CN114615174A - Flow monitoring method and device - Google Patents
Flow monitoring method and device Download PDFInfo
- Publication number
- CN114615174A CN114615174A CN202210233281.XA CN202210233281A CN114615174A CN 114615174 A CN114615174 A CN 114615174A CN 202210233281 A CN202210233281 A CN 202210233281A CN 114615174 A CN114615174 A CN 114615174A
- Authority
- CN
- China
- Prior art keywords
- flow
- network card
- physical machine
- monitoring module
- target network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 140
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012545 processing Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012806 monitoring device Methods 0.000 claims 1
- 230000004044 response Effects 0.000 abstract description 5
- 101100289995 Caenorhabditis elegans mac-1 gene Proteins 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0894—Packet rate
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a flow monitoring method and a device, comprising the following steps: setting a flow monitoring module in each physical machine in the cloud platform; for each physical machine, all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module. The method and the device have the advantages that the flow information can be acquired in real time, the response time is reduced, the method and the device are suitable for different cloud platforms, the time for connecting interfaces of cloud platform flow rate statistics is reduced, and the efficiency is improved.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a traffic monitoring method and apparatus.
Background
Flow monitoring refers to monitoring of data flow, and generally includes outgoing data, incoming data speed, and total flow. With the development of cloud computing, various cloud platforms are also produced. The cloud platform allows developers to either run written programs in the "cloud" or use services provided in the "cloud".
At present, for flow monitoring of a cloud platform, a cloud platform manufacturer mainly provides a flow monitoring function, a third party can only monitor flow in an Application Program Interface (API) manner provided by the cloud platform manufacturer, and most cloud manufacturers cannot provide a real-time flow rate condition, so that delay of flow rate is obtained, response time to an emergency is increased, and serious consequences may be caused. Moreover, the API of the flow rate statistics provided by each cloud platform manufacturer is inconsistent, and it takes time to adapt one to one, which is inefficient.
Disclosure of Invention
To solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for monitoring traffic.
Specifically, the embodiment of the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a traffic monitoring method, including: setting a flow monitoring module in each physical machine in the cloud platform; for each physical machine, all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module.
Furthermore, at least one service virtual machine is arranged in each physical machine; and the step of mirroring all the flow passing through the physical machine to a flow monitoring module in the physical machine comprises the following steps: and all the flow passing through at least one service virtual machine in the physical machine is mirrored into a flow monitoring module in the physical machine.
Further, the setting of a flow monitoring module in each physical machine in the cloud platform includes: and setting a safety virtual machine in each physical machine in the cloud platform, and determining the safety virtual machine as the flow monitoring module.
Further, the mirroring of all the traffic passing through the physical machine to the traffic monitoring module in the physical machine includes: and all the flow passing through the physical machine is mirrored into the flow monitoring module in the physical machine through the mirror image port of the flow monitoring module.
Further, the calculating, by the flow monitoring module, an inlet/outlet flow rate of at least one target network card includes: the flow monitoring module reads the flow information of the at least one target network card in a preset time period in a sliding window mode, and calculates the inlet and outlet flow velocity of the at least one target network card according to the flow information and the preset time period.
Further, the traffic information includes at least one source mac address and a traffic size corresponding to the at least one source mac address, and at least one destination mac address and a traffic size corresponding to the at least one destination mac address; and the flow monitoring module reads flow information in a preset time period in a sliding window mode, and calculates the inlet and outlet flow rate of at least one target network card according to the flow information and the preset time period, wherein the flow monitoring module comprises: the traffic monitoring module reads at least one source mac address of the at least one target network card and traffic corresponding to the at least one source mac address within a preset time period, and reads at least one destination mac address of the at least one target network card and traffic corresponding to the at least one destination mac address in a sliding window manner; calculating the outlet flow rate of at least one target network card according to at least one source mac address of at least one target network card and the flow corresponding to the at least one source mac address; and calculating the inlet flow rate of the at least one target network card according to the at least one target mac address of the at least one target network card and the flow corresponding to the at least one target mac address.
Further, the method further comprises: uploading the inlet-outlet flow rate of the at least one target network card to a web server so as to display the inlet-outlet flow rate in the web server; and/or uploading the inlet and outlet flow rate of the at least one target network card to a web server, and uploading the inlet and outlet flow rate of the at least one target network card to a database through the web server so that the web server can inquire the historical inlet and outlet flow rate of the at least one target network card; and/or, the querying the historical inlet/outlet flow rate of the at least one target network card comprises: and inquiring historical inlet and outlet flow velocity of the at least one target network card, determining a corresponding historical inlet and outlet flow velocity trend graph according to the at least one target network card and the corresponding historical inlet and outlet flow velocity, and sending the historical inlet and outlet flow velocity trend graph to a web server so as to display the historical inlet and outlet flow velocity trend graph in the web server.
In a second aspect, an embodiment of the present invention further provides a flow monitoring apparatus, including: the first processing module is used for setting a flow monitoring module in each physical machine in the cloud platform; and the second processing module is used for mirroring all the flow passing through the physical machine to the flow monitoring module in the physical machine for each physical machine, and calculating the inlet and outlet flow rate of at least one target network card through the flow monitoring module.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the traffic monitoring method according to the first aspect when executing the program.
In a fourth aspect, the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the traffic monitoring method according to the first aspect.
In a fifth aspect, an embodiment of the present invention further provides a computer program product, on which executable instructions are stored, and when executed by a processor, the instructions cause the processor to implement the steps of the traffic monitoring method according to the first aspect.
According to the flow monitoring method and device provided by the embodiment of the invention, a flow monitoring module is arranged in each physical machine in the cloud platform; for each physical machine, all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module. The method and the device have the advantages that the flow information can be acquired in real time, the response time is reduced, the method and the device are suitable for different cloud platforms, the time for connecting interfaces of cloud platform flow rate statistics is reduced, and the efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of an embodiment of a traffic monitoring method of the present invention;
FIG. 2 is a flow chart of an alternate embodiment of a flow monitoring method of the present invention;
FIG. 3-1 is a schematic diagram of an application scenario in which data is mirrored in a traffic monitoring module;
fig. 3-2 is a schematic diagram of an application scenario of reading traffic data in a sliding window manner;
3-3 are schematic diagrams of an application scenario for acquiring non-traffic data within a cloud and acquiring real-time traffic data of a traffic monitoring module;
3-4 are schematic diagrams of an application scenario in which information in a cloud is obtained through an API provided by a cloud platform;
FIG. 4 is a schematic block diagram of some embodiments of the flow monitoring apparatus of the present invention;
fig. 5 is a schematic structural diagram of an electronic device provided in accordance with the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Referring to fig. 1, fig. 1 is a flowchart illustrating a traffic monitoring method according to an embodiment of the present invention. As shown in fig. 1, the flow monitoring method includes the following steps:
Cloud computing platforms can be divided into 3 classes:
(1) a storage type cloud platform mainly based on data storage;
(2) a computing type cloud platform mainly based on data processing;
(3) and the comprehensive cloud computing platform gives consideration to computing and data storage processing.
Cloud platforms refer to hardware-based services that provide computing, networking, and storage capabilities. The cloud platform provides at least one physical machine, and a user can borrow the physical machine in the cloud platform to finish various services.
The cloud platform also provides services, such as traffic monitoring services, which can be called by a user in an API mode and can better help the user to complete the service. As an example, the api i interface information website provided by the cloud platform vendor may be:
https://help.aliyun.com/document_detail/25612.htmspm=a2c4g.11186623.0.0.7d016a99sfiRmD#doc-api-Ecs-DescribeInstanceMonitorData
as an example, the traffic monitoring module may be a virtual machine installed in some physical machine of the cloud platform. The invention does not limit the programming language of the flow monitoring module, the environment of the virtual machine and the like, and can be selected according to specific requirements.
The flow is a digital record, and records the number of bytes consumed by a webpage on a mobile phone, and the units are B, KB, MB and GB.
The flow monitoring may be interpreted as the number of bytes passing in and out through a certain network card, or may be the flow rate of the number of bytes passing in and out through a certain network card.
The invention does not limit the concrete operation of how to set the flow monitoring module.
102, for each physical machine, mirroring all the flow passing through the physical machine to a flow monitoring module in the physical machine, and calculating the inlet and outlet flow rate of at least one target network card through the flow monitoring module.
And the physical machine is used for constructing a cloud platform and providing hardware resources for the flow monitoring module.
As an example, mirroring all traffic passing through the physical machine to the traffic monitoring module in the physical machine may directly call an API with a mirror port function provided by the cloud platform, may also be implemented in a manner of a virtual switch, and may also be implemented by a Linux command itself.
An API (Application Programming Interface) is a predefined Interface (e.g., function, HTTP Interface). May be invoked and executed by other services.
And the mirror image port refers to a network card used for receiving the flow in the cloud in the secure virtual machine. Problem of network flow rate statistics API capable of reducing docking cloud platform
The content of the traffic mirrored into the physical machine includes: the source mac address, the destination mac address, and the traffic size corresponding to both.
The mac (Media Access Control) address is translated into a Media Access Control, or a physical address or a hardware address, which defines the location of the network device. A host may have a mac address. The mac address is determined by the network card and is fixed.
The source mac address refers to a mac address sent by data traffic, that is, the traffic information contains a mac address of an accessor, the mac address of a network card of the accessor is called as a source mac, and the traffic size corresponding to the source mac address is the outlet traffic of the source mac address; the destination mac address refers to a mac address received by data traffic, and the traffic size corresponding to the destination mac address is the ingress traffic of the destination mac address. The destination mac address, that is, the traffic information includes the mac address of the accessed person, and the mac address of the network card of the accessed person is called the destination mac.
As an example, the flow monitoring module may read the ingress and egress flow rate of each target network card within three seconds, and calculate the ingress and egress flow rate and the divisor of three seconds to obtain the ingress and egress flow rate of each target network card in the fourth second.
As an example, the flow rate information may be calculated by distinguishing the inlet and outlet flows of the network card of each virtual machine through mac, and then stored in the database in a unified manner, so as to show the real-time flow rate and the historical flow rate trend graph of each network card of each virtual machine.
In the flow monitoring method disclosed by some embodiments of the invention, a flow monitoring module is arranged in each physical machine in the cloud platform; for each physical machine, all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the inlet-outlet flow velocity of at least one target network card is calculated through the flow monitoring module. The method and the device have the advantages that the flow information can be acquired in real time, the response time is reduced, the method and the device are suitable for different cloud platforms, the time for connecting interfaces of cloud platform flow rate statistics is reduced, and the efficiency is improved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a traffic monitoring method according to another embodiment of the present invention. As shown in fig. 2, the flow monitoring method includes the following steps:
In some embodiments, the specific implementation of step 201 and the technical effect thereof may refer to step 101 in the embodiment corresponding to fig. 1, and are not described herein again.
As an example, the traffic monitoring module may be deployed in a physical machine in the cloud in a manner of a secure virtual machine, where each physical machine needs to deploy a secure virtual machine, and the traffic is fully mirrored to a mirroring network card of the secure virtual machine through a traffic mirroring capability of the physical machine in the cloud. The method comprises the steps of taking out flow information from a mirror network card, then taking out the information from the flow information, respectively carrying out statistics and accumulation on the flow sizes of an inlet and an outlet of a network card in a virtual machine corresponding to a mac according to a source mac, recording the flow size of the inlet and the outlet of each mac in each 1s (or each 10s or a self-defined time period) according to a sliding window mode, calculating inlet and outlet flow rate information corresponding to each mac in the time period, uploading the inlet and outlet flow rate information to a web server, and obtaining the inlet and outlet flow rate of each mac by dividing the total size of the outlet and inlet flow of the self-defined time period (more than or equal to 1) of each mac by the self-defined time period.
As shown in fig. 3-1, data in the physical machine may be mirrored to the traffic monitoring module in real time, and it is necessary to cache the traffic data first, and then read the traffic information in the preset time period in a sliding window manner. As shown in fig. 3-2, the data flow of 4 seconds is buffered, the flow data of the first second is read in a sliding window manner, and then the read data flow is divided by 1 second to obtain the flow speed of the second. The flow data of the first second and the second can also be read in a sliding window manner, and then the sum of the read data flow of the two seconds is divided by 2 seconds to obtain the flow speed of the third second. The calculation rule of the specific flow rate can be set according to specific conditions.
Still taking the above example as an example, the ingress and egress flow rate of at least one target network card is calculated, that is, the cached 4-second data traffic includes the source mac address and the destination mac address of the first second and the traffic sizes corresponding to the source mac address and the destination mac address of the second, the third second and the fourth second and the traffic sizes corresponding to the two.
As can be seen from fig. 2, compared with the description of some embodiments corresponding to fig. 1, the traffic monitoring method in some embodiments corresponding to fig. 2 shows how the traffic monitoring module reads the traffic information. The flow monitoring module reads flow information in a preset time period in a sliding window mode, and calculates the inlet and outlet flow velocity of at least one target network card according to the flow information and the preset time period. The size of the sliding window can be set as required, and the average flow speed in the preset time is calculated.
In some optional implementations, at least one service virtual machine is set in each physical machine; and all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the method comprises the following steps: and all the flow passing through at least one service virtual machine in the physical machine is mirrored to a flow monitoring module in the physical machine.
The virtual machine technology is one of virtualization technologies, the so-called virtualization technology is to convert things from one form to another form, the most common virtualization technology is virtualization of a memory in an operating system, a memory space required by a user in actual operation may be much larger than the memory size of a physical machine, and by using the memory virtualization technology, the user can virtualize a part of a hard disk into the memory, which is transparent to the user.
A service virtual machine may be understood as a virtual machine that is dedicated to perform a certain service. A plurality of virtual machines can be installed in one physical machine. The way of setting the virtual machine in the physical machine can be selected according to specific needs.
In some optional implementations, setting a traffic monitoring module in each physical machine in the cloud platform includes: and setting a safety virtual machine in each physical machine in the cloud platform, and determining the safety virtual machine as a flow monitoring module.
A secure virtual machine, i.e. a virtual machine with security capabilities, such as a virtual machine dedicated to traffic monitoring.
In some optional implementations, mirroring all traffic passing through the physical machine to a traffic monitoring module within the physical machine includes: and all the flow passing through the physical machine is mirrored into the flow monitoring module in the physical machine through a mirror image port of the flow monitoring module.
As an example, the traffic monitoring module may correspond to a plurality of mirror ports, and when the traffic monitoring module counts traffic data, the traffic monitoring module counts the data received by the mirror ports together according to the ingress and egress traffic of different target network cards (or target network card addresses).
In some optional implementations, the traffic information includes at least one source mac address and a traffic size corresponding to the at least one source mac address (i.e., an egress traffic size of the source mac address), and at least one destination mac address and a traffic size corresponding to the at least one destination mac address (i.e., an ingress traffic size of the destination mac address); and the flow monitoring module reads the flow information in a preset time period in a sliding window mode, and calculates the inlet and outlet flow velocity of at least one target network card according to the flow information and the preset time period, and the method comprises the following steps: the traffic monitoring module reads at least one source mac address of at least one target network card and traffic corresponding to the at least one source mac address within a preset time period, and reads at least one destination mac address of the at least one target network card and traffic corresponding to the at least one destination mac address in a sliding window manner; calculating the outlet flow rate of at least one target network card according to at least one source mac address of at least one target network card and the flow size corresponding to at least one source mac address; and calculating the inlet flow rate of at least one target network card according to at least one target mac address of at least one target network card and the flow size corresponding to the at least one target mac address.
As an example, there are three addresses of mac1, mac2, and mac3, where mac1, mac2, and mac3 are addresses of target network cards, and each address of a target network card corresponds to one target network card. mac1, mac2, and mac3 may be used as the source mac address or the destination mac address, respectively. If the source mac address and the destination mac address in the first second and the corresponding traffic sizes of the source mac address and the destination mac address are: mac1, mac2, 2 kB; the source mac address, the destination mac address, and the traffic size corresponding to the source mac address and the destination mac address for the second may be: mac2, mac3, 4kB (i.e. traffic information within a preset time period read by the traffic monitoring module by means of a sliding window). And (3) counting the inlet and outlet flow of mac1, mac2 and mac3 in two seconds (two seconds are a preset time period) (namely, reading the flow information in a sliding window mode): the mac1 is used as the source mac address in the first second, so the outlet traffic size when the mac1 is used as the target network card is 2kB (i.e. the outlet flow rate of at least one target network card is calculated according to at least one source mac address and the traffic size corresponding to at least one source mac address), and the inlet traffic size when the mac1 is used as the target network card is 0 kB. Similarly, mac2 is used as the destination mac address in the first second and as the source mac address in the second, so that the outlet traffic size when mac2 is used as the destination network card is 4kB (i.e., the inlet flow rate of at least one destination network card is calculated according to at least one destination mac address and the traffic size corresponding to at least one destination mac address), and the inlet traffic size when mac2 is used as the destination network card is 2 kB. Similarly, mac3 is used as the destination mac address in the second, so the outlet traffic size when mac3 is used as the destination network card is 0kB, and the inlet traffic size when mac3 is used as the destination network card is 4 kB.
Still taking the above as an example, the flow monitoring module reads the flow information in the preset time period in a sliding window manner, and calculates the inlet and outlet flow rates of the at least one target network card according to the flow information and the preset time period. That is, the traffic monitoring module reads the traffic information to obtain the traffic information in the format of (target network card address, ingress traffic, egress traffic), and the method includes: (mac1, 0kB, 2kB), and (mac2, 2kB, 4kB), and (mac3, 4kB, 0kB), i.e., the sum of the two seconds of data traffic. Dividing the sum of the obtained data flow by two seconds to obtain the inlet and outlet flow rate of at least one target network card as follows: (mac1, 0kB/s, 1kB/s), and (mac2, 1kB/s, 2kB/s), and (mac3, 2kB/s, 0 kB/s).
In some optional implementations, the method further comprises: uploading the inlet and outlet flow rate of at least one target network card to a web server so as to display the inlet and outlet flow rate in the web server; and/or uploading the inlet and outlet flow rate of at least one target network card to a web server, and uploading the inlet and outlet flow rate of at least one target network card to a database through the web server so that the web server can inquire the historical inlet and outlet flow rate of at least one target network card; and/or, querying historical inlet-outlet flow rate of at least one target network card, comprising: and inquiring historical inlet and outlet flow velocity of at least one target network card, determining a corresponding historical inlet and outlet flow velocity trend graph according to the at least one target network card and the corresponding historical inlet and outlet flow velocity, and sending the historical inlet and outlet flow velocity trend graph to the web server so as to display the historical inlet and outlet flow velocity trend graph in the web server.
Web services, a platform independent, low-coupling, self-contained, programmable web-based application, can use the open XML (a subset of the standard generalized markup language) standard to describe, publish, discover, coordinate, and configure these applications for developing distributed, interoperable applications. The web service may be uploaded to a web server.
web services technology enables different applications running on different machines to exchange data or integrate with each other without the aid of additional, specialized third-party software or hardware. Applications implemented according to the web service specification may exchange data with each other regardless of the language, platform, or internal protocol in which they are used.
As an example, the inlet/outlet flow rate of at least one target network card may also be directly uploaded to a database or other places for the web server to read and calculate to obtain a real-time inlet/outlet flow rate map and a historical inlet/outlet flow rate trend map.
For example, the information of the target network card, the historical flow rate information of the target network card, and the inlet/outlet flow rate of the target network card may also be uploaded.
As an example, for each network card of the at least one target network card, the historical ingress/egress flow rate may be the ingress/egress flow rate for the time period queried in the database, received through human-computer interaction.
As an example, the historical inlet and outlet flow rate trend graph may obtain all inlet and outlet flow rates and network card information of the at least one target network card in the time period, and after performing format adjustment, obtain and display the historical inlet and outlet flow rate trend graph, that is, display the historical inlet and outlet flow rate trend graph of the at least one target network card. And a historical inlet-outlet flow rate trend graph (or a real-time inlet-outlet flow rate graph) corresponding to at least one target network card of each physical machine can also be displayed.
As shown in fig. 3-3, the web service may facilitate subsequent query of a traffic historical trend graph by acquiring non-traffic data in the cloud and acquiring real-time traffic data of the traffic monitoring module, and storing the data in a database (e.g., es). As an example, the inlet-outlet flow rate may be sent to a web service by way of a communication port. By way of example, the communication port may be a network card dedicated to transmitting traffic. The number of communication ports may also be set according to specific needs.
By way of example, upon being reported to the web service, the web service may store the data to facilitate the presentation of real-time flow rates and overall trend graphs for traffic for each network card of each virtual machine.
As shown in fig. 3 to 4, the web service may obtain some information in the cloud through an API interface provided by the cloud platform, such as the number of virtual machines, the category of the virtual machine, and the like, and show the real-time flow rate and the overall trend graph of the traffic of each network card of each virtual machine in combination with the flow rate data obtained from the communication port.
By deploying the security virtual machine in the cloud physical machine, the flow rate information of the virtual machine is counted in the security virtual machine, the efficiency is improved without butting the flow rate counting API of the cloud platform, the calculated data is more real-time than the data called from the interface, and the response is quicker. The web page is provided, so that the real-time flow rate and the historical flow rate trend graph of each network card of each virtual machine can be conveniently displayed and inquired, and the method can be used for real-time checking and historical data analysis of operation and maintenance personnel.
Referring to fig. 4, fig. 4 is a schematic structural diagram of some embodiments of the traffic monitoring apparatus according to the present invention, as an implementation of the methods shown in the above figures, the present invention further provides some embodiments of a traffic monitoring apparatus, which correspond to the embodiments of the methods shown in fig. 1, and which can be applied to various electronic devices.
As shown in fig. 4, the traffic monitoring apparatus 400 of some embodiments includes a first processing module 401, a second processing module 402: a first processing module 401, configured to set a flow monitoring module in each physical machine in the cloud platform; the second processing module 402 is configured to, for each physical machine, mirror all flows passing through the physical machine to a flow monitoring module in the physical machine, and calculate an inlet/outlet flow rate of at least one target network card through the flow monitoring module.
In an optional implementation manner of some embodiments, at least one service virtual machine is set in each physical machine; and
the second processing module 402 is further configured to:
and all the flow passing through at least one service virtual machine in the physical machine is mirrored into a flow monitoring module in the physical machine.
In an optional implementation manner of some embodiments, the first processing module 401 is further configured to:
and setting a safety virtual machine in each physical machine in the cloud platform, and determining the safety virtual machine as a flow monitoring module.
In an optional implementation of some embodiments, the second processing module 402 is further configured to:
and all the flow passing through the physical machine is mirrored into the flow monitoring module in the physical machine through a mirror image port of the flow monitoring module.
In an optional implementation of some embodiments, the second processing module 402 is further configured to:
the flow monitoring module reads the flow information of at least one target network card in a preset time period in a sliding window mode, and calculates the inlet and outlet flow velocity of at least one target network card according to the flow information and the preset time period.
In an optional implementation manner of some embodiments, the traffic information includes at least one source mac address and a traffic size corresponding to the at least one source mac address, and at least one destination mac address and a traffic size corresponding to the at least one destination mac address; and
the second processing module 402 is further configured to:
the traffic monitoring module reads at least one source mac address of at least one target network card and traffic corresponding to the at least one source mac address within a preset time period, and reads at least one destination mac address of the at least one target network card and traffic corresponding to the at least one destination mac address in a sliding window manner;
calculating the outlet flow rate of at least one target network card according to at least one source mac address of at least one target network card and the flow size corresponding to at least one source mac address;
and calculating the inlet flow rate of at least one target network card according to at least one target mac address of at least one target network card and the flow size corresponding to the at least one target mac address.
In an optional implementation manner of some embodiments, the apparatus further includes a third processing module, configured to upload the ingress/egress flow rate of the at least one target network card to the web server, so as to display the ingress/egress flow rate in the web server; and/or uploading the inlet and outlet flow rate of at least one target network card to a web server, and uploading the inlet and outlet flow rate of at least one target network card to a database through the web server so that the web server can inquire the historical inlet and outlet flow rate of at least one target network card; and/or, querying historical inlet-outlet flow rate of at least one target network card, comprising: and inquiring historical inlet and outlet flow velocity of at least one target network card, determining a corresponding historical inlet and outlet flow velocity trend graph according to the at least one target network card and the corresponding historical inlet and outlet flow velocity, and sending the historical inlet and outlet flow velocity trend graph to the web server so as to display the historical inlet and outlet flow velocity trend graph in the web server.
It is understood that the modules recited in the apparatus 400 correspond to the steps in the method described with reference to fig. 1. Thus, the operations, features and advantages of the method described above are also applicable to the apparatus 400 and the modules and units included therein, and are not described herein again.
Fig. 5 is a schematic structural diagram of an electronic device according to the present invention, and as shown in fig. 5, the electronic device may include: a processor (processor)510, a communication Interface (Communications Interface)520, a memory (memory)530 and a communication bus 540, wherein the processor 510, the communication Interface 520 and the memory 530 communicate with each other via the communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform traffic monitoring methods, including, for example: setting a flow monitoring module in each physical machine in the cloud platform; for each physical machine, the flow passing through the physical machine is totally mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module.
Furthermore, the logic instructions in the memory 530 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product including a computer program stored on a non-transitory computer-readable storage medium, the computer program including program instructions, which when executed by a computer, enable the computer to perform a flow monitoring method provided by the methods, for example, including: setting a flow monitoring module in each physical machine in the cloud platform; for each physical machine, the flow passing through the physical machine is totally mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the traffic monitoring method provided in the foregoing embodiments when executed by a processor, and for example, the method includes: setting a flow monitoring module in each physical machine in the cloud platform; for each physical machine, the flow passing through the physical machine is totally mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (11)
1. A method of traffic monitoring, the method comprising:
setting a flow monitoring module in each physical machine in the cloud platform;
for each physical machine, all the flow passing through the physical machine is mirrored into a flow monitoring module in the physical machine, and the inlet and outlet flow rate of at least one target network card is calculated through the flow monitoring module.
2. The traffic monitoring method according to claim 1, wherein at least one service virtual machine is provided in each physical machine; and
the mirroring of all the flows passing through the physical machine to the flow monitoring module in the physical machine includes:
and all the flow passing through at least one service virtual machine in the physical machine is mirrored into a flow monitoring module in the physical machine.
3. The traffic monitoring method according to any one of claims 1 to 2, wherein the setting of the traffic monitoring module in each physical machine in the cloud platform includes:
and setting a safety virtual machine in each physical machine in the cloud platform, and determining the safety virtual machine as the flow monitoring module.
4. The traffic monitoring method according to claim 1, wherein the mirroring of all traffic passing through a physical machine into a traffic monitoring module within the physical machine comprises:
and all the flow passing through the physical machine is mirrored into the flow monitoring module in the physical machine through the mirror image port of the flow monitoring module.
5. The flow monitoring method according to claim 1, wherein the calculating, by the flow monitoring module, an ingress/egress flow rate of at least one target network card comprises:
the flow monitoring module reads the flow information of the at least one target network card in a preset time period in a sliding window mode, and calculates the inlet and outlet flow velocity of the at least one target network card according to the flow information and the preset time period.
6. The traffic monitoring method according to claim 5, wherein the traffic information includes at least one source mac address and a traffic size corresponding to the at least one source mac address, and at least one destination mac address and a traffic size corresponding to the at least one destination mac address; and
the flow monitoring module reads flow information in a preset time period in a sliding window mode, and calculates the inlet and outlet flow rate of at least one target network card according to the flow information and the preset time period, wherein the flow monitoring module comprises:
the traffic monitoring module reads at least one source mac address of the at least one target network card and traffic corresponding to the at least one source mac address within a preset time period, and reads at least one destination mac address of the at least one target network card and traffic corresponding to the at least one destination mac address in a sliding window manner;
calculating the outlet flow rate of at least one target network card according to the preset time period, the at least one source mac address and the flow corresponding to the at least one source mac address;
and calculating the inlet flow rate of at least one target network card according to the preset time period, the at least one target mac address and the flow corresponding to the at least one target mac address.
7. The flow monitoring method according to claim 1, further comprising:
uploading the inlet-outlet flow rate of the at least one target network card to a web server so as to display the inlet-outlet flow rate in the web server; and/or the presence of a gas in the gas,
uploading the inlet and outlet flow rate of the at least one target network card to a web server, and uploading the inlet and outlet flow rate of the at least one target network card to a database through the web server so that the web server can inquire the historical inlet and outlet flow rate of the at least one target network card; and/or the presence of a gas in the gas,
the querying the historical inlet/outlet flow rate of the at least one target network card comprises:
and inquiring historical inlet and outlet flow velocity of the at least one target network card, determining a corresponding historical inlet and outlet flow velocity trend graph according to the at least one target network card and the corresponding historical inlet and outlet flow velocity, and sending the historical inlet and outlet flow velocity trend graph to a web server so as to display the historical inlet and outlet flow velocity trend graph in the web server.
8. A flow monitoring device, the method comprising:
the first processing module is used for setting a flow monitoring module in each physical machine in the cloud platform;
and the second processing module is used for mirroring all the flow passing through the physical machine to the flow monitoring module in the physical machine for each physical machine, and calculating the inlet and outlet flow rate of at least one target network card through the flow monitoring module.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the flow monitoring method according to any one of claims 1 to 7 when executing the program.
10. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the flow monitoring method according to any one of claims 1 to 7.
11. A computer program product having executable instructions stored thereon, characterized in that the instructions, when executed by a processor, cause the processor to carry out the steps of the flow monitoring method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210233281.XA CN114615174A (en) | 2022-03-10 | 2022-03-10 | Flow monitoring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210233281.XA CN114615174A (en) | 2022-03-10 | 2022-03-10 | Flow monitoring method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114615174A true CN114615174A (en) | 2022-06-10 |
Family
ID=81861733
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210233281.XA Pending CN114615174A (en) | 2022-03-10 | 2022-03-10 | Flow monitoring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114615174A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865802A (en) * | 2023-02-01 | 2023-03-28 | 天翼云科技有限公司 | Virtual instance flow mirroring method and device, virtual machine platform and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9331915B1 (en) * | 2013-01-25 | 2016-05-03 | Amazon Technologies, Inc. | Dynamic network traffic mirroring |
| CN107086932A (en) * | 2017-05-22 | 2017-08-22 | 安徽电信规划设计有限责任公司 | A kind of cloud platform virtualizes traffic security monitoring system |
| US20170315836A1 (en) * | 2014-11-21 | 2017-11-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Monitoring of Virtual Machines In a Data Center |
| US9906401B1 (en) * | 2016-11-22 | 2018-02-27 | Gigamon Inc. | Network visibility appliances for cloud computing architectures |
| CN113542160A (en) * | 2021-05-27 | 2021-10-22 | 贵州电网有限责任公司 | SDN-based method and system for pulling east-west flow in cloud |
-
2022
- 2022-03-10 CN CN202210233281.XA patent/CN114615174A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9331915B1 (en) * | 2013-01-25 | 2016-05-03 | Amazon Technologies, Inc. | Dynamic network traffic mirroring |
| US20170315836A1 (en) * | 2014-11-21 | 2017-11-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Monitoring of Virtual Machines In a Data Center |
| US9906401B1 (en) * | 2016-11-22 | 2018-02-27 | Gigamon Inc. | Network visibility appliances for cloud computing architectures |
| CN107086932A (en) * | 2017-05-22 | 2017-08-22 | 安徽电信规划设计有限责任公司 | A kind of cloud platform virtualizes traffic security monitoring system |
| CN113542160A (en) * | 2021-05-27 | 2021-10-22 | 贵州电网有限责任公司 | SDN-based method and system for pulling east-west flow in cloud |
Non-Patent Citations (1)
| Title |
|---|
| 周晴伦;: "OpenStack云主机监控系统研究与实现", 软件导刊, no. 04, 30 April 2017 (2017-04-30), pages 77 - 79 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865802A (en) * | 2023-02-01 | 2023-03-28 | 天翼云科技有限公司 | Virtual instance flow mirroring method and device, virtual machine platform and storage medium |
| WO2024159962A1 (en) * | 2023-02-01 | 2024-08-08 | 天翼云科技有限公司 | Traffic mirroring method and apparatus for virtual instance, virtual machine platform, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11886355B2 (en) | Emulated endpoint configuration | |
| CN109634718B (en) | Method and system for creating mirror image by cloud platform | |
| US10146586B2 (en) | Managing a shared pool of configurable computing resources using a set of scaling factors and a set of workload resource data | |
| US10621114B1 (en) | Standardized interface for storage using an input/output (I/O) adapter device | |
| CN113010818A (en) | Access current limiting method and device, electronic equipment and storage medium | |
| US9146763B1 (en) | Measuring virtual machine metrics | |
| US9591079B2 (en) | Method and apparatus for managing sessions of different websites | |
| US9225662B2 (en) | Command management in a networked computing environment | |
| JP7516703B2 (en) | Anomaly Detection Using an Ensemble of Detection Models | |
| JP2022094938A (en) | Method for monitoring and controlling data access, computer program, and security system agent equipment | |
| CN114615174A (en) | Flow monitoring method and device | |
| CN116860391A (en) | GPU computing power resource scheduling method, device, equipment and medium | |
| CN111177053B (en) | Data communication method, device and system and computer readable storage medium | |
| CN110708211B (en) | Network flow testing method and system | |
| US11856062B2 (en) | Multi-device connection management | |
| CN114584482B (en) | Method, device and network card for storing detection data based on memory | |
| US11785115B2 (en) | Request tracing | |
| US11722436B2 (en) | Transport control word architecture for physical port mirroring | |
| US20150095568A1 (en) | Storage system and storage device configuration reporting | |
| US10180902B2 (en) | Pauseless location and object handle based garbage collection | |
| US10277521B2 (en) | Authorizing an action request in a networked computing environment | |
| US20200159854A1 (en) | Data processing with tags | |
| US12028276B2 (en) | Transport control word architecture for virtual port mirroring | |
| KR20190019670A (en) | Cloud Server And Method of Thereof | |
| CN117992165A (en) | Virtual machine screen capturing method, device, system and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |