virtualization network
CN115208671A (en) Firewall configuration method and device, electronic equipment and storage medium
CN112291096B (en) Configuration method and device of bare metal server
CN114125039A (en) Discovery and control method and device for access relation between services
CN113691389A (en) Configuration method of load balancer, server and storage medium
CN113591139A (en) File access control method and device
CN111190701A (en) Method and device for detecting data migration integrity of virtualization platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination