CN116016197A - Network topology structure discovery method and device, storage medium and electronic equipment - Google Patents

Network topology structure discovery method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN116016197A
CN116016197A CN202211670507.9A CN202211670507A CN116016197A CN 116016197 A CN116016197 A CN 116016197A CN 202211670507 A CN202211670507 A CN 202211670507A CN 116016197 A CN116016197 A CN 116016197A
Authority
CN
China
Prior art keywords
node
network
equipment
address
planning information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211670507.9A
Other languages
Chinese (zh)
Inventor
杨光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202211670507.9A priority Critical patent/CN116016197A/en
Publication of CN116016197A publication Critical patent/CN116016197A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a network topology discovery method, a device, a storage medium and an electronic device, wherein the method comprises the following steps: acquiring network address planning information; forming asset data according to the network address planning information, wherein the asset data at least comprises a plurality of equipment nodes in a network topology structure; constructing a connection relation between equipment nodes according to the network address planning information; acquiring an equipment log of an equipment node; creating a plurality of host nodes in a network topology according to the device log; and determining the connection relation between the host node and the equipment node according to the network address planning information so as to form a network topology structure. The method and the device utilize the existing network address planning information to construct the connection relation between the device nodes in the network topology structure, then utilize the device logs of the device nodes to screen out the host nodes connected into the network topology to construct the connection relation, and can rapidly deliver the network topology management capability on the basis of greatly reducing the cost without the support of other protocols.

Description

Network topology structure discovery method and device, storage medium and electronic equipment
Technical Field
The disclosure relates to the field of network security services, and in particular relates to a network topology discovery method, a network topology discovery device, a storage medium and electronic equipment.
Background
The manner in which Network devices connect to each other is called "Network Topology". Network topology refers to the physical layout of the various devices interconnected by transmission media, particularly the locations where computers are distributed and how cables pass through them. When designing a network, the correct topology should be selected according to the actual situation, and each topology has its own advantages and disadvantages. The main purpose of network topology discovery is to acquire and maintain the existence information of network nodes and the connection relation information between the network nodes, and draw the whole network topology structure diagram on the basis of the existence information and the connection relation information. And a network manager rapidly locates the fault node on the basis of the topological graph.
The currently commonly used network topology discovery methods mainly comprise the following three methods: a network topology discovery method based on SNMP protocol; a network topology discovery method based on a general protocol; a network topology discovery method based on a routing protocol. However, when the network topology structure is found, the network device is required to support and open SNMP service or other related protocol communication, and meanwhile, network management personnel are required to be familiar with SNMP Management Information Base (MIB) data of the network device, and have the capability of performing repeated comparison, association and fusion analysis on the acquired information, and further, the network topology structure is required to be realized on the basis of being combined with an IT operation and maintenance monitoring function, so that the network topology structure is high in implementation cost and high in requirements on technicians.
Disclosure of Invention
An embodiment of the present disclosure is directed to providing a method, an apparatus, a storage medium, and an electronic device for discovering a network topology, so as to solve the problem in the prior art that the implementation cost is high and the requirements on technicians are high in implementing network topology discovery.
The embodiment of the disclosure adopts the following technical scheme: a method of discovering a network topology, comprising: acquiring network address planning information; forming asset data according to the network address planning information, wherein the asset data at least comprises a plurality of equipment nodes in a network topological structure; constructing a connection relation between the equipment nodes according to the network address planning information; acquiring an equipment log of the equipment node; creating a plurality of host nodes in the network topology according to the device log; and determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topology structure.
In some embodiments, the network address planning information includes at least network segment planning information and device planning information; wherein the network segment planning information at least comprises: network segment start address, network segment end address, gateway address, access switching device VLAN, address type; the device planning information includes at least: switching device VLAN, device address, network egress type.
In some embodiments, in a case where there is a first device node of which the network egress type is the internet or private network among all the device nodes, after constructing a connection relationship between the device nodes according to the network address planning information, the method further includes: creating cloud nodes; and constructing a connection relation between the cloud node and the first equipment node.
In some embodiments, the creating a plurality of host nodes in the network topology from the device log comprises: extracting an IP address from the device log; and determining a host address according to the IP address and the network segment planning information, and creating the host node according to the host address.
In some embodiments, the determining a connection relationship between the host node and the device node according to the network address planning information includes: determining a network segment to which a host address corresponding to the host node belongs according to the network segment planning information, establishing a network segment node corresponding to each network segment, and constructing a connection relationship between the host node and the network segment node; constructing a connection relationship between the network segment node and the equipment node according to the network segment planning information; and establishing the connection relation between the host node and the equipment node according to the connection relation between the host node and the network segment node and the connection relation between the network segment node and the equipment node.
In some embodiments, the constructing the connection relationship between the network segment node and the device node according to the network segment planning information includes: sequentially searching the equipment nodes adjacent to each network segment node according to the priority order of the access switching equipment address, the access switching equipment VLAN and the gateway address; and establishing a connection relationship between the network segment node and the adjacent equipment node.
In some embodiments, after determining the connection relationship between the host node and the device node according to the network address planning information to form the network topology, the method further includes: displaying the network topology structure according to a preset mode; wherein, the preset mode at least comprises any one of the following: displaying the equipment node and the host node; showing the device node and the Yun Jiedian; displaying the equipment node, the segment node, and the Yun Jiedian; displaying the equipment node, the cloud node and the host node; and displaying the equipment node, the network segment node, the host node and the cloud node.
The embodiment of the disclosure also provides a device for discovering a network topology structure, which comprises: the first acquisition module is used for acquiring network address planning information; a first configuration module, configured to form asset data according to the network address planning information, where the asset data at least includes a plurality of device nodes in a network topology; the first construction module is used for constructing the connection relation between the equipment nodes according to the network address planning information; the second acquisition module is used for acquiring the equipment log of the equipment node; a second configuration module, configured to create a plurality of host nodes in the network topology according to the device log; and the second construction module is used for determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topological structure.
The embodiment of the disclosure also provides a storage medium storing a computer program, which is characterized in that the computer program realizes the steps of the network topology discovery method when being executed by a processor.
The embodiment of the disclosure also provides an electronic device, which at least comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the network topology discovery method when executing the computer program on the memory.
The beneficial effects of the embodiment of the disclosure are that: the existing network address planning information is utilized to construct the connection relation between the equipment nodes in the network topology structure, then the equipment logs of the equipment nodes are utilized to screen out the host nodes connected into the network topology to construct the connection relation, and the support of communication protocols such as SNMP and the like is not needed, so that the network topology management capability can be rapidly delivered on the basis of greatly reducing the cost.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a flowchart of a method for discovering a network topology according to a first embodiment of the present disclosure;
fig. 2 is a schematic diagram of a network topology according to a first embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a discovery apparatus of a network topology according to a second embodiment of the disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present disclosure.
Detailed Description
Various aspects and features of the disclosure are described herein with reference to the drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of this disclosure will occur to persons of ordinary skill in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and, together with a general description of the disclosure given above and the detailed description of the embodiments given below, serve to explain the principles of the disclosure.
These and other characteristics of the present disclosure will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the disclosure has been described with reference to some specific examples, a person skilled in the art will certainly be able to achieve many other equivalent forms of the disclosure, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present disclosure will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present disclosure will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely examples of the disclosure, which may be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the disclosure in unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely serve as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present disclosure in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the disclosure.
The first embodiment of the disclosure provides a network topology discovery method, which is mainly applied to situation awareness and security operation platforms, and network management personnel perform security monitoring on equipment in a network through the platforms, and timely locate the position of corresponding network equipment when the network equipment is attacked or fails, so as to perform corresponding processing. For the network manager of the conventional user, the platform may not have a professional operation and maintenance technology, and even if the platform monitors a malicious attack or fault condition, the platform may not be able to quickly and accurately locate the corresponding device, so the platform can assist the user to monitor the device state and quickly locate the device by constructing an intuitive network topology structure and displaying the device, thereby being beneficial to maintaining the security of the network device.
Fig. 1 shows a flowchart of the discovery method provided by the present embodiment. As shown in fig. 1, the method at least includes steps S10 to S60:
s10, acquiring network address planning information.
The network address planning information refers to information formed when a user distributes information such as each network device and a network address according to actual demands of the user in the process of performing network planning, and each network device configures content recorded according to the network address planning information in the process of constructing an entity network, wherein the configuration includes, but is not limited to, connection relation configuration among devices, network segment configuration of the devices, port configuration, address type configuration and the like.
The network address planning information in this embodiment at least includes network segment planning information and device planning information, where the network segment planning information is mainly used to record contents such as a network segment start address, a network segment end address, a gateway address, an access switching device VLAN, and an address type, and is a record of basic information such as a network segment when a user configures a network. For example, the network segment start address and the network segment end address are mainly used to indicate the network segment information allocated for each device; the gateway address is usually the address configured by the three-layer switch when the gateway function is realized; the address of the access switching equipment is the address of a two-layer switch accessed to the corresponding network segment, so that the host equipment hoped to access the network segment accesses the network through the two-layer switch; the VLAN of the access switching equipment is expressed as a VLAN port number corresponding to the configuration of the two-layer switch by the three-layer switch; the address type is used for recording network types such as public network, private network or default private network. The device planning information mainly comprises contents such as switching device VLAN, device address, network exit type and the like, and is used for recording the configuration of each device in the network. For example, the switching device VLAN is used to represent configuring a two-point VLAN port number for a two-layer switch; the device address is an address allocated to a device, and one device may have multiple device addresses at the same time, for example, a three-layer switch or a firewall, etc.; the network egress type is used to represent the node type connected to the network egress of each device, which may include the internet, private network or default none, and when the network egress type of the device is the internet or private network, it represents that the device is connected to the corresponding internet node or private network node, and when the default is other network devices in the network topology.
And S20, forming asset data according to the network address planning information.
The scheme of the embodiment is applied to situation awareness and safety operation platforms, and for the situation awareness and safety operation platforms, the situation awareness and safety operation platforms generally have an asset configuration function, each device in a network also belongs to one of the assets, and after the platform acquires the network address planning information, asset data are formed and stored according to specific content contained in the network address planning information. Specifically, the asset data should at least include each device node used for forming the network topology structure, mainly refer to devices such as a switch and a firewall, and include configurations corresponding to each device node, for example, content included in network address planning information such as a device address and network segment allocation. It should be noted that, in this embodiment, the formation process of the asset data may be directly implemented by using an existing asset management function module in the platform, so long as corresponding network planning data is correspondingly added when forming the device node.
S30, constructing the connection relation between the equipment nodes according to the network address planning information.
After the asset data is formed, the connection relation between the equipment nodes can be constructed according to various parameters recorded in the network address planning information. Specifically, the corresponding gateway address and the corresponding access device can be searched from the network segment planning information according to the device address, and the connection relationship between the device node and the device node of the corresponding access device is established, so that a static network topology structure is formed.
In some embodiments, if a first device node whose network egress type is the internet or private network exists in the device nodes, a cloud node for characterizing the internet or private network may be correspondingly established, and a connection relationship between the first device node and the cloud node may be further established, so as to implement configuration of the network egress. It should be noted that the number of the first device nodes may be one or multiple, and the number of the first device nodes and the types of cloud nodes connected with the first device nodes may be set correspondingly according to actual network requirements, so as to implement use of the internet or private network.
S40, obtaining the equipment log of the equipment node.
A log is information recorded by a computer system, a device, software, or the like in some case. The specific content depends on the source of the log, for example: the operating system records logs of information such as user login and logout; the firewall records the log of the messages such as the passing and rejecting of the access control protocol acl; some systems issue logs with alarm information when the system itself believes that some failure will occur. These logs are typically accompanied by network quintuple information (typically referred to as source IP address, source port, destination IP address, destination port, and transport layer protocol), from which host or device IP addresses exist in the network environment. When the equipment node is used as equipment such as a switch, the equipment log generated in the actual use process also records information such as an IP address and the like which are communicated or connected with the equipment node, and based on the information, the host situation of the equipment node connected to different equipment nodes can be known, so that dynamic network topology is realized, and a complete network topology structure is formed.
In this embodiment, the platform may implement a device log collection process of the device node through the data acquisition management function module, or may perform the device log acquisition through other functions of the platform, which is not limited herein.
S50, creating a plurality of host nodes in the network topology structure according to the device log.
The host node is equipment actually operated by a user in a network topology structure, such as a computer, a mobile phone, a printer or a server, and the host node is connected with the equipment node to realize network access, so that the equipment node can record information of the host node which is accessed to the equipment node or is communicated with the equipment node, and the platform can correspondingly acquire the equipment log from the equipment log and create the host node based on the information of the host node. Specifically, at least IP addresses are recorded in the device log, where the IP addresses may be host nodes or other device nodes, and after the platform extracts IP addresses from the device log, IP addresses that do not belong to the device node may be screened out from all the extracted IP addresses according to the network segment planning information, where the IP addresses that do not belong to the device node are host addresses and belong to host nodes connected to or communicating with the device node.
And S60, determining the connection relation between the host node and the equipment node according to the network address planning information so as to form a network topology structure.
The host node is used as the device actually used by the user, can be accessed into the network in real time along with the increase of platform users, can be connected to different device nodes along with the demands of the users and is distributed with different IP addresses, and according to the access of the host node to the Internet or private network, the corresponding IP addresses can be recorded in the device logs of a plurality of device nodes, so that when the connection relation between the host node and the device nodes is established, the device node actually accessed by the host node needs to be determined by combining the network address planning information. After the connection relation between the host node and the device node is determined, the network topology structure formation of the dynamic device and the static device can be completed, and the complete network topology structure discovery is realized.
Specifically, when determining the connection relationship between the host node and the device node, the network segment to which the host node belongs is first determined based on the host address (i.e., IP address) corresponding to the host node. In the actual use process, a plurality of hosts belonging to the same network segment may exist, so that repeated operation of a plurality of host nodes belonging to the same network segment in constructing a connection relationship can be simplified by establishing network segment nodes, and only the host nodes are required to be connected with the corresponding network segment nodes, so that the display effect of finally displaying the network topology structure is also simplified. Then determining access equipment nodes corresponding to each network segment based on the access switching equipment addresses recorded in the network segment planning information, and establishing a connection relationship between the network segment nodes belonging to the network segment and the corresponding equipment nodes so that the network segment nodes are accessed into a network topology structure; and finally, establishing the connection relationship between the host node and the equipment node according to the connection relationship between the host node and the network segment node and the connection relationship between the network segment node and the equipment node.
It should be understood that, in some embodiments, when the connection relationship between the network segment node and the device node is constructed, the device node closest to each network segment node may be sequentially searched according to the priority order of the access switch device address, the access switch device VLAN and the gateway address, where the device node is the device node to which the network segment node is connected, and the connection relationship between the network segment node and the device node is correspondingly established. In general, the access switch device address is used to indicate the address of the two-layer switch that accesses the corresponding network segment, i.e., the address of the two-layer switch to which all host devices connected into the network segment are actually connected, so that the two-layer switch is typically the device node closest to the network segment node; the access switch device VLAN is similar to the access switch device address and is used for indicating the devices and ports of the access network section; in the case that the current network segment has no two-layer switch, the network segment node can also be directly connected to the three-layer switch used as a gateway through the gateway address.
In some embodiments, after the network topology structure is formed, the network topology structure can be displayed in an image manner on an operation interface of the platform according to the requirement of a user, so that an intuitive and accurate network topology structure is provided for the user, the user is helped to accurately know each device and the connection relation thereof in the current network, and when the platform monitors the device failure or network attack, the corresponding attacked or failed device can be marked in the image, so that the user is helped to perform quick device positioning operation. Fig. 2 is a schematic diagram of a network topology, which illustrates each device node (three-layer switch, multiple two-layer switches, firewall, traffic detection device, etc.) and its corresponding network configuration (including but not limited to device address, network segment address, port number, IP address, etc.), and further includes cloud node (internet node), host node (PC, server), and its IP address, etc. It should be noted that, the network segment nodes are not shown in fig. 2, and when the number of host nodes is too large, the network segment nodes can be actually used to replace the host nodes to connect with a schematic diagram of the network topology structure under the two-layer switch, or different nodes can be displayed according to the user requirements.
When the network topology is actually displayed, the display may be performed in a preset manner, and the preset manner defined in the embodiment includes, but is not limited to, any one of the following:
(1) A display device node and a host node;
(2) Display device nodes and Yun Jiedian;
(3) Display equipment nodes, network segment nodes and cloud nodes;
(4) Display equipment nodes, cloud nodes and host nodes;
(5) The method comprises the steps of displaying equipment nodes, network segment nodes, host nodes and cloud nodes.
The embodiment utilizes the existing network address planning information to construct the connection relation between the equipment nodes in the network topology structure, then utilizes the equipment logs of the equipment nodes to screen out the host nodes connected into the network topology to construct the connection relation, and can rapidly deliver the network topology management capability on the basis of greatly reducing the cost without supporting communication protocols such as SNMP and the like.
The second embodiment of the present disclosure provides a network topology discovery device, which may be installed in a situation awareness and security operation platform, where a network manager monitors security of devices in a network through the platform, and when a network device is attacked or fails, positions the corresponding network device in time, so as to perform corresponding processing. Fig. 3 shows a schematic structural diagram of the discovery apparatus provided in this embodiment, which mainly includes: a first acquiring module 10, configured to acquire network address planning information; a first configuration module 20, configured to form asset data according to the network address planning information, where the asset data includes at least a plurality of device nodes in a network topology; a first construction module 30, configured to construct a connection relationship between device nodes according to network address planning information; a second obtaining module 40, configured to obtain an equipment log of the equipment node; a second configuration module 50 that creates a plurality of host nodes in the network topology from the device log; a second construction module 60, configured to determine a connection relationship between the host node and the device node according to the network address planning information, so as to form a network topology.
It should be noted that, each function module provided in this embodiment may be an original function module in a situation awareness and security operation platform, or a function module formed by improving an original function module, and modules with the same or similar functions may be combined when actually implemented, for example, a first acquisition module and a second acquisition module may be combined into an acquisition module, and a first configuration module and a second configuration module may be combined into a configuration module, which does not actually limit the number or naming of the function modules, and only needs to actually have a module for implementing the corresponding function in the platform.
Specifically, the network address planning information at least includes network segment planning information and equipment planning information; the network segment planning information at least comprises: network segment start address, network segment end address, gateway address, access switching device VLAN, address type; the device planning information includes at least: switching device VLAN, device address, network egress type.
In some embodiments, the discovery apparatus may further include a cloud node configuration module (not shown in fig. 3) configured to create a cloud node and construct a connection relationship between the cloud node and the first device node in a case where the first device node whose network egress type is the internet or private network exists among all the device nodes.
In some embodiments, the second configuration module 50 is specifically configured to extract an IP address in the device log; and determining a host address according to the IP address and the network segment planning information, and creating a host node according to the host address.
In some embodiments, the second construction module 60 is specifically configured to determine, according to the network segment planning information, a network segment to which the host address corresponding to the host node belongs, establish a network segment node corresponding to each network segment, and construct a connection relationship between the host node and the network segment node; constructing a connection relation between network segment nodes and equipment nodes according to the network segment planning information; and establishing the connection relationship between the host node and the equipment node according to the connection relationship between the host node and the network segment node and the connection relationship between the network segment node and the equipment node.
In some embodiments, the second construction module 60 is specifically configured to search for device nodes adjacent to each network segment node in sequence according to the priority order of the access switch device address, the access switch device VLAN, and the gateway address; and establishing a connection relationship between the network segment node and the adjacent equipment node.
In some embodiments, the discovery device may further include a display module (not shown in fig. 3), which is mainly used to display the network topology in a preset manner; the preset mode at least comprises any one of the following steps: a display device node and a host node; display device nodes and Yun Jiedian; display equipment nodes, network segment nodes and cloud nodes; display equipment nodes, cloud nodes and host nodes; the method comprises the steps of displaying equipment nodes, network segment nodes, host nodes and cloud nodes.
The embodiment utilizes the existing network address planning information to construct the connection relation between the equipment nodes in the network topology structure, then utilizes the equipment logs of the equipment nodes to screen out the host nodes connected into the network topology to construct the connection relation, and can rapidly deliver the network topology management capability on the basis of greatly reducing the cost without supporting communication protocols such as SNMP and the like.
A third embodiment of the present disclosure provides a storage medium, which may be installed in a situation awareness and security operation platform, and which is specifically a computer readable medium, storing a computer program, where the computer program when executed by a processor implements the method provided by any embodiment of the present disclosure, and includes steps S31 to S36 as follows:
s31, acquiring network address planning information;
s32, forming asset data according to the network address planning information, wherein the asset data at least comprises a plurality of equipment nodes in a network topology structure;
s33, constructing a connection relation between the equipment nodes according to the network address planning information;
s34, obtaining an equipment log of the equipment node;
s35, creating a plurality of host nodes in the network topology structure according to the equipment log;
and S36, determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topology structure.
Specifically, the network address planning information at least includes network segment planning information and equipment planning information; the network segment planning information at least comprises: network segment start address, network segment end address, gateway address, access switching device VLAN, address type; the device planning information includes at least: switching device VLAN, device address, network egress type.
In the case that the first device node of the network exit type is the internet or private network exists in all the device nodes, after the computer program is executed by the processor to construct the connection relationship between the device nodes according to the network address planning information, the computer program further executes the following steps: creating cloud nodes; and constructing a connection relation between the cloud node and the first equipment node.
The computer program, when executed by the processor, creates a plurality of host nodes in the network topology from the device log, specifically performs the following steps: extracting an IP address from the device log; and determining a host address according to the IP address and the network segment planning information, and creating the host node according to the host address.
The computer program is executed by the processor to determine the connection relationship between the host node and the device node according to the network address planning information, and the processor specifically executes the following steps: determining a network segment to which a host address corresponding to the host node belongs according to the network segment planning information, establishing a network segment node corresponding to each network segment, and constructing a connection relationship between the host node and the network segment node; constructing a connection relationship between the network segment node and the equipment node according to the network segment planning information; and establishing the connection relation between the host node and the equipment node according to the connection relation between the host node and the network segment node and the connection relation between the network segment node and the equipment node.
When the computer program is executed by the processor to construct the connection relationship between the network segment node and the equipment node according to the network segment planning information, the processor specifically executes the following steps: sequentially searching the equipment nodes adjacent to each network segment node according to the priority order of the access switching equipment address, the access switching equipment VLAN and the gateway address; and establishing a connection relationship between the network segment node and the adjacent equipment node.
After the computer program is executed by the processor to determine the connection relationship between the host node and the device node according to the network address planning information to form the network topology, the processor further executes the following steps: displaying the network topology structure according to a preset mode; wherein, the preset mode at least comprises any one of the following: displaying the equipment node and the host node; showing the device node and the Yun Jiedian; displaying the equipment node, the segment node, and the Yun Jiedian; displaying the equipment node, the cloud node and the host node; and displaying the equipment node, the network segment node, the host node and the cloud node.
The embodiment utilizes the existing network address planning information to construct the connection relation between the equipment nodes in the network topology structure, then utilizes the equipment logs of the equipment nodes to screen out the host nodes connected into the network topology to construct the connection relation, and can rapidly deliver the network topology management capability on the basis of greatly reducing the cost without supporting communication protocols such as SNMP and the like.
A fourth embodiment of the present disclosure provides an electronic device, which may have a situation awareness and security operation platform in the electronic device, and a schematic structural diagram of the electronic device is shown in fig. 4, and the electronic device at least includes a memory 100 and a processor 200, where the memory 100 stores a computer program, and the processor 200 implements a method provided by any embodiment of the present disclosure when executing the computer program on the memory 100. Exemplary, the electronic device computer program steps are as follows S41 to S46:
s41, acquiring network address planning information;
s42, forming asset data according to the network address planning information, wherein the asset data at least comprises a plurality of equipment nodes in a network topology structure;
s43, constructing a connection relation between the equipment nodes according to the network address planning information;
s44, obtaining an equipment log of the equipment node;
s45, creating a plurality of host nodes in the network topology structure according to the equipment log;
and S46, determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topology structure.
Specifically, the network address planning information at least includes network segment planning information and equipment planning information; the network segment planning information at least comprises: network segment start address, network segment end address, gateway address, access switching device VLAN, address type; the device planning information includes at least: switching device VLAN, device address, network egress type.
In the case that the first device node of the network exit type is the internet or private network exists in all the device nodes, the processor further executes the following computer program after executing the connection relationship between the device nodes according to the network address planning information stored on the memory: creating cloud nodes; and constructing a connection relation between the cloud node and the first equipment node.
The processor, when executing the plurality of host nodes stored on the memory that create the network topology from the device log, specifically executes the following computer program: extracting an IP address from the device log; and determining a host address according to the IP address and the network segment planning information, and creating the host node according to the host address.
The processor, when executing the connection relationship between the host node and the device node according to the network address planning information stored on the memory, specifically executes the following computer program: determining a network segment to which a host address corresponding to the host node belongs according to the network segment planning information, establishing a network segment node corresponding to each network segment, and constructing a connection relationship between the host node and the network segment node; constructing a connection relationship between the network segment node and the equipment node according to the network segment planning information; and establishing the connection relation between the host node and the equipment node according to the connection relation between the host node and the network segment node and the connection relation between the network segment node and the equipment node.
When the processor executes the connection relation between the network segment node and the equipment node, which is stored in the memory and is constructed according to the network segment planning information, the processor specifically executes the following computer program: sequentially searching the equipment nodes adjacent to each network segment node according to the priority order of the access switching equipment address, the access switching equipment VLAN and the gateway address; and establishing a connection relationship between the network segment node and the adjacent equipment node.
The processor, after executing the connection relationship between the host node and the device node stored on the memory according to the network address planning information to form the network topology, further executes the following computer program: displaying the network topology structure according to a preset mode; wherein, the preset mode at least comprises any one of the following: displaying the equipment node and the host node; showing the device node and the Yun Jiedian; displaying the equipment node, the segment node, and the Yun Jiedian; displaying the equipment node, the cloud node and the host node; and displaying the equipment node, the network segment node, the host node and the cloud node.
The embodiment utilizes the existing network address planning information to construct the connection relation between the equipment nodes in the network topology structure, then utilizes the equipment logs of the equipment nodes to screen out the host nodes connected into the network topology to construct the connection relation, and can rapidly deliver the network topology management capability on the basis of greatly reducing the cost without supporting communication protocols such as SNMP and the like.
While various embodiments of the present disclosure have been described in detail, the present disclosure is not limited to these specific embodiments, and various modifications and embodiments can be made by those skilled in the art on the basis of the concepts of the present disclosure, and these modifications and modifications should be within the scope of the present disclosure as claimed.

Claims (10)

1. A method for discovering a network topology, comprising:
acquiring network address planning information;
forming asset data according to the network address planning information, wherein the asset data at least comprises a plurality of equipment nodes in a network topological structure;
constructing a connection relation between the equipment nodes according to the network address planning information;
acquiring an equipment log of the equipment node;
creating a plurality of host nodes in the network topology according to the device log;
and determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topology structure.
2. The discovery method according to claim 1, wherein the network address planning information includes at least network segment planning information and device planning information; wherein,,
the network segment planning information at least comprises: network segment start address, network segment end address, gateway address, access switching device VLAN, address type;
the device planning information includes at least: switching device VLAN, device address, network egress type.
3. The discovery method according to claim 2, wherein in the case where there is a first device node of which the network egress type is the internet or private network among all the device nodes, after constructing a connection relationship between the device nodes according to the network address planning information, further comprising:
creating cloud nodes;
and constructing a connection relation between the cloud node and the first equipment node.
4. A discovery method according to claim 3, wherein said creating a plurality of host nodes in said network topology from said device log comprises:
extracting an IP address from the device log;
and determining a host address according to the IP address and the network segment planning information, and creating the host node according to the host address.
5. The discovery method of claim 4, wherein the determining a connection relationship between the host node and the device node according to the network address planning information comprises:
determining a network segment to which a host address corresponding to the host node belongs according to the network segment planning information, establishing a network segment node corresponding to each network segment, and constructing a connection relationship between the host node and the network segment node;
constructing a connection relationship between the network segment node and the equipment node according to the network segment planning information;
and establishing the connection relation between the host node and the equipment node according to the connection relation between the host node and the network segment node and the connection relation between the network segment node and the equipment node.
6. The discovery method according to claim 5, wherein the constructing a connection relationship between the network segment node and the device node according to the network segment planning information includes:
sequentially searching the equipment nodes adjacent to each network segment node according to the priority order of the access switching equipment address, the access switching equipment VLAN and the gateway address;
and establishing a connection relationship between the network segment node and the adjacent equipment node.
7. The discovery method according to claim 6, wherein after determining a connection relationship between the host node and the device node according to the network address planning information to form the network topology, further comprising:
displaying the network topology structure according to a preset mode;
wherein, the preset mode at least comprises any one of the following:
displaying the equipment node and the host node;
showing the device node and the Yun Jiedian;
displaying the equipment node, the segment node, and the Yun Jiedian;
displaying the equipment node, the cloud node and the host node;
and displaying the equipment node, the network segment node, the host node and the cloud node.
8. A network topology discovery apparatus, comprising:
the first acquisition module is used for acquiring network address planning information;
a first configuration module, configured to form asset data according to the network address planning information, where the asset data at least includes a plurality of device nodes in a network topology;
the first construction module is used for constructing the connection relation between the equipment nodes according to the network address planning information;
the second acquisition module is used for acquiring the equipment log of the equipment node;
a second configuration module, configured to create a plurality of host nodes in the network topology according to the device log;
and the second construction module is used for determining the connection relation between the host node and the equipment node according to the network address planning information so as to form the network topological structure.
9. A storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the network topology discovery method of any one of claims 1 to 7.
10. An electronic device comprising at least a memory, a processor, the memory having stored thereon a computer program, characterized in that the processor, when executing the computer program on the memory, implements the steps of the network topology discovery method of any of claims 1 to 7.
CN202211670507.9A 2022-12-23 2022-12-23 Network topology structure discovery method and device, storage medium and electronic equipment Pending CN116016197A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211670507.9A CN116016197A (en) 2022-12-23 2022-12-23 Network topology structure discovery method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211670507.9A CN116016197A (en) 2022-12-23 2022-12-23 Network topology structure discovery method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116016197A true CN116016197A (en) 2023-04-25

Family

ID=86032841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211670507.9A Pending CN116016197A (en) 2022-12-23 2022-12-23 Network topology structure discovery method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116016197A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117880830A (en) * 2024-03-13 2024-04-12 中国电信股份有限公司浙江分公司 Method and device for automatically planning perceived private network topological relation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117880830A (en) * 2024-03-13 2024-04-12 中国电信股份有限公司浙江分公司 Method and device for automatically planning perceived private network topological relation
CN117880830B (en) * 2024-03-13 2024-05-28 中国电信股份有限公司浙江分公司 Method and device for automatically planning perceived private network topological relation

Similar Documents

Publication Publication Date Title
US11218376B2 (en) Algorithmic problem identification and resolution in fabric networks by software defined operations, administration, and maintenance
US8909758B2 (en) Physical server discovery and correlation
US7882439B2 (en) Graphical user interface and method for customer centric network management
US8270306B2 (en) Fault management apparatus and method for identifying cause of fault in communication network
US7310666B2 (en) Method and system for restricting and enhancing topology displays for multi-customer logical networks within a network management system
US7860016B1 (en) Method and apparatus for configuration and analysis of network routing protocols
CN111934922B (en) Method, device, equipment and storage medium for constructing network topology
EP1929707A2 (en) Routing configuration validation apparatus and methods
CN108206792B (en) Topological structure discovery method and device of switch
US20150370848A1 (en) System and method for managing data integrity in electronic data storage
US20070047466A1 (en) Network management system
CN109067784A (en) The method and apparatus of anti-fraud in a kind of VXLAN
US8204972B2 (en) Management of logical networks for multiple customers within a network management framework
CN114915561B (en) Network topology graph generation method and device
CN116016197A (en) Network topology structure discovery method and device, storage medium and electronic equipment
CN116545861A (en) Network topology graph generation method, device and equipment
US11336502B2 (en) Deriving network device and host connection
EP3018883B1 (en) Login method and system for client unit
Cisco CDM Software Overview
Cisco CDM Software Overview
Cisco CDM Software Overview
CN117176639B (en) Multi-protocol-based network topology automatic discovery method and device
CN113542192B (en) Illegal network equipment access detection method and device, computing equipment and storage medium
US7953905B1 (en) Methods and apparatus for modeling a storage area network
CN115733668A (en) Cloud asset management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination