CN114928537A - Network equipment configuration method, device and storage medium - Google Patents
Network equipment configuration method, device and storage medium Download PDFInfo
- Publication number
- CN114928537A CN114928537A CN202210534405.8A CN202210534405A CN114928537A CN 114928537 A CN114928537 A CN 114928537A CN 202210534405 A CN202210534405 A CN 202210534405A CN 114928537 A CN114928537 A CN 114928537A
- Authority
- CN
- China
- Prior art keywords
- information
- configuration
- auditing
- account information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
Abstract
The application provides a network device configuration method, a device and a storage medium, wherein the method is applied to a Software Defined Network (SDN) system, and the SDN system comprises an SDN controller, at least one network device and an auditing device; according to the method, after synchronous application information of network equipment is obtained, configuration authority corresponding to account information in the synchronous application information is checked, and after the account information is checked and determined to have the configuration authority, equipment configuration information in the synchronous application information is sent to an SDN controller to be stored, so that synchronization of the equipment configuration information in the SDN controller and the equipment configuration information of the network equipment is achieved. The method solves the problem that the upgrading of the SDN controller causes the loss of the equipment configuration information of the non-standard service in the time period from the completion of equipment configuration on the non-standard service associated network equipment by adopting a manual configuration method to the completion of the arrangement and the issuing of the service configuration information of the non-standard service by the SDN controller.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a network device configuration method, apparatus, and storage medium.
Background
A Software Defined Network (SDN) system implements automatic management of configuration and service execution of Network devices such as switches and routers, and brings great convenience to operation management of the Network.
As shown in fig. 1, the configuration of each network device 13 in the SDN system is generally configured automatically based on service configuration information programmed and issued by the SDN controller 12. Specifically, the SDN controller 12 obtains service requirement information of the service from the service requirement device 11 (such as a service platform of an operator customer). Based on the service demand information, the SDN controller 12 arranges and obtains service configuration information corresponding to the service demand information. The service configuration information includes the device identifier of the network device 13 associated with the service configuration information and the device configuration information corresponding to the device identifier. The SDN controller 12 issues the service configuration information to the associated network device 13. The network device 13 completes its own device configuration based on the service configuration information. However, if the service requirement information of a certain service a exceeds the range of the orchestration function of the SDN controller 12, that is, the service a is a non-standard service, the SDN controller 12 cannot perform orchestration of corresponding service configuration information based on the service requirement information of the non-standard service. In order to ensure timely and normal operation of the service a, a method of manual configuration directly on the network device 13 is generally adopted, and the SDN controller 12 is bypassed to directly perform device configuration on the network device 13 associated with the service a. After the SDN controller 12 is upgraded and the service configuration information of the service a is arranged, the SDN controller 12 arranges and issues the service configuration information of the service a, so as to realize automatic management of configuration and service execution of the network device 13 related to the service a.
From the time when the manual configuration method is adopted to complete the device configuration on the non-standard service associated network device to the time when the SDN controller completes the arrangement and the issue of the service configuration information on the non-standard service, the upgrade of the SDN controller (such as service change or service delivery) will cause the loss of the device configuration information of the non-standard service, thereby affecting the normal operation of the non-standard service.
Disclosure of Invention
The application provides a network device configuration method, a network device configuration device and a storage medium, which are used for solving the problem that the upgrading of an SDN controller causes the loss of the device configuration information of a non-standard service in a time period from the completion of the device configuration of the non-standard service associated network device by adopting a manual configuration method to the completion of the arrangement and the issuing of the service configuration information of the non-standard service by the SDN controller.
In a first aspect, the present application provides a network device configuration method, which is applied to a Software Defined Network (SDN) system, where the SDN system includes an SDN controller, at least one network device, and an auditing device; the method comprises the following steps:
the auditing equipment acquires the synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronous application information comprises equipment configuration information manually completed on the network equipment and account information of a user executing the manual configuration;
and the auditing device checks the configuration authority corresponding to the account information, responds to the account information having the configuration authority, and sends the device configuration information to the SDN controller.
Optionally, the device configuration information includes a device configuration command;
the checking device checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller in response to the account information having the configuration authority, including:
the auditing equipment compares the user identification code of the account information and the equipment configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has configuration authority in response to the fact that the equipment configuration command in the user identification code and the equipment configuration information corresponding to the user identification code belongs to the preset authorized manual configuration command set;
the auditing device sends the device configuration information to the SDN controller;
the authorized manual configuration command set comprises the corresponding relation between the user identification code of each account information and the authorized manual configuration command.
Optionally, after the auditing device determines that the account information has the configuration right, the method further includes:
the auditing device captures actual device configuration information of the network device from the network device based on a device identifier of the network device in the device configuration information, compares the device configuration information with the actual device configuration information, and sends the device configuration information to the SDN controller in response to the actual device configuration information including the device configuration information.
Optionally, before the auditing device checks the configuration right corresponding to the account information, the method further includes:
and the auditing equipment checks the operation permission of the user corresponding to the account information based on the account information, and checks the configuration permission corresponding to the account information in response to the fact that the user corresponding to the account information has the manually configured operation permission.
Optionally, after the auditing device checks, based on the account information, the operation permission of the user corresponding to the account information, the method further includes:
and in response to the fact that the user corresponding to the account information does not have the manually configured operation authority, the auditing equipment sends application refusing information to the network equipment so as to terminate the synchronous application of the network equipment.
Optionally, after the auditing device checks the configuration right corresponding to the account information, the method further includes:
and in response to the account information not having the configuration authority, the auditing equipment sends application refusing information to the network equipment so as to terminate the synchronous application of the network equipment.
Optionally, after the auditing device sends the device configuration information to the SDN controller, the method further includes:
the auditing device receives synchronization confirmation information sent by the SDN controller and sends the synchronization confirmation information to the network device; the synchronization confirmation information is sent by the SDN controller after storing the device configuration information sent by the auditing device.
In a second aspect, the present application provides an auditing device for network device configuration, which is applied to a Software Defined Network (SDN) system, where the SDN system includes an SDN controller, at least one network device, and the auditing device; the auditing device comprises: the system comprises a message processing module and an auditing processing module; wherein the content of the first and second substances,
the message processing module is used for acquiring synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronous application information comprises equipment configuration information manually completed on the network equipment and account information of a user executing the manual configuration;
the auditing processing module is configured to check a configuration right corresponding to the account information, and send the device configuration information to the SDN controller in response to the account information having the configuration right.
In a third aspect, the present application provides a network device configuration auditing apparatus, including:
a processor and a memory;
the memory stores executable instructions executable by the processor;
wherein execution of the executable instructions stored by the memory by the processor causes the processor to perform the method as described above.
In a fourth aspect, the present application provides a storage medium having stored therein computer-executable instructions for implementing the method as described above when executed by a processor.
According to the network device configuration method, the network device configuration device and the storage medium, after the synchronous application information of the network device is obtained, the configuration authority corresponding to the account information in the synchronous application information is checked, and after the account information is checked and determined to have the configuration authority, the device configuration information in the synchronous application information is sent to the SDN controller to be stored, so that the device configuration information in the SDN controller and the device configuration information of the network device are synchronized. The method and the device solve the problem that the upgrading of the SDN controller causes the loss of the equipment configuration information of the non-standard service due to the asynchronism of the equipment configuration information in the SDN controller and the equipment configuration information of the network equipment in the time period from the completion of the equipment configuration of the non-standard service associated network equipment by adopting a manual configuration method to the completion of the arrangement and the issuing of the equipment configuration information of the non-standard service by the SDN controller.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the principles of the application.
Figure 1 is a diagram of a prior art SDN system architecture;
fig. 2 is an SDN system architecture diagram provided in an embodiment of the present application;
fig. 3 is a flowchart of a network device configuration method according to an embodiment of the present application;
fig. 4 is a structural diagram of an auditing device of a network device configuration provided in an embodiment of the present application;
fig. 5 is a block diagram of a configuration checking apparatus for network devices according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, in an SDN system provided by an operator for a client thereof, after development of an SDN controller and an SDN control system is completed, the SDN controller and the SDN control system are upgraded according to a client requirement, so as to meet an operation requirement of a personalized service (i.e., a non-standard service) continuously added by the client. Due to the fact that certain research and development time is needed for upgrading the SDN controller and the SDN control system, the timeliness of upgrading the SDN controller and the SDN control system cannot meet the timeliness requirement of nonstandard service operation of a client. Therefore, in order to ensure that the non-standard service can normally operate before the SDN controller 12 develops and upgrades the non-standard service (e.g., implements orchestration of the configuration information of the non-standard service), as shown in fig. 1, the network device 13 associated with the non-standard service is typically manually configured by manually adding the device configuration information directly to the network device 13.
Based on the consideration of security and stability of the network system, in the SDN system provided by the operator for the client, the SDN controller 12 does not accept manual arrangement of service configuration information on the SDN controller 12, and does not accept a manner of acquiring device configuration information of the network device 13 from the network device 13 for storage and delivery, so as to avoid a network security risk caused by non-compliant network device configuration (such as network device configuration performed by unauthorized personnel or an account), and avoid a network stability risk caused by operating pressure of the SDN controller 12 due to manual arrangement of the service configuration information. Therefore, after the device configuration is performed on the network device related to the non-standard service by using the manual configuration method, the device configuration information of the non-standard service cannot be synchronized into the database of the SDN controller 12. That is, the device configuration information stored in the SDN controller 12 is not synchronized with the actual device configuration information of the network device from the time when the manual configuration of the non-standard service-associated network device is completed to the time when the SDN controller completes the arrangement and issue of the non-standard service configuration information. During the upgrade process of the SDN controller, such as service change or service delivery, the SDN controller 12 needs to use the stored relevant service configuration information to reset the device configuration information of the corresponding network device. If the service change or the service delivery relates to a network device associated with a non-standard service, after the SDN controller 12 is upgraded, the device configuration information stored in the SDN controller 12 is not synchronized with the actual device configuration information of the network device, which may cause loss of the device configuration information of the non-standard service that is not synchronized, and cause that the non-standard service cannot operate normally.
In view of the above, the present application provides a network device configuration method, which includes acquiring synchronous application information of a network device, checking configuration permissions corresponding to account information in the synchronous application information, and if the account information has the configuration permissions, sending device configuration information in the synchronous application information to an SDN controller to store the device configuration information in the SDN controller, so as to solve the problem that upgrading (such as service change or service delivery) of the SDN controller causes loss of device configuration information of a non-standard service.
The following describes a network device configuration method provided by the present application with reference to some embodiments.
Fig. 2 is an SDN system architecture diagram provided in an embodiment of the present application. As shown in fig. 2, the system includes: a service requirement device 11, an SDN controller 12, a network device 13, and an auditing device 14. The SDN controller 12 is connected to the service requirement device 11, the network device 13, and the auditing device 14, respectively, and the auditing device 14 is connected to the network device 13. The network device 13 is a network device or a plurality of network devices (such as the network device 1, the network device 2, the network device 3, … shown in fig. 2, and the network devices n, n are natural numbers). The service requiring device 11 may be a service platform of a client side.
The SDN controller 12 acquires the service requirement information from the service requirement device 11, and determines whether the acquired service requirement information is service requirement information of a standard service or service requirement information of a non-standard service.
If the acquired service requirement information is the service requirement information of the standard service, the SDN system will perform the following operations:
based on the service demand information, the SDN controller 12 arranges and obtains service configuration information corresponding to the service demand information. The service configuration information includes an identifier of at least one network device 13 associated with the service configuration information and device configuration information corresponding to the identifier. The SDN controller 12 issues the service configuration information to the corresponding network device 13. The network device 13 completes its own device configuration based on the identifier of the network device 13 and the device configuration information corresponding to the identifier.
If the acquired service requirement information is service requirement information of a non-standard service, before the SDN controller 12 upgrades and implements arrangement and issue of service configuration information of the non-standard service, the relevant operations of the SDN system are as follows:
and manually configuring the network equipment 13 associated with the non-standard service based on the service configuration information of the non-standard service. And after the network equipment 13 completes the manual configuration, the synchronous application information is sent to the auditing equipment 14. The synchronization application information includes device configuration information manually completed on the network device 13 and account information of the user performing the manual configuration. After acquiring the synchronization application information of the network device 13, the auditing device 14 checks the configuration right corresponding to the account information, and in response to the account information having the configuration right, the auditing device 14 sends the device configuration information to the SDN controller 12. After receiving the device configuration information, the SDN controller 12 stores the device configuration information, so as to synchronize the configuration in the SDN controller 12 with the configuration of the network device 13. The synchronization between the configuration in the SDN controller 12 and the configuration of the network device 13 may avoid that the upgrade of the SDN controller 12 (such as service change or service delivery) causes the loss of the device configuration information of the non-standard service from the time when the manual configuration method completes the device configuration on the non-standard service-associated network device 13 to the time when the SDN controller 12 completes the arrangement and issue of the service configuration information of the non-standard service.
The equipment configuration information comprises equipment basic information, an equipment configuration command and a configuration module attribute to which the equipment configuration command belongs; the device basic information includes, but is not limited to, a device identification, a device loopback address (loopback IP), a device name, a device model number, a device version number; the device configuration command may be a newly added configuration command configured manually, or may be all configuration commands on the configuration module to which the newly added configuration command belongs; the configuration module attributes include physical interface configuration, logical interface configuration, Intermediate System to Intermediate System Protocol (ISIS) configuration, Border Gateway Protocol (BGP) configuration, and the like.
According to the network device configuration method provided by the embodiment of the application, after the synchronous application information of the network device is acquired, the configuration authority corresponding to the account information in the synchronous application information is checked, and after the account information is checked and determined to have the configuration authority, the device configuration information in the synchronous application information is sent to the SDN controller to be stored, so that the device configuration information in the SDN controller 12 and the device configuration information of the network device 13 are synchronized. The method provided by the embodiment of the application solves the problem that the equipment configuration information of the non-standard service is lost due to the upgrade of the SDN controller in the time period from the completion of equipment configuration on the non-standard service associated network equipment by adopting a manual configuration method to the completion of arrangement and issuing of the service configuration information on the non-standard service by the SDN controller, and ensures the stable and normal operation of the non-standard service.
The following describes the network device configuration method provided in the present application in detail with reference to fig. 3. Fig. 3 is a flowchart of a network device configuration method according to an embodiment of the present application. The embodiment shown in fig. 3 is executed by the auditing apparatus 13 in the embodiment shown in fig. 2. As shown in fig. 3, the method is applied to a Software Defined Network (SDN) system; as shown in fig. 2, the SDN system includes an SDN controller 12, at least one network device 13, and an auditing device 14; the method comprises the following steps:
s301, the auditing equipment acquires synchronous application information of the network equipment; the synchronous application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information includes device configuration information manually completed on the network device and account information of the user performing the manual configuration.
Specifically, the auditing device 14 acquires the synchronous application information of the network device 13; wherein, the synchronous application information is sent by the network device 13 after the network device 13 is manually configured; the synchronization application information includes device configuration information that is manually completed on the network device 13 and account information of the user who performs the manual configuration.
S302, the auditing device checks the configuration authority corresponding to the account information, responds to the account information having the configuration authority, and sends the device configuration information to the SDN controller.
Specifically, the auditing device 14 checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller 12 in response to the account information having the configuration authority, so that the SDN controller 12 can store the device configuration information, thereby synchronizing the device configuration information in the SDN controller 12 with the device configuration information of the network device 13.
Optionally, the device configuration information includes a device configuration command; the auditing device 14 compares the user identification code of the account information and the device configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has a configuration right in response to the fact that the device configuration command in the user identification code and the device configuration information corresponding to the user identification code belongs to the preset authorized manual configuration command set. The auditing device 14 sends device configuration information to the SDN controller 12.
The authorized manual configuration command set comprises the corresponding relation between the user identification code of each account information and the authorized manual configuration command.
Further, after the auditing device 14 determines that the account information has the configuration authority, the auditing device 14 captures actual device configuration information of the network device 13 from the network device 13 based on the device identifier of the network device 13 in the device configuration information, compares the device configuration information with the actual device configuration information, and sends the device configuration information to the SDN controller 12 in response to the fact that the device configuration information includes the device configuration information. On the contrary, if the actual device configuration information does not include or only includes a part of the content in the device configuration information, the auditing device 14 sends, in response to that the actual device configuration information does not include or only includes a part of the content in the device configuration information, an alert message to the network device 13 to prompt to modify the device configuration information in the synchronization application information.
After the auditing device 14 determines that the account information has the configuration authority, the auditing device 14 captures the actual device configuration information of the network device 13 from the network device 13 and compares the actual device configuration information with the device configuration information in the synchronous application information. The auditing device 14 sends the device configuration information to the SDN controller 12 for storage after determining that the actual device configuration information includes the device configuration information, which can avoid the situation that the device configuration information in the SDN controller 12 is not synchronized with the device configuration information of the network device 13 due to a filling error of the device configuration information in the synchronization application information.
Optionally, after the auditing device 14 checks the configuration right corresponding to the account information, in response to that the account information does not have the configuration right, the auditing device 14 sends application rejection information to the network device 13 to terminate the synchronous application of the network device 13.
Generally, the account information includes operation permissions of the user corresponding to the account, such as at least one of manual configuration permissions and review permissions. In order to avoid that a user without a manual configuration right violates the manual configuration of the network device 13, the auditing device 14 may check the operation right corresponding to the account information after receiving the synchronization application information sent by the network device 13.
Optionally, before the auditing device 14 checks the configuration authority corresponding to the account information, the auditing device 14 checks the operation authority of the user corresponding to the account information based on the account information, and checks the configuration authority corresponding to the account information in response to the user corresponding to the account information having a manually configured operation authority.
Illustratively, the auditing device 14 checks the operation authority of the user corresponding to the account information based on the user authority set and the user identification code in the account information to determine whether the user corresponding to the account information has a manual configuration operation authority. The user authority set comprises the corresponding relation between the user identification code of each user and the operation authority; the operation authority comprises at least one of manual configuration authority and reference authority.
Optionally, after the auditing device 14 checks the operation permission of the user corresponding to the account information based on the account information, in response to that the user corresponding to the account information does not have the manually configured operation permission, if the user corresponding to the account information only has the reference permission, the auditing device 14 sends application rejection information to the network device 13 to terminate the synchronous application of the network device 13.
The auditing device 14 first checks the operation authority of the user corresponding to the account information, and can quickly identify the manual configuration of the illegal network device by the user without the manual configuration operation authority, so as to terminate the synchronous application of the network device 13. After the checking determines that the user corresponding to the account information has the operation authority of manual configuration, the auditing device 14 checks the configuration authority corresponding to the account information by comparing the user identification code of the account information and the device configuration information corresponding to the account information with a preset authorized manual configuration command set, so as to ensure that the manual configuration operation of the user having the manual configuration operation authority is within the authorized manual configuration authority range.
Optionally, after the auditing device 14 sends the device configuration information to the SDN controller 12, the auditing device 14 receives synchronization confirmation information sent by the SDN controller 12 and sends the synchronization confirmation information to the network device 13. The synchronization confirmation information is sent by the SDN controller 12 after storing the device configuration information sent by the auditing device 14. The synchronization confirmation information may include an index code of the device configuration information in the SDN controller 12 database to facilitate necessary query.
After receiving the synchronization confirmation information, that is, after the synchronization application representing the network device 13 is completed, the network device 13 realizes synchronization between the device configuration information of the network device 13 and the device configuration information in the SDN controller 12, that is, it can be ensured that the device configuration information of the non-standard service manually configured on the network device 13 is not lost due to upgrading (such as service change or service delivery) of the SDN controller 12 in a time period before the SDN controller 12 schedules and issues the service configuration information of the non-standard service, thereby ensuring stable and normal operation of the non-standard service.
According to the network device configuration method provided by the embodiment of the application, after the synchronous application information of the network device is acquired, the operation authority of the user corresponding to the account information, the configuration authority corresponding to the account information and the device configuration information are checked, and after the account information is checked to be confirmed to have the configuration authority and the device configuration information applied for synchronization is checked to be correct, the device configuration information in the synchronous application information is sent to the SDN controller to be stored, so that the device configuration information in the SDN controller 12 and the device configuration information of the network device 13 are synchronized. The method provided by the embodiment of the application can quickly identify the manual configuration of the illegal network equipment by a user without the manual configuration operation authority, and timely terminate the synchronous application of the network equipment 13; in addition, the situation that the device configuration information in the SDN controller 12 is not synchronized with the device configuration information of the network device 13 due to a filling error of the device configuration information in the synchronization application information can be avoided. The method provided by the embodiment of the application solves the problem that the equipment configuration information of the non-standard service is lost due to the upgrade of the SDN controller in the time period from the completion of equipment configuration on the non-standard service associated network equipment by adopting a manual configuration method to the completion of arrangement and issuing of the service configuration information on the non-standard service by the SDN controller, and ensures the stable and normal operation of the non-standard service.
The embodiment of the application also provides auditing equipment for the configuration of the network equipment. The auditing device is applied to a Software Defined Network (SDN) system. The SDN system comprises an SDN controller, at least one network device and auditing equipment for configuration of the network device. Fig. 4 is a structure diagram of an auditing device configured for a network device according to an embodiment of the present application. As shown in fig. 4, the auditing apparatus includes: a message processing module 41 and an auditing processing module 42.
The message processing module 41 is configured to obtain synchronization application information of the network device 13. The synchronization application information is transmitted by the network device 13 after manual configuration of the network device 13; the synchronization application information includes device configuration information manually completed on the network device 13 and account information of the user performing the manual configuration.
And the auditing processing module 42 is configured to check the configuration right corresponding to the account information, and send the device configuration information to the SDN controller 12 in response to the account information having the configuration right.
Further, the audit processing module 42 includes a transceiver sub-module 421, a configuration check sub-module 422, and a user check sub-module 423.
The transceiver submodule 421 is configured to send the synchronization application information to the configuration checking submodule 422; or, the account information is sent to the user checking sub-module 423, and after receiving the user confirmation information sent by the user checking sub-module 423, the synchronization application information is sent to the configuration checking sub-module 422. The user confirmation information is confirmation information sent by the user checking sub-module 423 for checking the operation authority of the user corresponding to the account information and determining that the user corresponding to the account information has the manual configuration operation authority.
The user checking submodule 423 is used for editing and storing the corresponding relation between the user identification code of each user in the user right set and the operation right; and is further configured to check the operation permission of the user corresponding to the account information sent by the transceiver module 421 based on the user permission set and the user identification code in the account information, and determine whether the user corresponding to the account information has a manual configuration operation permission. In response to the account information corresponding to the user having the manual configuration operation authority, the user checking sub-module 423 sends user confirmation information to the transceiving sub-module 421; in response to the account information corresponding to the user not having the manual configuration operation authority, the user checking submodule 423 transmits user denial information to the transceiving submodule 421. Wherein, the editing comprises at least one operation of adding, deleting and changing; the operation authority comprises at least one of manual configuration authority and reference authority.
And the configuration checking sub-module 422 is configured to edit and store a corresponding relationship between each user identification code in the authorized manual configuration command set and the authorized manual configuration command. And the device configuration module is also used for comparing the user identification code of the account information and the device configuration information corresponding to the account information with the authorized manual configuration command set, and determining whether the device configuration command in the user identification code and the device configuration information corresponding to the user identification code belongs to the authorized manual configuration command set. In response to the user identifier and the device configuration command in the device configuration information corresponding to the user identifier belonging to the authorized manual configuration command set, the configuration checking sub-module 422 sends configuration confirmation information to the transceiving sub-module 421; in response to the user identifier and the device configuration information corresponding to the user identifier, wherein the device configuration command does not belong to the authorized manual configuration command set, the configuration checking sub-module 422 sends configuration denial information to the transceiving sub-module 421;
the transceiver submodule 421 is further configured to, after receiving the configuration confirmation information sent by the configuration checking submodule 422, send the configuration confirmation information and the device configuration information corresponding to the configuration confirmation information to the SDN controller 12 shown in fig. 2, and after receiving the synchronization confirmation information sent by the SDN controller 12, send the synchronization confirmation information to the network device 13 corresponding to the synchronization confirmation information through the message processing module 41.
Optionally, the transceiver submodule 421 may be further configured to send, after receiving the configuration confirmation message sent by the configuration checking submodule 422, an audit confirmation message to the message processing module 41; after receiving the configuration denial information sent by the configuration checking sub-module 422 or the user denial information sent by the user checking sub-module 423, sending an application rejection information to the message processing module 41 to terminate the synchronous application of the network device 13 shown in fig. 2;
the message processing module 41 is further configured to, after receiving the audit confirmation information sent by the transceiver module 421, send the audit confirmation information and the device configuration information corresponding to the audit confirmation information to the SDN controller 12 shown in fig. 2, and after receiving the synchronization confirmation information sent by the SDN controller 12, send the synchronization confirmation information to the network device 13 corresponding to the synchronization confirmation information; after receiving the application rejection information sent by the transceiving submodule 421, sending the application rejection information to the network device 13 corresponding to the application rejection information; the synchronization confirmation information is sent after the SDN controller 12 stores the device configuration information sent by the message processing module 41.
Optionally, as shown in fig. 4, the auditing apparatus also includes an apparatus collection module 43.
The device collecting module 43 is configured to obtain and store device basic information of the network device 13 from the network device 13 shown in fig. 2, so as to facilitate management of the network device 13, and further configured to capture actual device configuration information of the network device 13 from the network device 13. Wherein the device basis information includes a device identification.
The transceiving submodule 421 is further configured to send the device configuration information in the synchronization application information to the device collecting module 43.
The device collecting module 43 is further configured to compare the device configuration information in the synchronous application information with actual device configuration information corresponding to the device identifier in the device configuration information, and send capture confirmation information to the transceiver module 421 after determining that the actual device configuration information includes the device configuration information of the synchronous application information through comparison;
the transceiver submodule 421 is further configured to send audit confirmation information to the message processing module 41 after receiving the capture confirmation information sent by the device collecting module 43.
The implementation principle and technical effect of the auditing device configured for the network device provided in the embodiment of the present application are similar to those of the embodiment shown in fig. 3, and this embodiment is not described herein again.
The embodiment of the application also provides a network equipment configuration auditing device. Fig. 5 is a block diagram of a network device configuration checking apparatus according to an embodiment of the present application. As shown in fig. 5, the auditing apparatus includes a processor 51 and a memory 52, where the memory 52 stores executable instructions of the processor 51, so that the processor 51 can be used to execute the technical solution of the above method embodiments, and the implementation principle and technical effect thereof are similar, and details of this embodiment are not repeated here. It should be understood that the Processor 51 may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor. The Memory 52 may include a high-speed Random Access Memory (RAM), a Non-volatile Memory (NVM), at least one disk Memory, a usb disk, a removable hard disk, a read-only Memory, a magnetic disk, or an optical disk.
The embodiment of the present application further provides a storage medium, where computer execution instructions are stored in the storage medium, and when the computer execution instructions are executed by a processor, the network device configuration method is implemented. The storage medium may be any type of volatile or non-volatile storage device or combination thereof, such as a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read-Only Memory (EPROM), a Programmable Read-Only Memory (PROM), a Read-Only Memory (ROM), a magnetic Memory, a flash Memory, a magnetic disk or an optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the storage medium may reside as discrete components in an electronic device or host device.
Embodiments of the present application also provide a program product, such as a computer program, which when executed by a processor, implements the network device configuration method covered by the present application.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the embodiments of the present invention.
Claims (10)
1. A network device configuration method is applied to a Software Defined Network (SDN) system, wherein the SDN system comprises an SDN controller, at least one network device and an auditing device; the method comprises the following steps:
the auditing equipment acquires synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronous application information comprises equipment configuration information manually completed on the network equipment and account information of a user executing the manual configuration;
and the auditing device checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller in response to the account information having the configuration authority.
2. The method of claim 1, wherein the device configuration information comprises a device configuration command;
the checking device checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller in response to the account information having the configuration authority, including:
the auditing equipment compares the user identification code of the account information and the equipment configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has configuration authority in response to the fact that the equipment configuration command in the user identification code and the equipment configuration information corresponding to the user identification code belongs to the preset authorized manual configuration command set;
the auditing device sends the device configuration information to the SDN controller;
the authorized manual configuration command set comprises a corresponding relation between the user identification code of each account information and an authorized manual configuration command.
3. The method of claim 2, wherein after the auditing device determines that the account information has configuration rights, the method further comprises:
the auditing device captures actual device configuration information of the network device from the network device based on a device identifier of the network device in the device configuration information, compares the device configuration information with the actual device configuration information, and sends the device configuration information to the SDN controller in response to the actual device configuration information including the device configuration information.
4. The method according to any one of claims 1 to 3, wherein before the auditing device checks the configuration right corresponding to the account information, the method further comprises:
and the auditing equipment checks the operation permission of the user corresponding to the account information based on the account information, and checks the configuration permission corresponding to the account information in response to the fact that the user corresponding to the account information has the manually configured operation permission.
5. The method according to claim 4, after the auditing device checks the operation authority of the user corresponding to the account information based on the account information, the method further comprising:
and in response to that the user corresponding to the account information does not have the manually configured operation authority, the auditing device sends application rejection information to the network device to terminate the synchronous application of the network device.
6. The method according to any one of claims 1 to 3, wherein after the auditing device checks the configuration right corresponding to the account information, the method further comprises:
and in response to the account information does not have the configuration authority, the auditing device sends application rejection information to the network device to terminate the synchronous application of the network device.
7. The method of any one of claims 1-3, wherein after the auditing device sends the device configuration information to the SDN controller, the method further comprises:
the auditing device receives synchronization confirmation information sent by the SDN controller and sends the synchronization confirmation information to the network device; and sending the synchronization confirmation information after the SDN controller stores the device configuration information sent by the auditing device.
8. An auditing device for network device configuration is applied to a Software Defined Network (SDN) system, and the SDN system comprises an SDN controller, at least one network device and the auditing device; the auditing device comprises: a message processing module and an auditing processing module; wherein the content of the first and second substances,
the message processing module is used for acquiring synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronous application information comprises equipment configuration information manually completed on the network equipment and account information of a user executing the manual configuration;
the auditing processing module is configured to check a configuration right corresponding to the account information, and send the device configuration information to the SDN controller in response to the account information having the configuration right.
9. A network device configuration auditing apparatus, comprising:
a processor and a memory;
the memory stores executable instructions executable by the processor;
wherein execution of the executable instructions stored by the memory by the processor causes the processor to perform the method of any of claims 1-7.
10. A storage medium having stored therein computer executable instructions for performing the method of any one of claims 1-7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210534405.8A CN114928537B (en) | 2022-05-17 | 2022-05-17 | Network equipment configuration method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210534405.8A CN114928537B (en) | 2022-05-17 | 2022-05-17 | Network equipment configuration method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114928537A true CN114928537A (en) | 2022-08-19 |
| CN114928537B CN114928537B (en) | 2023-06-13 |
Family
ID=82809224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210534405.8A Active CN114928537B (en) | 2022-05-17 | 2022-05-17 | Network equipment configuration method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114928537B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7457870B1 (en) * | 2004-02-27 | 2008-11-25 | Packeteer, Inc. | Methods, apparatuses and systems facilitating classification of web services network traffic |
| CN109462502A (en) * | 2018-10-30 | 2019-03-12 | 新华三技术有限公司合肥分公司 | Configuration information saves control method, device and the SDN controller of instruction |
| CN110457891A (en) * | 2019-07-22 | 2019-11-15 | 安徽智恒信科技股份有限公司 | A kind of authority configuration interface display method, device, terminal and storage medium |
| CN111327446A (en) * | 2018-12-17 | 2020-06-23 | 北京华为数字技术有限公司 | Configuration data processing method, software defined network device, system and storage medium |
| CN111510483A (en) * | 2020-04-09 | 2020-08-07 | 眸芯科技(上海)有限公司 | Configuration synchronization system between different network domains in chip test and application |
| US20210084601A1 (en) * | 2019-09-16 | 2021-03-18 | Movandi Corporation | 5g signals detection using neural network |
| CN114070738A (en) * | 2021-09-27 | 2022-02-18 | 新华三大数据技术有限公司 | Equipment configuration auditing method and device |
-
2022
- 2022-05-17 CN CN202210534405.8A patent/CN114928537B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7457870B1 (en) * | 2004-02-27 | 2008-11-25 | Packeteer, Inc. | Methods, apparatuses and systems facilitating classification of web services network traffic |
| CN109462502A (en) * | 2018-10-30 | 2019-03-12 | 新华三技术有限公司合肥分公司 | Configuration information saves control method, device and the SDN controller of instruction |
| CN111327446A (en) * | 2018-12-17 | 2020-06-23 | 北京华为数字技术有限公司 | Configuration data processing method, software defined network device, system and storage medium |
| CN110457891A (en) * | 2019-07-22 | 2019-11-15 | 安徽智恒信科技股份有限公司 | A kind of authority configuration interface display method, device, terminal and storage medium |
| US20210084601A1 (en) * | 2019-09-16 | 2021-03-18 | Movandi Corporation | 5g signals detection using neural network |
| CN111510483A (en) * | 2020-04-09 | 2020-08-07 | 眸芯科技(上海)有限公司 | Configuration synchronization system between different network domains in chip test and application |
| CN114070738A (en) * | 2021-09-27 | 2022-02-18 | 新华三大数据技术有限公司 | Equipment configuration auditing method and device |
Non-Patent Citations (3)
| Title |
|---|
| PAOLA LOVANNA,STEFANO RUFFINI: "SDN-based architecture to support Synchroization in a 5G framework", 2016 IEEE ISPCS * |
| 秦昌江: "基于W935XX的2.4G数字无绳软件系统的构建", 中国优秀硕士学位论文数据库 * |
| 郑金光: "基于Android终端的用户信息同步平台设计与实现", 信息科技 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114928537B (en) | 2023-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| USRE49585E1 (en) | Certificate based profile confirmation | |
| WO2021051878A1 (en) | Cloud resource acquisition method and apparatus based on user permission, and computer device | |
| EP3564808B1 (en) | Data configuration method and data configuration apparatus | |
| CN109729535B (en) | Base station opening method and device, computer storage medium and equipment | |
| CN103200021A (en) | Network management system, client-end, service-end and method for achieving data allocation in batches | |
| CN113468136A (en) | Upgrading method and device of cloud platform and server | |
| CN112799689A (en) | Variable burning data storage, burning and verification method, device and storage medium | |
| CN107995033B (en) | ONU configuration file upgrading method and device | |
| CN111124591A (en) | Mirror image transmission method and device, electronic equipment and storage medium | |
| CN114928537A (en) | Network equipment configuration method, device and storage medium | |
| CN112286574A (en) | Method and device for counting application program versions, terminal equipment and storage medium | |
| CN113312669B (en) | Password synchronization method, device and storage medium | |
| CN111783121B (en) | Data processing method, device, equipment and storage medium | |
| CN111698227B (en) | Information synchronization management method, device, computer system and readable storage medium | |
| CN112099879B (en) | Configuration information management method and device, computer equipment and storage medium | |
| CN113760450A (en) | Automatic safety management method and device for private cloud virtual machine, terminal and storage medium | |
| CN111130976B (en) | Method, equipment and medium for configuring virtual local area network of white box switch | |
| CN116506224B (en) | File uploading method and device, computer equipment and storage medium | |
| CN116614323B (en) | Cloud storage enterprise network management method and system based on Rclone | |
| CN111260238B (en) | Risk data filtering and storing method | |
| CN107295013B (en) | VDI communication method, first server, second server and communication system | |
| CN117454429A (en) | Access control list authority setting method, device, equipment and storage medium | |
| CN116466965A (en) | Burning method, equipment, system, medium and program product | |
| CN112953995A (en) | Data synchronization method and device, terminal equipment and storage medium | |
| CN116723472A (en) | Method and device for reinforcing operation system of short message service equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |