CN117061357A - Network topology management method and system based on virtual private network - Google Patents
Network topology management method and system based on virtual private network Download PDFInfo
- Publication number
- CN117061357A CN117061357A CN202311106059.4A CN202311106059A CN117061357A CN 117061357 A CN117061357 A CN 117061357A CN 202311106059 A CN202311106059 A CN 202311106059A CN 117061357 A CN117061357 A CN 117061357A
- Authority
- CN
- China
- Prior art keywords
- node
- vpn
- network
- nodes
- network topology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 85
- 238000012544 monitoring process Methods 0.000 claims abstract description 77
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000004891 communication Methods 0.000 claims description 59
- 238000012423 maintenance Methods 0.000 claims description 22
- 238000005457 optimization Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 8
- 230000000737 periodic effect Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 4
- 230000036541 health Effects 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013468 resource allocation Methods 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network topology management method and system based on a virtual private network. The network topology management method based on the virtual private network comprises the following steps: setting a plurality of VPN nodes in a target geographic position and/or a target data center, and setting a network topology structure of the VPN nodes; configuring a dynamic routing protocol and a neighbor relation on each VPN node; load balancing configuration and path selection configuration are carried out on the VPN nodes; establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order; and periodically maintaining, optimizing and backing up the network topology of the VPN node. The system comprises modules corresponding to the method steps.
Description
Technical Field
The invention provides a network topology management method and system based on a virtual private network, and belongs to the technical field of network topology management.
Background
Virtual private networks establish virtual private network connections between a plurality of sites. These connections transmit data over an encrypted channel, ensuring confidentiality and integrity of the data. However, the node connection established by some VPN clients is single, the connection is not stable, and it is often disconnected and maintenance is required.
Disclosure of Invention
The invention provides a network topology management method and system based on a virtual private network, which are used for solving the problems that in the prior art, the node connection established by partial VPN clients is single, the connection is unstable and the maintenance is required to be disconnected frequently, and the adopted technical scheme is as follows:
a network topology management method based on a virtual private network, the network topology management method based on a virtual private network comprising:
setting a plurality of VPN nodes in a target geographic position and/or a target data center, and setting a network topology structure of the VPN nodes;
configuring a dynamic routing protocol and a neighbor relation on each VPN node;
load balancing configuration and path selection configuration are carried out on the VPN nodes;
establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order;
and periodically maintaining, optimizing and backing up the network topology of the VPN node.
Further, setting a plurality of VPN nodes in the target geographic location and/or the target data center, and setting a network topology of the VPN nodes, including:
Acquiring a target geographic position and/or a target data center;
extracting network communication demand information of the target geographic position and/or the target data center;
setting the number of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
after all the target geographic positions and/or the number of VPN nodes of the target data center are determined, setting the network topology structure of the VPN nodes.
Further, configuring a dynamic routing protocol and a neighbor relation on each VPN node includes:
configuring a dynamic routing protocol on each VPN node, wherein the dynamic routing protocol is a Border Gateway Protocol (BGP);
determining the IP addresses of the neighbor nodes of each VPN node;
configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
determining a connection type between the VPN node and each neighbor node;
and starting a BGP process on each VPN node to establish communication connection between each VPN node and each neighbor node corresponding to each VPN node.
Further, performing load balancing configuration and path selection configuration for the VPN node, including:
Implementing a load balancing policy on each VPN node to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
the best path is determined to forward traffic using network topology information provided by the dynamic routing protocol.
Further, a node management platform is established, the node management platform is utilized to monitor the running state of the VPN node in real time, and when the running fault of the VPN node occurs, fault alarm information is sent to a maintainer terminal, and the method comprises the following steps:
creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform;
monitoring key performance indexes of the VPN node in real time by utilizing the monitoring items, wherein the key performance indexes of the VPN node comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
setting an alarm rule, triggering an alarm when parameters of a monitoring target of the VPN node do not meet the threshold range requirement preset in the alarm rule, and sending fault alarm information to a maintainer terminal.
A network topology management system based on a virtual private network, the network topology management system based on a virtual private network comprising:
The node setting module is used for setting a plurality of VPN nodes in the target geographic position and/or the target data center and setting a network topology structure of the VPN nodes;
a first information configuration module, configured to configure a dynamic routing protocol and a neighbor relation on each VPN node;
the second information configuration module is used for carrying out load balancing configuration and path selection configuration on the VPN node;
the fault detection module is used for establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order;
and the network periodic operation and maintenance optimization module is used for periodically maintaining, optimizing and backing up data of the network topology of the VPN node.
Further, the node setting module includes:
the position information acquisition module is used for acquiring a target geographic position and/or a target data center;
the information extraction module is used for extracting network communication requirement information of the target geographic position and/or the target data center;
the quantity determining module is used for setting the quantity of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
The topology structure setting module is used for setting the network topology structure of the VPN nodes after all the target geographic positions and/or the number of VPN nodes of the target data center are determined.
Further, the first information configuration module includes:
a dynamic routing protocol configuration module, configured to configure a dynamic routing protocol on each VPN node, where the dynamic routing protocol is a Border Gateway Protocol (BGP);
the neighbor node information acquisition module is used for determining neighbor nodes of each VPN node and IP addresses of the neighbor nodes;
the neighbor parameter configuration module is used for configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
a connection type determining module, configured to determine a connection type between the VPN node and each neighboring node;
and the communication connection establishment module is used for starting a BGP process on each VPN node so as to establish communication connection between each VPN node and each neighbor node corresponding to each VPN node.
Further, the second information configuration module includes:
the load policy configuration module is used for implementing a load balancing policy on each VPN node so as to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
And the path selection module is used for determining the optimal path to forward the traffic by utilizing the network topology information provided by the dynamic routing protocol.
Further, the fault detection module includes:
the monitoring item creation module is used for creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform;
the key index monitoring module is used for monitoring key performance indexes of the VPN nodes in real time by utilizing the monitoring items, wherein the key performance indexes of the VPN nodes comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
and the alarm module is used for setting an alarm rule, triggering an alarm when the parameter of the monitoring target of the VPN node does not meet the requirement of the preset threshold range in the alarm rule, and sending fault alarm information to the maintenance personnel terminal.
The invention has the beneficial effects that:
the network topology management method and the system based on the virtual private network set up a plurality of nodes, adopt the network topology management method, and optimize the performance and the reliability of VPN connection by dynamically selecting the connection between the optimal path and the nodes. The reliability, stability and safety of the virtual private network connection are improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention;
fig. 2 is a system block diagram of the system of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
The embodiment of the invention provides a network topology management method based on a virtual private network, as shown in fig. 1, comprising the following steps:
s1, setting a plurality of VPN nodes in a target geographic position and/or a target data center, and setting a network topology structure of the VPN nodes;
s2, configuring a dynamic routing protocol and a neighbor relation on each VPN node;
s3, carrying out load balancing configuration and path selection configuration on the VPN node;
s4, a node management platform is established, the node management platform is utilized to monitor the running state of the VPN node in real time, and fault alarm information is sent to a maintainer terminal when the VPN node runs out of order;
and S5, periodically maintaining, optimizing and backing up the network topology of the VPN node.
The working principle of the technical scheme is as follows: setting VPN nodes and a network topology structure (S1): first, a plurality of VPN nodes are set up in a target geographical location and/or a target data center, and a network topology is established for these nodes. This network topology typically includes the manner of connection and the topological relationships between the nodes.
Configuration of dynamic routing and neighbor relation (S2): dynamic routing protocols and neighbor relationships are configured on each VPN node. These configurations allow routing information and communication relationships between nodes to be dynamically updated to accommodate changes in network topology.
Load balancing and path selection configuration (S3): and carrying out load balancing configuration and path selection configuration on the VPN nodes. This helps to optimize network performance, ensure efficient transmission of data in the network, and avoid overload of a single node.
Establishing a node management platform (S4): a node management platform is established, which can monitor the running state of the VPN node in real time. When the VPN node operation is faulty or abnormal, the node management platform can send fault alarm information to the maintenance personnel terminal so as to respond to the problem rapidly.
Maintenance, optimization and data backup of the network topology (S5): the network topology of the VPN nodes is regularly maintained and optimized to ensure stability and efficiency of the network structure. Meanwhile, data backup is performed to cope with possible data loss.
The technical scheme has the effects that: high availability and stability: through load balancing configuration, dynamic routing and neighbor relation setting, the method can improve the availability and stability of the network and ensure the connectivity of data.
Fast fault response: through real-time monitoring and fault alarming, a network administrator can quickly respond to the operation faults of the VPN nodes, and network downtime is reduced.
Network performance optimization: the load balancing configuration and the path selection configuration are helpful to optimize the network performance and ensure the high efficiency of data transmission.
Backing up data: periodic data backup operations contribute to the security and recoverability of data.
Network topology optimization: periodic maintenance and optimization of network topology helps to maintain the health and efficiency of the network architecture.
In summary, the technical proposal establishes a virtual private network, configures routing and neighbor relation, load balancing and node management platform, the performance, stability and management efficiency of the network are improved, and therefore the requirements of network management and maintenance are better met.
One embodiment of the present invention sets a plurality of VPN nodes in a target geographic location and/or a target data center, and sets a network topology of the VPN nodes, including:
s101, acquiring a target geographic position and/or a target data center;
s102, extracting network communication demand information of the target geographic position and/or the target data center;
s103, setting the number of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
And S104, setting a network topology structure of the VPN nodes after all the target geographic positions and/or the number of VPN nodes of the target data center are determined.
The working principle of the technical scheme is as follows: acquiring a target geographic location and/or a target data center (S101): first, the relevant information of the target geographic position and/or the target data center is obtained, including the network structure, the communication requirement, the layout and the like.
Extracting network communication requirement information (S102): network communication demand information is extracted from information of a target geographic location and/or a target data center. This includes determining which sub-networks need to communicate with each other and the communication needs between them, such as which nodes are connected or the traffic needs between the networks.
Setting the number of VPN nodes (S103): based on the extracted network communication demand information, the number of VPN nodes that need to be set in the target geographical location and/or the target data center is determined. These VPN nodes are responsible for handling communication and network connections.
Setting a VPN node network topology (S104): once the number of VPN nodes is determined, their network topology can be set, i.e. the manner of connection, relationships and paths between them are determined. This helps to build a network that meets the communication needs.
The technical scheme has the effects that: customizing the network structure: by setting the number of VPN nodes and the network topology according to the communication requirements, a customized network structure can be constructed, ensuring that the communication requirements of the target geographic location and/or the target data center are met.
Optimizing network performance: the number of nodes and the network topology structure are set according to the communication requirements, so that the network performance is optimized, and the high efficiency and the reliability of data transmission are ensured.
The network cost is reduced: by reasonably setting the number of nodes, unnecessary network equipment and bandwidth consumption can be avoided, thereby reducing the cost of network deployment and maintenance.
Improving network availability: the network structure arranged according to the communication requirement can improve the availability of the network, ensure the connectivity of data and reduce the risk of network interruption.
Meets specific requirements: the method can flexibly meet the network communication requirements of specific geographic positions and data centers, and ensures that the network can adapt to different scenes and requirements.
In summary, the technical scheme can customize the number of VPN nodes and the network topology according to the communication requirements, so as to meet the network communication requirements of a specific geographic location and/or data center, and simultaneously reduce the cost and improve the network performance.
One embodiment of the present invention configures a dynamic routing protocol and a neighbor relation on each of the VPN nodes, including:
s201, configuring a dynamic routing protocol on each VPN node, wherein the dynamic routing protocol is a Border Gateway Protocol (BGP);
s202, determining the IP addresses of the neighbor nodes of each VPN node;
s203, configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
s204, determining the connection type between the VPN node and each neighbor node;
s205, a BGP process is started on each VPN node, so that communication connection is established between each VPN node and each neighbor node corresponding to each VPN node.
The working principle of the technical scheme is as follows: configuration of dynamic routing protocol (S201): border Gateway Protocol (BGP) is configured as a dynamic routing protocol on each VPN node. BGP is a routing protocol commonly used to exchange routing information across different autonomous systems.
Determining neighbor nodes and IP addresses (S202): neighbor nodes of each VPN node are determined, which are other network devices connected to the VPN node. At the same time, the IP address of each neighbor node is determined in order to establish communication.
Configuration BGP neighbor parameters (S203): BGP neighbor parameters are configured for each neighbor node on each VPN node. These parameters include the neighbor node's IP address, autonomous system number (AS number), and BGP version information. These parameters are used to establish and maintain BGP neighbor relationships.
Determining the connection type (S204): a connection type between the VPN node and each neighbor node is determined. This may include physical or virtual connections, depending on the particular configuration of the network.
Establishing BGP communication connection (S205): and starting a BGP process on each VPN node so that each VPN node can establish communication connection with the neighbor nodes. These connections are used to exchange routing information and maintain the network topology.
The technical scheme has the effects that: dynamic route management: the configuration of BGP as a dynamic routing protocol allows the dynamic exchange of routing information between VPN nodes so as to ensure that a routing table in a network can be updated in time and adapt to the change of network topology.
High flexibility: the BGP protocol has a high degree of flexibility and can accommodate different network requirements and complex topologies. This allows the network administrator to configure and adjust as needed.
Inter-autonomous system routing: BGP is commonly used for routing between autonomous systems (ases) and is therefore suitable for network communications across a plurality of different ases, supporting a large-scale internetwork.
Reliability and robustness: the BGP protocol has good reliability and robustness, can cope with faults and abnormal conditions in the network, and ensures the stability and availability of the network.
Network dynamics: by using a dynamic routing protocol, the network can dynamically adapt to changes, including node failures, addition of new devices, and changes in routing policies, thereby improving the flexibility of the network.
In summary, configuring BGP as a dynamic routing protocol and configuring BGP neighbor relationships may enhance management and dynamics of the network, so that the network may better adapt to changing conditions and requirements. This helps to improve the performance, availability and maintainability of the network.
One embodiment of the present invention performs load balancing configuration and path selection configuration for the VPN node, including:
s301, implementing a load balancing strategy on each VPN node so as to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
s302, determining an optimal path to forward traffic by utilizing network topology information provided by a dynamic routing protocol.
The working principle of the technical scheme is as follows: load balancing configuration (S301): a load balancing policy is implemented on each VPN node to balance traffic load and optimize performance. Here, the load balancing policy employed is a weighted polling policy. This means that requests from different clients will be distributed to different VPN nodes according to the weight assigned in advance. This ensures that the load on the different nodes remains relatively balanced, preventing overload of a certain node, thereby improving performance and availability.
Path selection configuration (S302): the best path is determined to forward traffic using network topology information provided by the dynamic routing protocol. Dynamic routing protocols typically select the best path based on current network state and node reachability. This may ensure that traffic flows to the target node in the most efficient manner, reducing latency and resource consumption.
The technical scheme has the effects that: flow equalization: the implementation of the load balancing strategy can ensure the flow load balancing among different VPN nodes, avoid the overload of a certain node and improve the performance and the reliability of the whole VPN network.
Performance optimization: by balancing traffic load and optimizing performance, network administrators can better utilize available resources, improving throughput and response speed of the network.
High availability: load balancing and path selection configurations may increase the high availability of the network. If one node fails, the traffic can be automatically forwarded to other nodes which normally operate, and the continuity of the service is ensured.
And (3) resource optimization: the path selection configuration utilizes the network topology information provided by the dynamic routing protocol, so that the traffic can be ensured to be transmitted in the optimal path, the waste of network resources is reduced, and the delay is reduced.
Network stability: by optimizing traffic distribution and path selection, stability and maintainability of the network are improved and an administrator can more easily manage and monitor the entire VPN network.
In summary, the load balancing and path selection configuration helps to optimize network performance, improve availability, and reduce resource consumption, and is an important component for constructing an efficient and stable VPN network.
In one embodiment of the present invention, a node management platform is established, the node management platform is utilized to monitor the operation state of a VPN node in real time, and when the operation of the VPN node fails, failure alarm information is sent to a maintainer terminal, including:
s401, creating a monitoring item corresponding to a monitoring target by using a monitoring tool configured in a node management platform;
s402, monitoring key performance indexes of the VPN node in real time by utilizing the monitoring item, wherein the key performance indexes of the VPN node comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
s403, setting an alarm rule, and when the parameter of the monitoring target of the VPN node does not meet the requirement of the preset threshold range in the alarm rule, triggering an alarm and sending fault alarm information to a maintainer terminal.
The working principle of the technical scheme is as follows: monitoring item creation (S401): and creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform. These monitoring items typically include key performance indicators such as network connection status, CPU utilization, memory usage, and disk space remaining ratio. Each monitoring item is used to track the performance and status of different aspects of the VPN node.
Performance index monitoring (S402): and using the created monitoring item, and monitoring key performance indexes of the VPN nodes by the node management platform in real time. These metrics may be used to assess the health of the nodes. If any of the performance indicators exceeds a preset threshold range, the node may be declared problematic.
Alarm rule setting (S403): in order to respond to node problems in time, an administrator sets alarm rules on a node management platform. These rules define alarm conditions that should be triggered when the monitored target parameters of the VPN nodes do not meet preset threshold range requirements. When the alarm condition is met, the system automatically triggers an alarm.
Alarm notification: once the alarm condition is triggered, the node management platform will send fault alarm information to the maintenance personnel's terminal. This can be accomplished in a variety of ways, such as email, text messaging, instant messaging, or cell phone application notification, so that an administrator can take timely action to solve the problem.
The technical scheme has the effects that: and (3) real-time monitoring: the node management platform monitors key performance indexes of the VPN nodes in real time, so that an administrator can quickly find out node problems without waiting for complaints or manual inspection of users.
Fault early warning: setting alarm rules can help administrators get warnings before a problem occurs, thereby reducing the impact of the fault on the network and traffic.
Quick response: the sending of alarm notifications enables an administrator to quickly take action, such as restarting a node, adding resources, or performing maintenance, to minimize service disruption time.
And (3) resource optimization: by monitoring the performance index, an administrator can identify the continuously changing requirements, optimize the resource allocation according to the actual situation and improve the network efficiency.
And (3) automatic management: the automated functionality of the node management platform relieves the administrator of the workload and enables him to focus on problem resolution rather than manual monitoring.
In summary, establishing the node management platform and setting the monitoring and alarm rules can improve availability, maintainability and performance of the VPN network, and help an administrator to better manage and maintain the network.
The embodiment of the invention provides a network topology management system based on a virtual private network, as shown in fig. 2, the network topology management system based on the virtual private network comprises:
The node setting module is used for setting a plurality of VPN nodes in the target geographic position and/or the target data center and setting a network topology structure of the VPN nodes;
a first information configuration module, configured to configure a dynamic routing protocol and a neighbor relation on each VPN node;
the second information configuration module is used for carrying out load balancing configuration and path selection configuration on the VPN node;
the fault detection module is used for establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order;
and the network periodic operation and maintenance optimization module is used for periodically maintaining, optimizing and backing up data of the network topology of the VPN node.
The working principle of the technical scheme is as follows: setting VPN nodes and network topology structure: first, a plurality of VPN nodes are set up in a target geographical location and/or a target data center, and a network topology is established for these nodes. This network topology typically includes the manner of connection and the topological relationships between the nodes.
Configuration of dynamic routing and neighbor relation: dynamic routing protocols and neighbor relationships are configured on each VPN node. These configurations allow routing information and communication relationships between nodes to be dynamically updated to accommodate changes in network topology.
Load balancing and path selection configuration: and carrying out load balancing configuration and path selection configuration on the VPN nodes. This helps to optimize network performance, ensure efficient transmission of data in the network, and avoid overload of a single node.
Establishing a node management platform: a node management platform is established, which can monitor the running state of the VPN node in real time. When the VPN node operation is faulty or abnormal, the node management platform can send fault alarm information to the maintenance personnel terminal so as to respond to the problem rapidly.
Maintenance, optimization and data backup of network topology: the network topology of the VPN nodes is regularly maintained and optimized to ensure stability and efficiency of the network structure. Meanwhile, data backup is performed to cope with possible data loss.
The technical scheme has the effects that: high availability and stability: through load balancing configuration, dynamic routing and neighbor relation setting, the method can improve the availability and stability of the network and ensure the connectivity of data.
Fast fault response: through real-time monitoring and fault alarming, a network administrator can quickly respond to the operation faults of the VPN nodes, and network downtime is reduced.
Network performance optimization: the load balancing configuration and the path selection configuration are helpful to optimize the network performance and ensure the high efficiency of data transmission.
Backing up data: periodic data backup operations contribute to the security and recoverability of data.
Network topology optimization: periodic maintenance and optimization of network topology helps to maintain the health and efficiency of the network architecture.
In summary, the technical scheme improves the performance, stability and management efficiency of the network by establishing the virtual private network, configuring the route and neighbor relation, load balancing and node management platform, thereby better meeting the requirements of network management and maintenance.
In one embodiment of the present invention, the node setting module includes:
the position information acquisition module is used for acquiring a target geographic position and/or a target data center;
the information extraction module is used for extracting network communication requirement information of the target geographic position and/or the target data center;
the quantity determining module is used for setting the quantity of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
the topology structure setting module is used for setting the network topology structure of the VPN nodes after all the target geographic positions and/or the number of VPN nodes of the target data center are determined.
The working principle of the technical scheme is as follows: acquiring a target geographic position and/or a target data center: first, the relevant information of the target geographic position and/or the target data center is obtained, including the network structure, the communication requirement, the layout and the like.
Extracting network communication requirement information: network communication demand information is extracted from information of a target geographic location and/or a target data center. This includes determining which sub-networks need to communicate with each other and the communication needs between them, such as which nodes are connected or the traffic needs between the networks.
Setting the number of VPN nodes: based on the extracted network communication demand information, the number of VPN nodes that need to be set in the target geographical location and/or the target data center is determined. These VPN nodes are responsible for handling communication and network connections.
Setting a VPN node network topological structure: once the number of VPN nodes is determined, their network topology can be set, i.e. the manner of connection, relationships and paths between them are determined. This helps to build a network that meets the communication needs.
The technical scheme has the effects that: customizing the network structure: by setting the number of VPN nodes and the network topology according to the communication requirements, a customized network structure can be constructed, ensuring that the communication requirements of the target geographic location and/or the target data center are met.
Optimizing network performance: the number of nodes and the network topology structure are set according to the communication requirements, so that the network performance is optimized, and the high efficiency and the reliability of data transmission are ensured.
The network cost is reduced: by reasonably setting the number of nodes, unnecessary network equipment and bandwidth consumption can be avoided, thereby reducing the cost of network deployment and maintenance.
Improving network availability: the network structure arranged according to the communication requirement can improve the availability of the network, ensure the connectivity of data and reduce the risk of network interruption.
Meets specific requirements: the method can flexibly meet the network communication requirements of specific geographic positions and data centers, and ensures that the network can adapt to different scenes and requirements.
In summary, the technical scheme can customize the number of VPN nodes and the network topology according to the communication requirements, so as to meet the network communication requirements of a specific geographic location and/or data center, and simultaneously reduce the cost and improve the network performance.
In one embodiment of the present invention, the first information configuration module includes:
a dynamic routing protocol configuration module, configured to configure a dynamic routing protocol on each VPN node, where the dynamic routing protocol is a Border Gateway Protocol (BGP);
The neighbor node information acquisition module is used for determining neighbor nodes of each VPN node and IP addresses of the neighbor nodes;
the neighbor parameter configuration module is used for configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
a connection type determining module, configured to determine a connection type between the VPN node and each neighboring node;
and the communication connection establishment module is used for starting a BGP process on each VPN node so as to establish communication connection between each VPN node and each neighbor node corresponding to each VPN node.
The working principle of the technical scheme is as follows: configuring a dynamic routing protocol: border Gateway Protocol (BGP) is configured as a dynamic routing protocol on each VPN node. BGP is a routing protocol commonly used to exchange routing information across different autonomous systems.
Determining neighbor nodes and IP addresses: neighbor nodes of each VPN node are determined, which are other network devices connected to the VPN node. At the same time, the IP address of each neighbor node is determined in order to establish communication.
Configuration of BGP neighbor parameters: BGP neighbor parameters are configured for each neighbor node on each VPN node. These parameters include the neighbor node's IP address, autonomous system number (AS number), and BGP version information. These parameters are used to establish and maintain BGP neighbor relationships.
Determining a connection type: a connection type between the VPN node and each neighbor node is determined. This may include physical or virtual connections, depending on the particular configuration of the network.
Establishing BGP communication connection: and starting a BGP process on each VPN node so that each VPN node can establish communication connection with the neighbor nodes. These connections are used to exchange routing information and maintain the network topology.
The technical scheme has the effects that: dynamic route management: the configuration of BGP as a dynamic routing protocol allows the dynamic exchange of routing information between VPN nodes so as to ensure that a routing table in a network can be updated in time and adapt to the change of network topology.
High flexibility: the BGP protocol has a high degree of flexibility and can accommodate different network requirements and complex topologies. This allows the network administrator to configure and adjust as needed.
Inter-autonomous system routing: BGP is commonly used for routing between autonomous systems (ases) and is therefore suitable for network communications across a plurality of different ases, supporting a large-scale internetwork.
Reliability and robustness: the BGP protocol has good reliability and robustness, can cope with faults and abnormal conditions in the network, and ensures the stability and availability of the network.
Network dynamics: by using a dynamic routing protocol, the network can dynamically adapt to changes, including node failures, addition of new devices, and changes in routing policies, thereby improving the flexibility of the network.
In summary, configuring BGP as a dynamic routing protocol and configuring BGP neighbor relationships may enhance management and dynamics of the network, so that the network may better adapt to changing conditions and requirements. This helps to improve the performance, availability and maintainability of the network.
In one embodiment of the present invention, the second information configuration module includes:
the load policy configuration module is used for implementing a load balancing policy on each VPN node so as to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
and the path selection module is used for determining the optimal path to forward the traffic by utilizing the network topology information provided by the dynamic routing protocol.
The working principle of the technical scheme is as follows: load balancing configuration: a load balancing policy is implemented on each VPN node to balance traffic load and optimize performance. Here, the load balancing policy employed is a weighted polling policy. This means that requests from different clients will be distributed to different VPN nodes according to the weight assigned in advance. This ensures that the load on the different nodes remains relatively balanced, preventing overload of a certain node, thereby improving performance and availability.
Path selection configuration: the best path is determined to forward traffic using network topology information provided by the dynamic routing protocol. Dynamic routing protocols typically select the best path based on current network state and node reachability. This may ensure that traffic flows to the target node in the most efficient manner, reducing latency and resource consumption.
The technical scheme has the effects that: flow equalization: the implementation of the load balancing strategy can ensure the flow load balancing among different VPN nodes, avoid the overload of a certain node and improve the performance and the reliability of the whole VPN network.
Performance optimization: by balancing traffic load and optimizing performance, network administrators can better utilize available resources, improving throughput and response speed of the network.
High availability: load balancing and path selection configurations may increase the high availability of the network. If one node fails, the traffic can be automatically forwarded to other nodes which normally operate, and the continuity of the service is ensured.
And (3) resource optimization: the path selection configuration utilizes the network topology information provided by the dynamic routing protocol, so that the traffic can be ensured to be transmitted in the optimal path, the waste of network resources is reduced, and the delay is reduced.
Network stability: by optimizing traffic distribution and path selection, stability and maintainability of the network are improved and an administrator can more easily manage and monitor the entire VPN network.
In summary, the load balancing and path selection configuration helps to optimize network performance, improve availability, and reduce resource consumption, and is an important component for constructing an efficient and stable VPN network.
In one embodiment of the present invention, the fault detection module includes:
the monitoring item creation module is used for creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform;
the key index monitoring module is used for monitoring key performance indexes of the VPN nodes in real time by utilizing the monitoring items, wherein the key performance indexes of the VPN nodes comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
and the alarm module is used for setting an alarm rule, triggering an alarm when the parameter of the monitoring target of the VPN node does not meet the requirement of the preset threshold range in the alarm rule, and sending fault alarm information to the maintenance personnel terminal.
The working principle of the technical scheme is as follows: monitoring item creation: and creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform. These monitoring items typically include key performance indicators such as network connection status, CPU utilization, memory usage, and disk space remaining ratio. Each monitoring item is used to track the performance and status of different aspects of the VPN node.
And (3) monitoring performance indexes: and using the created monitoring item, and monitoring key performance indexes of the VPN nodes by the node management platform in real time. These metrics may be used to assess the health of the nodes. If any of the performance indicators exceeds a preset threshold range, the node may be declared problematic.
Alarm rule setting: in order to respond to node problems in time, an administrator sets alarm rules on a node management platform. These rules define alarm conditions that should be triggered when the monitored target parameters of the VPN nodes do not meet preset threshold range requirements. When the alarm condition is met, the system automatically triggers an alarm.
Alarm notification: once the alarm condition is triggered, the node management platform will send fault alarm information to the maintenance personnel's terminal. This can be accomplished in a variety of ways, such as email, text messaging, instant messaging, or cell phone application notification, so that an administrator can take timely action to solve the problem.
The technical scheme has the effects that: and (3) real-time monitoring: the node management platform monitors key performance indexes of the VPN nodes in real time, so that an administrator can quickly find out node problems without waiting for complaints or manual inspection of users.
Fault early warning: setting alarm rules can help administrators get warnings before a problem occurs, thereby reducing the impact of the fault on the network and traffic.
Quick response: the sending of alarm notifications enables an administrator to quickly take action, such as restarting a node, adding resources, or performing maintenance, to minimize service disruption time.
And (3) resource optimization: by monitoring the performance index, an administrator can identify the continuously changing requirements, optimize the resource allocation according to the actual situation and improve the network efficiency.
And (3) automatic management: the automated functionality of the node management platform relieves the administrator of the workload and enables him to focus on problem resolution rather than manual monitoring.
In summary, establishing the node management platform and setting the monitoring and alarm rules can improve availability, maintainability and performance of the VPN network, and help an administrator to better manage and maintain the network.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. The network topology management method based on the virtual private network is characterized by comprising the following steps of:
setting a plurality of VPN nodes in a target geographic position and/or a target data center, and setting a network topology structure of the VPN nodes;
configuring a dynamic routing protocol and a neighbor relation on each VPN node;
load balancing configuration and path selection configuration are carried out on the VPN nodes;
establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order;
and periodically maintaining, optimizing and backing up the network topology of the VPN node.
2. A network topology management method based on a virtual private network according to claim 1, wherein a plurality of VPN nodes are set in a target geographical location and/or a target data center, and a network topology of the VPN nodes is set, comprising:
acquiring a target geographic position and/or a target data center;
extracting network communication demand information of the target geographic position and/or the target data center;
setting the number of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
After all the target geographic positions and/or the number of VPN nodes of the target data center are determined, setting the network topology structure of the VPN nodes.
3. A virtual private network-based network topology management method according to claim 1, wherein configuring a dynamic routing protocol and a neighbor relation on each of said VPN nodes comprises:
configuring a dynamic routing protocol on each VPN node, wherein the dynamic routing protocol is a border gateway protocol;
determining the IP addresses of the neighbor nodes of each VPN node;
configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
determining a connection type between the VPN node and each neighbor node;
and starting a BGP process on each VPN node to establish communication connection between each VPN node and each neighbor node corresponding to each VPN node.
4. A network topology management method based on a virtual private network according to claim 1, wherein performing load balancing configuration and path selection configuration for the VPN node comprises:
implementing a load balancing policy on each VPN node to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
The best path is determined to forward traffic using network topology information provided by the dynamic routing protocol.
5. The network topology management method based on a virtual private network according to claim 1, wherein establishing a node management platform, monitoring the operation state of VPN nodes in real time by using the node management platform, and when the VPN nodes fail in operation, sending failure alarm information to a maintainer terminal, comprises:
creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform;
monitoring key performance indexes of the VPN node in real time by utilizing the monitoring items, wherein the key performance indexes of the VPN node comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
setting an alarm rule, triggering an alarm when parameters of a monitoring target of the VPN node do not meet the threshold range requirement preset in the alarm rule, and sending fault alarm information to a maintainer terminal.
6. A network topology management system based on a virtual private network, the network topology management system based on a virtual private network comprising:
the node setting module is used for setting a plurality of VPN nodes in the target geographic position and/or the target data center and setting a network topology structure of the VPN nodes;
A first information configuration module, configured to configure a dynamic routing protocol and a neighbor relation on each VPN node;
the second information configuration module is used for carrying out load balancing configuration and path selection configuration on the VPN node;
the fault detection module is used for establishing a node management platform, monitoring the running state of the VPN node in real time by using the node management platform, and sending fault alarm information to a maintainer terminal when the VPN node runs out of order;
and the network periodic operation and maintenance optimization module is used for periodically maintaining, optimizing and backing up data of the network topology of the VPN node.
7. The virtual private network-based network topology management system of claim 6, wherein said node setting module comprises:
the position information acquisition module is used for acquiring a target geographic position and/or a target data center;
the information extraction module is used for extracting network communication requirement information of the target geographic position and/or the target data center;
the quantity determining module is used for setting the quantity of VPN nodes according to the target geographic position and/or the network communication demand information of the target data center;
the topology structure setting module is used for setting the network topology structure of the VPN nodes after all the target geographic positions and/or the number of VPN nodes of the target data center are determined.
8. The virtual private network-based network topology management system of claim 6, wherein said first information configuration module comprises:
a dynamic routing protocol configuration module, configured to configure a dynamic routing protocol on each VPN node, where the dynamic routing protocol is a border gateway protocol;
the neighbor node information acquisition module is used for determining neighbor nodes of each VPN node and IP addresses of the neighbor nodes;
the neighbor parameter configuration module is used for configuring BGP neighbor parameters for each neighbor node on each VPN node, wherein the BGP neighbor parameters comprise IP addresses, AS numbers and BGP version information of the neighbor nodes;
a connection type determining module, configured to determine a connection type between the VPN node and each neighboring node;
and the communication connection establishment module is used for starting a BGP process on each VPN node so as to establish communication connection between each VPN node and each neighbor node corresponding to each VPN node.
9. The virtual private network-based network topology management system of claim 6, wherein said second information configuration module comprises:
the load policy configuration module is used for implementing a load balancing policy on each VPN node so as to balance traffic load and optimize performance; wherein, the load balancing strategy is a weighted polling strategy;
And the path selection module is used for determining the optimal path to forward the traffic by utilizing the network topology information provided by the dynamic routing protocol.
10. The virtual private network-based network topology management system of claim 6, wherein said failure detection module comprises:
the monitoring item creation module is used for creating a monitoring item corresponding to the monitoring target by using a monitoring tool configured in the node management platform;
the key index monitoring module is used for monitoring key performance indexes of the VPN nodes in real time by utilizing the monitoring items, wherein the key performance indexes of the VPN nodes comprise network connection state, CPU utilization rate, memory utilization rate and disk space remaining proportion;
and the alarm module is used for setting an alarm rule, triggering an alarm when the parameter of the monitoring target of the VPN node does not meet the requirement of the preset threshold range in the alarm rule, and sending fault alarm information to the maintenance personnel terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311106059.4A CN117061357A (en) | 2023-08-30 | 2023-08-30 | Network topology management method and system based on virtual private network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311106059.4A CN117061357A (en) | 2023-08-30 | 2023-08-30 | Network topology management method and system based on virtual private network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117061357A true CN117061357A (en) | 2023-11-14 |
Family
ID=88653410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311106059.4A Pending CN117061357A (en) | 2023-08-30 | 2023-08-30 | Network topology management method and system based on virtual private network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117061357A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117579660A (en) * | 2023-11-24 | 2024-02-20 | 江苏启航开创软件有限公司 | Regional Internet information distributed communication method based on home doctors |
-
2023
- 2023-08-30 CN CN202311106059.4A patent/CN117061357A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117579660A (en) * | 2023-11-24 | 2024-02-20 | 江苏启航开创软件有限公司 | Regional Internet information distributed communication method based on home doctors |
CN117579660B (en) * | 2023-11-24 | 2024-05-14 | 江苏启航开创软件有限公司 | Regional Internet information distributed communication method based on home doctors |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10356011B2 (en) | Partial software defined network switch replacement in IP networks | |
RU2651149C2 (en) | Sdn-controller, data processing center system and the routed connection method | |
US10601728B2 (en) | Software-defined data center and service cluster scheduling and traffic monitoring method therefor | |
US9806983B2 (en) | System and method for control flow management in software defined networks | |
RU2667039C2 (en) | Partial replacement of the switch of the program-configurable network in ip networks | |
JP5743809B2 (en) | Network management system and network management method | |
CN107438016B (en) | Network management method, device, system and storage medium | |
EP3016316B1 (en) | Network control method and apparatus | |
EP2608459B1 (en) | Router, virtual cluster router system and establishing method thereof | |
US20070280686A1 (en) | Network configuring apparatus | |
CN105227385B (en) | A kind of method and system of troubleshooting | |
JP2006229967A (en) | High-speed multicast path switching | |
JP2003186765A (en) | Network connecting device, network connecting device management system and network connecting device management method | |
CN112491700A (en) | Network path adjusting method, system, device, electronic equipment and storage medium | |
CN106797319B (en) | Network service aware router and application thereof | |
US20160204976A1 (en) | Identifying the absence and presence of a ring protection link owner node in an ethernet network | |
CN117061357A (en) | Network topology management method and system based on virtual private network | |
CN106452882B (en) | Backup switching method and system for universal network passport server | |
US9391843B1 (en) | Pre-computing effects of modifying components in a data center switch | |
Mohammadi et al. | EFSUTE: A novel efficient and survivable traffic engineering for software defined networks | |
WO2014075594A1 (en) | Service transmission protection method and device based on intersecting ring of multi-ring structure network | |
CN108289044B (en) | Data forwarding method, link state method for determining static route and network equipment | |
JP5105327B2 (en) | Overlay node, overlay network including the overlay node, overlay routing method, and program therefor | |
US10129086B2 (en) | Collection of performance data in a communications network | |
CN113824595B (en) | Link switching control method and device and gateway equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |