CN115550258B - Traffic mirroring method, device, equipment and storage medium - Google Patents

Traffic mirroring method, device, equipment and storage medium Download PDF

Info

Publication number
CN115550258B
CN115550258B CN202211533259.3A CN202211533259A CN115550258B CN 115550258 B CN115550258 B CN 115550258B CN 202211533259 A CN202211533259 A CN 202211533259A CN 115550258 B CN115550258 B CN 115550258B
Authority
CN
China
Prior art keywords
flow table
flow
target
ovs
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211533259.3A
Other languages
Chinese (zh)
Other versions
CN115550258A (en
Inventor
李有
秦海中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202211533259.3A priority Critical patent/CN115550258B/en
Publication of CN115550258A publication Critical patent/CN115550258A/en
Application granted granted Critical
Publication of CN115550258B publication Critical patent/CN115550258B/en
Priority to PCT/CN2023/103400 priority patent/WO2024113817A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a flow mirroring method, a flow mirroring device, flow mirroring equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: acquiring configuration information aiming at a flow mirror image, and storing the configuration information to a database; according to the information of the database, updating an OVS flow table for flow forwarding through OVN, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set; and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set. By adding the target flow table for flow mirroring in the OVS flow table, mirroring of flow entering and exiting the OVS flow table is achieved, the problem that the flow cannot be mirrored in the OVN mode is solved, flow monitoring is further facilitated, and the problem that the flow cannot be monitored in the OVN distributed network environment is solved.

Description

Traffic mirroring method, device, equipment and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for traffic mirroring.
Background
Currently, in the cloud computing and cloud service era, cloud services are being promoted in both corporate and personal businesses. The open source project openstack cloud computing management platform provides a virtualization scheme, the cloud service provides virtualization service, but meanwhile, service operation cannot be conducted through network forwarding, and fast forwarding of data is the basis of cloud service performance. At present, a laggard three-layer forwarding scheme is to provide services such as routing, NAT (Network Address Translation) and the like by using a Network firewall iptable function, and this method needs to create a namespace for each router, then create some interfaces in the namespace, and insert the interfaces into a bridge of an OVS (open virtual switch); the scheme not only consumes a large amount of system resources when establishing the name space, but also reduces the efficiency because the message is frequently converted among the OVS process, the name space user mode space and the kernel space for many times. In order to solve the above problems, in the prior art, an OVS flow table is planned again based on a OVN (Open Virtual Network) controller, so that the OVS not only provides two-layer forwarding but also provides three-layer forwarding, but at present, OVN does not support a flow mirroring function, and a process of copying and then sending a flow to be monitored to a specified position is called flow mirroring.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method, an apparatus, a device, and a medium for mirroring traffic in and out of an OVS flow table, which can implement mirroring of traffic and solve a problem that traffic cannot be mirrored in a OVN mode. The specific scheme is as follows:
in a first aspect, the present application discloses a traffic mirroring method, including:
acquiring configuration information aiming at a flow mirror image, and storing the configuration information to a database;
according to the information of the database, updating an OVS flow table for flow forwarding through OVN, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set;
and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set.
Optionally, the updating, according to the information of the database, the OVS flow table used for traffic forwarding through OVN, and adding a target flow table used for traffic mirroring in the OVS flow table include:
determining a target adding position in the whole OVS flow table structure, and adding a target flow table for flow mirroring at the target adding position according to the information of the database;
and configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch port and the target flow table according to the information of the database.
Optionally, the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for flow mirroring at the target adding position according to the information of the database includes:
taking the position between an inlet flow table in an OVS flow table structure and a flow table for rule checking as a first target adding position;
screening out an idle flow table from the first target adding position, and generating a first target flow table based on the idle flow table and the configuration information, wherein the first target flow table is used for carrying out flow mirroring on flow entering an OVS flow table.
Optionally, configuring, according to the information of the database, corresponding flow table logics for an entry flow table serving as a flow entry, an exit flow table serving as a flow exit, a port lookup flow table used for looking up a switch port, and the target flow table, including:
and configuring corresponding flow table logic and flow table priority for the inlet flow table, the outlet flow table, the port lookup flow table and the target flow table according to the information of the database so as to realize flow table forwarding.
Optionally, configuring corresponding flow table logic and flow table priority for an entry flow table serving as a flow entry, an exit flow table serving as a flow exit, a port lookup flow table used for looking up a switch port, and the target flow table according to the information of the database, includes:
configuring corresponding flow table logic and flow table priority for an inlet flow table serving as a flow inlet so that the inlet flow table can copy the inflowing flow and then skip a rule check flow table to be forwarded to a target flow table;
configuring corresponding flow table logic and flow table priority for the target flow table so that the target flow table can send the received flow to a port lookup flow table;
and configuring corresponding flow table logic and flow table priority for the port lookup flow table so that the port lookup flow table is used for judging whether a destination port of the flow mirror image is in the node or not, and forwarding the flow skipping rule check flow table to an outlet flow table when the judgment result is the node.
Optionally, performing flow mirroring on the flow entering the OVS flow table by using the OVS flow table set, includes:
acquiring a first flow entering an OVS flow table through the entrance flow table, and copying and sending the first flow to the first target flow table;
screening out target flow to be mirrored by using the first target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table;
and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
Optionally, the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for flow mirroring at the target adding position according to the information of the database includes:
taking the position between the flow table used for rule checking in the OVS flow table structure and the exit flow table as a second target adding position;
screening out an idle flow table from the second target adding position, and generating the idle flow table and the configuration information to serve as a second target flow table, wherein the second target flow table is used for carrying out flow mirroring on flow out of the OVS flow table.
Optionally, performing flow mirroring on the flow exiting the OVS flow table by using the OVS flow table set, includes:
acquiring a second flow of the OVS flow table through the exit flow table, and copying and sending the second flow to the second target flow table;
screening out target flow to be mirrored by utilizing the second target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table;
and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
Optionally, the determining, by using the port lookup flow table, whether a destination port of the traffic mirror is behind the node further includes:
and if the destination port of the flow mirror image is not at the node, sending the flow mirror image to the corresponding node through the service network.
Optionally, the obtaining the configuration information for the traffic mirror includes:
adding a target plug-in a network service assembly, and acquiring configuration information aiming at a flow mirror image sent by a user through the target plug-in the network service assembly;
optionally, the obtaining configuration information for the traffic mirror includes:
and configuring a command line and an application programming interface in the network service component, and acquiring configuration information aiming at the traffic mirror image sent by a user through the application programming interface in the network service component.
Optionally, the storing the configuration information to a database includes:
and saving the configuration information to a northbound database of OVN so that OVN background process updates the southbound database by monitoring the northbound database, so that OVN controller updates the OVS flow table according to the updated data of the southbound database.
Optionally, the OVN updating the southbound database by monitoring the northbound database includes:
monitoring a port mirror column in the logic exchange port table through OVN in the north direction;
and inquiring corresponding mirror image information from a logical port mirror image pair list according to the changed data in the port mirror image column, and translating the mirror image information to a new southbound database.
Optionally, the storing the configuration information to a database includes:
and storing the configuration information to a relational database of a network service component so as to obtain the configuration information by searching the relational database after restarting.
Optionally, before storing the configuration information in the database, the method further includes:
and verifying the configuration information according to a preset verification rule, and storing the configuration information to a database after the verification is successful.
Optionally, the obtaining the configuration information for the traffic mirror includes:
acquiring configuration information of a user for a flow mirror image; the configuration information includes source address, destination address, project information, mirror direction and filter condition.
Optionally, the verifying the configuration information according to a preset verification rule includes:
checking whether the source port and the destination port belong to the same item based on the configuration information;
checking whether a source port and a destination port exist based on the configuration information;
and checking whether the filtering condition is legal or not based on the configuration information.
In a second aspect, the present application discloses a traffic mirroring apparatus, comprising:
the configuration information acquisition module is used for acquiring configuration information aiming at the flow mirror image and storing the configuration information to a database;
a flow table updating module, configured to update an OVS flow table used for flow forwarding through OVN according to the information of the database, and add a target flow table used for flow mirroring in the OVS flow table to obtain an updated OVS flow table set;
and the flow mirroring module is used for carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by utilizing the OVS flow table set.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the aforementioned traffic mirroring method.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the traffic mirroring method as described above.
In the method, configuration information aiming at the flow mirror image is obtained and stored in a database; according to the information of the database, updating an OVS flow table for flow forwarding through OVN, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set; and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set. Therefore, in a network environment using an openstack open source project OVN, on the basis of not changing the original flow architecture design, by adding a target flow table for flow mirroring in the OVS flow table, mirroring of flows entering and exiting the OVS flow table is achieved, the problem that the flows cannot be mirrored in a OVN mode is solved, flow monitoring is further facilitated, the problem that the flows cannot be monitored in a OVN distributed network environment is solved, and product functions in an OVN mode are enriched.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flow chart of a traffic mirroring method provided in the present application;
fig. 2 is a flowchart of a specific flow updating method based on configuration information according to the present application;
FIG. 3 is a flow chart of a specific traffic mirroring method provided herein;
FIG. 4 is a flow chart of a specific flow mirroring logic provided herein;
fig. 5 is a schematic structural diagram of a flow mirroring apparatus according to the present application;
fig. 6 is a block diagram of an electronic device provided in the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, OVN does not support traffic mirroring functionality. In order to overcome the technical problem, the flow mirroring method provided in the application can realize mirroring of flows entering and exiting the OVS flow table, and solve the problem that the flows cannot be mirrored in the OVN mode.
The embodiment of the application discloses a flow mirroring method, which is shown in fig. 1 and can include the following steps:
step S11: and acquiring configuration information aiming at the flow mirror image, and storing the configuration information to a database.
In this embodiment, first, configuration information of a user for a traffic mirror is obtained, where the configuration information includes a source address and a destination address of the mirror, item information to which the mirror belongs, a direction of the mirror, a mirror filtering condition, and the like. The obtaining of the configuration information for the traffic mirror may include: adding a target plug-in a network service assembly, and acquiring configuration information aiming at a flow mirror image sent by a user through the target plug-in the network service assembly; or, configuring a command line and an application programming interface in the network service component, and acquiring configuration information aiming at the traffic mirror image sent by a user through the application programming interface in the network service component. The configuration can be issued by a user through a command line, a webpage or other modes, a configuration command, an API interface and the like need to be provided for the user, the command line configuration and the API interface provided by an open source tap-as-a-service project can be used, plug-ins can be developed independently, and as the tap-as-a-service project is a set of services realized aiming at a native OVS, only the code function of a user configuration part can be used for reference, the logic is not matched, and the filtering function needs to be developed independently, the plug-ins can be configured in a network service component (neutron _ server) independently, so that the configuration information aiming at the traffic mirror image and sent by the user can be obtained through a target plug-in the network service component. It can be understood that Neutron is one of OpenStack core items, providing a Virtual Network function in a cloud computing environment, and an OpenStack Network (Neutron) manages an access layer of all Virtual Network Infrastructure (VNI) and Physical Network Infrastructure (PNI) in an OpenStack environment; the tenant virtual machine is a bridge for information interaction with the Internet, richer network control can be met in a capacity expansion plug-in or driving mode, and the neutron-server is the process name of the network service.
In this embodiment, the configuration information includes a source address, a destination address, item information, a mirroring direction, and a filtering condition, and before the configuration information is stored in the database, the method may further include: and verifying the configuration information according to a preset verification rule, and storing the configuration information to a database after the verification is successful. In this embodiment, the verifying the configuration information according to a preset verification rule may include: verifying whether the source port and the destination port belong to the same item based on the configuration information; verifying whether a source port and a destination port exist based on the configuration information; and checking whether the filtering condition is legal or not based on the configuration information. For example, as shown in fig. 2, information is checked before being stored in the database, specifically, after the configuration is received, the configuration issued by the user needs to be checked, and if the condition that the source port and the destination port belong to the same item is not satisfied, or the source port and the destination port both exist, that is, the configuration already exists, and the mirror image filtering condition is legal, for example, the filtered address range is invalid, the configuration is returned to fail, and the user is notified.
After obtaining the configuration information, the storing the configuration information to the database, in this embodiment, the storing the configuration information to the database may include: and saving the configuration information to a northbound database of OVN so that OVN background process updates the southbound database by monitoring the northbound database, so that OVN controller updates the OVS flow table according to the updated data of the southbound database. After the data is successfully verified, the data is written into OVN north-oriented database through OVSdb protocol, OVN background process (OVN-normal) is used for monitoring OVN north-oriented database data change and updating a user mode process of the south-oriented database, monitoring and translation functions of a flow monitoring table need to be added, and the data is written into OVN south-oriented database. The OVN controller (OVN-controller) will monitor the southbound database for updates and then add the corresponding flow table to the OVS.
In this embodiment, the OVN updating the southbound database by monitoring the northbound database may include: monitoring a port mirror column in the logic exchange port table through OVN in the north direction; and inquiring corresponding mirror image information from a logical port mirror image pair list according to the changed data in the port mirror image column, and translating the mirror image information to a new southbound database. It can be understood that OVN northbound process service needs to monitor the logical switch port table and the logical port mirror list in the northbound database so as to update the southbound database in time according to the northbound database, and specifically, responds to a port mirror list (port _ mirrors column) change of the logical switch port table (local _ switch _ port table) issued by ovn-nbdb-server by adding a processing function; according to the content of the column, a logical port mirror pair list (logical _ port _ mirror _ pair) is inquired for corresponding mirror information and translated into a ovn southward database. Here, the rules are respectively translated into the corresponding logical flow tables according to the access direction, including mirrored rules, for example, it is determined that mirroring is performed on the traffic of the destination port 22, a specified logical flow table needs to be added in the ingress flow table and the egress flow table, the determination condition is dst.
In this embodiment, the storing the configuration information in the database may include: and storing the configuration information to a relational database of a network service component so as to obtain the configuration information by searching the relational database after restarting. For example, as shown in fig. 2, in order to implement mirror configuration again after restart and facilitate an administrator to view the mirror configuration, in this embodiment, a table port _ mirrors is created in a neutron database, and after verification succeeds, configuration information is written into the table, and the table is added in the database of the neutron database when a neutron process is started, and is used to record information such as a port mirror source port, a destination port, an affiliated subnet ID, an affiliated item, a mirror direction, and a mirror filtering condition, where a specific data format of the neutron database refers to the following:
Figure 272000DEST_PATH_IMAGE002
step S12: and updating an OVS flow table for flow forwarding through OVN according to the information of the database, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set.
In this embodiment, OVN updates an OVS flow table used for traffic forwarding, and specifically adds a target flow table used for traffic mirroring in the OVS flow table according to configuration information.
Step S13: and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set.
In this embodiment, after the flow table is updated, after the flow enters the flow table, the flow mirroring can be implemented according to the flow table logic of the target flow table, including mirroring of the flow entering the OVS flow table and the flow exiting the OVS flow table, so that the port mirroring function is implemented by planning a new flow table and logic.
As can be seen from the above, in this embodiment, configuration information for a traffic mirror is obtained, and the configuration information is stored in a database; updating an OVS flow table for flow forwarding through OVN according to the information of the database, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set; and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set. It can be seen that, in a network environment using openstack sourcing project OVN, on the basis of not changing the original flow architecture design, mirroring of flows entering and exiting the OVS flow table is achieved by adding a target flow table for flow mirroring in the OVS flow table, the problem that the flows cannot be mirrored in the OVN mode is solved, flow monitoring and flow analysis are facilitated, the problem that the flows cannot be monitored in the OVN distributed network environment is solved, and product functions in the OVN mode are enriched.
The embodiment of the application discloses a specific flow mirroring method, which is shown in fig. 3 and can include the following steps:
step S21: and acquiring configuration information aiming at the flow mirror image, and storing the configuration information to a database.
Step S22: and determining a target adding position in the whole OVS flow table structure, and adding a target flow table for flow mirroring at the target adding position according to the information of the database.
Firstly, introducing a principle that a OVN architecture in the prior art forwards through an OVS flow table, wherein after entering the OVS flow table, the flow of all interfaces (ports) is matched with a 0 table of a local network bridge, and the table is used as an inlet, and is used for checking whether port information exists or not, and sending the port information to an 8 table to start two-layer or three-layer forwarding until 50 tables are two-layer or three-layer forwarding rules, such as address conversion, speed limit, broadcasting, acl and other conventional three-layer switches for processing; and searching an outlet after the table reaches 50, and then jumping to a table 65, wherein the table 65 and the table 0 are just opposite, the table 0 finds a logical port according to a physical port, and the table 65 finds a physical port according to the logical port, and at this time, the forwarding of the OVS is completed.
In this embodiment, to implement mirroring of flows entering and exiting the flow table, a target addition position is determined in the whole OVS flow table structure, and then a target flow table for flow mirroring is added at the target addition position according to information of the database, that is, according to configuration information, and logic of other related flow tables is configured. For example, as shown in fig. 4, mirroring is performed on the traffic of the interface, and mirroring may be required in both the ingress direction and the egress direction, so that a 7 table is added in front of an 8 table to process the traffic of the port egress direction, that is, the traffic entering the OVS flow table; and, add a 51 table after 50 table to handle the traffic in port-in direction, i.e. the traffic out of OVS flow table. It can be understood that the tables 1 to 7 and tables 51 to 64 are idle table entries reserved in the prior art, so that on the basis of not changing the original traffic architecture design, the currently idle table entries are fully utilized, traffic is copied at a more appropriate position, redundant form processing is skipped, a high-performance traffic mirroring function is provided, the design concept of the OVN architecture is maintained, and the functions of an open source project are enriched.
Step S23: and configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch port and the target flow table according to the information of the database so as to obtain an updated OVS flow table set.
The flow mirroring is a process of copying and then sending the flow to be monitored to a specified position, most flow tables in the existing flow tables are forwarding rules for two or three layers, so that the table entries need to be skipped during the flow mirroring, only new target flow tables need to be relied on, an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, and a port used for searching a network port of a switch to search the flow tables, and therefore when the flow reaches or is sent out from a specified interface, data is copied according to the configured mirroring rules, and the data is sent to a specified destination interface by using an independent forwarding path, and the flow mirroring is completed under the condition that the flow content, particularly the five-element information of the message is not changed.
In this embodiment, the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for traffic mirroring at the target adding position according to the information of the database may include: taking the position between an inlet flow table in an OVS flow table structure and a flow table for rule checking as a first target adding position; screening out an idle flow table from the first target adding position, and generating a first target flow table based on the idle flow table and the configuration information, wherein the first target flow table is used for carrying out flow mirroring on flow entering an OVS flow table.
In this embodiment, configuring, according to the information of the database, corresponding flow table logic for an ingress flow table serving as a flow ingress, an egress flow table serving as a flow egress, a port lookup flow table used for looking up a switch port, and the target flow table may include: and configuring corresponding flow table logic and flow table priority for the inlet flow table, the outlet flow table, the port lookup flow table and the target flow table according to the information of the database so as to realize flow table forwarding.
In this embodiment, configuring corresponding flow table logic and flow table priority for the entry flow table serving as a flow entry, the exit flow table serving as a flow exit, the port lookup flow table used for looking up a switch port, and the target flow table according to the information of the database may include: configuring corresponding flow table logic and flow table priority for an inlet flow table serving as a flow inlet so that the inlet flow table can copy the inflowing flow and then skip a rule check flow table to forward the flow table to a target flow table; configuring corresponding flow table logic and flow table priority for the target flow table so that the target flow table can send the received flow to a port lookup flow table; and configuring corresponding flow table logic and flow table priority for the port lookup flow table so that the port lookup flow table is used for judging whether a destination port of the flow mirror image is in the node or not, and forwarding the flow skipping rule check flow table to an outlet flow table when the judgment result is the node.
The port lookup flow table records whether the port is the port of the local node, if so, the port continues to go downwards, and if not, the port is directly sent to the corresponding node through the service network; according to the logic, special treatment of the destination port of the traffic mirror needs to be added in the embodiment so as to skip the limitation of subsequent rules and avoid innocent traffic of the mirror being discarded; specifically, a port lookup flow table needs to add a new flow table rule, and the port lookup flow table is a local node port, and a destination port is a destination port of a flow mirror, and is directly sent to an egress flow table, and is sent out ovs after being matched with a corresponding physical port.
In this embodiment, performing flow mirroring on the flow entering the OVS flow table by using the OVS flow table set may include: acquiring a first flow entering an OVS flow table through the entrance flow table, and copying and sending the first flow to the first target flow table; screening out target flow to be mirrored by using the first target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table; and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
For example, as shown in fig. 4, the ingress flow table is a 0 table, the first target flow table is a 7 table, the egress flow table is a 65 table, and the port lookup flow table is a 37 table.
1. The mirror image flow starts to be mirrored at an initial position, the phenomenon that mirror images cannot be obtained due to discarding in the forwarding process is avoided, the initial position of the flow is a table 0, in order to ensure that the flow enters the table 0 of the OVS flow table set, a flow table with the priority of 2000 is added in the table 0, the flow with the matching physical interface vm1 is sent to a table 8, and then one flow is copied and sent to a table 7.
2. And adding a default flow table with the priority of 0 to the 7 table for processing unmatched flow, and directly discarding mirrored flow. The flow table matching rule is an optimal matching rule, which can be matched with the most conditions is selected, and if the conditions are the same, the priority is selected to be the highest. Then, a matching rule with the priority of 1, the port of vm1 and the destination port of 22 is added, and as mirror traffic is required to reach the mirror destination address mirror, the execution action of all the flow tables is set to be sent out from the mirror of the OVS, specifically realized by setting logic id, and then sent to the table 37.
3. The table 37 is a special table that refers to whether the OVS egress port is in the node or not, and if so, continues to the next. If not, the information is sent to the corresponding node, and the function inherits the OVN architecture, which is not described in detail in this embodiment.
4. The 8-36 tables, which are regularly checked for traffic, are skipped directly because mirrored traffic needs to be copied to mirror intact.
5. And issuing a priority of 100 to the 37 meter of the node where the mirror is located, wherein the matching rule is to send the priority to the mirror port, so that the flow directly skips 38-64 and is sent to the 65 meter.
6. And finding the corresponding physical port by using the logical port ID on 65, and sending out the OVS to finish the function of mirroring to the mirror.
That is, in the present embodiment, the traffic of the port is subjected to mirroring, and mirroring may be required in either the ingress direction or the egress direction. Therefore, adding a 7 table IN front of the 8 table is used to process the traffic OUT of the virtual machine network card (i.e. the traffic into ovs, because the flow table is designed based on ovs, the traffic IN this direction is designated as INGRESS IN the macro definition of ovn code layer, and the traffic OUT of the virtual machine from the user perspective, so the description field (direction field) IN the under-user distribution is designated as OUT), adding a 51 table behind the 50 table is used to process the traffic into the virtual machine network card (i.e. the traffic OUT of ovs, the traffic IN this direction is defined as EGRESS (exit) IN the macro definition of ovn code layer, and the traffic into the virtual machine from the user perspective, so the direction field IN the under-user distribution is designated as IN).
In this embodiment, the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for traffic mirroring at the target adding position according to the information of the database may include: taking the position between the flow table used for rule checking in the OVS flow table structure and the exit flow table as a second target adding position; screening an idle flow table from the second target adding position, and generating a second target flow table based on the idle flow table and the configuration information, wherein the second target flow table is used for carrying out flow mirroring on the flow out of the OVS flow table.
In this embodiment, performing flow mirroring on the flow exiting the OVS flow table by using the OVS flow table set may include: acquiring a second flow of the OVS flow table through the exit flow table, and copying and sending the second flow to the second target flow table; screening out target flow to be mirrored by utilizing the second target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table; and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
For example, as shown in fig. 4, the ingress flow table is a 0 table, the second destination flow table is a 51 table, the egress flow table is a 65 table, and the port lookup flow table is a 37 table. That is, similarly, if the traffic in vm2 ingress direction is mirrored, the rule is added to the last leg of the egress OVS, i.e. 65 table, then a path is copied separately to 51 table, the mirrored traffic is filtered in 51 table to 37, the egress is determined by 37 table and then the egress traffic is sent.
Step S24: and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set.
For the specific processes of step S21 and step S24, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
As can be seen from the above, in this embodiment, a target adding position is determined in the whole OVS flow table structure, and a target flow table for traffic mirroring is added at the target adding position according to the information of the database; and configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch port and the target flow table according to the information of the database. The empty table entries at present are fully utilized, the flow is copied at a proper position, an independent forwarding path is used for sending the flow to a specified destination interface, redundant form processing is skipped, a high-performance flow mirroring function is provided, and flow mirroring is completed under the condition that the flow content, particularly the message five-tuple information is not changed.
Correspondingly, an embodiment of the present application further discloses a flow mirroring device, as shown in fig. 5, the device includes:
a configuration information obtaining module 11, configured to obtain configuration information for a traffic mirror, and store the configuration information in a database;
a flow table updating module 12, configured to update an OVS flow table used for flow forwarding through OVN according to the information of the database, and add a target flow table used for flow mirroring in the OVS flow table to obtain an updated OVS flow table set;
and a flow mirroring module 13, configured to perform flow mirroring on flows entering the OVS flow table and/or flows exiting the OVS flow table by using the OVS flow table set.
The method comprises the steps that configuration information aiming at a flow mirror image is obtained and stored in a database; updating an OVS flow table for flow forwarding through OVN according to the information of the database, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set; and carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set. Therefore, in a network environment using an openstack open source project OVN, on the basis of not changing the original flow architecture design, by adding a target flow table for flow mirroring in the OVS flow table, mirroring of flows entering and exiting the OVS flow table is achieved, the problem that the flows cannot be mirrored in a OVN mode is solved, flow monitoring is further facilitated, the problem that the flows cannot be monitored in a OVN distributed network environment is solved, and product functions in an OVN mode are enriched.
In some specific embodiments, the flow table updating module 12 may specifically include:
the flow table adding unit is used for determining a target adding position in the whole OVS flow table structure and adding a target flow table for flow mirroring at the target adding position according to the information of the database;
and the flow table configuration unit is used for configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch port and the target flow table according to the information of the database.
In some specific embodiments, the flow table adding unit may specifically include:
a first position determination unit configured to add a first target position between an entry flow table within the OVS flow table structure and a flow table used for rule checking;
the first target flow table adding unit is used for screening out an idle flow table from the first target adding position and generating a first target flow table based on the idle flow table and the configuration information, and the first target flow table is used for carrying out flow mirroring on flow entering the OVS flow table.
In some specific embodiments, the flow table configuring unit may be specifically configured to configure, according to the information of the database, corresponding flow table logic and flow table priority for the ingress flow table, the egress flow table, the port lookup flow table, and the target flow table, so as to implement flow table forwarding.
In some specific embodiments, the flow table configuring unit may specifically include:
the first configuration unit is used for configuring corresponding flow table logic and flow table priority for an inlet flow table serving as a flow inlet so that the inlet flow table can copy the inflowing flow and then skip the rule check flow table to be forwarded to a target flow table;
the second configuration unit is used for configuring corresponding flow table logic and flow table priority for the target flow table so that the target flow table can send the received flow to a port lookup flow table;
and the third configuration unit is used for configuring the corresponding flow table logic and flow table priority for the port lookup flow table, so that the port lookup flow table is used for judging whether a destination port of the flow mirror image is in the node, and forwarding the flow skipping rule check flow table to the outlet flow table when the judgment result is the node.
In some specific embodiments, the traffic mirroring module 13 may specifically include:
the flow replication unit is used for acquiring a first flow entering the OVS flow table through the inlet flow table and replicating and sending the first flow to the first target flow table;
the target flow determining unit is used for screening out target flow to be mirrored by using the first target flow table according to the configuration information and forwarding the target flow to the port lookup flow table;
and the flow sending unit is used for judging whether a target port of the flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
In some specific embodiments, the flow table adding unit may specifically include:
a second position determination unit configured to set, as a second target addition position, a position between a flow table for rule check within the OVS flow table structure and the egress flow table;
and the second target flow table adding unit is used for screening out an idle flow table from the second target adding position, and generating a second target flow table based on the idle flow table and the configuration information, wherein the second target flow table is used for carrying out flow mirroring on the flow out of the OVS flow table.
In some specific embodiments, the traffic mirroring module 13 may specifically include:
the flow replication unit is used for acquiring a second flow of the OVS flow table through the outlet flow table, and replicating and sending the second flow to the second target flow table;
the target flow determining unit is used for screening out target flow to be mirrored by utilizing the second target flow table according to the configuration information and forwarding the target flow to the port lookup flow table;
and the flow sending unit is used for judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, forwarding the target flow to the outlet flow table if the target port of the flow mirror is in the node, and sending the target flow to a target mirror address through the outlet flow table.
In some specific embodiments, the traffic sending unit may be specifically configured to send the traffic mirror to a corresponding node through a service network if a destination port of the traffic mirror is not located at the node.
In some specific embodiments, the configuration information obtaining module 11 may specifically include:
the first obtaining unit is used for adding a target plug-in a network service component and obtaining configuration information aiming at the flow mirror image sent by a user through the target plug-in the network service component.
In some specific embodiments, the configuration information obtaining module 11 may specifically include:
and the second acquisition unit is used for configuring a command line and an application programming interface in the network service component and acquiring the configuration information aiming at the flow mirror image sent by the user through the application programming interface in the network service component.
In some specific embodiments, the configuration information obtaining module 11 may specifically include:
a first saving unit, configured to save the configuration information to a northbound database of OVN, so that a OVN background process updates the southbound database by monitoring the northbound database, so that a OVN controller updates the OVS flow table according to the updated data of the southbound database.
In some embodiments, the first saving unit may include:
the port mirror image column monitoring unit is used for monitoring a port mirror image column in the logic exchange port table through OVN northbound process;
and the information translation unit is used for inquiring corresponding mirror image information from the logical port mirror image pair list according to the changed data in the port mirror image column and translating the mirror image information to a new southbound database.
In some specific embodiments, the configuration information obtaining module 11 may specifically include:
and the second storage unit is used for storing the configuration information to a relational database of the network service component so as to obtain the configuration information by searching the relational database after restarting.
In some embodiments, the traffic mirroring apparatus further includes:
and the verification unit is used for verifying the configuration information according to a preset verification rule and storing the configuration information to a database after the verification is successful.
In some embodiments, the configuration information includes a source address, a destination address, entry information, a mirroring direction, and a filter condition.
In some specific embodiments, the verification unit may specifically include:
a first checking unit, configured to check whether the source port and the destination port belong to the same entry based on the configuration information;
a second checking unit, configured to check whether a source port and a destination port exist based on the configuration information;
and the third checking unit is used for checking whether the filtering condition is legal or not based on the configuration information.
Further, the embodiment of the present application also discloses an electronic device, which is shown in fig. 6, and the content in the drawing cannot be considered as any limitation to the application scope.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein, the memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the traffic mirroring method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the resources stored thereon include an operating system 221, a computer program 222, data 223 including configuration information, etc., and the storage may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the electronic device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, and may be Windows Server, netware, unix, linux, and the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the traffic mirroring method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, an embodiment of the present application further discloses a computer storage medium, where computer-executable instructions are stored in the computer storage medium, and when the computer-executable instructions are loaded and executed by a processor, the steps of the traffic mirroring method disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The traffic mirroring method, apparatus, device and medium provided by the present invention are described in detail above, and a specific example is applied in the description to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (19)

1. A method of traffic mirroring, comprising:
acquiring configuration information aiming at a flow mirror image, and storing the configuration information to a database;
updating an OVS flow table for flow forwarding through OVN according to the information of the database, and adding a target flow table for flow mirroring in the OVS flow table to obtain an updated OVS flow table set;
carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by using the OVS flow table set;
wherein, according to the information of the database, updating an OVS flow table for traffic forwarding through OVN, and adding a target flow table for traffic mirroring in the OVS flow table, includes:
determining a target adding position in the whole OVS flow table structure, and adding a target flow table for flow mirroring at the target adding position according to the information of the database;
and configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch port and the target flow table according to the information of the database.
2. The traffic mirroring method according to claim 1, wherein the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for traffic mirroring at the target adding position according to the information of the database comprises:
taking the position between an entry flow table in the OVS flow table structure and a flow table for rule checking as a first target adding position;
screening out an idle flow table from the first target adding position, and generating a first target flow table based on the idle flow table and the configuration information, wherein the first target flow table is used for carrying out flow mirroring on flow entering an OVS flow table.
3. The traffic mirroring method according to claim 1, wherein configuring, according to the information in the database, corresponding flow table logic for an ingress flow table as a traffic ingress, an egress flow table as a traffic egress, a port lookup flow table for looking up a switch portal, and the target flow table comprises:
and configuring corresponding flow table logic and flow table priority for the inlet flow table, the outlet flow table, the port lookup flow table and the target flow table according to the information of the database so as to realize flow table forwarding.
4. The traffic mirroring method according to claim 3, wherein the configuring, according to the information in the database, the corresponding flow table logic and the flow table priority for the ingress flow table as a traffic ingress, the egress flow table as a traffic egress, the port lookup flow table for looking up a switch port, and the target flow table comprises:
configuring corresponding flow table logic and flow table priority for an inlet flow table serving as a flow inlet so that the inlet flow table can copy the inflowing flow and then skip a rule check flow table to forward the flow table to a target flow table;
configuring corresponding flow table logic and flow table priority for the target flow table so that the target flow table can send the received flow to a port lookup flow table;
and configuring corresponding flow table logic and flow table priority for the port lookup flow table so that the port lookup flow table is used for judging whether a destination port of the flow mirror image is in the node or not, and forwarding the flow skipping rule check flow table to an outlet flow table when the judgment result is the node.
5. The traffic mirroring method according to claim 2, wherein performing traffic mirroring on the traffic entering the OVS flow table using the OVS flow table set comprises:
acquiring a first flow entering an OVS flow table through the entrance flow table, and copying and sending the first flow to the first target flow table;
screening out target flow to be mirrored by using the first target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table;
and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
6. The traffic mirroring method according to claim 1, wherein the determining a target adding position in the whole OVS flow table structure, and adding a target flow table for traffic mirroring at the target adding position according to the information of the database comprises:
taking the position between the flow table for rule checking in the OVS flow table structure and the exit flow table as a second target adding position;
screening an idle flow table from the second target adding position, and generating a second target flow table based on the idle flow table and the configuration information, wherein the second target flow table is used for carrying out flow mirroring on the flow out of the OVS flow table.
7. The traffic mirroring method according to claim 6, wherein performing traffic mirroring on the traffic out of the OVS flow table using the OVS flow table set comprises:
acquiring second flow of an OVS flow table through the outlet flow table, and copying and sending the second flow to the second target flow table;
screening out target flow to be mirrored by utilizing the second target flow table according to the configuration information, and forwarding the target flow to the port lookup flow table;
and judging whether a target port of a flow mirror is in the node or not by utilizing the port lookup flow table, if so, forwarding the target flow to the outlet flow table, and sending the target flow to a target mirror address through the outlet flow table.
8. The traffic mirroring method according to claim 7, wherein the determining, by using the port lookup flow table, whether a destination port of the traffic mirroring is behind the node further comprises:
and if the destination port of the flow mirror image is not at the node, the flow mirror image is sent to the corresponding node through the service network.
9. The traffic mirroring method of claim 1, wherein the obtaining configuration information for traffic mirroring comprises:
adding a target plug-in a network service assembly, and acquiring configuration information aiming at a flow mirror image sent by a user through the target plug-in the network service assembly.
10. The traffic mirroring method according to claim 1, wherein the obtaining configuration information for traffic mirroring comprises:
and configuring a command line and an application programming interface in the network service component, and acquiring configuration information aiming at the traffic mirror image sent by a user through the application programming interface in the network service component.
11. The traffic mirroring method of claim 1, wherein the saving the configuration information to a database comprises:
and saving the configuration information to a northbound database of OVN so that OVN background process updates the southbound database by monitoring the northbound database, so that OVN controller updates the OVS flow table according to the updated data of the southbound database.
12. The traffic mirroring method of claim 11, wherein the OVN background process updates a southbound database by monitoring the northbound database, comprising:
monitoring a port mirror image column in a logic exchange port table through OVN in the north direction;
and inquiring corresponding mirror image information from a logical port mirror image pair list according to the changed data in the port mirror image column, and translating the mirror image information to a new southbound database.
13. The traffic mirroring method of claim 1, wherein the saving the configuration information to a database comprises:
and storing the configuration information to a relational database of a network service component so as to obtain the configuration information by searching the relational database after restarting.
14. The traffic mirroring method according to any one of claims 1 to 13, wherein before storing the configuration information in a database, further comprising:
and verifying the configuration information according to a preset verification rule, and storing the configuration information to a database after the verification is successful.
15. The traffic mirroring method of claim 14, wherein obtaining configuration information for traffic mirroring comprises:
acquiring configuration information of a user for a flow mirror image; the configuration information includes source address, destination address, project information, mirror direction and filter condition.
16. The traffic mirroring method according to claim 14, wherein the verifying the configuration information according to a preset verification rule comprises:
checking whether the source port and the destination port belong to the same item based on the configuration information;
checking whether a source port and a destination port exist based on the configuration information;
and checking whether the filtering condition is legal or not based on the configuration information.
17. A traffic mirroring apparatus, comprising:
the configuration information acquisition module is used for acquiring configuration information aiming at the flow mirror image and storing the configuration information to a database;
a flow table updating module, configured to update an OVS flow table used for flow forwarding through OVN according to the information of the database, and add a target flow table used for flow mirroring in the OVS flow table to obtain an updated OVS flow table set;
the flow mirroring module is used for carrying out flow mirroring on the flow entering the OVS flow table and/or the flow exiting the OVS flow table by utilizing the OVS flow table set;
the flow table updating module is further configured to determine a target adding position in the whole OVS flow table structure, and add a target flow table for flow mirroring at the target adding position according to the information of the database; and configuring corresponding flow table logics for an inlet flow table serving as a flow inlet, an outlet flow table serving as a flow outlet, a port lookup flow table used for looking up a switch network port and the target flow table according to the information of the database.
18. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the traffic mirroring method of any one of claims 1 to 16.
19. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the traffic mirroring method of any one of claims 1 to 16.
CN202211533259.3A 2022-12-02 2022-12-02 Traffic mirroring method, device, equipment and storage medium Active CN115550258B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202211533259.3A CN115550258B (en) 2022-12-02 2022-12-02 Traffic mirroring method, device, equipment and storage medium
PCT/CN2023/103400 WO2024113817A1 (en) 2022-12-02 2023-06-28 Traffic mirroring method, apparatus, device and nonvolatile readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211533259.3A CN115550258B (en) 2022-12-02 2022-12-02 Traffic mirroring method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115550258A CN115550258A (en) 2022-12-30
CN115550258B true CN115550258B (en) 2023-03-31

Family

ID=84722501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211533259.3A Active CN115550258B (en) 2022-12-02 2022-12-02 Traffic mirroring method, device, equipment and storage medium

Country Status (2)

Country Link
CN (1) CN115550258B (en)
WO (1) WO2024113817A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115550258B (en) * 2022-12-02 2023-03-31 苏州浪潮智能科技有限公司 Traffic mirroring method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016062140A1 (en) * 2014-10-20 2016-04-28 中兴通讯股份有限公司 Method and apparatus for implementing interworking between virtual private cloud network and external network
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
CN112422498A (en) * 2020-09-04 2021-02-26 网络通信与安全紫金山实验室 In-band network remote measuring method, system and computer readable storage medium

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10205648B1 (en) * 2014-05-30 2019-02-12 EMC IP Holding Company LLC Network monitoring using traffic mirroring and encapsulated tunnel in virtualized information processing system
CN104506408B (en) * 2014-12-31 2018-02-06 新华三技术有限公司 The method and device of data transfer based on SDN
CN106254176B (en) * 2016-07-29 2019-09-24 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
US10476699B2 (en) * 2018-01-31 2019-11-12 Hewlett Packard Enterprise Development Lp VLAN to VXLAN translation using VLAN-aware virtual machines
CN108900384A (en) * 2018-07-20 2018-11-27 新华三云计算技术有限公司 Network flow monitoring method, apparatus and system, computer readable storage medium
CN109194590B (en) * 2018-09-17 2020-08-25 中国科学技术大学 Network switching system supporting intelligence in network
WO2020118375A1 (en) * 2018-12-14 2020-06-18 Newsouth Innovations Pty Limited Apparatus and process for detecting network security attacks on iot devices
CN111913782A (en) * 2020-07-29 2020-11-10 上海云轴信息科技有限公司 Method and equipment for realizing virtual machine flow mirror image based on tunnel technology
CN112383481A (en) * 2020-11-02 2021-02-19 科大讯飞股份有限公司 Flow table generation and port forwarding method, node, electronic device and storage medium
CN112491744B (en) * 2020-11-13 2022-08-02 浪潮思科网络科技有限公司 Port flow mirroring method, device and medium
CN115550258B (en) * 2022-12-02 2023-03-31 苏州浪潮智能科技有限公司 Traffic mirroring method, device, equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016062140A1 (en) * 2014-10-20 2016-04-28 中兴通讯股份有限公司 Method and apparatus for implementing interworking between virtual private cloud network and external network
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
CN112422498A (en) * 2020-09-04 2021-02-26 网络通信与安全紫金山实验室 In-band network remote measuring method, system and computer readable storage medium

Also Published As

Publication number Publication date
CN115550258A (en) 2022-12-30
WO2024113817A1 (en) 2024-06-06

Similar Documents

Publication Publication Date Title
CN110521170B (en) Static network policy analysis of a network
RU2595540C9 (en) Chassis controllers for converting universal flows
CN114514507B (en) System and method for supporting quota policy language in cloud infrastructure environment
CN110785963B (en) Collecting network model and node information from a network
CN115550258B (en) Traffic mirroring method, device, equipment and storage medium
US11336588B2 (en) Metadata driven static determination of controller availability
US20070033176A1 (en) Searching and reusing information from previously executed control instructions in a data forwarding device
US20220217052A1 (en) Method and apparatus for holistic rendering of cloud network configuration
CN112491789B (en) OpenStack framework-based virtual firewall construction method and storage medium
CN111684439A (en) Network guaranteed database version compatibility
US11593192B2 (en) Detecting resource redundancy and conflicts in a heterogeneous computing environment
CN115499298B (en) Virtual machine live migration method, device, equipment and medium
CN110945496A (en) System and method for state object data store
CN114024886A (en) Cross-resource-pool network intercommunication method, electronic equipment and readable storage medium
CN114448895A (en) Application access method, device, equipment and medium
CN112241474B (en) Information processing method, apparatus and storage medium
US20160337232A1 (en) Flow-indexing for datapath packet processing
US20120023208A1 (en) Managing communication between nodes in a virtual network
CN113407306B (en) Resource management system, method, device, equipment and medium
CN112291212B (en) Static rule management method and device, electronic equipment and storage medium
CN114124890A (en) Determination method, virtual router, control equipment and domain name resolution system
JP2014225719A (en) Integrated network, integrated operation management device, network integrated operation management method, and program
US11924031B2 (en) Highly scalable container network interface operation to reduce startup overhead of functions
CN116366370B (en) Asymmetric communication method, system, storage medium and communication equipment
US11652726B2 (en) Fragment modification of routing control functions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant