CN115733721A - Network management device, network management system, and network management method - Google Patents
Network management device, network management system, and network management method Download PDFInfo
- Publication number
- CN115733721A CN115733721A CN202111013086.8A CN202111013086A CN115733721A CN 115733721 A CN115733721 A CN 115733721A CN 202111013086 A CN202111013086 A CN 202111013086A CN 115733721 A CN115733721 A CN 115733721A
- Authority
- CN
- China
- Prior art keywords
- packet
- data packet
- network management
- response
- determination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title abstract description 133
- 230000004044 response Effects 0.000 claims abstract description 66
- 230000005540 biological transmission Effects 0.000 claims abstract description 42
- 238000004891 communication Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims description 26
- 238000010586 diagram Methods 0.000 description 13
- 230000008859 change Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
Abstract
The present application relates to a network management device comprising a logical processor and a first communication interface and a second communication interface coupled to the logical processor, wherein the first communication interface is further coupled to a network switch and the second communication interface is further coupled to one or more computing devices. The logic processor is configured to receive a data packet from the network switch via the first communication interface and determine whether the data packet must be transmitted or blocked. In response to determining that the data packet is to be transmitted, subsequently transmitting the data packet to a target computing device; and preventing subsequent transmission of the data packet to any computing device in response to a determination that the data packet is to be blocked. The application also relates to a corresponding network management system and a network management method.
Description
Technical Field
The present application relates to network management, and in particular, to a network management device, a network management system, and a network management method.
Background
In a computing system such as a server network, a plurality of server nodes are connected to each other to form a network system. Each server node includes logic processing functions, memory storage, and input/output (I/O) interfaces for connections. There is a need for managing and controlling the server network, optimizing the utilization of server node resources, and preventing any potentially malicious activity from external devices.
Disclosure of Invention
In one aspect, a network management device is provided and includes a logical processor, and a first communication interface and a second communication interface coupled to the logical processor. The first communication interface may be coupled to a network switch. The second communication interface may be coupled to one or more computing devices. The logical processor is configured to perform the following operations: receiving a data packet from the network switch via the first communication interface, and determining whether the data packet has to be transmitted or blocked. In response to determining that the data packet is to be transmitted, the data packet is subsequently transmitted to a target computing device. In response to a determination that the data packet is to be blocked, preventing subsequent transmission of the data packet to any computing device.
The logical processor determining whether the data packet must be transmitted or blocked further comprises determining whether the data packet is a unicast packet or a non-unicast packet. Transmitting the data packet to the target computing device in response to a determination that the data packet is a unicast packet. In response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
The logic processor may be further configured to receive a query packet from an external device, and in response to receiving the query packet, send information stored in the database to the external device.
The logical processor may be further configured to: the method further includes receiving a second data packet from one of the one or more computing devices and determining whether the second data packet must be transmitted or blocked. Subsequent transmission of the second packet to a network switch in response to a determination that the second packet is to be transmitted. Preventing subsequent delivery of the second packet to the network switch in response to a determination that the second packet is to be blocked.
The logical processor determining whether the second data packet must be transmitted or blocked further comprises determining whether the second data packet is a non-multicast packet or a multicast packet. Transmitting the data packet to the network switch in response to a determination that the second data packet is a non-multicast packet. Preventing subsequent transmission of the second packet to the network switch in response to a determination that the second packet is a multicast packet.
The logical processor may be further configured to: the method further includes receiving a status packet from the one or more computing devices and storing status information of the one or more computing devices in a database.
According to one embodiment, the information of the one or more computing devices includes Address Resolution Protocol (ARP), service Location Protocol (SLP), simple Service Discovery Protocol (SSDP), and Link Layer Discovery Protocol (LLDP).
The one or more computing devices may include a plurality of server nodes.
In another aspect, the present application provides a network management system comprising a plurality of network management devices according to the present disclosure coupled to each other, wherein one of the plurality of network management devices may be configured as a rack agent. The chassis agent is arranged to perform the following operations: the method includes receiving a data packet from a network switch and determining whether the data packet must be transmitted or blocked. In response to determining that the data packet is to be transmitted, sending the data packet to a target computing device. In response to a determination that the data packet is to be blocked, preventing subsequent transmission of the data packet to any computing device.
The network management device may be configured as a chassis agent and may be further configured to determine whether the data packet is a unicast packet or a non-unicast packet. Transmitting the data packet to the target computing device in response to a determination that the data packet is a unicast packet. In response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
According to one embodiment, the plurality of network management devices are arranged in a daisy chain topology arrangement.
Preferably, the plurality of network management devices are arranged to form a closed loop connection with a network switch.
Preferably, another one of the network management devices may be set as a second chassis agent when the closed loop connection changes. The second chassis agent is arranged to perform the following operations: receiving a second packet from the network switch, and determining whether the second packet has to be transmitted or blocked. In response to determining that the second data packet is to be transmitted, transmitting the second data packet to a second target computing device. In response to a determination that the second data packet is to be blocked, preventing subsequent transmission of the second data packet to any computing device.
The another network management device, which may be configured as a second chassis agent, may be further configured to determine whether the second data packet is a unicast packet or a non-unicast packet. Transmitting the second data packet to the target computing device in response to a determination that the second data packet is a unicast packet. In response to a determination that the second data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
Preferably, the network management device is arranged to: determining at least one candidate rack agent, wherein each of the at least one candidate rack agent is one of the network management devices directly connected to the network switch, calculating a respective priority value for each candidate rack agent, and determining the rack agent based on the smallest priority value.
In yet another aspect, the present application provides a network management method. The method comprises the following steps: the method includes receiving a data packet from a network switch via a first communication interface and determining whether the data packet must be transmitted or blocked. In response to determining that the data packet has to be transmitted, the data packet is subsequently sent to a target computing device. In response to a determination that the data packet is to be blocked, preventing subsequent transmission of the data packet to any computing device.
The method may also include determining whether the data packet is a unicast packet or a non-unicast packet. Transmitting the data packet to the target computing device in response to a determination that the data packet is a unicast packet. In response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
The method may further include receiving a query packet from the external device. In response to receiving the query packet, sending information stored in a database to the external device.
The method may also include receiving a second data packet from the one or more computing devices and determining whether the second data packet must be transmitted or blocked. In response to determining that the second packet is to be transmitted, subsequently transmitting the second packet to a network switch. In response to a determination that the second packet is to be blocked, preventing subsequent transmission of the second packet to the network switch.
The method may also include receiving a status packet from the one or more computing devices and storing status information of the one or more computing devices in a database.
Drawings
FIG. 1 is a schematic diagram of a network management system according to one embodiment of the present application;
FIG. 2 is an exemplary diagram of a network management device in the embodiment shown in FIG. 1;
fig. 3 is a schematic diagram of connection and packet transmission between a network switch and a network management device according to the embodiment of fig. 1;
FIG. 4 is a schematic diagram of the connection between the network switch and the network management device and another data packet transmission in the embodiment of FIG. 1;
FIG. 5 is a schematic diagram of a network management system forming a closed-loop connection with a network switch according to another embodiment of the present application;
fig. 6 is a schematic diagram of determining a chassis agent according to the network management system of fig. 5.
FIG. 7 is a schematic diagram of a change in closed loop connection of the network management system according to the embodiment of FIG. 5;
fig. 8 is a schematic diagram of determining a chassis agent according to the network management system of fig. 7.
Fig. 9 is a schematic diagram of another change in the closed-loop connection of the network management system according to the embodiment of fig. 5.
Fig. 10 is a schematic diagram of determining a chassis agent according to the network management system of fig. 9.
FIG. 11 is a schematic diagram illustrating one embodiment of a rack agent determination method according to the present application; and
fig. 12 is a schematic diagram of a server management method according to an embodiment of the application.
Detailed Description
A typical data center network can be divided into a data network and a management network. The Management network connects a plurality of physical network devices, such as a System Management Module (SMM), a Board Management Controller (BMC), a server node, and the like. The administrator can centrally monitor and manage these devices through the management network. For example, the system management module is connected to the network switch through a daisy chain topology arrangement, which helps to reduce interface usage in the network switch, thereby enabling scalability of the network.
When each network device sends Broadcast (Broadcast) packets, unknown unicast (Unknown unicast) packets, and Multicast (Multicast) packets, collectively referred to as BUM packets, to the rest of the network through a network switch, the transmission of large numbers of packets in the network may result in managing network congestion. Similarly, each network device also needs to process BUM packets received from the network switch, resulting in degraded performance of the network device. In addition, unicast packets with unknown routes may also become a security risk for the network.
Fig. 1 illustrates a network management system 100 according to an embodiment of the application. The network management system 100 includes a plurality of network management devices 112/122/132/142 coupled to each other and a plurality of other network devices, such as computing devices, compatible with the network management devices 112/122/132/142. Each network management device 112/122/132/142 is coupled to at least one computing device 114/124/134/144, respectively. As one example, as shown in FIG. 1, a computing device may be 4 groups of server node arrays 114/124/134/144, each group having 3 server nodes. The plurality of network management devices 112/122/132/142 are arranged to be coupled in a daisy chain topology arrangement, i.e., the plurality of network management devices 112/122/132/142 are connected in series. Respective server nodes 114/124/134/144 are connected in series with respective sets of coupled network management devices 112/122/132/142 such that server node 114 is connected in parallel to server node 124, server node 134 is connected in parallel to server node 144, and so on. The network management system 100 is configured to be couplable to a Top of Rack (Top of Rack) network switch 200 or similar device.
Fig. 2 shows an example of the network management device 112 in the network management system 100. The network Management device 112 includes a logical processor, such as a Board Management Controller (BMC) 160, a switch Chip 170, a Programmable System on Chip (PSoC) 180, and an In-band Management Interface (IMP) 190. The logic processor is coupled to the database 150. The switch chip 170 is coupled to the board management controller 160 through, for example, a serial peripheral interface. The system on a programmable chip 180 is coupled to the board management controller 160 via an Inter-Integrated Circuit (I2C) and a General Purpose Input/Output (GPIO). The in-band management interface 190 is disposed on the switch chip 170. Further, the network management device 112 includes a first communication interface, a second communication interface, and a third communication interface. The first communication interface may be, for example, interface "a"172, the interface "a"172 being adapted to couple to the network switch 200. The second communication interface may be, for example, interface "B"174, where interface "B"174 is adapted to couple to another one of network management devices 112/122/132/142. The third communication interface may be, for example, interface "N"176, the interface "N"176 being for coupling to the server node 114/124/134/144. The database 150 of the network management device 112 is configured to store information for the network management device 112/122/132/142 and information for the other server nodes 114/124/134/144.
In the embodiments shown in fig. 1 and 2, one of the network management devices is configured as a chassis agent 102. As an example, the network management device 112 directly connected to the network switch 200 is set as the chassis agent 102. The chassis agent 102 may act as a gateway between the network switch 200 and the network management system 100. Alternatively, the selection or determination of the rack agent 102 may be based on other criteria or rules, which will be described in detail below. The chassis agent 102 is configured to determine the manner in which a received packet is processed based on characteristics of the packet.
Referring to fig. 3, when network management system 100 is connected to network switch 200, chassis agent 102 receives packet 410a/420 from network switch 200 and determines the manner in which packet 410a/420 is to be processed, i.e., whether the packet must be transmitted or blocked. If the rack agent 102 determines that a packet (e.g., packet 410 a) needs to be transmitted, i.e., in response to determining that packet 410a needs to be transmitted, the rack agent 102 subsequently sends the packet 410a to the target computing device. Conversely, if the rack agent 102 determines that a packet (e.g., packet 420) is to be blocked, i.e., in response to determining that a packet is to be blocked, the rack agent 102 prevents subsequent transmission of the packet 420 to any computing device.
The rack agent 102 may also be configured to determine the target computing device based on the data packets 410 a/420. For example, the rack agent 102 determines the target computing device based on information in the database 150 and the data packets 410 a/420. If the rack agent cannot determine the target computing device, the packet will be blocked from transmission. The chassis agent 102 may be further configured to determine whether the data packet 410a/420 is a unicast packet or a non-unicast packet. After determining the target computing device, in response to a determination that the data packet (e.g., data packet 410 a) is a unicast packet, the chassis agent 102 transmits the unicast packet to the server node 134. Conversely, in response to a determination that the packet (e.g., packet 420) is a non-unicast packet, the chassis agent 102 blocks transmission of the packet 420. With the above arrangement, the rack agent 102 makes a determination of the destination computing device, a determination of the nature of the packet, and either transmits the packet or blocks the transmission of the packet, while the other network management devices 122/132/142 are set as packet transmission channels.
Fig. 4 illustrates another exemplary scenario in which a data packet is sent from one of the computing devices to the network switch 200. In this scenario, the rack agent 102 is configured to receive a second data packet 430a/440 from a computing device, such as the server node 134, and determine, based on characteristics of the received second data packet 430a/440, a manner of processing of the second data packet 430a/440, i.e., whether the data packet must be transmitted or blocked. If the rack agent 102 determines that a second packet (e.g., second packet 430 a) needs to be transmitted, i.e., in response to a determination that the second packet 430a needs to be transmitted, the rack agent 102 sends the second packet 430a to the network switch 200. Conversely, if the chassis agent 102 determines that a second data packet (e.g., second data packet 440) must be blocked from transmission, i.e., in response to a determination that the second data packet 440 must be blocked, the chassis agent 102 prevents transmission of the second data packet 440 to the network switch 200.
The chassis agent 102 may also be configured to determine whether the second data packet is a multicast packet or a non-multicast packet. If the second packet is determined to be a non-multicast packet, such as non-multicast packet 430a shown in fig. 4, i.e., in response to a determination that the second packet is a non-multicast packet, the chassis agent 102 sends the second packet 430a to the network switch 200. Conversely, if the second packet is determined to be a multicast packet, such as multicast packet 440 shown in fig. 4, i.e., in response to a determination that the second packet 440 is a non-multicast packet, the chassis agent 102 prevents the second packet 440 from being sent to the network switch 200. By performing the above operations, the chassis agent 102 only allows for the transfer of packets having a particular destination address or a particular type of packet, i.e., the likelihood of network saturation is reduced by the chassis agent 102. Advantageously, the above-described scheme may alleviate network congestion and improve performance of computing devices. In addition, the scheme can also reduce the security risk possibly caused by the unicast data packet with unknown route.
Each network Management device 112/122/132/142 may also be configured to obtain information from a respective computing device (e.g., server node 114/124/134/144) coupled thereto via a System Management Bus (SMBus). The information is stored in the database 150 of each network management device 112/122/132/142 and may be updated periodically or as any state in the network management system 100 changes. Each network management device 122/132/142 sends respective status information for the computing device (e.g., server node 114/124/134/144 or network management device 122/132/142) to the rack agent 102 using a unicast status packet. Thus, the rack agent 102 receives status packets directly or indirectly from the network management devices 122/132/142 and stores status information corresponding to the received status packets in the database 150 of the rack agent 102. The state information may include information about the operating environment, connection status, device normal running status, device running time, etc. of all computing devices.
When an inquiry request is received from an external device, such as an inquiry packet sent by the external device, the rack agent 102 sends information stored in the database 150 to the external device in response to the inquiry request. As an example, the external device may be the network switch 200, wherein the query packet may be, for example, one of Address Resolution Protocol (ARP), service Location Protocol (SLP), simple Service Discovery Protocol (SSDP), and Link Layer Discovery Protocol (LLDP). This ensures that the chassis agent 102 responds to query requests efficiently, increasing network efficiency and reducing resource usage. In another example, the external device may be a server node or other network management device outside of network management system 100, wherein the query packet may be, for example, one of Address Resolution Protocol (ARP), service Location Protocol (SLP), simple Service Discovery Protocol (SSDP), and Link Layer Discovery Protocol (LLDP).
In yet another example, the external device may be a network administrator device 300, wherein the network administrator queries the chassis agent 102 for information about all devices within the network management system 100, such as the status and health of a particular server node 114/124/134/144. According to the scheme provided by the present example, the network administrator can directly obtain all information of the corresponding devices from the rack agent 102 without querying each device one by one for access. The network administrator may also send command packets through the chassis agents to control devices in network management system 100. The present solution may advantageously improve efficiency and reduce the workload of the network administrator.
Table 1 shows an example of information tables stored in the database 150, which are associated with the server node 1, the server node 2, and the server node 3 coupled to the network management apparatus (network management apparatus # 1). Table 2 shows an example of information tables stored in the database 150 and associated with the server node 10, the server node 11, and the server node 12 coupled to the network management apparatus (network management apparatus # 4). The example information table stores and constantly updates information of each corresponding node, such as IP address, MAC address, allowed protocol.
TABLE 1
TABLE 2
TABLE 3
All information tables, such as tables 1 and 2 shown above, are stored together in the database 150 of the rack agent 102. The rack agent 102 generates a rule table (table 3) from the database 150 in conjunction with the information table and the predetermined rules. Table 3 includes rules such as blocking non-unicast packets from the network switch 200 and blocking multicast packets from the server nodes 114/124/134/144. Upon receiving the data packet, the chassis agent 102 determines the corresponding operation according to the rule table. As an example of the supplementary explanation, rule 1 referring to table 3 is a decision rule of when the interface "a" receives a packet, that is, a packet from the network switch 200. Since the MAC address is determined to be unknown, the packet is rejected and prevented from subsequent transmission. Referring to rules 2 and 3, when interface "a" receives a multicast packet or a broadcast packet, the packet is also rejected and prevented from subsequent transmission. When a multicast packet is received at interface "B", i.e. from another network management device or server node, the packet is rejected and prevented from subsequent transmission. Upon receiving an inquiry request such as SLP, ARP, SSDP from the network switch 200, the chassis agent 102 replies to the inquiry request with reference to the operation shown in rules 5 to 7. When a unicast packet is received at interface "a" or "B" and the delivery destination address is valid, the unicast packet is allowed to pass through and sent to the target computing device that conforms to the destination address. The above examples are merely illustrative and should not be construed as limiting the present disclosure to the above examples. Any other rules that are network dependent and applicable are within the scope of this disclosure.
Table 4 shows the case where a state change occurs in a device coupled to the network management device #1 with respect to table 1 presented earlier. Specifically, the address of node 2 is updated and node 3 allows the SSDP in the protocol to be deleted as shown in table 4 and the table of rules corresponding to the state change (table 3 before change) is shown in table 5, with corresponding changes being presented by rules 7 and 8 in table 5. Therefore, referring to modified rule 7, the SSDP protocol previously allowed for node 3 should be rejected. Further, with reference to revised rule 8, since the MAC address is no longer valid, the previously allowed unicast packet for node 2 is modified to be rejected and subsequent transmission is prevented. And the dynamic updating of the information and rule table does not need the intervention of an external system. Accordingly, network management system 100 may make the corresponding rule table adjustments based on any dynamic changes to the system.
TABLE 4
TABLE 5
Fig. 5 illustrates another embodiment of a network management system 500 in which server nodes are omitted for clarity and intuitive presentation. The network switch 200 is in turn connected in series to the network management devices 112/122/132/142 via a first link 201. In contrast to the above-described embodiment, the network management system 500 further includes a second link 202 coupling the network switch 200 to the network management device 142 at the end of the first link 201. The network management device 112/122/132/142 forms a closed loop connection with the network switch 200 via a first link 201 and a second link 202.
Fig. 6 is a schematic diagram of the network management system 500 of fig. 5 determining a chassis agent. Since the network management device 112 (network management device # 1) and the network management device 142 (network management device # 4) are directly connected to the network switch 200 through the first link 201 and the second link 202, respectively, the network management devices 112 and 142 are each determined as candidate rack agents 112a, 142a, respectively. The candidate rack agents 112a, 142a then calculate respective corresponding priority values 112p, 142p. As an example, the priority value may be calculated from a Bridge Protocol Data Unit (BPDU), as follows:
priority value (64 bits) = MAC address (48 bits): interface (16 bits).
Each candidate shelf agent adds a corresponding priority value 112p, 142p, i.e., type, length, and value (TL), to a Link Layer Discovery Protocol (LLDP), and transmits the value to an adjacent network management device. The candidate chassis agent with the smallest priority value, for example, the candidate chassis agent 112a, is selected as the chassis agent 102, and the information "112a =102" of its selection as the chassis agent 102 is sent to all the network management devices 112, 122, 132, 142 in the network management system 500. All network management devices 112, 122, 132, 142 acknowledge and transmit information to the chassis agent 102 via unicast packets. Similar to the above operation, the chassis agent 102 operates through the generated rule table, thereby deciding whether to permit or deny transmission of the packet according to the rule table. In addition, an external device, such as the network switch 200 or the network administrator device 300, may obtain information for all devices within the network management system 500 directly from the chassis agent 102.
Fig. 7 shows a case where the first link 201 of the network management system 500 to the network management device 112/122/132/142 is changed, for example, a case where the connection 204 between the network management device 122 and the network management device 132 is interrupted. A link break may occur in the event of a failure of a connection, such as a cable or connection interface "a" and/or interface "B". In this case, the second link 202 constitutes a connection between the network switch 200 and the network management devices 132 and 142 despite the interruption of the first link 201 connected in series between the network management devices 112/122/132/142. Thus, two independent network management systems 510, 520 are formed. The determination of the chassis agent is automatically performed in each network management system 510, 520 when the connection status changes.
Fig. 8 illustrates network management systems 510, 520 that perform chassis agent determination. Since the candidate rack agents 112a and 142a of each network management system 510, 520 are the only candidate rack agents directly connected to the network switch 200, respectively, the two candidate rack agents 112a, 142a are determined to be the respective rack agents 102, 104 of the independent network management systems 510, 520, respectively, and the information "112a =102", "114a =104" determined as the rack agents 102, 104 is sent to the network management devices 112, 122 and 132, 142, respectively, in the network management system 500. . Thus, each chassis agent 102, 104 operates with a respective rule table to allow or prevent the transfer of data packets in the respective network management system 510, 520 according to the respective rule table. In addition, the external device may obtain information for all devices within the network management system 510, 520, respectively, directly from the respective rack agents 102, 104.
Fig. 9 shows another example of the present application, in which the connection of the network management system 500 is changed, that is, the network management device 132 itself fails, thus causing the connection between the network management device 122 and the network management device 142 through the first link 201 to be interrupted. In this case, the second link 202 still constitutes a connection between the network switch 200 and the network management device 142. Thus, two independent network management systems 530, 540 are formed. The chassis agent determination process is performed automatically in each network management system 530/540 as the connection status changes.
Fig. 10 shows network management systems 530, 540 that make rack agent determinations. Since the candidate rack agents 112a and 142a of each network management system 530, 540 are each the only candidate rack agent directly connected to the network switch 200, the two candidate rack agents 112a, 142a are determined to be the respective rack agents 102/104 of the independent network management systems 530, 540, respectively, and the information "112a =102", "114a =104" determined to be the rack agents 102, 104 is sent to the network management devices 112, 122, and 142, respectively, in the network management system 500. . Thus, the chassis agents 102, 104 operate through the respective rule tables to allow or prevent the transmission of data packets in the respective network management systems 530, 540 according to the respective rule tables. In addition, the external device may obtain information for all devices in the network management systems 530, 540, respectively, directly from the respective rack agents 102, 104.
Fig. 11 illustrates a chassis agent determination method 700. The method 700 comprises: in step 710, at least one candidate rack agent is determined, each of the at least one candidate rack agent being directly connected to an external device. In step 720, each candidate rack agent calculates a respective priority value. In step 730, the chassis agent is determined based on the minimum priority value. Optionally, each candidate chassis agent calculates a priority value based on the interface connection with the external device and the respective network address. The method 700 may further include the step of determining one or more chassis agents when a connection status in the server management system changes.
Fig. 12 illustrates a server management method according to an embodiment of the present application. The method 800 comprises: in step 810, a data packet is received from a network switch. In step 820, it is determined whether the packet must be transmitted or blocked. In step 830, in response to determining that the data packet is to be transmitted, the data packet is subsequently transmitted to the target computing device. In step 840, in response to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented.
The method according to the present application further comprises determining whether the data packet is a unicast packet or a non-unicast packet; transmitting the data packet to the target computing device in response to a determination that the data packet is a unicast packet; and preventing subsequent transmission of the data packet to any computing device in response to a determination that the data packet is a non-unicast packet. The method according to the embodiment of the present application may further include receiving a query packet from an external device; and transmitting information stored in the database to the external device in response to receiving the query packet. The method according to the present application may further include receiving a second data packet from one of the one or more computing devices; it is determined whether the second packet has to be transmitted or blocked. In response to determining that the second packet has to be transmitted, subsequently transmitting the second packet to the network switch; and, in response to a determination that the second packet is to be blocked, preventing subsequent transmission of the second packet to the network switch. The method according to the present application may further include receiving a status packet from the one or more computing devices; and storing the state information of the one or more computing devices in a database.
As used herein, the singular forms "a", "an" and "the" are to be construed to include the plural forms "one or more", unless expressly specified otherwise.
The foregoing disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limiting. Many modifications and variations will be apparent to those of ordinary skill in the art. The example embodiments were chosen and described in order to explain the principles and practical application, and to enable others of ordinary skill in the art to understand the disclosure for various embodiments with various modifications as are suited to the particular use contemplated.
Accordingly, although the illustrative example embodiments have been described herein with reference to the accompanying drawings, it is to be understood that such description is not limiting, and that various other changes and modifications may be affected therein by one skilled in the art without departing from the scope, inventive concept, and technical solution of the disclosure.
Claims (20)
1. A network management device, characterized in that the network management device comprises:
a logical processor, and
a first communication interface and a second communication interface coupled to the logical processor, wherein the first communication interface is further coupled to a network switch and the second communication interface is further coupled to one or more computing devices;
wherein the logical processor is configured to:
receiving a data packet from the network switch via the first communication interface;
determining whether the packet must be transmitted or blocked;
in response to determining that the data packet is to be transmitted, subsequently transmitting the data packet to a target computing device; and
in response to a determination that the data packet is to be blocked, preventing subsequent transmission of the data packet to any computing device.
2. The apparatus of claim 1, wherein the logical processor determines whether the packet is to be transmitted or blocked further comprises determining whether the packet is a unicast packet or a non-unicast packet, and
in response to a determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and
in response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
3. The device of claim 1, wherein the logical processor is further configured to:
receiving a query packet from an external device; and
in response to receiving the query packet, sending information stored in a database to the external device.
4. The device of claim 1, wherein the logical processor is further configured to:
receiving a second data packet from one of the one or more computing devices;
determining whether the second packet has to be transmitted or blocked;
in response to a determination that the second packet has to be transmitted, subsequently transmitting the second packet to a network switch; and
preventing subsequent transmission of the second packet to the network switch in response to a determination that the second packet is to be blocked.
5. The apparatus of claim 4, wherein the logical processor determines whether the second packet is to be transmitted or blocked further comprises determining whether the second packet is a non-multicast packet or a multicast packet, and
transmitting the second data packet to the network switch in response to a determination that the second data packet is a non-multicast packet; and
preventing subsequent transmission of the second packet to the network switch in response to a determination that the second packet is a multicast packet.
6. The device of claim 1, wherein the logical processor is further configured to:
receiving a status packet from the one or more computing devices; and
storing the state information of the one or more computing devices in a database.
7. The device of claim 1, wherein the information for the one or more computing devices comprises Address Resolution Protocol (ARP), service Location Protocol (SLP), simple Service Discovery Protocol (SSDP), and Link Layer Discovery Protocol (LLDP).
8. The device of claim 1, wherein the one or more computing devices comprise a plurality of server nodes.
9. A network management system, characterized in that the network management system comprises:
a plurality of network management devices according to claim 1 coupled to one another; and
at least one computing device coupled with each of the plurality of network management devices;
wherein one of the plurality of network management devices is configured as a chassis agent configured to:
receiving a data packet from a network switch;
determining whether the packet has to be transmitted or blocked;
in response to determining that the data packet is to be transmitted, sending the data packet to a target computing device; and
in response to a determination that the data packet must be blocked, preventing subsequent transmission of the data packet to any computing device.
10. The system of claim 9, wherein the network management device is configured as a chassis agent and is further configured to:
determining whether the data packet is a unicast packet or a non-unicast packet; and is provided with
In response to a determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and
in response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
11. The system of claim 9, wherein the plurality of network management devices are arranged in a daisy chain topology.
12. The system of claim 11, wherein the plurality of network management devices are arranged to form a closed loop connection with a network switch.
13. The system of claim 12, wherein when the closed loop connection changes, another of the network management devices is configured as a second chassis agent configured to:
receiving a second data packet from the network switch;
determining whether the second packet has to be transmitted or blocked;
in response to a determination that the second packet is to be transmitted, transmitting the second packet to a second target computing device; and
in response to a determination that the second data packet is to be blocked, preventing subsequent transmission of the second data packet to any computing device.
14. The system of claim 13, wherein the another network management device, which may be configured as a second chassis agent, is further configured to:
determining whether the second data packet is a unicast packet or a non-unicast packet, and;
transmitting the second data packet to the target computing device in response to a determination that the second data packet is a unicast packet; and
in response to a determination that the second data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
15. A system according to claim 9, wherein the network management device is arranged to:
determining at least one candidate rack agent, wherein each of the at least one candidate rack agent is one of the network management devices directly connected to the network switch;
calculating the priority value of each candidate rack agent; and
determining the chassis agent based on the smallest priority value.
16. A method of network management, the method comprising:
receiving a data packet from a network switch through a first communication interface;
determining whether the packet has to be transmitted or blocked;
in response to determining that the data packet is to be transmitted, subsequently transmitting the data packet to a target computing device; and
in response to a determination that the data packet is to be blocked, preventing subsequent transmission of the data packet to any computing device.
17. The method of claim 16, further comprising:
determining whether the data packet is a unicast packet or a non-unicast packet;
transmitting the data packet to the target computing device in response to a determination that the data packet is a unicast packet; and
in response to a determination that the data packet is a non-unicast packet, preventing subsequent transmission of the data packet to any computing device.
18. The method of claim 16, further comprising:
receiving a query packet from an external device; and
in response to receiving the query packet, sending information stored in a database to the external device.
19. The method of claim 16, further comprising:
receiving a second data packet from the one computing device or one of the plurality of computing devices;
determining whether the second packet has to be transmitted or blocked;
in response to determining that the second packet is to be transmitted, subsequently transmitting the second packet to a network switch; and
preventing subsequent transmission of the second packet to the network switch in response to a determination that the second packet is to be blocked.
20. The method of claim 16, further comprising:
receiving a status packet from the one or more computing devices; and
storing the state information of the one or more computing devices in a database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111013086.8A CN115733721A (en) | 2021-08-31 | 2021-08-31 | Network management device, network management system, and network management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111013086.8A CN115733721A (en) | 2021-08-31 | 2021-08-31 | Network management device, network management system, and network management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115733721A true CN115733721A (en) | 2023-03-03 |
Family
ID=85291501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111013086.8A Pending CN115733721A (en) | 2021-08-31 | 2021-08-31 | Network management device, network management system, and network management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115733721A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556633A (en) * | 2003-12-30 | 2004-12-22 | 港湾网络有限公司 | Route exchanger of integrated fire proof wall |
| CN104769864A (en) * | 2012-06-14 | 2015-07-08 | 艾诺威网络有限公司 | Multicast to unicast conversion technique |
| CN105187378A (en) * | 2006-01-13 | 2015-12-23 | 飞塔公司 | Computerized System And Method For Handling Network Traffic |
| CN105827623A (en) * | 2016-04-26 | 2016-08-03 | 山石网科通信技术有限公司 | Data center system |
| US20190319923A1 (en) * | 2018-04-16 | 2019-10-17 | Alibaba Group Holding Limited | Network data control method, system and security protection device |
-
2021
- 2021-08-31 CN CN202111013086.8A patent/CN115733721A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556633A (en) * | 2003-12-30 | 2004-12-22 | 港湾网络有限公司 | Route exchanger of integrated fire proof wall |
| CN105187378A (en) * | 2006-01-13 | 2015-12-23 | 飞塔公司 | Computerized System And Method For Handling Network Traffic |
| CN104769864A (en) * | 2012-06-14 | 2015-07-08 | 艾诺威网络有限公司 | Multicast to unicast conversion technique |
| CN105827623A (en) * | 2016-04-26 | 2016-08-03 | 山石网科通信技术有限公司 | Data center system |
| US20190319923A1 (en) * | 2018-04-16 | 2019-10-17 | Alibaba Group Holding Limited | Network data control method, system and security protection device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102162730B1 (en) | Technologies for distributed routing table lookup | |
| US7139267B2 (en) | System and method of stacking network switches | |
| US7944913B2 (en) | Node, communication method, and program for node | |
| US6981025B1 (en) | Method and apparatus for ensuring scalable mastership during initialization of a system area network | |
| US7272741B2 (en) | Hardware coordination of power management activities | |
| US20080225877A1 (en) | Switching apparatus and frame exchanging method | |
| US10122654B2 (en) | Divided hierarchical network system based on software-defined networks | |
| WO2018090386A1 (en) | Method, device and system for processing abnormities of nf modules | |
| CN112311674B (en) | Message sending method, device and storage medium | |
| JP2003186765A (en) | Network connecting device, network connecting device management system and network connecting device management method | |
| US7783786B1 (en) | Replicated service architecture | |
| CA2959511A1 (en) | Network service aware routers, and applications thereof | |
| CN114521322A (en) | Dynamic discovery of service nodes in a network | |
| US8321585B2 (en) | Communication network system of bus network structure and message routing method using the system | |
| US20090240813A1 (en) | Communication network system of bus network structure and method using the communication network system | |
| US8825902B2 (en) | Configuration validation checker | |
| US7990869B2 (en) | Method for monitoring data congestion in a computer network with multiple nodes and method for controlling data transmission in the computer network | |
| CN115733721A (en) | Network management device, network management system, and network management method | |
| JP2000330897A (en) | Firewall load dispersing system and method and recording medium | |
| CN112637285A (en) | Edge cloud communication method, management system, computer device and storage medium | |
| US20200341968A1 (en) | Differential Update of Local Cache from Central Database | |
| KR20210078115A (en) | Apparatus and method for forwarding message of private branch exchange system | |
| WO2021249173A1 (en) | Distributed storage system, abnormality processing method therefor, and related device | |
| CN107113244B (en) | Data forwarding method, device and system | |
| CN116055565B (en) | Data transmission method, system, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |