CN115883055A - Agent encryption and data acquisition optimization method based on multiple communication protocols - Google Patents
Agent encryption and data acquisition optimization method based on multiple communication protocols Download PDFInfo
- Publication number
- CN115883055A CN115883055A CN202211581926.5A CN202211581926A CN115883055A CN 115883055 A CN115883055 A CN 115883055A CN 202211581926 A CN202211581926 A CN 202211581926A CN 115883055 A CN115883055 A CN 115883055A
- Authority
- CN
- China
- Prior art keywords
- cpe
- data
- acquisition
- acs
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method for agent encryption and data acquisition optimization based on multiple communication protocols, which comprises the following steps: step 1: managing and monitoring network equipment, and completing communication authentication configuration of managed equipment CPE; step 2: deploying the network equipment meeting the requirements by adopting a homomorphic encryption technology, and establishing a data acquisition transmission channel of the ACS and the CPE; and step 3: finishing data monitoring and acquisition setting and abnormal retransmission mechanism setting; the network equipment simultaneously supports a TR069 protocol and a Netconf protocol; the ACS has functions of encryption, decryption and ciphertext proofreading, and leakage of collected data is prevented. By the technical scheme, the data safety problem that data acquired by an Agent probe are deployed in physical equipment and a server and transmitted to an acquisition server is solved, and the problems of data acquisition interruption and storage defect when the data is abnormal between a management server and managed equipment are complemented through double acquisition protocols are solved.
Description
Technical Field
The invention relates to the technical field of data acquisition and encryption, in particular to a method for agent encryption and data acquisition optimization based on multiple communication protocols.
Background
With the gradual deepening of the digital development, the number of devices in operation of each unit is gradually increased, and compared with the devices increased by 10-100 times before ten years, even though the operation and maintenance is developed from manual operation and maintenance to tool operation and maintenance and platform operation and maintenance, the operation and maintenance requirements of the current large-scale networking on the operation and maintenance supervision cannot be met. In the prior art, the problems of data acquisition and storage when a network between a management server and managed equipment is abnormal are difficult to solve, so that a more intelligent and efficient Agent probe encryption and multi-protocol acquisition method is introduced. The leakage of collected data caused by potential safety hazards, equipment IP change and the like is prevented. Meanwhile, when abnormal CPE occurs during TR069 monitoring and the acquired data cannot be transmitted to the ACS in time, and the abnormal CPE data is not stored after abnormal recovery between the CPE and the ACS.
The method is provided aiming at the problems of large service scale, complex application relation, multiple dependence levels and difficult problem troubleshooting in the machine room operation and maintenance scene in the prior art. The prior art is difficult to solve the data security problem that data collected by an Agent probe is deployed in physical equipment and a server and is transmitted to a collection server, and the problems of data collection interruption and data storage defect when abnormality occurs between a management server and managed equipment through a double collection protocol complementation are solved.
Disclosure of Invention
In view of this, the present invention provides a method for agent encryption and data acquisition optimization based on multiple communication protocols, so as to solve the technical problems in the prior art.
According to a first aspect of the present invention, there is provided a method for agent encryption and data acquisition optimization based on multiple communication protocols, comprising: step 1: managing and monitoring network equipment, and completing communication authentication configuration of managed equipment CPE; and 2, step: deploying the network equipment meeting the requirements by adopting a homomorphic encryption technology, and establishing a data acquisition transmission channel of the management equipment ACS and the managed equipment CPE; and step 3: finishing data monitoring and acquisition setting and abnormal retransmission mechanism setting; the network equipment simultaneously supports a TR069 protocol and a Netconf protocol; the management equipment ACS has functions of encryption and decryption and ciphertext proofreading, and leakage of collected data is prevented.
Further, the step 1 further comprises: and calculating the thread pool occupancy rate in real time through a thread pool occupancy rate model in the acquired data transmission process to ensure the data transmission between the ACS and the CPE.
Further, the homomorphic encryption specifically refers to:
D[[[m 1 ]]+[[m 2 ]]]=m 1 +m 2
wherein [ ] ] is an encryption function; d [ ] is the decryption function, and m1 and m2 are the plaintext acquisition data information.
Further, the thread pool occupancy rate model specifically refers to calculating a thread pool load degree index ω' according to the following formula:
wherein N is the number of working threads when the thread pool runs, N MAX Is the maximum number of threads set,
describing the saturation of the working thread; t is cur Is the number of tasks of the current acquisition time window, T pre Is the number of tasks in the previous acquisition time window, Q is the size of the task buffer queue, and ` H `>
Describe the current task saturation, <' >>
Describing the growth rate of a task buffer queue; ξ is the weight coefficient. And comparing the preset thread pool load degree, if the preset thread pool load degree is greater than 80%, adjusting the parameter threshold value, and otherwise, skipping the current acquisition time window.
Further, the abnormal retransmission mechanism further comprises: and automatically sending a message by the CPE to search and set the retransmission times, wherein the value range of the retransmission times is 1-5 times, and the retransmission time interval is defaulted to 5 seconds.
Further, the step 3 further includes acquiring and complementing the device, specifically including: when abnormal CPE monitoring information between the CPE and the ACS cannot be uploaded to the ACS, an abnormal retransmission mechanism of the TR069 protocol automatically sends and searches retransmission times of retryCount of the Inform in the RPC message on the CPE and retransmits the information; when the retransmission times reach the maximum value but the abnormality is not recovered, the program on the ACS adopts a Netconf protocol to acquire CPE monitoring index information and transmits the CPE monitoring index information to an acquisition database of the ACS; and after the abnormity is recovered, the netconf acquisition protocol is closed, and the TR069 protocol is activated to continue to operate acquisition, so that ACS and CPE abnormity is compensated when the TR069 is monitored.
The method and the device aim at the problems that the service scale is large, the application relation is complex, the dependence levels are multiple, and the problem troubleshooting is difficult in a machine room operation and maintenance scene. The prior art is difficult to solve the data security problem that data acquired by an Agent probe is deployed in physical equipment and a server and is transmitted to an acquisition server, and the problems of data acquisition interruption and storage defect when the data is abnormal between a management server and managed equipment through a dual acquisition protocol complementation are solved.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 illustrates a method flow diagram of the present invention;
figure 2 shows another method flow diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The process of the present invention will be described with reference to FIG. 1. As shown in fig. 1, a method for agent encryption and data acquisition optimization based on multiple communication protocols is characterized by comprising: step 1: managing and monitoring network equipment, and completing communication authentication configuration of managed equipment CPE; step 2: deploying the network equipment meeting the requirements by adopting a homomorphic encryption technology, and establishing a data acquisition transmission channel of the management equipment ACS and the managed equipment CPE; and step 3: finishing data monitoring and acquisition setting and abnormal retransmission mechanism setting; the network equipment simultaneously supports a TR069 protocol and a Netconf protocol; the ACS has functions of encryption, decryption and ciphertext proofreading, and leakage of collected data is prevented.
The TR069 Protocol is called "Technical Report 069" and is a Technical specification revised by DSL Forum (a non-profit global industry alliance, which is dedicated to developing Broadband network models, and its members include leading manufacturers in the industries such as communications, equipment, computers, networks and service providers, now called "Broadband Forum"), and the specification is a Management Protocol of application layer, named "CPE wide area network Management Protocol". TR069 defines a set of new network management system structure, including management model, interactive interface and basic management parameters, and can effectively implement the management of home network equipment.
In TR069, the network management Server is called ACS (Auto Configuration Server) and has a special IP address and URL; the managed device obtains the URL of the ACS through the DHCP server, and after obtaining the network management IP, the managed device starts to establish the HTTP session according to the URL of the ACS. After the session is established, initialization is required for authentication, and the ACS is required to ensure the validity of the managed device. After the initialization is completed, the network management server can acquire various monitoring information from the CPE.
This protocol has the following advantages: the SNMP function does not need to be configured on the managed equipment, and if the number of the managed equipment exceeds 3000 or more, a large amount of configuration time of the monitored equipment is saved. The second advantage is that the TR069 is fast to collect information because it uses HTTP protocol to transmit structured data information. Therefore, all the required information is collected once and returned once, while the SNMP itself cannot transfer the information, and the information is collected one by one and returned one by one.
Next, another flow of the present invention will be described with reference to fig. 2. As shown in FIG. 2, the present invention provides a method for agent encryption and data acquisition optimization based on multiple communication protocols, comprising the following steps:
firstly, managing and monitoring network equipment supporting a TR069 protocol by using the TR069 protocol through program execution, and actively executing a program deployed by an ACS to complete the operation of carrying out communication authentication configuration on a CPE. The network device also supports the Netconf protocol. For the possible occurrence of the problem of acquisition interruption and storage defect of real-time data caused by abnormality between a management server, referred to as ACS, and a managed device, referred to as CPE.
And step two, deploying the Agent probes deployed at the CPE end to the network equipment meeting the installation requirements by adopting a homomorphic encryption technology, and executing a decryption program to confirm the security of the acquisition after preventing the acquired data from being transmitted to the ACS through an encryption/decryption program and a ciphertext proofreading installed on the ACS, so as to prevent the acquired data from being leaked due to potential safety hazards, equipment IP change and other reasons. Meanwhile, the data transmission between the ACS and the CPE is guaranteed by calculating the occupancy rate of the thread pool in real time through the constructed occupancy rate model of the thread pool in the data acquisition and transmission process.
The homomorphic encryption technology is characterized in that the data acquisition safety of the agent is improved by directly adding the plaintext and firstly adding the ciphertext and then decrypting the ciphertext. Homomorphic encryption is a special encryption algorithm, and can realize four arithmetic operations among ciphertexts besides encrypting data. Taking the Paillier addition homomorphic encryption as an example, the method meets the requirement of 'addition homomorphic', namely, the method is equivalent to directly adding plaintext and firstly adding ciphertext and then decrypting the ciphertext:
D[[[m 1 ]]+[[m 2 ]]]=m 1 +m 2
wherein [ ] ] is an encryption function; d [ ] is the decryption function. In the case of using additive homomorphic encryption, the third party can only see the potential feature vectors of the encrypted item but cannot decrypt; and the ACS and CPE can decrypt the received ciphertext and use the plaintext information to collect and analyze data.
And (3) allocating a thread to each agent, and ensuring data transmission between the ACS and the CPE by calculating the thread pool occupancy rate in real time in the data transmission process through the thread pool occupancy rate model.
And calculating the load index of the thread pool. The load degree is converted from data such as the number of working threads, the maximum number of threads, the size of a task buffer queue and the like during the operation of the thread pool, and a percentage value is obtained through calculation of different weighting proportions.
The formula is as follows:
where N is the number of working threads in the run of the thread pool, N MAX Is the maximum number of threads that are set,
describing the saturation of the working thread; t is cur Is the number of tasks, T, of the current acquisition time window pre Is the number of tasks in the previous acquisition time window, Q is the size of the task buffer queue, and ` H `>
Describe current task saturation, <' > in conjunction with>
Describing the growth rate of a task buffer queue; ξ is the weight coefficient. And comparing the preset thread pool load degree omega ', if the preset thread pool load degree omega' is larger than 80%, adjusting the parameter threshold, and otherwise, skipping the current acquisition time window.
And step three, acquiring the CPE through a program deployed on the ACS by executing a TR069 protocol and performing interoperation through a specific RPC method of the TR069 protocol to complete data monitoring and acquisition setting. Meanwhile, an abnormal retransmission mechanism is set for the acquisition target CPE. And the netconf protocol is adopted to carry out acquisition complementation on the equipment.
The abnormal retransmission mechanism is described in detail as follows: the retry count retransmission times of searching for the Inform in the RPC message can be automatically sent by a program on the CPE, and the value range is set to be 1-5 times. For another parameter of RPC at the same time: the post-reboot session report count is responsible for each retransmission time interval, and is set to 5 seconds by default. The default shortest interval is between 5-10 seconds. If set to 0, the retransmission query is made an unlimited number of times, not advising to do so. Because, if a large area failure is encountered, the retransmission is performed an unlimited number of times, and the failure which continues with the failure causes a large-scale consumption of ACS resources, even a crash.
Acquiring complementary description on the equipment by adopting a netconf protocol:
when abnormal CPE monitoring information between the CPE and the ACS cannot be uploaded to the ACS, an abnormal retransmission mechanism of the TR069 protocol automatically sends and searches the retry count retransmission times of the Inform in the RPC message on the CPE and retransmits the information. When the retransmission times reach the maximum value but the abnormality is not recovered, the program on the ACS adopts a Netconf protocol to acquire CPE monitoring index information and transmits the CPE monitoring index information to an acquisition database of the ACS. After the abnormal recovery, the netconf acquisition protocol is closed, and the TR069 protocol is activated to continue to operate and acquire, so that the defect that the ACS and the CPE are abnormal when the TR069 is monitored, but the data interruption of the abnormal retransmission mechanism of the TR069 protocol in the abnormal service scene of the CPE is overcome. The defects of the mechanism are made up through netconf protocol acquisition.
Therefore, the Netconf protocol is used for making up the defects of the TR069 protocol, and the RPC method is mainly adopted for data transmission in all 2 protocols. And 2 kinds of agreement all have the same management CPE function, can be when unusual, can gather the communication protocol and switch over the circumstances that CPE and ACS that probably happened are unmatched.
According to the method and the device, firstly, the TR069 protocol is adopted to manage and monitor the network equipment supporting the TR069 protocol by program execution, and the operation of performing communication authentication configuration on the CPE is completed by program active execution deployed by the ACS. The network device also supports the Netconf protocol. For a possible problem, the abnormality between the management server, ACS for short, and the managed device, CPE for short, causes the problems of acquisition interruption and storage defect of real-time data. Secondly, the Agent probes deployed at the CPE end are deployed to the network equipment meeting the installation requirements by adopting a homomorphic encryption technology, and the acquired data is prevented from being transmitted to the ACS through a decryption program and a ciphertext proofreading installed on the ACS, and then the decryption program is executed to confirm the acquisition security, so that the acquired data is prevented from being leaked due to potential safety hazards, equipment IP (Internet protocol) change and other reasons. Meanwhile, the data transmission between the ACS and the CPE is guaranteed by calculating the occupancy rate of the thread pool in real time through the constructed occupancy rate model of the thread pool in the data acquisition and transmission process. And then, the TR069 protocol is executed by a program deployed on the ACS to acquire the CPE, and the characteristic of interoperation is carried out by a specific RPC method of the TR069 protocol, so that data monitoring and acquisition setting are completed. Meanwhile, an abnormal retransmission mechanism is set for the acquisition target CPE. And the netconf protocol is adopted to carry out acquisition complementation on the equipment.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention are still within the scope of the technical solution of the present invention.
Claims (6)
1. A agent encryption and data acquisition optimization method based on multiple communication protocols is characterized by comprising the following steps:
step 1: managing and monitoring network equipment, and completing communication authentication configuration of managed equipment CPE;
step 2: deploying the network equipment meeting the requirements by adopting a homomorphic encryption technology, and establishing a data acquisition transmission channel of the management equipment ACS and the managed equipment CPE;
and 3, step 3: finishing data monitoring and acquisition setting and abnormal retransmission mechanism setting, and retransmitting the abnormal data;
the network equipment simultaneously supports a TR069 protocol and a Netconf protocol;
the management equipment ACS has functions of encryption and decryption and ciphertext proofreading, and leakage of collected data is prevented.
2. The method of claim 1, wherein step 1 further comprises:
and calculating the thread pool occupancy rate in real time through a thread pool occupancy rate model in the acquired data transmission process to ensure the data transmission between the ACS and the CPE.
3. The method according to claim 1 or 2, wherein said homomorphic encryption specifically refers to:
D[[[m 1 ]]+[[m 2 ]]]=m 1 +m 2
wherein [ ] ] is an encryption function; d [ ] is the decryption function, and m1 and m2 are the plaintext acquisition data information.
4. The method according to claim 2, wherein the thread pool occupancy model specifically refers to calculating a thread pool load index ω' according to the following formula:
wherein N is the number of working threads when the thread pool runs, N MAX Is the maximum number of threads that are set,
describing the saturation of the working thread; t is cur Is the number of tasks of the current acquisition time window, T pre Is the number of tasks in the previous acquisition time window, Q is the size of the task buffer queue, and ` H `>
Describe current task saturation, <' > in conjunction with>
Describing the growth rate of a task buffer queue; xi 1 、ξ 2 、ξ 3 Are the weight coefficients.
5. The method of claim 1 or 2, the exception retransmission mechanism further comprising:
and automatically sending a message by the CPE to search and set the retransmission times, wherein the value range of the retransmission times is 1-5 times, and the retransmission time interval is defaulted to 5 seconds.
6. The method according to claim 1, wherein the step 3 further comprises collecting and complementing the devices, and specifically comprises:
when abnormal CPE monitoring information between the CPE and the ACS cannot be uploaded to the ACS, an abnormal retransmission mechanism of the TR069 protocol automatically sends and searches retransmission times of retryCount of the Inform in the RPC message on the CPE and retransmits the information;
when the retransmission times reach the maximum value but the abnormality is not recovered, the program on the ACS adopts a Netconf protocol to acquire CPE monitoring index information and transmits the CPE monitoring index information to an acquisition database of the ACS;
after the abnormity is recovered, the netconf acquisition protocol is closed, and the TR069 protocol is activated to continue to operate and acquire, so that the ACS and CPE abnormity caused by TR069 monitoring is compensated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211581926.5A CN115883055A (en) | 2022-12-09 | 2022-12-09 | Agent encryption and data acquisition optimization method based on multiple communication protocols |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211581926.5A CN115883055A (en) | 2022-12-09 | 2022-12-09 | Agent encryption and data acquisition optimization method based on multiple communication protocols |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115883055A true CN115883055A (en) | 2023-03-31 |
Family
ID=85766888
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211581926.5A Pending CN115883055A (en) | 2022-12-09 | 2022-12-09 | Agent encryption and data acquisition optimization method based on multiple communication protocols |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883055A (en) |
-
2022
- 2022-12-09 CN CN202211581926.5A patent/CN115883055A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101445468B1 (en) | Method, system and apparatus providing secure infrastructure | |
| JP5840788B2 (en) | Method, apparatus and communication network for root cause analysis | |
| US8705371B2 (en) | Locally diagnosing and troubleshooting service issues | |
| US8934349B2 (en) | Multiple media fail-over to alternate media | |
| US8126000B2 (en) | Method, device and module for optimising the remote management of home network devices | |
| US8559336B2 (en) | Method and apparatus for hint-based discovery of path supporting infrastructure | |
| CN102195857A (en) | Network topology structure and node information gathering method | |
| CN103326882B (en) | A kind of video monitoring network management method and device | |
| CN101668025B (en) | Method and device for discovering link layer network topology | |
| US10686762B2 (en) | Secure data exchange platform | |
| US7689857B2 (en) | Method and apparatus for monitoring and maintaining user-perceived quality of service in a communications network | |
| CN101662379A (en) | Method, equipment and system for maintaining terminal equipment | |
| CN113039755A (en) | Monitoring method, device, system and computer readable medium for industrial control system | |
| Neumann et al. | Towards monitoring of hybrid industrial networks | |
| Sharma et al. | IP multicast operational network management: Design, challenges, and experiences | |
| CN115883055A (en) | Agent encryption and data acquisition optimization method based on multiple communication protocols | |
| CN102480503B (en) | P2P (peer-to-peer) traffic identification method and P2P traffic identification device | |
| EP4080850A1 (en) | Onboarding virtualized network devices to cloud-based network assurance system | |
| CN103248505A (en) | View-based network monitoring method and device | |
| Cho et al. | End-to-end network performance management framework based on case-based reasoning | |
| Tagami et al. | Integration of Network and Artificial Intelligence toward the Beyond 5G/6G Networks | |
| CN114024895B (en) | TR 069-based network route optimization method and system | |
| US20230231776A1 (en) | Conversational assistant dialog design | |
| Bukhari | Efficient monitoring of network failure through RADIUS servers and external database | |
| WO2023137374A1 (en) | Conversational assistant dialog design |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |